openstack/openstack-ansible-ops
Code Issues Proposed changes
openstack-ansible-ops/skydive/roles/skydive_common/templates/skydive-openssl.cnf.j2
Kevin Carter 78221b17d4
Validate the IP addresses when generating a CNF 
Before adding IP addresses to the CNF validate the entry is an IP
address using the `ipaddr` filter.

Change-Id: I9151b8118b92991b394c0fa7d81d407439f0f3c1
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2019-01-25 23:00:01 -06:00

50 lines
2.0 KiB
Django/Jinja
Raw Blame History

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = XX
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = XX
localityName = Locality Name (eg, city)
localityName_default = XX
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = OpenStack-Ansible
commonName = {{ ((ansible_domain | length) > 0) | ternary(ansible_domain, ansible_hostname) }}
commonName_max = 64
[v3_req]
basicConstraints = CA:TRUE
keyUsage = digitalSignature, keyEncipherment, keyCertSign
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @alt_names
[alt_names]
{% set ips = [] %}
{% set hostnames = [] %}
{% for node in groups['skydive_all'] %}
{% if hostvars[node]['ansible_default_ipv4'] is defined %}
{% set _ansible_interface_name = hostvars[node]['skydive_network_device'] | default(hostvars[node]['ansible_default_ipv4']['interface']) | replace('-', '_') %}
{% set _skydive_ip = hostvars[node]['skydive_bind_address'] | default(hostvars[node]["ansible_" ~ _ansible_interface_name]['ipv4']['address']) %}
{% set _skydive_ansible_domain = hostvars[node]['ansible_fqdn'] | default(hostvars[node]['ansible_hostname'] ) %}
{% set _skydive_dns_name = ((_skydive_ansible_domain | length) > 0) | ternary(_skydive_ansible_domain, hostvars[node]['ansible_hostname']) %}
{% if _skydive_ip | ipaddr %}
{% set _ = ips.append(_skydive_ip) %}
{% endif %}
{% set _ = hostnames.append(_skydive_dns_name) %}
{% if _skydive_ip | ipaddr %}
IP.{{ loop.index }} = {{ _skydive_ip }}
{% endif %}
DNS.{{ loop.index }} = {{ _skydive_dns_name }}
{% endif %}
{% endfor %}
{% set localhost_index = (groups['skydive_all'] | length) + 1 %}
{% if '127.0.0.1' not in ips %}
IP.{{ localhost_index }} = 127.0.0.1
{% endif %}
{% if 'localhost' not in hostnames %}
DNS.{{ localhost_index }} = localhost
{% endif %}
View Git Blame Copy Permalink