Do not add vip['address'] so SAN if haproxy is binded to interface

openstack/openstack-ansible-haproxy_server

Code Issues Proposed changes

In a usecase, where HAProxy is binded to interface, *_lb_vip_address
might be set to a wildcard.
We should not be generating a SAN with a wildcard in it.
Change-Id: I45261b8fd572a68f1fc5a72f94653ffd2d302420

This commit is contained in:

Dmitriy Rabotyagov

2024年11月10日 14:31:24 +01:00

parent efaee49680

commit e765160dc4

1 changed files with 4 additions and 2 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

6
vars/main.yml

View File

@@ -28,8 +28,10 @@ _haproxy_pki_certificates: |

{% set _pki_certs = [] %}

{% for vip in haproxy_tls_vip_binds %}

{% set _vip_interface = vip['interface'] | default('') %}

{% set san = 'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['fqdn'] ~ ',' ~ (

vip['address'] | ansible.utils.ipaddr) | ternary('IP:', 'DNS:') ~ vip['address'] %}

{% set san = 'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['fqdn'] %}

{% if vip['address'] != '*' %}

{% set san = san ~ (vip['address'] | ansible.utils.ipaddr) | ternary(',IP:', ',DNS:') ~ vip['address'] %}

{% endif %}

{% if vip['address'] == haproxy_bind_internal_lb_vip_address %}

{% set san = san ~ (internal_lb_vip_address | ansible.utils.ipaddr) | ternary('', ',DNS:' ~ internal_lb_vip_address) %}

{% endif %}

Do not add vip['address'] so SAN if haproxy is binded to interface

6 vars/main.yml Unescape Escape View File

6
vars/main.yml

View File