Update README
This commit is contained in:
parent
92391f3d52
commit
bd82ad3751
90
README.md
90
README.md
|
@ -4,7 +4,7 @@ Generates self-signed CA, client and server certificates. Runs locally on contro
|
|||
|
||||
Notes:
|
||||
- Will not overwrite any files in output cert dir
|
||||
- Ansible crypto modules do not support signing certs with own CA yet, using `shell` command instead. Should be resolved in Ansible 2.7 using the [ownca provider](https://github.com/ansible/ansible/commit/b61b113fb9e3fcfcb25f4a8aaabad618e3209ce1).
|
||||
- Will not copy the files to the remote servers if the local files are unchanged
|
||||
|
||||
|
||||
Requirements
|
||||
|
@ -19,68 +19,58 @@ See `defaults/main.yml`
|
|||
|
||||
Dependencies
|
||||
------------
|
||||
- Refer to [Ansible Crypto modules](http://docs.ansible.com/ansible/latest/modules/list_of_crypto_modules.html)
|
||||
|
||||
Install dependencies via
|
||||
|
||||
```
|
||||
$ ansible-galaxy collection install community.crypto
|
||||
```
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
**generate-certs.yaml:**
|
||||
```
|
||||
|
||||
The provided example `playbook.yml` targets two hosts (take a look at the
|
||||
`Vagrantfile`).
|
||||
|
||||
All the cryptographic relevant operations are performed on the host machine and
|
||||
the resulting relevant files are `copy`ed to the remote target machine.
|
||||
|
||||
- `playbook.yml`
|
||||
```yaml
|
||||
---
|
||||
|
||||
# ansible-playbook generate-certs.yaml -i localhost,
|
||||
# ansible-playbook generate-certs.yaml -i inventory.yaml
|
||||
|
||||
- hosts: all
|
||||
|
||||
gather_facts: false
|
||||
|
||||
tasks:
|
||||
- include_vars: vars.yaml
|
||||
|
||||
- name: Generate certs
|
||||
import_role:
|
||||
name: generate-tls-certs
|
||||
|
||||
- name: Run role
|
||||
hosts: all
|
||||
roles:
|
||||
- role: generate-tls-certs
|
||||
```
|
||||
|
||||
**vars.yaml:**
|
||||
```
|
||||
- `inventory.yml`
|
||||
```yaml
|
||||
---
|
||||
all:
|
||||
hosts:
|
||||
srv1:
|
||||
ansible_host: 192.168.123.30
|
||||
srv2:
|
||||
ansible_host: 192.168.123.31
|
||||
vars:
|
||||
cert_dir: ./certs
|
||||
generate_ca_cert: true
|
||||
generate_client_cert: true
|
||||
generate_server_cert: true
|
||||
|
||||
# -------
|
||||
# CA CERT
|
||||
# -------
|
||||
tls_ca_cert: my-ca.pem
|
||||
tls_ca_csr: my-ca.csr
|
||||
tls_ca_key: my-ca.key
|
||||
tls_ca_country: CA
|
||||
tls_ca_state: Ontario
|
||||
tls_ca_locality: Toronto
|
||||
tls_ca_organization: My Company Inc.
|
||||
tls_ca_organizationalunit: IT
|
||||
tls_ca_commonname: My Certificate Authority
|
||||
|
||||
# -----------
|
||||
# CLIENT CERT
|
||||
# -----------
|
||||
tls_client_cert: my-client.pem
|
||||
tls_client_key: my-client.key
|
||||
tls_client_csr: my-client.csr
|
||||
tls_client_commonname: My Client
|
||||
|
||||
tls_ca_email: me@example.org
|
||||
tls_ca_country: EU
|
||||
tls_ca_state: Italy
|
||||
tls_ca_locality: Rome
|
||||
tls_ca_organization: Example Inc.
|
||||
tls_ca_organizationalunit: SysAdmins
|
||||
```
|
||||
|
||||
If you want to tinker, you can use `vagrant` with the provided `Vagrantfile`.
|
||||
It assumes `vagrant-libvirt` is installed (along with `libvirt`, of course).
|
||||
|
||||
License
|
||||
-------
|
||||
BSD
|
||||
Run it like this:
|
||||
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
[EasyPath IT Solutions Inc.](https://www.easypath.ca)
|
||||
```
|
||||
$ vagrant up --provider=libvirt --provision
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue
Block a user