ics-ans-role-certificate
Ansible role to install an ESS certificate and key.
This role has 4 ways of supplying a server certificate:
- If variables "certificate_key" and "certificate_certificate" are set: Use content of these variables
- If ansible_domain == "esss.lu.se": Install wildcard certificate from rpm repository
- If ansible_domain == "tn.esss.lu.se": Enroll host specific certificate from internal CA
- If ansible_domain is not one of the above: Create a self-signed certificate
Requirements
- ansible >= 2.4
- molecule >= 2.6
Role Variables
certificate_key_path: "/etc/pki/tls/private/{{ ansible_fqdn }}.key"
certificate_cert_path: "/etc/pki/tls/certs/{{ ansible_fqdn }}.crt"
certificate_chained_path: "/etc/pki/tls/certs/{{ ansible_fqdn }}-chained.crt"
certificate_country: SE
certificate_state: Skane
certificate_locality: Lund
certificate_organisation: ESSS
certificate_cn: "{{ ansible_fqdn }}"
certificate_alt_names: []
certificate_subject: "/C={{ certificate_country }}/ST={{ certificate_state }}/L={{ certificate_locality }}/O={{ certificate_organisation }}/CN={{ certificate_cn }}"
certificate_bits: 2048
certificate_csr_path: "/etc/pki/tls/{{ ansible_fqdn }}.csr"
certificate_cnf_path: "/etc/pki/tls/{{ ansible_fqdn }}.cnf"
certificate_adcs_url: https://ca01.esss.lu.se/certsrv/
certificate_adcs_username: srv_ansible
certificate_adcs_password: ''
certificate_adcs_attributes: CertificateTemplate:Computer(2048bits5yrLinux)
certificate_adcs_ssl_verify: true
Example Playbook
- hosts: servers
roles:
- role: ics-ans-role-certificate
License
BSD 2-clause