34 lines
1000 B
Django/Jinja
34 lines
1000 B
Django/Jinja
#!/bin/bash
|
|
# This script will take care of the certificate process for IPA.
|
|
# There may be more than one request done based on the vars of the playbook.
|
|
|
|
{% for ipahosts in ipa_getcert_requested_hostnames %}
|
|
|
|
{% if ipa_getcert_nss %}
|
|
if [ ! -d "{{ ipahosts.nss_db_dir }}" && ! -L "{{ ipahosts.nss_db_dir }}" ]; then
|
|
mkdir -p {{ ipa_getcert_nss }}
|
|
fi
|
|
{% endif %}
|
|
|
|
/usr/bin/ipa-getcert request -r -w \
|
|
-I "{{ ipahosts.name }}" \
|
|
-N "CN={{ ipahosts.name }}" \
|
|
-D "{{ ipahosts.name }}" \
|
|
{% if ipa_getcert_nss %}
|
|
-d {{ ipahosts.nss_db_dir }} \
|
|
-n {{ ipahosts.nss_nickname }} \
|
|
{% else %}
|
|
-k "{{ ipahosts.key_location | default(ipa_getcert_key_default_location) }}" \
|
|
-f "{{ ipahosts.cert_location | default(ipa_getcert_cert_default_location) }}" \
|
|
{% endif %}
|
|
{% if ipahosts.postcmd %}
|
|
-C "{{ ipahosts.postcmd }}" \
|
|
{% endif %}
|
|
{% if ipahosts.owner %}
|
|
-O "{{ ipahosts.owner }}" \
|
|
-o "{{ ipahosts.owner }}" \
|
|
{% endif %}
|
|
-K "host/{{ ipahosts.name }}"
|
|
|
|
{% endfor %}
|