diff --git a/defaults/main.yml b/defaults/main.yml index d975f0e..5fb192b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -50,3 +50,4 @@ gen_tls_server_enable_san: true # POPULATE /etc/hosts # ------------------- gen_tls_populate_etc_hosts: false +# gen_tls_tld: diff --git a/inventory.yml b/inventory.yml index d0b3a0e..bfdf34b 100644 --- a/inventory.yml +++ b/inventory.yml @@ -17,3 +17,4 @@ all: gen_tls_ca_organization: Example Inc. gen_tls_ca_organizationalunit: SysAdmins gen_tls_populate_etc_hosts: yes + gen_tls_tld: example diff --git a/tasks/generate-server-cert.yaml b/tasks/generate-server-cert.yaml index 025ae36..88ba6a7 100644 --- a/tasks/generate-server-cert.yaml +++ b/tasks/generate-server-cert.yaml @@ -58,7 +58,7 @@ path: "{{ gen_tls_cert_dir }}/{{ inventory_hostname_short }}.csr" privatekey_path: "{{ gen_tls_cert_dir }}/{{ inventory_hostname_short }}.key" common_name: "{{inventory_hostname_short}}" - subject_alt_name: "DNS:{{inventory_hostname}},DNS:{{inventory_hostname_short}},IP:{{(alt_interface_ip is defined) | ternary(alt_interface_ip, ansible_default_ipv4.address)}},IP:0.0.0.0,IP:127.0.0.1" + subject_alt_name: "{% if gen_tls_tld is defined %}DNS:{{ inventory_hostname_short }}.{{ gen_tls_tld }},{% endif %}DNS:{{inventory_hostname}},DNS:{{inventory_hostname_short}},IP:{{(alt_interface_ip is defined) | ternary(alt_interface_ip, ansible_default_ipv4.address)}},IP:0.0.0.0,IP:127.0.0.1" when: - not server_csr.stat.exists - gen_tls_generate_server_cert diff --git a/tasks/populate-etc-hosts.yaml b/tasks/populate-etc-hosts.yaml index 184d712..9d9d626 100644 --- a/tasks/populate-etc-hosts.yaml +++ b/tasks/populate-etc-hosts.yaml @@ -4,7 +4,7 @@ lineinfile: dest: /etc/hosts regexp: '.*{{ item }}$' - line: "{{ hostvars[item].ansible_host }} {{item}}" + line: "{{ hostvars[item].ansible_host }} {{item}}{% if gen_tls_tld is defined %} {{ item }}.{{ gen_tls_tld }}{% endif %}" state: present when: hostvars[item].ansible_host is defined loop: "{{ groups.all }}"