Update README

2021-01-24 00:32:01 +01:00 · 2021-01-24 00:32:01 +01:00 · bd82ad3751
parent 92391f3d52
commit bd82ad3751
1 changed files with 44 additions and 54 deletions
--- a/README.md
+++ b/README.md
@ -4,7 +4,7 @@ Generates self-signed CA, client and server certificates. Runs locally on contro

 Notes:
 - Will not overwrite any files in output cert dir
- Ansible crypto modules do not support signing certs with own CA yet, using `shell` command instead. Should be resolved in Ansible 2.7 using the [ownca provider](https://github.com/ansible/ansible/commit/b61b113fb9e3fcfcb25f4a8aaabad618e3209ce1).
+- Will not copy the files to the remote servers if the local files are unchanged


 Requirements
@ -19,68 +19,58 @@ See `defaults/main.yml`

 Dependencies
 ------------
- Refer to [Ansible Crypto modules](http://docs.ansible.com/ansible/latest/modules/list_of_crypto_modules.html)

+Install dependencies via
+
+```
+$ ansible-galaxy collection install community.crypto
+```

 Example Playbook
 ----------------
-**generate-certs.yaml:**
-```
---

-# ansible-playbook generate-certs.yaml -i localhost,
-# ansible-playbook generate-certs.yaml -i inventory.yaml
+The provided example `playbook.yml` targets two hosts (take a look at the
+`Vagrantfile`).

- hosts: all
+All the cryptographic relevant operations are performed on the host machine and
+the resulting relevant files are `copy`ed to the remote target machine.

-  gather_facts: false
+  - `playbook.yml`
+  ```yaml
+  ---
+  - name: Run role
+    hosts: all
+    roles:
+      - role: generate-tls-certs
+  ```

-  tasks:
-    - include_vars: vars.yaml
+  - `inventory.yml`
+  ```yaml
+  ---
+  all:
+    hosts:
+      srv1:
+        ansible_host: 192.168.123.30
+      srv2:
+        ansible_host: 192.168.123.31
+    vars:
+      cert_dir: ./certs
+      generate_ca_cert: true
+      generate_client_cert: true
+      generate_server_cert: true
+      tls_ca_email: me@example.org
+      tls_ca_country: EU
+      tls_ca_state: Italy
+      tls_ca_locality: Rome
+      tls_ca_organization: Example Inc.
+      tls_ca_organizationalunit: SysAdmins
+  ```

-    - name: Generate certs
-      import_role:
-        name: generate-tls-certs
+If you want to tinker, you can use `vagrant` with the provided `Vagrantfile`.
+It assumes `vagrant-libvirt` is installed (along with `libvirt`, of course).
+
+Run it like this:

 ```
-
-**vars.yaml:**
+$ vagrant up --provider=libvirt --provision
 ```
---
-  cert_dir: ./certs
-  generate_ca_cert: true
-  generate_client_cert: true
-  generate_server_cert: true
-
-  # -------
-  # CA CERT
-  # -------
-  tls_ca_cert: my-ca.pem
-  tls_ca_csr: my-ca.csr
-  tls_ca_key: my-ca.key
-  tls_ca_country: CA
-  tls_ca_state: Ontario
-  tls_ca_locality: Toronto
-  tls_ca_organization: My Company Inc.
-  tls_ca_organizationalunit: IT
-  tls_ca_commonname: My Certificate Authority
-
-  # -----------
-  # CLIENT CERT
-  # -----------
-  tls_client_cert: my-client.pem
-  tls_client_key: my-client.key
-  tls_client_csr: my-client.csr
-  tls_client_commonname: My Client
-
-```
-
-
-License
-------
-BSD
-
-
-Author Information
------------------
-[EasyPath IT Solutions Inc.](https://www.easypath.ca)