githubixx.cfssl

Panoramica Versioni Approfondimenti

ansible-role-cfssl

This installs CFSSL (CloudFlare's PKI toolkit) binaries. I used it as a simple certificate authority (CA) for Kubernetes. This Ansible playbook is part of Kubernetes the not so hard way with Ansible - certificate authority.

Versions

I label every release and follow semantic versioning. If you want to use this role, it's best to pick the latest version. The master branch is for development, while the tags indicate stable versions. I also keep the master branch in good shape.

The tag 8.3.0+1.6.5 means this is version 8.3.0 of the Ansible role, which uses CFSSL version 1.6.5.

Changelog

Change history:

For the full list of changes, see CHANGELOG.md.

Recent changes:

8.3.0+1.6.5

  • BREAKING CHANGES

    • Removed support for Ubuntu 18.04 (no longer supported)
    • Removed support for Debian 10 (no longer supported)

  • UPDATES

    • Updated cfssl tools to version 1.6.5
    • Added support for Debian 12
    • Updated Github workflow

  • MOLECULE

    • Fixed issues in converge.yml related to ansible-lint.

8.2.0+1.6.4

  • UPDATES
    • Updated cfssl tools to version 1.6.4
    • Added support for Ubuntu 22.04
    • Added verification step for Molecule.

Installation

  • Download directly from Github (make sure you are in the Ansible roles directory before cloning. You can find the role path using the command ansible-config dump | grep DEFAULT_ROLES_PATH): git clone https://github.com/githubixx/ansible-role-cfssl.git githubixx.cfssl

  • Use the ansible-galaxy command to download directly from Ansible Galaxy: ansible-galaxy install role githubixx.cfssl

  • Create a requirements.yml file with the following content (this will download the role from Github) and install with ansible-galaxy role install -r requirements.yml (change version if necessary):

---
roles:
  - name: githubixx.cfssl
    src: https://github.com/githubixx/ansible-role-cfssl.git
    version: 8.3.0+1.6.5

Role Variables

# The version of the CFSSL toolkit to download and use
cfssl_version: "1.6.5"

# URL for the checksum file
cfssl_checksum_url: "https://github.com/cloudflare/cfssl/releases/download/v{{ cfssl_version }}/cfssl_{{ cfssl_version }}_checksums.txt"

# Directory where CFSSL binaries will be installed
cfssl_bin_directory: "/usr/local/bin"

# Owner of the CFSSL binaries
cfssl_owner: "root"

# Group of the CFSSL binaries
cfssl_group: "root"

# The operating system for "cfssl/cfssljson"
cfssl_os: "linux" # use "darwin" for MacOS, "windows" for Windows

# Processor architecture for "cfssl/cfssljson"
cfssl_arch: "amd64" # currently, this is the only supported architecture

Testing

This role includes a small test setup created using molecule. To run tests, follow the install guide. Ensure that a Docker daemon is running on your machine.

Assuming you have Docker installed, you'll need at least these two Python packages:

pip3 install --user molecule
pip3 install --user molecule-docker

Then you can run molecule:

molecule converge

This will set up Docker containers with Ubuntu 18.04/20.04 and Debian 10/11 with cfssl installed.

To clean up, run:

molecule destroy

Example Playbook

- hosts: cfssl-hosts
  roles:
    - githubixx.cfssl

License

This project is licensed under the GNU GENERAL PUBLIC LICENSE Version 3.

Author Information

http://www.tauceti.blog

Informazioni sul progetto

Installs CFSSL PKI toolkit

role tls certificate ca security
Installa
ansible-galaxy install githubixx.cfssl
GitHub repository
13 stelle
12 fork
0 problemi aperti
Licenza
gpl-3.0
Download
4k
Proprietario
Robert Wimmer
Senior System Engineer - Python, Go, Cloud, Kubernetes, Commodore, Retro, 80's ;-)