buluma.openssl
Ansible role openssl
Creates OpenSSL certificates.
| GitHub | Version | Issues | Pull Requests | Downloads |
|---|---|---|---|---|
 |
 |
 |
 |
 |
Example Playbook
This example is taken from molecule/default/converge.yml and is tested when code is pushed, or when requests are made for changes.
---
- name: Converge
hosts: all
become: true
gather_facts: true
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
- name: Check if python3.11 EXTERNALLY-MANAGED file exists
ansible.builtin.stat:
path: /usr/lib/python3.11/EXTERNALLY-MANAGED
register: externally_managed_file_py311
- name: Rename python3.11 EXTERNALLY-MANAGED file if it exists
ansible.builtin.command:
cmd: mv /usr/lib/python3.11/EXTERNALLY-MANAGED /usr/lib/python3.11/EXTERNALLY-MANAGED.old
when: externally_managed_file_py311.stat.exists
args:
creates: /usr/lib/python3.11/EXTERNALLY-MANAGED.old
- name: Check if python3.12 EXTERNALLY-MANAGED file exists
ansible.builtin.stat:
path: /usr/lib/python3.12/EXTERNALLY-MANAGED
register: externally_managed_file_py312
- name: Rename python3.12 EXTERNALLY-MANAGED file if it exists
ansible.builtin.command:
cmd: mv /usr/lib/python3.12/EXTERNALLY-MANAGED /usr/lib/python3.12/EXTERNALLY-MANAGED.old
when: externally_managed_file_py312.stat.exists
args:
creates: /usr/lib/python3.12/EXTERNALLY-MANAGED.old
roles:
- role: buluma.openssl
openssl_items:
- name: my_openssl_key
common_name: my.example.com
Before this runs, ensure the machine is ready using molecule/default/prepare.yml:
---
- name: Prepare
hosts: all
become: true
gather_facts: false
roles:
- role: buluma.bootstrap
- role: buluma.buildtools
- role: buluma.epel
- role: buluma.python_pip
Refer to a full explanation and example for detailed usage.
Role Variables
Default values for variables can be found in defaults/main.yml:
---
# defaults file for openssl
# List of ssl key/csr/crt/p12's to create:
# openssl_items:
# - name: my_openssl_key
# common_name: my.example.com
# Change paths for each object type (key, csr, crt, p12, pkcs12). Default paths are set in `vars/main.yml`.
# This directory holds sensitive objects. (key, p12, pkcs12)
openssl_key_directory: "{{ _openssl_key_directory[ansible_os_family] | default(_openssl_key_directory['default']) }}"
# This directory holds public, non-persistent objects. (csr)
openssl_csr_directory: "{{ _openssl_csr_directory[ansible_os_family] | default(_openssl_csr_directory['default']) }}"
# This directory holds public, persistent objects. (crt)
openssl_crt_directory: "{{ _openssl_crt_directory[ansible_os_family] | default(_openssl_crt_directory['default']) }}"
# Change the owner and group of files created by this role.
openssl_file_owner: root
openssl_file_group: root
Requirements
- pip packages listed in requirements.txt.
State of used roles
These roles are used for system preparation. You can prepare your system differently.
| Requirement | GitHub | Version |
|---|---|---|
| buluma.bootstrap |  |
 |
| buluma.buildtools |  |
 |
| buluma.epel |  |
 |
| buluma.python_pip |  |
 |
Context
This role is part of several compatible roles. Check the documentation of these roles for more information.
Here’s an overview of related roles:
Compatibility
This role has been tested on these container images:
| container | tags |
|---|---|
| Alpine | all |
| EL | 8, 9 |
| Debian | all |
| Fedora | 38, 39, 40 |
| opensuse | all |
| Ubuntu | focal, bionic, jammy, noble |
The minimum required version of Ansible is 2.17, tests have been done on:
- The previous version.
- The current version.
- The development version.
If you find anything wrong, please report it on GitHub.
Changelog
License
Author Information
ansible-galaxy install buluma.openssl