Optional tld

When updating /etc/hosts to add the hosts in the inventory, also add the name
postfixed with a configurable tld.

defaults/main.yml

@@ -50,3 +50,4 @@ gen_tls_server_enable_san: true
 # POPULATE /etc/hosts
 # -------------------
 gen_tls_populate_etc_hosts: false
+# gen_tls_tld:

inventory.yml

@@ -17,3 +17,4 @@ all:
     gen_tls_ca_organization: Example Inc.
     gen_tls_ca_organizationalunit: SysAdmins
     gen_tls_populate_etc_hosts: yes
+    gen_tls_tld: example

tasks/generate-server-cert.yaml

@@ -58,7 +58,7 @@
     path: "{{ gen_tls_cert_dir }}/{{ inventory_hostname_short }}.csr"
     privatekey_path: "{{ gen_tls_cert_dir }}/{{ inventory_hostname_short }}.key"
     common_name: "{{inventory_hostname_short}}"
-    subject_alt_name: "DNS:{{inventory_hostname}},DNS:{{inventory_hostname_short}},IP:{{(alt_interface_ip is defined) | ternary(alt_interface_ip, ansible_default_ipv4.address)}},IP:0.0.0.0,IP:127.0.0.1"
+    subject_alt_name: "{% if gen_tls_tld is defined %}DNS:{{ inventory_hostname_short }}.{{ gen_tls_tld }},{% endif %}DNS:{{inventory_hostname}},DNS:{{inventory_hostname_short}},IP:{{(alt_interface_ip is defined) | ternary(alt_interface_ip, ansible_default_ipv4.address)}},IP:0.0.0.0,IP:127.0.0.1"
   when:
     - not server_csr.stat.exists
     - gen_tls_generate_server_cert

tasks/populate-etc-hosts.yaml

@@ -4,7 +4,7 @@
   lineinfile:
     dest: /etc/hosts
     regexp: '.*{{ item }}$'
-    line: "{{ hostvars[item].ansible_host }} {{item}}"
+    line: "{{ hostvars[item].ansible_host }} {{item}}{% if gen_tls_tld is defined %} {{ item }}.{{ gen_tls_tld }}{% endif %}"
     state: present
   when: hostvars[item].ansible_host is defined
   loop: "{{ groups.all }}"