Go to file
Blallo 0bcb4b89b6
Optional tld
When updating /etc/hosts to add the hosts in the inventory, also add the name
postfixed with a configurable tld.
2021-01-24 18:37:15 +01:00
certs Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
defaults Optional tld 2021-01-24 18:37:15 +01:00
meta Added supported platforms 2018-04-20 04:52:41 -04:00
tasks Optional tld 2021-01-24 18:37:15 +01:00
.gitignore Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
ansible.cfg Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
inventory.yml Optional tld 2021-01-24 18:37:15 +01:00
playbook.yml Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
README.md Add pseudo-namespace to variables 2021-01-24 18:37:10 +01:00
requirements.yml Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
Vagrantfile Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00

Generate TLS certificates

Generates self-signed CA, client and server certificates. Runs locally on control machine.

Notes:

  • Will not overwrite any files in output cert dir
  • Will not copy the files to the remote servers if the local files are unchanged
  • Will optionally (see gen_tls_populate_etc_hosts variable) add to each machine's /etc/hosts a line for each host in the inventory.

Requirements

  • For server certificates, must specify Ansible inventory file; FQDN must also be set as hostname in inventory file

Role Variables

See defaults/main.yml

Dependencies

Install dependencies via

$ ansible-galaxy collection install community.crypto

Example Playbook

The provided example playbook.yml targets two hosts (take a look at the Vagrantfile).

All the cryptographic relevant operations are performed on the host machine and the resulting relevant files are copyed to the remote target machine.

  • playbook.yml
---
- name: Run role
  hosts: all
  roles:
    - role: generate-tls-certs
  • inventory.yml
---
all:
  hosts:
    srv1:
      ansible_host: 192.168.123.30
    srv2:
      ansible_host: 192.168.123.31
  vars:
    gen_tls_cert_dir: ./certs
    gen_tls_generate_ca_cert: true
    gen_tls_generate_client_cert: true
    gen_tls_generate_server_cert: true
    gen_tls_ca_email: me@example.org
    gen_tls_ca_country: EU
    gen_tls_ca_state: Italy
    gen_tls_ca_locality: Rome
    gen_tls_ca_organization: Example Inc.
    gen_tls_ca_organizationalunit: SysAdmins
    gen_tls_populate_etc_hosts: yes

If you want to tinker, you can use vagrant with the provided Vagrantfile. It assumes vagrant-libvirt is installed (along with libvirt, of course).

Run it like this:

$ vagrant up --provider=libvirt --provision