Skip to content
Snippets Groups Projects
Commit 4b587aaf authored by Brad Beam's avatar Brad Beam Committed by Matthew Mosesohn
Browse files

Adding ability to specify altnames for vault cert (#1640)

parent 01630150
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
roles/vault/defaults/main.yml
+ 5
0
View file @ 4b587aaf
......@@ -83,6 +83,11 @@ vault_ca_options:
format: pem
ttl: "{{ vault_max_lease_ttl }}"
exclude_cn_from_sans: true
altnames:
- "vault.{{ system_namespace }}.svc.{{ dns_domain }}"
- "vault.{{ system_namespace }}.svc"
- "vault.{{ system_namespace }}"
- "vault"
etcd:
common_name: etcd
format: pem
......
roles/vault/tasks/bootstrap/gen_vault_certs.yml
+ 1
1
View file @ 4b587aaf
......@@ -2,7 +2,7 @@
- include: ../shared/issue_cert.yml
vars:
issue_cert_common_name: "{{ vault_pki_mounts.vault.roles[0].name }}"
issue_cert_alt_names: "{{ groups.vault + ['localhost'] }}"
issue_cert_alt_names: "{{ groups.vault + ['localhost'] + vault_ca_options.vault.altnames|default() }}"
issue_cert_hosts: "{{ groups.vault }}"
issue_cert_ip_sans: >-
[
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment