forked from credativ/ansible-playbook-patroni-debian
-
Notifications
You must be signed in to change notification settings - Fork 0
/
certificates.yml
26 lines (26 loc) · 984 Bytes
/
certificates.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
---
- name: Create CA and server certificates
hosts: localhost
roles:
- role: tpo.local_certificate_authority/ca
ca_name: "Example CA"
ca_subj: "/C=CH/ST=GR/L=Maladers/O=Example Org/CN=Example Org CA"
# Root CA certificate should be valid for 10 years
ca_days: 3650
tags: CA
tasks:
- name: Create host certificates
include_role:
name: tpo.local_certificate_authority/server_cert
apply:
tags: CA
vars:
server_name: "{{ server_name_loop }}"
server_subjectAlternativeName: "DNS:{{ server_name_loop }},IP:{{ hostvars[server_name_loop].ansible_default_ipv4.address }}"
server_subj: "/C=CH/ST=GR/L=Maladers/O=Example Org/CN={{ server_name_loop }}"
# Server certificate should be valid for 10 years
server_days: 3650
loop: "{{ groups[dcs_servers_group] + groups[pgsql_servers_group] }}"
loop_control:
loop_var: server_name_loop
tags: CA