blob: 1eb3ddca12dd44b9a6b0abcbda283c96d587fcbe (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
---
- name: generate/install TLS client certificate
loop: "{{ hostvars[inventory_hostname] | apps_publish_zones }}"
loop_control:
label: "{{ item.name }}"
vars:
x509_certificate_name: "apps-publish-{{ item.name }}"
x509_certificate_hostnames: []
x509_certificate_config:
ca: "{{ item.certificate_ca_config }}"
cert:
common_name: "{{ inventory_hostname }}"
extended_key_usage:
- clientAuth
extended_key_usage_critical: yes
create_subject_key_identifier: yes
not_after: +100w
x509_certificate_reload_services:
- nginx
include_role:
name: "x509/{{ item.certificate_provider }}/cert"
allow_duplicates: yes
|
