Fix generating certificate SANs
With `haproxy_bind_*_lb_vip_address` set, use `*_lb_vip_address` for SAN instead. Change-Id: I33fc820be583bfaf7f9bee5233f0e0b99805144a
This commit is contained in:
parent
c1be49a95c
commit
3c5d984f27
|
@ -27,12 +27,19 @@ _haproxy_pki_certificates: |
|
|||
{% set _pki_certs = [] %}
|
||||
{% for vip in haproxy_tls_vip_binds %}
|
||||
{% set _vip_interface = vip['interface'] | default('') %}
|
||||
{% set san = 'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['fqdn'] ~ ',' ~ (vip['address'] | ansible.utils.ipaddr) | ternary('IP:', 'DNS:') ~ vip['address'] %}
|
||||
{% if vip['address'] == haproxy_bind_internal_lb_vip_address %}
|
||||
{% set san = san ~ (internal_lb_vip_address | ansible.utils.ipaddr) | ternary('', ',DNS:' ~ internal_lb_vip_address) %}
|
||||
{% endif %}
|
||||
{% if vip['address'] == haproxy_bind_external_lb_vip_address %}
|
||||
{% set san = san ~ (external_lb_vip_address | ansible.utils.ipaddr) | ternary('', ',DNS:' ~ external_lb_vip_address) %}
|
||||
{% endif %}
|
||||
{% set _ = _pki_certs.append(
|
||||
{
|
||||
'name': 'haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (_vip_interface is truthy) | ternary(vip['address'] ~ '-' ~ _vip_interface, vip['address']),
|
||||
'provider': 'ownca',
|
||||
'cn': ansible_facts['hostname'],
|
||||
'san': 'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['fqdn'] ~ ',' ~ (vip['address'] | ansible.utils.ipaddr) | ternary('IP:', 'DNS:') ~ vip['address'],
|
||||
'san': san,
|
||||
'signed_by': haproxy_pki_intermediate_cert_name,
|
||||
}
|
||||
) %}
|
||||
|
|
Loading…
Reference in New Issue