43 lines
1.3 KiB
YAML
43 lines
1.3 KiB
YAML
- set_fact:
|
|
acme_txt_required: []
|
|
|
|
# Handle multiple certs for a single host; like
|
|
#
|
|
# letsencrypt_certs:
|
|
# main:
|
|
# hostname.opendev.org
|
|
# secondary:
|
|
# foo.opendev.org
|
|
# baz.opendev.org
|
|
#
|
|
# All required TXT keys are put into acme_txt_required
|
|
|
|
- name: Generate certificate creation/renewal requests
|
|
include_tasks: acme.yaml
|
|
loop: "{{ query('dict', letsencrypt_certs) }}"
|
|
loop_control:
|
|
loop_var: cert
|
|
|
|
- name: Create ssl check domain list
|
|
# For each generated certificate get the first entry as the domain
|
|
# to run the certificate validation tests against. If it specifies
|
|
# a port explicitly, use that, otherwise assume 443.
|
|
#
|
|
# Later in ssl-check role, the final certificate validation list is
|
|
# generated by walking the letsencrypt_certcheck_domains variable
|
|
# for each host in the letsencrypt group.
|
|
set_fact:
|
|
letsencrypt_certcheck_domains: >-
|
|
{%- set d = [] -%}
|
|
{%- for cert in letsencrypt_certs.keys() -%}
|
|
{%- for host in letsencrypt_certs[cert] -%}
|
|
{%- if loop.first -%}
|
|
{%- if not ":" in host -%}
|
|
{%- set host = host+":443" -%}
|
|
{%- endif -%}
|
|
{%- set d = d.append(host.replace(":"," ")) -%}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endfor %}
|
|
{{- d -}}
|