caermeglaeddyv.ansible_role_cfssl

Panoramica Versioni Approfondimenti

Ansible Role: CFSSL

This role is for creating CFSSL profiles and certificates.

Currently, it can:

  • Generate a CFSSL root Certificate Authority (CA) and server certificates.

Requirements

These are not strict requirements, but using versions other than those tested might not work. Feel free to test it yourself, suggest new features, and contribute.

This role has been tested with:

  • Ansible version >= 2.8.6

You need to have CFSSL and CFSSLJSON installed locally if the variable cfssl_create is set to True (which is the default).

Role Variables

Here are some variables and their descriptions taken from the defaults/main.yml file:


# Name used for the project, typically in config files or file names:
cfssl_project_name: test

# Working directory on the local machine where certificates will be stored:
cfssl_project_dir: "{{ cfssl_project_name }}"

# Common name for the Root CA:
cfssl_ca_cn: "cfssl root ca"

# Key algorithm for the Root CA:
cfssl_ca_key_algo: "rsa"

# Key size for the Root CA:
cfssl_ca_key_size: 4096

# Distinguished names for the Root CA:
cfssl_ca_names:
- c: "Neverland"
  l: "Rivia"
  o: "Witchers"
  ou: "Caer Morhen"

# Server certificate expiry time in hours:
cfssl_server_expiry: "17520h"

# Types of usages for the certificate:
cfssl_server_usages:
- digital signature
- key encipherment
- server auth

# Common name for the server certificate:
cfssl_server_cn: "server"

# Key algorithm for the server certificate:
cfssl_server_key_algo: "rsa"

# Key size for the server certificate:
cfssl_server_key_size: 2048

# Distinguished names for the server certificate:
cfssl_server_names:
- c: "Neverland"
  l: "Rivia"
  o: "Witchers"
  ou: "Caer Morhen"

# Hostnames or IP addresses for which the server certificate will be valid:
cfssl_server_hosts: []

# Prefix added to each generated file name:
cfssl_prefix: test

Dependencies

CFSSL and CFSSLJSON must be installed locally if cfssl_create is set to True (default).

Example Playbook

---
- hosts: localhost
  gather_facts: false
  become: no
  tasks:
  - name: Check Ansible version >=2.8.6
    assert:
      msg: Ansible must be v2.8.6 or higher
      that:
      - ansible_version.string is version("2.8.6", ">=")
    tags:
    - check
  vars:
    ansible_connection: local

- hosts: all
  become: yes
  tasks:
  - import_role:
      name: cfssl

For more detailed examples (like inventories, playbooks, etc.), check here.

It's highly recommended to start your test deployments from there, especially if you are using Google Cloud Platform or VMware vCenter. The repository includes examples for Packer and Terraform to build templates and deploy machines on these platforms.

License

Apache 2.0

Author Information

Copyright 2020 caermeglaeddyv

Informazioni sul progetto

Linux / Kubernetes Administrator

role cfssl cfssljson
Installa
ansible-galaxy install caermeglaeddyv.ansible_role_cfssl
GitHub repository
0 stelle
0 fork
0 problemi aperti
Licenza
apache-2.0
Download
148
Proprietario