letsencrypt-request-certs: refactor certcheck list
In Ansible 6 this doesn't come out as a list. Refactor this into a more jinja-y pipeline that should do a better job of it. Change-Id: I5684291047a3e1000cd38ba33a951bed9fa3081f
This commit is contained in:
parent
476b225fca
commit
fdb68ed81a
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
- name: Build SSL domain list
|
- name: Build SSL domain list
|
||||||
set_fact:
|
set_fact:
|
||||||
letsencrypt_certcheck_domains: '{{ letsencrypt_certcheck_domains }} + {{ hostvars[item]["letsencrypt_certcheck_domains" ] }}'
|
letsencrypt_certcheck_domains: '{{ letsencrypt_certcheck_domains + hostvars[item]["letsencrypt_certcheck_domains"] }}'
|
||||||
with_inventory_hostnames:
|
with_inventory_hostnames:
|
||||||
- letsencrypt:!disabled
|
- letsencrypt:!disabled
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
# main:
|
# main:
|
||||||
# hostname.opendev.org
|
# hostname.opendev.org
|
||||||
# secondary:
|
# secondary:
|
||||||
# foo.opendev.org
|
# foo.opendev.org:8000
|
||||||
# baz.opendev.org
|
# baz.opendev.org
|
||||||
#
|
#
|
||||||
# All required TXT keys are put into acme_txt_required
|
# All required TXT keys are put into acme_txt_required
|
||||||
@ -18,25 +18,20 @@
|
|||||||
loop_control:
|
loop_control:
|
||||||
loop_var: cert
|
loop_var: cert
|
||||||
|
|
||||||
|
# For each generated certificate get the first entry as the domain to
|
||||||
|
# run the certificate validation tests against. If it specifies a
|
||||||
|
# port explicitly (with <host>:<port>), make it "<host> <port>", if it
|
||||||
|
# doesn't explicitly set a port make it "<host> 443" (i.e. the second
|
||||||
|
# regex is "if this doesn't have a space in it, then add " 443").
|
||||||
|
#
|
||||||
|
# For example above, we'd get
|
||||||
|
# [ 'hostname.opendev.org 443', 'foo.opendev.org 8000' ]
|
||||||
|
#
|
||||||
|
# Later in ssl-check role, the final certificate validation list is
|
||||||
|
# generated by walking the letsencrypt_certcheck_domains variable
|
||||||
|
# for each host in the letsencrypt group.
|
||||||
|
#
|
||||||
- name: Create ssl check domain list
|
- name: Create ssl check domain list
|
||||||
# For each generated certificate get the first entry as the domain
|
|
||||||
# to run the certificate validation tests against. If it specifies
|
|
||||||
# a port explicitly, use that, otherwise assume 443.
|
|
||||||
#
|
|
||||||
# Later in ssl-check role, the final certificate validation list is
|
|
||||||
# generated by walking the letsencrypt_certcheck_domains variable
|
|
||||||
# for each host in the letsencrypt group.
|
|
||||||
set_fact:
|
set_fact:
|
||||||
letsencrypt_certcheck_domains: >-
|
letsencrypt_certcheck_domains: '{{ letsencrypt_certcheck_domains|default([]) + [item.value|first|regex_replace(":", " ")|regex_replace("^([^\s]*)$", "\1 443")] }}'
|
||||||
{%- set d = [] -%}
|
loop: '{{ letsencrypt_certs | dict2items }}'
|
||||||
{%- for cert in letsencrypt_certs.keys() -%}
|
|
||||||
{%- for host in letsencrypt_certs[cert] -%}
|
|
||||||
{%- if loop.first -%}
|
|
||||||
{%- if not ":" in host -%}
|
|
||||||
{%- set host = host+":443" -%}
|
|
||||||
{%- endif -%}
|
|
||||||
{%- set d = d.append(host.replace(":"," ")) -%}
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
{% endfor %}
|
|
||||||
{{- d -}}
|
|
||||||
|
Loading…
Reference in New Issue
Block a user