You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

45 lines
1.6 KiB

  1. {% set counter = {'dns': 2,'ip': 1,} %}{% macro increment(dct, key, inc=1)%}{% if dct.update({key: dct[key] + inc}) %} {% endif %}{% endmacro %}[req]
  2. req_extensions = v3_req
  3. distinguished_name = req_distinguished_name
  4. [req_distinguished_name]
  5. [ v3_req ]
  6. basicConstraints = CA:FALSE
  7. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  8. subjectAltName = @alt_names
  9. [ ssl_client ]
  10. extendedKeyUsage = clientAuth, serverAuth
  11. basicConstraints = CA:FALSE
  12. subjectKeyIdentifier=hash
  13. authorityKeyIdentifier=keyid,issuer
  14. subjectAltName = @alt_names
  15. [ v3_ca ]
  16. basicConstraints = CA:TRUE
  17. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  18. subjectAltName = @alt_names
  19. authorityKeyIdentifier=keyid:always,issuer
  20. [alt_names]
  21. DNS.1 = localhost
  22. {% for host in groups['etcd'] %}
  23. DNS.{{ counter["dns"] }} = {{ host }}{{ increment(counter, 'dns') }}
  24. {% endfor %}
  25. {% if apiserver_loadbalancer_domain_name is defined %}
  26. DNS.{{ counter["dns"] }} = {{ apiserver_loadbalancer_domain_name }}{{ increment(counter, 'dns') }}
  27. {% endif %}
  28. {% for etcd_alt_name in etcd_cert_alt_names %}
  29. DNS.{{ counter["dns"] }} = {{ etcd_alt_name }}{{ increment(counter, 'dns') }}
  30. {% endfor %}
  31. {% for host in groups['etcd'] %}
  32. {% if hostvars[host]['access_ip'] is defined %}
  33. IP.{{ counter["ip"] }} = {{ hostvars[host]['access_ip'] }}{{ increment(counter, 'ip') }}
  34. {% endif %}
  35. IP.{{ counter["ip"] }} = {{ hostvars[host]['ip'] | default(fallback_ips[host]) }}{{ increment(counter, 'ip') }}
  36. {% endfor %}
  37. {% for cert_alt_ip in etcd_cert_alt_ips %}
  38. IP.{{ counter["ip"] }} = {{ cert_alt_ip }}{{ increment(counter, 'ip') }}
  39. {% endfor %}
  40. IP.{{ counter["ip"] }} = 127.0.0.1