blallo/ansible-role-generate-tls-certs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update README

Browse Source
This commit is contained in:
sfigato 2021-01-24 00:32:01 +01:00
parent 92391f3d52
commit bd82ad3751
Signed by: blallo
GPG Key ID: 0CBE577C9B72DC3F
1 changed files with 44 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
README.md
View File

@ -4,7 +4,7 @@ Generates self-signed CA, client and server certificates. Runs locally on contro
Notes: Notes:
- Will not overwrite any files in output cert dir - Will not overwrite any files in output cert dir
- Ansible crypto modules do not support signing certs with own CA yet, using `shell` command instead. Should be resolved in Ansible 2.7 using the [ownca provider](https://github.com/ansible/ansible/commit/b61b113fb9e3fcfcb25f4a8aaabad618e3209ce1). - Will not copy the files to the remote servers if the local files are unchanged
Requirements Requirements
@ -19,68 +19,58 @@ See `defaults/main.yml`
Dependencies Dependencies
------------ ------------
- Refer to [Ansible Crypto modules](http://docs.ansible.com/ansible/latest/modules/list_of_crypto_modules.html)
Install dependencies via
```
$ ansible-galaxy collection install community.crypto
```
Example Playbook Example Playbook
---------------- ----------------
**generate-certs.yaml:**
``` The provided example `playbook.yml` targets two hosts (take a look at the
`Vagrantfile`).
All the cryptographic relevant operations are performed on the host machine and
the resulting relevant files are `copy`ed to the remote target machine.
- `playbook.yml`
```yaml
--- ---
- name: Run role
# ansible-playbook generate-certs.yaml -i localhost, hosts: all
# ansible-playbook generate-certs.yaml -i inventory.yaml roles:
- role: generate-tls-certs
- hosts: all
gather_facts: false
tasks:
- include_vars: vars.yaml
- name: Generate certs
import_role:
name: generate-tls-certs
``` ```
**vars.yaml:** - `inventory.yml`
``` ```yaml
--- ---
all:
hosts:
srv1:
ansible_host: 192.168.123.30
srv2:
ansible_host: 192.168.123.31
vars:
cert_dir: ./certs cert_dir: ./certs
generate_ca_cert: true generate_ca_cert: true
generate_client_cert: true generate_client_cert: true
generate_server_cert: true generate_server_cert: true
tls_ca_email: me@example.org
# ------- tls_ca_country: EU
# CA CERT tls_ca_state: Italy
# ------- tls_ca_locality: Rome
tls_ca_cert: my-ca.pem tls_ca_organization: Example Inc.
tls_ca_csr: my-ca.csr tls_ca_organizationalunit: SysAdmins
tls_ca_key: my-ca.key
tls_ca_country: CA
tls_ca_state: Ontario
tls_ca_locality: Toronto
tls_ca_organization: My Company Inc.
tls_ca_organizationalunit: IT
tls_ca_commonname: My Certificate Authority
# -----------
# CLIENT CERT
# -----------
tls_client_cert: my-client.pem
tls_client_key: my-client.key
tls_client_csr: my-client.csr
tls_client_commonname: My Client
``` ```
If you want to tinker, you can use `vagrant` with the provided `Vagrantfile`.
It assumes `vagrant-libvirt` is installed (along with `libvirt`, of course).
License Run it like this:
-------
BSD
```
Author Information $ vagrant up --provider=libvirt --provision
------------------ ```
[EasyPath IT Solutions Inc.](https://www.easypath.ca)