infrastructure/ansible-role-ipa-getcert
7
0
Fork 0
mirror of https://github.com/rocky-linux/ansible-role-ipa-getcert.git synced 2024-11-23 12:31:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

add cname support

Browse Source
This commit is contained in:
nazunalika 2021-01-21 19:22:55 -07:00
parent a5367f126c
commit 467a3d6a7f
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
defaults/main.yml
View File

@ -28,6 +28,16 @@ ipa_getcert_requested_hostnames:
# nss_db_dir: /etc/pki/tls/nss # nss_db_dir: /etc/pki/tls/nss
# nss_nickname: name # nss_nickname: name
# If you are using cnames
# ipa_getcert_requested_hostnames:
# - name: name
# postcmd: "/bin/systemctl restart httpd"
# owner: apache
# key_location: /etc/pki/tls/private/web.crt
# cert_location: /etc/pki/tls/certs/web.crt
# cnames:
# - cname.example.com
# This feature coming soon # This feature coming soon
#ipa_getcert_fqdn_symlink: true #ipa_getcert_fqdn_symlink: true

5
templates/get_cert.sh.j2
View File

@ -15,6 +15,11 @@ fi
-I "{{ ipahosts.name }}" \ -I "{{ ipahosts.name }}" \
-N "CN={{ ipahosts.name }}" \ -N "CN={{ ipahosts.name }}" \
-D "{{ ipahosts.name }}" \ -D "{{ ipahosts.name }}" \
{% if ipahosts.cnames is defined %}
{% for cname in ipahosts.cnames %}
-D "{{ cname }}" \
{% endfor %}
{% endif %}
{% if ipa_getcert_nss %} {% if ipa_getcert_nss %}
-d "${nss_db_path}" \ -d "${nss_db_path}" \
-n {{ ipahosts.nss_nickname | default(ansible_fqdn) }} \ -n {{ ipahosts.nss_nickname | default(ansible_fqdn) }} \