blallo/ansible-role-generate-tls-certs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update README

Browse Source
This commit is contained in:
sfigato 2021-01-24 00:32:01 +01:00
parent 92391f3d52
commit bd82ad3751
Signed by: blallo
GPG Key ID: 0CBE577C9B72DC3F
1 changed files with 44 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
README.md
View File

@ -4,7 +4,7 @@ Generates self-signed CA, client and server certificates. Runs locally on contro
Notes: Notes:
- Will not overwrite any files in output cert dir - Will not overwrite any files in output cert dir
- Ansible crypto modules do not support signing certs with own CA yet, using `shell` command instead. Should be resolved in Ansible 2.7 using the [ownca provider](https://github.com/ansible/ansible/commit/b61b113fb9e3fcfcb25f4a8aaabad618e3209ce1). - Will not copy the files to the remote servers if the local files are unchanged
Requirements Requirements
@ -19,68 +19,58 @@ See `defaults/main.yml`
Dependencies Dependencies
------------ ------------
- Refer to [Ansible Crypto modules](http://docs.ansible.com/ansible/latest/modules/list_of_crypto_modules.html)
Install dependencies via
```
$ ansible-galaxy collection install community.crypto
```
Example Playbook Example Playbook
---------------- ----------------
**generate-certs.yaml:**
```
---
# ansible-playbook generate-certs.yaml -i localhost, The provided example `playbook.yml` targets two hosts (take a look at the
# ansible-playbook generate-certs.yaml -i inventory.yaml `Vagrantfile`).
- hosts: all All the cryptographic relevant operations are performed on the host machine and
the resulting relevant files are `copy`ed to the remote target machine.
gather_facts: false - `playbook.yml`
```yaml
---
- name: Run role
hosts: all
roles:
- role: generate-tls-certs
```
tasks: - `inventory.yml`
- include_vars: vars.yaml ```yaml
---
all:
hosts:
srv1:
ansible_host: 192.168.123.30
srv2:
ansible_host: 192.168.123.31
vars:
cert_dir: ./certs
generate_ca_cert: true
generate_client_cert: true
generate_server_cert: true
tls_ca_email: me@example.org
tls_ca_country: EU
tls_ca_state: Italy
tls_ca_locality: Rome
tls_ca_organization: Example Inc.
tls_ca_organizationalunit: SysAdmins
```
- name: Generate certs If you want to tinker, you can use `vagrant` with the provided `Vagrantfile`.
import_role: It assumes `vagrant-libvirt` is installed (along with `libvirt`, of course).
name: generate-tls-certs
Run it like this:
``` ```
$ vagrant up --provider=libvirt --provision
**vars.yaml:**
``` ```
---
cert_dir: ./certs
generate_ca_cert: true
generate_client_cert: true
generate_server_cert: true
# -------
# CA CERT
# -------
tls_ca_cert: my-ca.pem
tls_ca_csr: my-ca.csr
tls_ca_key: my-ca.key
tls_ca_country: CA
tls_ca_state: Ontario
tls_ca_locality: Toronto
tls_ca_organization: My Company Inc.
tls_ca_organizationalunit: IT
tls_ca_commonname: My Certificate Authority
# -----------
# CLIENT CERT
# -----------
tls_client_cert: my-client.pem
tls_client_key: my-client.key
tls_client_csr: my-client.csr
tls_client_commonname: My Client
```
License
-------
BSD
Author Information
------------------
[EasyPath IT Solutions Inc.](https://www.easypath.ca)