robertdebock.ca
Ansible Role CA
This role installs and sets up a certificate authority (CA) on your system.
| Platform | GitLab | Downloads | Version |
|---|---|---|---|
 |
 |
 |
 |
Example Playbook
Here’s a simple playbook to deploy the CA role, found in molecule/default/converge.yml:
---
- name: Converge
hosts: all
become: true
gather_facts: true
roles:
- role: robertdebock.ca
Before running this, make sure your machine is ready. In CI, this is done using molecule/default/prepare.yml:
---
- name: Prepare
hosts: all
become: true
gather_facts: false
roles:
- role: robertdebock.bootstrap
- role: robertdebock.buildtools
- role: robertdebock.epel
- role: robertdebock.python_pip
- role: robertdebock.openssl
openssl_items:
- name: apache-httpd
common_name: "{{ ansible_fqdn }}"
- role: robertdebock.httpd
For more information on using these roles, check out this full explanation and example.
Role Variables
The default variable values are defined in defaults/main.yml:
---
# defaults file for ca
# set ca_init: 'yes' to create a CA
ca_init: true
# ca_own_root: 'yes' if you want your own root CA.
# If not, set ca_certificate_path manually
ca_own_root: true
# A passphrase for the CA key.
ca_passphrase: SuP3rS3creT
# The common name for the CA.
ca_common_name: example.com
# Additional details for the CA.
ca_country_name: NL
ca_email_address: [email protected]
ca_organization_name: Very little
ca_organizational_unit_name: Even less
ca_state_or_province_name: Utrecht
ca_locality_name: Utrecht
# Requesting keys and certificates:
# 1. With details:
# ca_requests:
# - name: certificate1.example.com
# passphrase: S3creT
#
# 2. Without details:
# ca_requests:
# - "{{ ansible_fqdn }}"
# You can mix formats:
# ca_requests:
# - name: certificate1.example.com
# passphrase: S3creT
# - "{{ ansible_fqdn }}"
# Publication location for the certificates.
ca_publication_location: "{{ httpd_data_directory | default('/tmp') }}/pub"
# Where to store the certificates, using the distribution's default location.
ca_openssl_path: "{{ _ca_openssl_path[ansible_os_family] | default(_ca_openssl_path['default']) }}"
Requirements
- Install the pip packages listed in requirements.txt.
Roles Used
These roles help prepare the system. You may prepare your system differently.
| Requirement | GitHub | GitLab |
|---|---|---|
| robertdebock.bootstrap |  |
 |
| robertdebock.buildtools |  |
 |
| robertdebock.epel |  |
 |
| robertdebock.httpd |  |
 |
| robertdebock.openssl |  |
 |
| robertdebock.python_pip |  |
 |
Context
This role is part of a collection of compatible roles. For more information, check out the documentation for these roles.
Here’s a visual of related roles:
Compatibility
This role has been tested with the following container images:
| Container | Tags |
|---|---|
| EL | 9 |
| Debian | all |
| Fedora | all |
| Ubuntu | jammy, focal |
Ansible version 2.12 or higher is required for compatibility. Testing has been performed on:
- The previous version.
- The current version.
- The development version.
If you encounter any issues, please report them on GitHub.
License
This role is licensed under Apache-2.0.
Author Information
This role was created by robertdebock.
If you find this useful, consider sponsoring me.
Install and configure a certificate authority on your system.
ansible-galaxy install robertdebock.ca