ca:
   root:
      dn: CN=root.ca.{{ domain_name }},OU=CA,O={{ domain_name }}\, Inc.,DC={{ domain_name }}
      keysize: 2048
      validityDays: {{ cert_valid_days }}
      pkPassword: none
      file: root-ca.pem

### Default values and global settings
defaults:
      validityDays: {{ cert_valid_days }}
      pkPassword: none
      # Set this to true in order to generate config and certificates for
      # the HTTP interface of nodes
      httpsEnabled: true
      reuseTransportCertificatesForHttp: false
      verifyHostnames: false
      resolveHostnames: false


###
### Nodes
###
#
# Specify the nodes of your ES cluster here
#
nodes:
{% for item in groups['os-cluster'] %}
  - name: {{ item }}
    dn: CN={{ item }}.{{ domain_name }},OU=Ops,O={{ domain_name }}\, Inc.,DC={{ domain_name }}
    dns: {{ item }}.{{ domain_name }}
    ip: {{ hostvars[item]['ip'] }}
{% endfor %}

###
### Clients
###
#
# Specify the clients that shall access your ES cluster with certificate authentication here
#
# At least one client must be an admin user (i.e., a super-user). Admin users can
# be specified with the attribute admin: true
#
clients:
  - name: admin
    dn: CN=admin.{{ domain_name }},OU=Ops,O={{ domain_name }}\, Inc.,DC={{ domain_name }}
    admin: true