From 2dd754872715d91057b8e00cf2ffa355c9d87764 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Tue, 18 Apr 2023 21:50:21 +0200 Subject: [PATCH] added CA to pem bundle --- defaults/main.yml | 3 +-- templates/vault_cert.pem.tpl.j2 | 8 ++++++-- templates/vault_key.pem.tpl.j2 | 6 ++++-- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 7d4fd1b..073bf75 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -13,7 +13,6 @@ renew_vault_certificates_info: issuer_path: pki/issue/your-issuer common_name: vault01.example.com ttl: 90d - include_localhost: true - include_consul_service: false + include_consul_service: true renew_vault_certificates_consul_service_name: vault.service.consul renew_vault_certificates_start_service: false diff --git a/templates/vault_cert.pem.tpl.j2 b/templates/vault_cert.pem.tpl.j2 index 9c0a260..f102c3e 100644 --- a/templates/vault_cert.pem.tpl.j2 +++ b/templates/vault_cert.pem.tpl.j2 @@ -1,3 +1,7 @@ -{% raw %}{{ with secret {% endraw %}"{{ renew_vault_certificates_info['issuer_path'] }}" "common_name={{ renew_vault_certificates_info['common_name'] }}" "ttl={{ renew_vault_certificates_info['ttl'] }}"{% if renew_vault_certificates_info['include_consul_service'] %} "alt_names={{ renew_vault_certificates_consul_service_name }}" "alt_names=active.{{ renew_vault_certificates_consul_service_name }}" "alt_names=standby.{{ renew_vault_certificates_consul_service_name }}"{% endif %}{% if renew_vault_certificates_info['include_localhost'] %} "alt_names=localhost" "ip_sans=127.0.0.1"{% endif %}{% raw %} }}{% endraw %} +{% raw %}{{ with secret {% endraw %}"{{ renew_vault_certificates_info['issuer_path'] }}" "common_name={{ renew_vault_certificates_info['common_name'] }}" "ttl={{ renew_vault_certificates_info['ttl'] }}" "alt_names=localhost{% if renew_vault_certificates_info['include_consul_service'] %},{{ renew_vault_certificates_consul_service_name }},active.{{ renew_vault_certificates_consul_service_name }},standby.{{ renew_vault_certificates_consul_service_name }}{% endif %}" "ip_sans=127.0.0.1"{% raw %} }}{% endraw %} + {% raw %}{{ .Data.certificate }}{% endraw %} -{% raw %}{{ end }}{% endraw %} \ No newline at end of file + +{% raw %}{{ .Data.issuing_ca }}{% endraw %} + +{% raw %}{{ end }}{% endraw %} diff --git a/templates/vault_key.pem.tpl.j2 b/templates/vault_key.pem.tpl.j2 index cbe4c48..cbd9c69 100644 --- a/templates/vault_key.pem.tpl.j2 +++ b/templates/vault_key.pem.tpl.j2 @@ -1,3 +1,5 @@ -{% raw %}{{ with secret {% endraw %}"{{ renew_vault_certificates_info['issuer_path'] }}" "common_name={{ renew_vault_certificates_info['common_name']}}" "ttl={{ renew_vault_certificates_info['ttl']}}" {% if renew_vault_certificates_info['include_localhost']%}"alt_names=localhost" "ip_sans=127.0.0.1" {% endif %}{% raw %}}}{% endraw %} +{% raw %}{{ with secret {% endraw %}"{{ renew_vault_certificates_info['issuer_path'] }}" "common_name={{ renew_vault_certificates_info['common_name'] }}" "ttl={{ renew_vault_certificates_info['ttl'] }}" "alt_names=localhost{% if renew_vault_certificates_info['include_consul_service'] %},{{ renew_vault_certificates_consul_service_name }},active.{{ renew_vault_certificates_consul_service_name }},standby.{{ renew_vault_certificates_consul_service_name }}{% endif %}" "ip_sans=127.0.0.1"{% raw %} }}{% endraw %} + {% raw %}{{ .Data.private_key }}{% endraw %} -{% raw %}{{ end }}{% endraw %} \ No newline at end of file + +{% raw %}{{ end }}{% endraw %}