buluma.ca
Ansible Role ca
This role helps you install and set up a certificate authority on your system.
| GitHub | Version | Issues | Pull Requests | Downloads |
|---|---|---|---|---|
 |
 |
 |
 |
 |
Example Playbook
Here’s a sample playbook from molecule/default/converge.yml that is tested whenever changes are made.
---
- name: Converge
hosts: all
become: true
gather_facts: true
roles:
- role: buluma.ca
To set up the machine, use the preparation steps in molecule/default/prepare.yml:
---
- name: Prepare
hosts: all
become: true
gather_facts: false
roles:
- role: buluma.bootstrap
- role: buluma.buildtools
- role: buluma.epel
- role: buluma.python_pip
- role: buluma.openssl
openssl_items:
- name: apache-httpd
common_name: "{{ ansible_fqdn }}"
- role: buluma.httpd
For more detailed instructions and examples, check out this guide.
Role Variables
Default values for the role variables can be found in defaults/main.yml:
---
# defaults file for ca
# Set ca_init: 'yes' to create CA
ca_init: true
# Set ca_own_root: 'yes' if you want your own root CA.
# If not, manually set ca_certificate_path
ca_own_root: true
# Passphrase for the CA key.
ca_passphrase: SuP3rS3cr3T
# The common name for the CA.
ca_common_name: example.com
# Other CA details.
ca_country_name: KE
ca_email_address: [email protected]
ca_organization_name: Very little
ca_organizational_unit_name: Even less
ca_state_or_province_name: Nairobi
ca_locality_name: Nairobi
# Two formats to request a key and certificate:
# 1. With details: (Includes `name:`)
# ca_requests:
# - name: certificate1.example.com
# passphrase: S3creT
#
# 2. Without details: (Does not include `name:`)
# ca_requests:
# - "{{ ansible_fqdn }}"
# You can mix these formats:
# ca_requests:
# - name: certificate1.example.com
# passphrase: S3creT
# - "{{ ansible_fqdn }}"
# Where to publish the certificates, normally a web server location.
# If not specified, certificates won't be published.
# {{ httpd_data_directory }} is inherited from the role buluma.httpd.
ca_publication_location: "{{ httpd_data_directory | default('/tmp') }}/pub"
# Location to store the certificates, normally in preferred distribution paths.
# To specify a different path, use:
# ca_openssl_path: /my/preferred/path
ca_openssl_path: "{{ _ca_openssl_path[ansible_os_family] | default(_ca_openssl_path['default']) }}"
Requirements
- The required pip packages are listed in requirements.txt.
State of Used Roles
Here's a list of roles used to prepare the system. You can prepare your system differently.
| Requirement | GitHub | Version |
|---|---|---|
| buluma.bootstrap |  |
 |
| buluma.buildtools |  |
 |
| buluma.epel |  |
 |
| buluma.httpd |  |
 |
| buluma.openssl |  |
 |
| buluma.python_pip |  |
 |
Context
This role is part of many compatible roles. For more information, check out the documentation of these roles.
Here’s a visual overview of related roles:
Compatibility
This role has been tested on these container images:
| Container | Tags |
|---|---|
| EL | 9 |
| Debian | all |
| Fedora | 38, 39, 40 |
| openSUSE | all |
| Ubuntu | jammy, noble |
You need at least Ansible version 2.12. Tests have been performed on:
- The previous version.
- The current version.
- The development version.
If you encounter any issues, please report them on GitHub.
Changelog
Check out the Role History.
License
This project is licensed under Apache-2.0.
Author Information
Created by Shadow Walker.
Install and configure a certificate authority on your system.
ansible-galaxy install buluma.ca