AAROC.certificates

This is a role for managing security and trust settings for hosts listed in AAROC inventories. It updates the earlier certificates role from @AAROC/DevOps/Ansible/roles and is built using Ansible Galaxy for easier reuse.

This role is intended for AAROC sites that need to keep their certificates current.

CRLs

CRLs (Certificate Revocation Lists) are not tested here; they are managed in AAROC.UMD-role. More details are explained in issue #1.

IGTF and EGI Trust Anchor

This role installs necessary files that allow your system to trust other systems within the EGI and IGTF networks. It installs public keys from the certificate authorities involved. For further details, visit the IGTF and EGI websites.

Releases

We keep to the IGTF release schedule. Version naming follows the pattern v <major>.<patch>.<IGTF-release>. When new tickets for IGTF releases emerge, we create a corresponding branch and review it.

The only file that should change in a stable version is defaults/main.yml, which specifies igtf_release_version.

Requirements

You will need elevated privileges on the managed hosts for package installation.

Role Variables

• needs_cert: Does this host need a certificate? (true/false)
• igtf_release_version: The version of the IGTF release.

Dependencies

None required.

Example Playbook

Here's an example of how to use this role (with variables):

- hosts: servers
  roles:
    - { role: AAROC.certificates, become: true, needs_cert: false }

License

Apache-2.0

Author Information

Bruce Becker, CSIR Meraka Institute @brucellino

Citing

If you wish to cite this work, use the following reference:

Bruce Becker. (2017, November 17). AAROC/AAROC.certificates: IGTF and EGI release 1.87-1 (Version v1.0.87-1). Zenodo. http://doi.org/10.5281/zenodo.1052867