ansible-role-ipa-getcert/templates/get_cert.sh.j2

#!/bin/bash
# This script will take care of the certificate process for IPA.
# There may be more than one request done based on the vars of the playbook.

{% for ipahosts in ipa_getcert_requested_hostnames %}

{% if ipa_getcert_nss %}
nss_db_path="{{ ipahosts.nss_db_dir | default(ipa_getcert_nss_default_location) }}"
if [ ! -d "${nss_db_path}" ] && [ ! -L "${nss_db_path}" ]; then
   mkdir -p "${nss_db_path}"
fi
{% endif %}

/usr/bin/ipa-getcert request -r -w \
  -I "{{ ipahosts.name }}" \
  -N "CN={{ ipahosts.name }}" \
  -D "{{ ipahosts.name }}" \
  {% if ipahosts.cnames is defined %}
  {% for cname in ipahosts.cnames %}
  -D "{{ cname }}" \
  {% endfor %}
  {% endif %}
  {% if ipa_getcert_nss %}
  -d "${nss_db_path}" \
  -n {{ ipahosts.nss_nickname | default(ansible_fqdn) }} \
  {% else %}
  -k "{{ ipahosts.key_location | default(ipa_getcert_key_default_location) }}" \
  -f "{{ ipahosts.cert_location | default(ipa_getcert_cert_default_location) }}" \
  {% endif %}
  {% if ipahosts.postcmd is defined %}
  -C "{{ ipahosts.postcmd }}" \
  {% endif %}
  {% if ipahosts.owner is defined %}
  -O "{{ ipahosts.owner }}" \
  -o "{{ ipahosts.owner }}" \
  {% endif %}
  -K "{{ ipahosts.service | default('host') }}/{{ ipahosts.name }}"

{% endfor %}
fix up ipa-getcert role to be modular 2020-12-20 01:12:34 +00:00			`#!/bin/bash`
			`# This script will take care of the certificate process for IPA.`
			`# There may be more than one request done based on the vars of the playbook.`

			`{% for ipahosts in ipa_getcert_requested_hostnames %}`
add nss support 2021-01-20 03:08:38 +00:00
			`{% if ipa_getcert_nss %}`
forgot some defaults 2021-01-20 03:15:41 +00:00			`nss_db_path="{{ ipahosts.nss_db_dir \| default(ipa_getcert_nss_default_location) }}"`
fix bash 2021-01-28 01:21:55 +00:00			`if [ ! -d "${nss_db_path}" ] && [ ! -L "${nss_db_path}" ]; then`
forgot some defaults 2021-01-20 03:15:41 +00:00			`mkdir -p "${nss_db_path}"`
add nss support 2021-01-20 03:08:38 +00:00			`fi`
			`{% endif %}`

fix up ipa-getcert role to be modular 2020-12-20 01:12:34 +00:00			`/usr/bin/ipa-getcert request -r -w \`
			`-I "{{ ipahosts.name }}" \`
			`-N "CN={{ ipahosts.name }}" \`
			`-D "{{ ipahosts.name }}" \`
add cname support 2021-01-22 02:22:55 +00:00			`{% if ipahosts.cnames is defined %}`
			`{% for cname in ipahosts.cnames %}`
			`-D "{{ cname }}" \`
			`{% endfor %}`
			`{% endif %}`
add nss support 2021-01-20 03:08:38 +00:00			`{% if ipa_getcert_nss %}`
forgot some defaults 2021-01-20 03:15:41 +00:00			`-d "${nss_db_path}" \`
			`-n {{ ipahosts.nss_nickname \| default(ansible_fqdn) }} \`
add nss support 2021-01-20 03:08:38 +00:00			`{% else %}`
fix up ipa-getcert role to be modular 2020-12-20 01:12:34 +00:00			`-k "{{ ipahosts.key_location \| default(ipa_getcert_key_default_location) }}" \`
			`-f "{{ ipahosts.cert_location \| default(ipa_getcert_cert_default_location) }}" \`
add nss support 2021-01-20 03:08:38 +00:00			`{% endif %}`
fixing defines 2021-01-28 01:06:38 +00:00			`{% if ipahosts.postcmd is defined %}`
fix up ipa-getcert role to be modular 2020-12-20 01:12:34 +00:00			`-C "{{ ipahosts.postcmd }}" \`
			`{% endif %}`
fixing defines 2021-01-28 01:06:38 +00:00			`{% if ipahosts.owner is defined %}`
fix up ipa-getcert role to be modular 2020-12-20 01:12:34 +00:00			`-O "{{ ipahosts.owner }}" \`
			`-o "{{ ipahosts.owner }}" \`
			`{% endif %}`
all service to be chosen 2021-08-25 16:58:40 +00:00			`-K "{{ ipahosts.service \| default('host') }}/{{ ipahosts.name }}"`
fix up ipa-getcert role to be modular 2020-12-20 01:12:34 +00:00
			`{% endfor %}`