Merge "Fix generating certificate SANs"
This commit is contained in:
commit
b81dec169b
@ -27,12 +27,19 @@ _haproxy_pki_certificates: |
|
|||||||
{% set _pki_certs = [] %}
|
{% set _pki_certs = [] %}
|
||||||
{% for vip in haproxy_tls_vip_binds %}
|
{% for vip in haproxy_tls_vip_binds %}
|
||||||
{% set _vip_interface = vip['interface'] | default('') %}
|
{% set _vip_interface = vip['interface'] | default('') %}
|
||||||
|
{% set san = 'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['fqdn'] ~ ',' ~ (vip['address'] | ansible.utils.ipaddr) | ternary('IP:', 'DNS:') ~ vip['address'] %}
|
||||||
|
{% if vip['address'] == haproxy_bind_internal_lb_vip_address %}
|
||||||
|
{% set san = san ~ (internal_lb_vip_address | ansible.utils.ipaddr) | ternary('', ',DNS:' ~ internal_lb_vip_address) %}
|
||||||
|
{% endif %}
|
||||||
|
{% if vip['address'] == haproxy_bind_external_lb_vip_address %}
|
||||||
|
{% set san = san ~ (external_lb_vip_address | ansible.utils.ipaddr) | ternary('', ',DNS:' ~ external_lb_vip_address) %}
|
||||||
|
{% endif %}
|
||||||
{% set _ = _pki_certs.append(
|
{% set _ = _pki_certs.append(
|
||||||
{
|
{
|
||||||
'name': 'haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (_vip_interface is truthy) | ternary(vip['address'] ~ '-' ~ _vip_interface, vip['address']),
|
'name': 'haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (_vip_interface is truthy) | ternary(vip['address'] ~ '-' ~ _vip_interface, vip['address']),
|
||||||
'provider': 'ownca',
|
'provider': 'ownca',
|
||||||
'cn': ansible_facts['hostname'],
|
'cn': ansible_facts['hostname'],
|
||||||
'san': 'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['fqdn'] ~ ',' ~ (vip['address'] | ansible.utils.ipaddr) | ternary('IP:', 'DNS:') ~ vip['address'],
|
'san': san,
|
||||||
'signed_by': haproxy_pki_intermediate_cert_name,
|
'signed_by': haproxy_pki_intermediate_cert_name,
|
||||||
}
|
}
|
||||||
) %}
|
) %}
|
||||||
|
Loading…
Reference in New Issue
Block a user