ansible-role-ipa-getcert/defaults/main.yml

50 lines
1.5 KiB
YAML
Raw Normal View History

2020-12-19 06:19:07 +00:00
---
2020-12-19 08:54:17 +00:00
# ansible default variables - most variables live here
2020-12-23 11:38:40 +00:00
ipa_getcert_key_default_location: "/etc/pki/tls/private/{{ ansible_fqdn }}.key"
ipa_getcert_cert_default_location: "/etc/pki/tls/certs/{{ ansible_fqdn }}.crt"
2021-01-20 03:15:41 +00:00
ipa_getcert_nss_default_location: "/etc/pki/tls/nss"
2020-12-20 01:12:34 +00:00
ipa_getcert_owner_default: root
2020-12-19 08:54:17 +00:00
# List of hostnames that should be requested
ipa_getcert_requested_hostnames:
2020-12-20 01:12:34 +00:00
- name: "{{ ansible_fqdn }}"
2020-12-23 11:38:40 +00:00
key_location: /etc/pki/tls/private/name.key
cert_location: /etc/pki/tls/certs/name.crt
2020-12-20 01:12:34 +00:00
# If you need a different ownership, you can setup the above sort of like this:
# ipa_getcert_requested_hostnames:
# - name: name
# postcmd: "/bin/systemctl restart ejabberd"
# owner: ejabberd
# key_location: /opt/ejabberd/conf/pki
# cert_location: /opt/ejabberd/conf/pki
2021-01-20 03:08:38 +00:00
# If you are using NSS.
# ipa_getcert_nss: true
# ipa_getcert_requested_hostnames:
# - name: name
# postcmd: "/bin/systemctl restart sigul_server"
# owner: sigul
# nss_db_dir: /etc/pki/tls/nss
# nss_nickname: name
2021-01-22 02:22:55 +00:00
# If you are using cnames
# ipa_getcert_requested_hostnames:
# - name: name
# postcmd: "/bin/systemctl restart httpd"
# owner: apache
# key_location: /etc/pki/tls/private/web.crt
# cert_location: /etc/pki/tls/certs/web.crt
# cnames:
# - cname.example.com
2020-12-20 01:12:34 +00:00
# This feature coming soon
#ipa_getcert_fqdn_symlink: true
2020-12-19 08:54:17 +00:00
ipa_getcert_chain: false
ipa_getcert_chain_location: /etc/pki/tls/chains
2021-01-20 03:08:38 +00:00
# Note that when you set this to true, key_location and cert_location are
# effectively ignored.
ipa_getcert_nss: false