--- - name: bootstrap/gen_etcd_certs | Add the etcd role uri: url: "http://{{ groups.vault|first }}:{{ vault_temp_port }}/v1/pki/roles/etcd" headers: "{{ hostvars[groups.vault|first]['vault_headers'] }}" method: POST body_format: json body: allow_any_name: true status_code: 204 when: inventory_hostname == groups.etcd|first - include: ../gen_cert.yml vars: gen_cert_alt_names: "{{ groups.etcd | join(',') }},localhost" gen_cert_copy_ca: "{{ true if item == vault_etcd_certs_needed|first else false }}" gen_cert_hosts: "{{ groups.etcd }}" gen_cert_ip_sans: >- {%- for host in groups.etcd -%} {{ hostvars[host]["ansible_default_ipv4"]["address"] }} {%- if not loop.last -%},{%- endif -%} {%- endfor -%} ,127.0.0.1,::1 gen_cert_path: "{{ item }}" gen_cert_vault_headers: "{{ hostvars[groups.vault|first]['vault_headers'] }}" gen_cert_vault_role: etcd gen_cert_vault_url: "http://{{ groups.vault|first }}:{{ vault_temp_port }}" with_items: "{{ vault_etcd_certs_needed|default([]) }}"