fdb68ed81a
In Ansible 6 this doesn't come out as a list. Refactor this into a more jinja-y pipeline that should do a better job of it. Change-Id: I5684291047a3e1000cd38ba33a951bed9fa3081f
38 lines
1.3 KiB
YAML
38 lines
1.3 KiB
YAML
- set_fact:
|
|
acme_txt_required: []
|
|
|
|
# Handle multiple certs for a single host; like
|
|
#
|
|
# letsencrypt_certs:
|
|
# main:
|
|
# hostname.opendev.org
|
|
# secondary:
|
|
# foo.opendev.org:8000
|
|
# baz.opendev.org
|
|
#
|
|
# All required TXT keys are put into acme_txt_required
|
|
|
|
- name: Generate certificate creation/renewal requests
|
|
include_tasks: acme.yaml
|
|
loop: "{{ query('dict', letsencrypt_certs) }}"
|
|
loop_control:
|
|
loop_var: cert
|
|
|
|
# For each generated certificate get the first entry as the domain to
|
|
# run the certificate validation tests against. If it specifies a
|
|
# port explicitly (with <host>:<port>), make it "<host> <port>", if it
|
|
# doesn't explicitly set a port make it "<host> 443" (i.e. the second
|
|
# regex is "if this doesn't have a space in it, then add " 443").
|
|
#
|
|
# For example above, we'd get
|
|
# [ 'hostname.opendev.org 443', 'foo.opendev.org 8000' ]
|
|
#
|
|
# Later in ssl-check role, the final certificate validation list is
|
|
# generated by walking the letsencrypt_certcheck_domains variable
|
|
# for each host in the letsencrypt group.
|
|
#
|
|
- name: Create ssl check domain list
|
|
set_fact:
|
|
letsencrypt_certcheck_domains: '{{ letsencrypt_certcheck_domains|default([]) + [item.value|first|regex_replace(":", " ")|regex_replace("^([^\s]*)$", "\1 443")] }}'
|
|
loop: '{{ letsencrypt_certs | dict2items }}'
|