83 lines
1.6 KiB
Markdown
83 lines
1.6 KiB
Markdown
|
Generate TLS certificates
|
||
|
=========================
|
||
|
Generates self-signed CA, client and server certificates. Runs locally on control machine. **Note:** Ansible crypto modules do not support self-signed certs, using `shell` command instead as required.
|
||
|
|
||
|
|
||
|
Requirements
|
||
|
------------
|
||
|
- For server certificates, must specify Ansible inventory file; FQDN must also be set as hostname in inventory file
|
||
|
|
||
|
|
||
|
Role Variables
|
||
|
--------------
|
||
|
See `defaults/main.yml`
|
||
|
|
||
|
|
||
|
Dependencies
|
||
|
------------
|
||
|
- Refer to [Ansible Crypto modules](http://docs.ansible.com/ansible/latest/modules/list_of_crypto_modules.html)
|
||
|
|
||
|
|
||
|
Example Playbook
|
||
|
----------------
|
||
|
**generate-certs.yaml:**
|
||
|
```
|
||
|
---
|
||
|
|
||
|
# ansible-playbook generate-certs.yaml -i localhost,
|
||
|
# ansible-playbook generate-certs.yaml -i inventory.yaml
|
||
|
|
||
|
- hosts: all
|
||
|
|
||
|
gather_facts: false
|
||
|
|
||
|
tasks:
|
||
|
- include_vars: vars.yaml
|
||
|
|
||
|
- name: Generate certs
|
||
|
import_role:
|
||
|
name: generate-tls-certs
|
||
|
|
||
|
```
|
||
|
|
||
|
**vars.yaml:**
|
||
|
```
|
||
|
---
|
||
|
cert_dir: ./certs
|
||
|
generate_ca_cert: true
|
||
|
generate_client_cert: true
|
||
|
generate_server_cert: true
|
||
|
|
||
|
# -------
|
||
|
# CA CERT
|
||
|
# -------
|
||
|
tls_ca_cert: my-ca.pem
|
||
|
tls_ca_csr: my-ca.csr
|
||
|
tls_ca_key: my-ca.key
|
||
|
tls_ca_country: CA
|
||
|
tls_ca_state: Ontario
|
||
|
tls_ca_locality: Toronto
|
||
|
tls_ca_organization: My Company Inc.
|
||
|
tls_ca_organizationalunit: IT
|
||
|
tls_ca_commonname: My Certificate Authority
|
||
|
|
||
|
# -----------
|
||
|
# CLIENT CERT
|
||
|
# -----------
|
||
|
tls_client_cert: my-client.pem
|
||
|
tls_client_key: my-client.key
|
||
|
tls_client_csr: my-client.csr
|
||
|
tls_client_commonname: My Client
|
||
|
|
||
|
```
|
||
|
|
||
|
|
||
|
License
|
||
|
-------
|
||
|
BSD
|
||
|
|
||
|
|
||
|
Author Information
|
||
|
------------------
|
||
|
[EasyPath IT Solutions Inc.](https://www.easypath.ca)
|