{% if consul_conf.server %}
[[ with secret "{{ consul_vault_secrets.pki.path }}/issue/{{ consul_vault_secrets.pki.role }}" "common_name=server-{{ ansible_fqdn | regex_replace('\\.', '-') }}.{{ consul_conf.datacenter | default('dc1') }}.{{ consul_conf.domain | default('consul') }}" "alt_names=localhost,consul.service.{{ consul_conf.domain | default('consul') }},server.{{ consul_conf.datacenter | default('dc1') }}.{{ consul_conf.domain | default('consul') }}" ]]
[[ .Data.{{ item.what }} ]]
[[ end ]]
{% if item.what == 'certificate' %}
[[ with secret "{{ consul_vault_secrets.pki.path }}/cert/ca" ]]
[[ .Data.certificate ]]
[[ end ]]
{% endif %}
{% else %}
[[ with secret "{{ consul_vault_secrets.pki.path }}/cert/ca" ]]
[[ .Data.certificate ]]
[[ end ]]
{% endif %}