You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
blallo 426803e260
Change CA cert format and add force copy option
10 months ago
certs Update with community.crypto collection modules 10 months ago
defaults Change CA cert format and add force copy option 10 months ago
meta Added supported platforms 4 years ago
tasks Change CA cert format and add force copy option 10 months ago
.gitignore Update with community.crypto collection modules 10 months ago
README.md Add pseudo-namespace to variables 10 months ago
Vagrantfile Update with community.crypto collection modules 10 months ago
ansible.cfg Update with community.crypto collection modules 10 months ago
inventory.yml Optional tld 10 months ago
playbook.yml Update with community.crypto collection modules 10 months ago
requirements.yml Update with community.crypto collection modules 10 months ago

README.md

Generate TLS certificates

Generates self-signed CA, client and server certificates. Runs locally on control machine.

Notes:

  • Will not overwrite any files in output cert dir
  • Will not copy the files to the remote servers if the local files are unchanged
  • Will optionally (see gen_tls_populate_etc_hosts variable) add to each machine's /etc/hosts a line for each host in the inventory.

Requirements

  • For server certificates, must specify Ansible inventory file; FQDN must also be set as hostname in inventory file

Role Variables

See defaults/main.yml

Dependencies

Install dependencies via

$ ansible-galaxy collection install community.crypto

Example Playbook

The provided example playbook.yml targets two hosts (take a look at the Vagrantfile).

All the cryptographic relevant operations are performed on the host machine and the resulting relevant files are copyed to the remote target machine.

  • playbook.yml
---
- name: Run role
  hosts: all
  roles:
    - role: generate-tls-certs
  • inventory.yml
---
all:
  hosts:
    srv1:
      ansible_host: 192.168.123.30
    srv2:
      ansible_host: 192.168.123.31
  vars:
    gen_tls_cert_dir: ./certs
    gen_tls_generate_ca_cert: true
    gen_tls_generate_client_cert: true
    gen_tls_generate_server_cert: true
    gen_tls_ca_email: me@example.org
    gen_tls_ca_country: EU
    gen_tls_ca_state: Italy
    gen_tls_ca_locality: Rome
    gen_tls_ca_organization: Example Inc.
    gen_tls_ca_organizationalunit: SysAdmins
    gen_tls_populate_etc_hosts: yes

If you want to tinker, you can use vagrant with the provided Vagrantfile. It assumes vagrant-libvirt is installed (along with libvirt, of course).

Run it like this:

$ vagrant up --provider=libvirt --provision