openstack
/
openstack-ansible-haproxy_server
Code Issues Proposed changes

Fix generating certificate SANs 

With `haproxy_bind_*_lb_vip_address` set, use `*_lb_vip_address` for SAN
instead.

Change-Id: I33fc820be583bfaf7f9bee5233f0e0b99805144a
This commit is contained in:
Danila Balagansky 2023-07-04 11:06:53 +03:00
parent c1be49a95c
commit 3c5d984f27
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
vars/main.yml
View File

@ -27,12 +27,19 @@ _haproxy_pki_certificates: |
{% set _pki_certs = [] %}
{% for vip in haproxy_tls_vip_binds %}
{% set _vip_interface = vip['interface'] | default('') %}
{% set san = 'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['fqdn'] ~ ',' ~ (vip['address'] | ansible.utils.ipaddr) | ternary('IP:', 'DNS:') ~ vip['address'] %}
{% if vip['address'] == haproxy_bind_internal_lb_vip_address %}
{% set san = san ~ (internal_lb_vip_address | ansible.utils.ipaddr) | ternary('', ',DNS:' ~ internal_lb_vip_address) %}
{% endif %}
{% if vip['address'] == haproxy_bind_external_lb_vip_address %}
{% set san = san ~ (external_lb_vip_address | ansible.utils.ipaddr) | ternary('', ',DNS:' ~ external_lb_vip_address) %}
{% endif %}
{% set _ = _pki_certs.append(
{
'name': 'haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (_vip_interface is truthy) | ternary(vip['address'] ~ '-' ~ _vip_interface, vip['address']),
'provider': 'ownca',
'cn': ansible_facts['hostname'],
'san': 'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['fqdn'] ~ ',' ~ (vip['address'] | ansible.utils.ipaddr) | ternary('IP:', 'DNS:') ~ vip['address'],
'san': san,
'signed_by': haproxy_pki_intermediate_cert_name,
}
) %}