mirror of
https://github.com/rocky-linux/ansible-role-ipa-getcert.git
synced 2024-11-21 11:51:25 +00:00
add nss support
This commit is contained in:
parent
a0cdeb9741
commit
065bd48c58
@ -18,8 +18,21 @@ ipa_getcert_requested_hostnames:
|
||||
# key_location: /opt/ejabberd/conf/pki
|
||||
# cert_location: /opt/ejabberd/conf/pki
|
||||
|
||||
# If you are using NSS.
|
||||
# ipa_getcert_nss: true
|
||||
# ipa_getcert_requested_hostnames:
|
||||
# - name: name
|
||||
# postcmd: "/bin/systemctl restart sigul_server"
|
||||
# owner: sigul
|
||||
# nss_db_dir: /etc/pki/tls/nss
|
||||
# nss_nickname: name
|
||||
|
||||
# This feature coming soon
|
||||
#ipa_getcert_fqdn_symlink: true
|
||||
|
||||
ipa_getcert_chain: false
|
||||
ipa_getcert_chain_location: /etc/pki/tls/chains
|
||||
|
||||
# Note that when you set this to true, key_location and cert_location are
|
||||
# effectively ignored.
|
||||
ipa_getcert_nss: false
|
||||
|
@ -3,12 +3,24 @@
|
||||
# There may be more than one request done based on the vars of the playbook.
|
||||
|
||||
{% for ipahosts in ipa_getcert_requested_hostnames %}
|
||||
|
||||
{% if ipa_getcert_nss %}
|
||||
if [ ! -d "{{ ipahosts.nss_db_dir }}" && ! -L "{{ ipahosts.nss_db_dir }}" ]; then
|
||||
mkdir -p {{ ipa_getcert_nss }}
|
||||
fi
|
||||
{% endif %}
|
||||
|
||||
/usr/bin/ipa-getcert request -r -w \
|
||||
-I "{{ ipahosts.name }}" \
|
||||
-N "CN={{ ipahosts.name }}" \
|
||||
-D "{{ ipahosts.name }}" \
|
||||
{% if ipa_getcert_nss %}
|
||||
-d {{ ipahosts.nss_db_dir }} \
|
||||
-n {{ ipahosts.nss_nickname }} \
|
||||
{% else %}
|
||||
-k "{{ ipahosts.key_location | default(ipa_getcert_key_default_location) }}" \
|
||||
-f "{{ ipahosts.cert_location | default(ipa_getcert_cert_default_location) }}" \
|
||||
{% endif %}
|
||||
{% if ipahosts.postcmd %}
|
||||
-C "{{ ipahosts.postcmd }}" \
|
||||
{% endif %}
|
||||
|
Loading…
Reference in New Issue
Block a user