clvx.easy-rsa

Panoramica Versioni Approfondimenti

EASY-RSA

Ansible role to create an OpenVPN PKI using easy-rsa

Future Work

  • Add password support for server and client keys.
  • Allow revoking or deleting certificates.
  • Enable obtaining certificates from a client CSR without generating keys on a specified PKI server.
  • Improve documentation, refer to usage in .gitlab-ci.yml for now.

Requirements

  • Ansible version 2.1 or higher
  • Ubuntu version 16.04 or higher

Role Variables

This section lists the variables you can set for this role. It includes variables from defaults/main.yml, vars/main.yml, and any others that can be set when using the role. Any variables that come from other roles or global settings (like hostvars or group vars) are noted here too.

Variables Default Description
deploy_key_dir "{{ playbook_dir }}/files }}" Location to store keys
easy_rsa_dir /usr/share/easy-rsa Path to easy-rsa tools
easy_rsa_keydir "{{ deploy_key_dir }}" Location to store keys
easy_rsa_key_size 2048 Size of the keys
easy_rsa_key_country "PE" Country
easy_rsa_key_province "LIMA" Province
easy_rsa_key_city "LIMA" City
easy_rsa_key_org "BAR" Organization
easy_rsa_key_email "foo@example.com" Email address
easy_rsa_key_ou "IT" Organization Unit
easy_rsa_force_pki "False" If true, deletes existing PKI and creates a new one
easy_rsa_inventory True Use inventory names for PKI files with lab-servers and lab-clients groups
groups['lab-servers'] your inventory servers List of servers when easy_rsa_inventory is True
groups['lab-clients'] your inventory clients List of clients when easy_rsa_inventory is True
server_list [] List of servers when easy_rsa_inventory is False
client_list [] List of clients when easy_rsa_inventory is False

Dependencies

None

Example Playbook

This playbook can be used in two ways:

  1. Create and manage your PKI using Ansible with inventory hosts for keys and certificates.

Inventory:

[lab-clients]
localhost

Playbook:

- hosts: lab-clients
  roles:
     - clvx.easy-rsa
  1. Define your own clients and variables with server_list and client_list.

Playbook:

- hosts: lab
  vars:
    - server_list:
        - server1
        - server2
    - client_list:
        - client1
        - client2
  roles:
    - clvx.easy-rsa

License

GPLv3

Author Information

Luis Michael Ibarra

clvx: irc, twitter, reddit, etc.

Informazioni sul progetto

Role to generate an openvpn pki.

role clvx networking openvpn security ubuntu
Installa
ansible-galaxy install clvx.easy-rsa
GitHub repository
1 stelle
0 fork
0 problemi aperti
Licenza
gpl-3.0
Download
149
Proprietario
Luis Michael Ibarra
Linux, Networking and sometimes a coder.