83 lines
1.6 KiB
Markdown
83 lines
1.6 KiB
Markdown
Generate TLS certificates
|
|
=========================
|
|
Generates self-signed CA, client and server certificates. Runs locally on control machine. **Note:** Ansible crypto modules do not support self-signed certs, using `shell` command instead as required.
|
|
|
|
|
|
Requirements
|
|
------------
|
|
- For server certificates, must specify Ansible inventory file; FQDN must also be set as hostname in inventory file
|
|
|
|
|
|
Role Variables
|
|
--------------
|
|
See `defaults/main.yml`
|
|
|
|
|
|
Dependencies
|
|
------------
|
|
- Refer to [Ansible Crypto modules](http://docs.ansible.com/ansible/latest/modules/list_of_crypto_modules.html)
|
|
|
|
|
|
Example Playbook
|
|
----------------
|
|
**generate-certs.yaml:**
|
|
```
|
|
---
|
|
|
|
# ansible-playbook generate-certs.yaml -i localhost,
|
|
# ansible-playbook generate-certs.yaml -i inventory.yaml
|
|
|
|
- hosts: all
|
|
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- include_vars: vars.yaml
|
|
|
|
- name: Generate certs
|
|
import_role:
|
|
name: generate-tls-certs
|
|
|
|
```
|
|
|
|
**vars.yaml:**
|
|
```
|
|
---
|
|
cert_dir: ./certs
|
|
generate_ca_cert: true
|
|
generate_client_cert: true
|
|
generate_server_cert: true
|
|
|
|
# -------
|
|
# CA CERT
|
|
# -------
|
|
tls_ca_cert: my-ca.pem
|
|
tls_ca_csr: my-ca.csr
|
|
tls_ca_key: my-ca.key
|
|
tls_ca_country: CA
|
|
tls_ca_state: Ontario
|
|
tls_ca_locality: Toronto
|
|
tls_ca_organization: My Company Inc.
|
|
tls_ca_organizationalunit: IT
|
|
tls_ca_commonname: My Certificate Authority
|
|
|
|
# -----------
|
|
# CLIENT CERT
|
|
# -----------
|
|
tls_client_cert: my-client.pem
|
|
tls_client_key: my-client.key
|
|
tls_client_csr: my-client.csr
|
|
tls_client_commonname: My Client
|
|
|
|
```
|
|
|
|
|
|
License
|
|
-------
|
|
BSD
|
|
|
|
|
|
Author Information
|
|
------------------
|
|
[EasyPath IT Solutions Inc.](https://www.easypath.ca)
|