Go to file
2021-01-24 12:50:53 +01:00
certs Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
defaults Split tasks 2018-04-22 05:02:16 -04:00
meta Added supported platforms 2018-04-20 04:52:41 -04:00
tasks Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
templates Fixed overwriting of certs when re-running playbook 2018-08-17 09:03:27 -04:00
.gitignore Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
ansible.cfg Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
inventory.yml Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
playbook.yml Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
README.md Fixed overwriting of certs when re-running playbook 2018-08-17 09:03:27 -04:00
requirements.yml Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00
Vagrantfile Update with community.crypto collection modules 2021-01-24 12:50:53 +01:00

Generate TLS certificates

Generates self-signed CA, client and server certificates. Runs locally on control machine.

Notes:

  • Will not overwrite any files in output cert dir
  • Ansible crypto modules do not support signing certs with own CA yet, using shell command instead. Should be resolved in Ansible 2.7 using the ownca provider.

Requirements

  • For server certificates, must specify Ansible inventory file; FQDN must also be set as hostname in inventory file

Role Variables

See defaults/main.yml

Dependencies

Example Playbook

generate-certs.yaml:

---

# ansible-playbook generate-certs.yaml -i localhost,
# ansible-playbook generate-certs.yaml -i inventory.yaml

- hosts: all

  gather_facts: false

  tasks:
    - include_vars: vars.yaml

    - name: Generate certs
      import_role:
        name: generate-tls-certs

vars.yaml:

---
  cert_dir: ./certs
  generate_ca_cert: true
  generate_client_cert: true
  generate_server_cert: true

  # -------
  # CA CERT
  # -------
  tls_ca_cert: my-ca.pem
  tls_ca_csr: my-ca.csr
  tls_ca_key: my-ca.key
  tls_ca_country: CA
  tls_ca_state: Ontario
  tls_ca_locality: Toronto
  tls_ca_organization: My Company Inc.
  tls_ca_organizationalunit: IT
  tls_ca_commonname: My Certificate Authority

  # -----------
  # CLIENT CERT
  # -----------
  tls_client_cert: my-client.pem
  tls_client_key: my-client.key
  tls_client_csr: my-client.csr
  tls_client_commonname: My Client

License

BSD

Author Information

EasyPath IT Solutions Inc.