You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
blallo 426803e260
Change CA cert format and add force copy option
1 month ago
certs Update with community.crypto collection modules 1 month ago
defaults Change CA cert format and add force copy option 1 month ago
meta Added supported platforms 2 years ago
tasks Change CA cert format and add force copy option 1 month ago
.gitignore Update with community.crypto collection modules 1 month ago
README.md Add pseudo-namespace to variables 1 month ago
Vagrantfile Update with community.crypto collection modules 1 month ago
ansible.cfg Update with community.crypto collection modules 1 month ago
inventory.yml Optional tld 1 month ago
playbook.yml Update with community.crypto collection modules 1 month ago
requirements.yml Update with community.crypto collection modules 1 month ago

README.md

Generate TLS certificates

Generates self-signed CA, client and server certificates. Runs locally on control machine.

Notes:

  • Will not overwrite any files in output cert dir
  • Will not copy the files to the remote servers if the local files are unchanged
  • Will optionally (see gen_tls_populate_etc_hosts variable) add to each machine’s /etc/hosts a line for each host in the inventory.

Requirements

  • For server certificates, must specify Ansible inventory file; FQDN must also be set as hostname in inventory file

Role Variables

See defaults/main.yml

Dependencies

Install dependencies via

$ ansible-galaxy collection install community.crypto

Example Playbook

The provided example playbook.yml targets two hosts (take a look at the Vagrantfile).

All the cryptographic relevant operations are performed on the host machine and the resulting relevant files are copyed to the remote target machine.

  • playbook.yml
---
- name: Run role
  hosts: all
  roles:
    - role: generate-tls-certs
  • inventory.yml
---
all:
  hosts:
    srv1:
      ansible_host: 192.168.123.30
    srv2:
      ansible_host: 192.168.123.31
  vars:
    gen_tls_cert_dir: ./certs
    gen_tls_generate_ca_cert: true
    gen_tls_generate_client_cert: true
    gen_tls_generate_server_cert: true
    gen_tls_ca_email: me@example.org
    gen_tls_ca_country: EU
    gen_tls_ca_state: Italy
    gen_tls_ca_locality: Rome
    gen_tls_ca_organization: Example Inc.
    gen_tls_ca_organizationalunit: SysAdmins
    gen_tls_populate_etc_hosts: yes

If you want to tinker, you can use vagrant with the provided Vagrantfile. It assumes vagrant-libvirt is installed (along with libvirt, of course).

Run it like this:

$ vagrant up --provider=libvirt --provision