add cname support

2024-11-23 12:31:23 +00:00 · 2021-01-21 19:22:55 -07:00 · 2021-01-21 19:22:55 -07:00 · 467a3d6a7f
commit 467a3d6a7f
parent a5367f126c
2 changed files with 15 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -28,6 +28,16 @@ ipa_getcert_requested_hostnames:
 #     nss_db_dir: /etc/pki/tls/nss
 #     nss_nickname: name

+# If you are using cnames
+# ipa_getcert_requested_hostnames:
+#   - name: name
+#     postcmd: "/bin/systemctl restart httpd"
+#     owner: apache
+#     key_location: /etc/pki/tls/private/web.crt
+#     cert_location: /etc/pki/tls/certs/web.crt
+#     cnames:
+#       - cname.example.com
+
 # This feature coming soon
 #ipa_getcert_fqdn_symlink: true

--- a/templates/get_cert.sh.j2
+++ b/templates/get_cert.sh.j2
@ -15,6 +15,11 @@ fi
  -I "{{ ipahosts.name }}" \
  -N "CN={{ ipahosts.name }}" \
  -D "{{ ipahosts.name }}" \
+  {% if ipahosts.cnames is defined %}
+  {% for cname in ipahosts.cnames %}
+  -D "{{ cname }}" \
+  {% endfor %}
+  {% endif %}
  {% if ipa_getcert_nss %}
  -d "${nss_db_path}" \
  -n {{ ipahosts.nss_nickname | default(ansible_fqdn) }} \