安全协议>> ansible-role-generate-tls-certs>> 返回
项目作者: easypath

项目描述 :
Generates self-signed CA, client and server certificates
高级语言:
项目地址: git://github.com/easypath/ansible-role-generate-tls-certs.git


Generate TLS certificates

Generates self-signed CA, client and server certificates. Runs locally on control machine.

Notes:

  • Will not overwrite any files in output cert dir
  • Ansible crypto modules do not support signing certs with own CA yet, using shell command instead. Should be resolved in Ansible 2.7 using the ownca provider.

Requirements

  • For server certificates, must specify Ansible inventory file; FQDN must also be set as hostname in inventory file

Role Variables

See defaults/main.yml

Dependencies

Example Playbook

generate-certs.yaml:

  1. ---
  3. # ansible-playbook generate-certs.yaml -i localhost,
  4. # ansible-playbook generate-certs.yaml -i inventory.yaml
  6. - hosts: all
  8.   gather_facts: false
  10.   tasks:
  11.     - include_vars: vars.yaml
  13.     - name: Generate certs
  14.       import_role:
  15.         name: generate-tls-certs

vars.yaml:

  1. ---
  2.   cert_dir: ./certs
  3.   generate_ca_cert: true
  4.   generate_client_cert: true
  5.   generate_server_cert: true
  7.   # -------
  8.   # CA CERT
  9.   # -------
  10.   tls_ca_cert: my-ca.pem
  11.   tls_ca_csr: my-ca.csr
  12.   tls_ca_key: my-ca.key
  13.   tls_ca_country: CA
  14.   tls_ca_state: Ontario
  15.   tls_ca_locality: Toronto
  16.   tls_ca_organization: My Company Inc.
  17.   tls_ca_organizationalunit: IT
  18.   tls_ca_commonname: My Certificate Authority
  20.   # -----------
  21.   # CLIENT CERT
  22.   # -----------
  23.   tls_client_cert: my-client.pem
  24.   tls_client_key: my-client.key
  25.   tls_client_csr: my-client.csr
  26.   tls_client_commonname: My Client

License

BSD

Author Information

EasyPath IT Solutions Inc.