Add support for cert alt names for etcd (#2139)

* Add support for cert alt names for etcd * Update gen_certs_vault.yml
2026-02-28 09:39:12 +03:00 · 2018-01-09 14:37:34 +03:00
parent fd04c14260
commit 1401286910
3 changed files with 12 additions and 1 deletions
--- a/roles/etcd/templates/openssl.conf.j2
+++ b/roles/etcd/templates/openssl.conf.j2
@@ -31,6 +31,10 @@ DNS.{{ 1 + loop.index }} = {{ host }}
 {% set idx =  groups['etcd'] | length | int + 2 %}
 DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }}
 {% endif %}
+{% set idx =  groups['etcd'] | length | int + 3 %}
+{%- for etcd_alt_name in etcd_cert_alt_names -%}
+DNS.{{ idx + 1 + loop.index }} = {{ etcd_alt_name }}
+{%- endfor -%}
 {% for host in groups['etcd'] %}
 IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
 IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}