blallo/ansible-role-generate-tls-certs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
forked from https://github.com/easypath/ansible-role-generate-tls-certs
17 Commits 1 Branch 0 Tags 52 KiB
INI 100%
426803e260
Go to file
Blallo 426803e260
Change CA cert format and add force copy option 
The certificate form of the CA has to be crt to be sure it is manageable
by the Debian update-ca-certificates executable.
Also, added option to force the copy of the certificates, also if the
local files did not change.
2021-01-24 22:37:47 +01:00
certs Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
defaults Change CA cert format and add force copy option 2021-01-24 22:37:47 +01:00
meta Added supported platforms 2018-04-20 04:52:41 -04:00
tasks Change CA cert format and add force copy option 2021-01-24 22:37:47 +01:00
.gitignore Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
ansible.cfg Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
inventory.yml Optional tld 2021-01-24 18:37:15 +01:00
playbook.yml Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
README.md Add pseudo-namespace to variables 2021-01-24 18:37:10 +01:00
requirements.yml Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
Vagrantfile Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00

README.md

Generate TLS certificates

Generates self-signed CA, client and server certificates. Runs locally on control machine.

Notes:

  • Will not overwrite any files in output cert dir
  • Will not copy the files to the remote servers if the local files are unchanged
  • Will optionally (see gen_tls_populate_etc_hosts variable) add to each machine's /etc/hosts a line for each host in the inventory.

Requirements

  • For server certificates, must specify Ansible inventory file; FQDN must also be set as hostname in inventory file

Role Variables

See defaults/main.yml

Dependencies

Install dependencies via

$ ansible-galaxy collection install community.crypto

Example Playbook

The provided example playbook.yml targets two hosts (take a look at the Vagrantfile).

All the cryptographic relevant operations are performed on the host machine and the resulting relevant files are copyed to the remote target machine.

  • playbook.yml
---
- name: Run role
  hosts: all
  roles:
    - role: generate-tls-certs
  • inventory.yml
---
all:
  hosts:
    srv1:
      ansible_host: 192.168.123.30
    srv2:
      ansible_host: 192.168.123.31
  vars:
    gen_tls_cert_dir: ./certs
    gen_tls_generate_ca_cert: true
    gen_tls_generate_client_cert: true
    gen_tls_generate_server_cert: true
    gen_tls_ca_email: me@example.org
    gen_tls_ca_country: EU
    gen_tls_ca_state: Italy
    gen_tls_ca_locality: Rome
    gen_tls_ca_organization: Example Inc.
    gen_tls_ca_organizationalunit: SysAdmins
    gen_tls_populate_etc_hosts: yes

If you want to tinker, you can use vagrant with the provided Vagrantfile. It assumes vagrant-libvirt is installed (along with libvirt, of course).

Run it like this:

$ vagrant up --provider=libvirt --provision