From d7919a4a45e8abf268059c097f726247e1e6c3fc Mon Sep 17 00:00:00 2001
From: Pavlov Makar <mpavlov@olssonul.com>
Date: Fri, 15 Aug 2025 00:09:06 +0300
Subject: [PATCH] Allow rproxy generate certificates for proxy host

---
 roles/rproxy/tasks/addconfig.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/rproxy/tasks/addconfig.yml b/roles/rproxy/tasks/addconfig.yml
index 086ca43..9539903 100644
--- a/roles/rproxy/tasks/addconfig.yml
+++ b/roles/rproxy/tasks/addconfig.yml
@@ -37,6 +37,12 @@
       become_user: "{{ ansible_user }}"
       ignore_errors: true
 
+    - name: "Allow {{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }} to get certificates for HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }} SPN "
+      ansible.builtin.shell:
+        cmd: "ipa service-add-host --hosts={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }} HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}"
+      become: false
+      become_user: "{{ ansible_user }}"
+
     - name: Request certificate via ipa-getcert
       ansible.builtin.command: >
         ipa-getcert request