diff --git a/README.md b/README.md index 6b7d8d3..eca11cb 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,8 @@ Generates self-signed CA, client and server certificates. Runs locally on contro Notes: - Will not overwrite any files in output cert dir - Will not copy the files to the remote servers if the local files are unchanged +- Will optionally (see `populate_etc_hosts` variable) add to each machine's `/etc/hosts` + a line for each host in the inventory. Requirements @@ -64,6 +66,7 @@ the resulting relevant files are `copy`ed to the remote target machine. tls_ca_locality: Rome tls_ca_organization: Example Inc. tls_ca_organizationalunit: SysAdmins + populate_etc_hosts: yes ``` If you want to tinker, you can use `vagrant` with the provided `Vagrantfile`. diff --git a/defaults/main.yml b/defaults/main.yml index f2841f0..8fda26a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -44,3 +44,8 @@ tls_server_valid_days: 730 tls_server_key_size: 4096 # Enable Subject Alternate Name (SAN) tls_server_enable_san: true + +# ------------------- +# POPULATE /etc/hosts +# ------------------- +populate_etc_hosts: false diff --git a/inventory.yml b/inventory.yml index b897cb4..b4ca4b4 100644 --- a/inventory.yml +++ b/inventory.yml @@ -16,3 +16,4 @@ all: tls_ca_locality: Rome tls_ca_organization: Example Inc. tls_ca_organizationalunit: SysAdmins + populate_etc_hosts: yes diff --git a/tasks/main.yml b/tasks/main.yml index 9ea5934..653c8cf 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -17,3 +17,7 @@ when: - generate_tls_certs - generate_server_cert|bool + +- name: Populate /etc/hosts with inventory's hosts + include_tasks: populate-etc-hosts.yaml + when: populate_etc_hosts|bool diff --git a/tasks/populate-etc-hosts.yaml b/tasks/populate-etc-hosts.yaml new file mode 100644 index 0000000..184d712 --- /dev/null +++ b/tasks/populate-etc-hosts.yaml @@ -0,0 +1,10 @@ +--- +- name: Add IP address of all hosts to all hosts + become: yes + lineinfile: + dest: /etc/hosts + regexp: '.*{{ item }}$' + line: "{{ hostvars[item].ansible_host }} {{item}}" + state: present + when: hostvars[item].ansible_host is defined + loop: "{{ groups.all }}"