ansible-role-generate-tls-c.../README.md

Generate TLS certificates
=========================
Generates self-signed CA, client and server certificates. Runs locally on control machine. **Note:** Ansible crypto modules do not support self-signed certs, using `shell` command instead as required.


Requirements
------------
- For server certificates, must specify Ansible inventory file; FQDN must also be set as hostname in inventory file


Role Variables
--------------
See `defaults/main.yml`


Dependencies
------------
- Refer to [Ansible Crypto modules](http://docs.ansible.com/ansible/latest/modules/list_of_crypto_modules.html)


Example Playbook
----------------
**generate-certs.yaml:**
```
---

# ansible-playbook generate-certs.yaml -i localhost,
# ansible-playbook generate-certs.yaml -i inventory.yaml

- hosts: all

  gather_facts: false

  tasks:
    - include_vars: vars.yaml

    - name: Generate certs
      import_role: 
        name: generate-tls-certs

```

**vars.yaml:**
```
---
  cert_dir: ./certs
  generate_ca_cert: true
  generate_client_cert: true
  generate_server_cert: true

  # -------
  # CA CERT
  # -------
  tls_ca_cert: my-ca.pem
  tls_ca_csr: my-ca.csr
  tls_ca_key: my-ca.key
  tls_ca_country: CA
  tls_ca_state: Ontario
  tls_ca_locality: Toronto
  tls_ca_organization: My Company Inc.
  tls_ca_organizationalunit: IT
  tls_ca_commonname: My Certificate Authority

  # -----------
  # CLIENT CERT
  # -----------
  tls_client_cert: my-client.pem
  tls_client_key: my-client.key
  tls_client_csr: my-client.csr
  tls_client_commonname: My Client

```


License
-------
BSD


Author Information
------------------
[EasyPath IT Solutions Inc.](https://www.easypath.ca)
Initial commit 2018-04-20 10:40:41 +02:00			`Generate TLS certificates`
			`=========================`
			Generates self-signed CA, client and server certificates. Runs locally on control machine. Note: Ansible crypto modules do not support self-signed certs, using `shell` command instead as required.


			`Requirements`
			`------------`
			`- For server certificates, must specify Ansible inventory file; FQDN must also be set as hostname in inventory file`


			`Role Variables`
			`--------------`
			See `defaults/main.yml`


			`Dependencies`
			`------------`
			`- Refer to [Ansible Crypto modules](http://docs.ansible.com/ansible/latest/modules/list_of_crypto_modules.html)`


			`Example Playbook`
			`----------------`
			`generate-certs.yaml:`
			```
			`---`

			`# ansible-playbook generate-certs.yaml -i localhost,`
			`# ansible-playbook generate-certs.yaml -i inventory.yaml`

			`- hosts: all`

			`gather_facts: false`

			`tasks:`
			`- include_vars: vars.yaml`

			`- name: Generate certs`
			`import_role:`
			`name: generate-tls-certs`

			```

			`vars.yaml:`
			```
			`---`
Fixed formatting 2018-04-20 10:42:41 +02:00			`cert_dir: ./certs`
			`generate_ca_cert: true`
			`generate_client_cert: true`
			`generate_server_cert: true`

			`# -------`
			`# CA CERT`
			`# -------`
			`tls_ca_cert: my-ca.pem`
			`tls_ca_csr: my-ca.csr`
			`tls_ca_key: my-ca.key`
			`tls_ca_country: CA`
			`tls_ca_state: Ontario`
			`tls_ca_locality: Toronto`
			`tls_ca_organization: My Company Inc.`
			`tls_ca_organizationalunit: IT`
			`tls_ca_commonname: My Certificate Authority`

			`# -----------`
			`# CLIENT CERT`
			`# -----------`
			`tls_client_cert: my-client.pem`
			`tls_client_key: my-client.key`
			`tls_client_csr: my-client.csr`
			`tls_client_commonname: My Client`
Initial commit 2018-04-20 10:40:41 +02:00
			```


			`License`
			`-------`
			`BSD`


			`Author Information`
			`------------------`
			`[EasyPath IT Solutions Inc.](https://www.easypath.ca)`