Optionally fill /etc/hosts

This commit is contained in:
sfigato 2021-01-24 12:50:08 +01:00
parent 7104c3ed7d
commit cf4d06adcc
Signed by: blallo
GPG Key ID: 0CBE577C9B72DC3F
5 changed files with 23 additions and 0 deletions

View File

@ -5,6 +5,8 @@ Generates self-signed CA, client and server certificates. Runs locally on contro
Notes:
- Will not overwrite any files in output cert dir
- Will not copy the files to the remote servers if the local files are unchanged
- Will optionally (see `populate_etc_hosts` variable) add to each machine's `/etc/hosts`
a line for each host in the inventory.
Requirements
@ -64,6 +66,7 @@ the resulting relevant files are `copy`ed to the remote target machine.
tls_ca_locality: Rome
tls_ca_organization: Example Inc.
tls_ca_organizationalunit: SysAdmins
populate_etc_hosts: yes
```
If you want to tinker, you can use `vagrant` with the provided `Vagrantfile`.

View File

@ -44,3 +44,8 @@ tls_server_valid_days: 730
tls_server_key_size: 4096
# Enable Subject Alternate Name (SAN)
tls_server_enable_san: true
# -------------------
# POPULATE /etc/hosts
# -------------------
populate_etc_hosts: false

View File

@ -16,3 +16,4 @@ all:
tls_ca_locality: Rome
tls_ca_organization: Example Inc.
tls_ca_organizationalunit: SysAdmins
populate_etc_hosts: yes

View File

@ -17,3 +17,7 @@
when:
- generate_tls_certs
- generate_server_cert|bool
- name: Populate /etc/hosts with inventory's hosts
include_tasks: populate-etc-hosts.yaml
when: populate_etc_hosts|bool

View File

@ -0,0 +1,10 @@
---
- name: Add IP address of all hosts to all hosts
become: yes
lineinfile:
dest: /etc/hosts
regexp: '.*{{ item }}$'
line: "{{ hostvars[item].ansible_host }} {{item}}"
state: present
when: hostvars[item].ansible_host is defined
loop: "{{ groups.all }}"