Merge pull request #2059 from bradbeam/vaultalt

Fixing alt_names for vault cert generation
7 years ago · 39ce1bd8be
2 changed files with 2 additions and 6 deletions
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@ -84,11 +84,7 @@ vault_ca_options:
    format: pem
    ttl: "{{ vault_max_lease_ttl }}"
    exclude_cn_from_sans: true
-    alt_names:
-      - "vault.{{ system_namespace }}.svc.{{ dns_domain }}"
-      - "vault.{{ system_namespace }}.svc"
-      - "vault.{{ system_namespace }}"
-      - "vault"
+    alt_names: "vault.{{ system_namespace }}.svc.{{ dns_domain }},vault.{{ system_namespace }}.svc,vault.{{ system_namespace }},vault"
  etcd:
    common_name: etcd
    format: pem
--- a/roles/vault/tasks/bootstrap/gen_vault_certs.yml
+++ b/roles/vault/tasks/bootstrap/gen_vault_certs.yml
@ -2,7 +2,7 @@
 - include: ../shared/issue_cert.yml
  vars:
    issue_cert_common_name: "{{ vault_pki_mounts.vault.roles[0].name }}"
-    issue_cert_alt_names: "{{ groups['vault'] + ['localhost'] + vault_ca_options.vault.alt_names|default() | join(',') }}"
+    issue_cert_alt_names: "{{ groups['vault'] + ['localhost'] + (vault_ca_options['vault']['alt_names'].split(','))|default() }}"
    issue_cert_hosts: "{{ groups['vault'] }}"
    issue_cert_ip_sans: >-
        [