weareinteractive.openssl

Panoramica Versioni Approfondimenti

Ansible weareinteractive.openssl Role

Build Status Galaxy GitHub Tags GitHub Stars

weareinteractive.openssl is an Ansible role that:

  • Installs OpenSSL
  • Configures OpenSSL
  • Imports SSL certificates and keys
  • Creates a self-signed certificate
  • Optionally installs CACert root certificates

Note:

This role has changed from franklinkim.openssl to weareinteractive.openssl as Ansible Galaxy now supports organizations!

Installation

You can install it via ansible-galaxy:

$ ansible-galaxy install weareinteractive.openssl

Or, using requirements.yml:

- src: weareinteractive.openssl

You can also clone it using git:

$ git clone https://github.com/weareinteractive/ansible-openssl.git weareinteractive.openssl

Dependencies

  • Requires Ansible version 2.4 or higher

Variables

Here are the default variables for this role, found in defaults/main.yml:

---
# openssl_keys:
#   - name: mykey.key
#     key: "mykeycontents"
#   - name: myotherkey.key
#     cert: "myotherkeycontents"
#     mode: "0664"
#     owner: "www-data"
#     group: "www-data"
# openssl_certs:
#   - name: mycert.crt
#     cert: "mycertcontents"
#   - name: myothercert.crt
#     cert: "myothercertcontents"
#     mode: "0664"
#     owner: "www-data"
#     group: "www-data"
# openssl_self_signed:
#   - name: foobar.com
#     subject:
#        C: DE
#        ST: Bavaria
#        L: Munich
#        O: Foo Bar Inc
#        CN: foobar.org
#        emailAddress: [email protected]
# openssl_config:
#   default_bits: 2048
#   countryName_default: DE
#   stateOrProvinceName_default: Bavaria
#   localityName_default: Munich
#   organizationName_default: 'My Organization'
#   organizationalUnitName_default: 'My Organization Unit'
#   commonName_default: 'foobar.com'
# openssl_config_template: templates/openssl.cnf.j2

# List of keys to import
openssl_keys: []
# List of certificates to import
openssl_certs: []
# Path to certificates
openssl_certs_path: /etc/ssl/certs
# Path to keys
openssl_keys_path: /etc/ssl/private
# Default key owner
openssl_default_key_owner: ssl-cert
# Default key group
openssl_default_key_group: root
# Default certificate owner
openssl_default_cert_owner: root
# Default certificate group
openssl_default_cert_group: root
# Self-signed certificates
openssl_self_signed: []
# Configuration variables
openssl_config: {}
# The configuration template to install, relative to the Ansible repository root
openssl_config_template:
# Generate a CSR for each self-signed certificate
openssl_generate_csr: no
# Path to certificate signing requests
openssl_csrs_path: /etc/ssl/csrs
# Should CACert certificates be downloaded and added to the keyring?
openssl_cacert_import: no
# Checksum overrides for downloaded CACert root certificates.
# Must be the output from 'sha256sum <certificate name>'
openssl_cacert_class_one_key_sha256: 'c0e0773a79dceb622ef6410577c19c1e177fb2eb9c623a49340de3c9f1de2560'
openssl_cacert_class_three_key_sha256: 'f5badaa5da1cc05b110a9492455a2c2790d00c7175dcf3a7bcb5441af71bf84f'

Handlers

Handlers are defined in handlers/main.yml:

---

- name: Update CA certificates
  command: "{{ openssl_cacert_update_certs_command }}"

Usage

Here’s a sample playbook:

---

- hosts: all
  roles:
    - weareinteractive.openssl
  vars:
    openssl_keys:
      - name: foobar.com.key
        key: "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAA..."
    openssl_certs:
      - name: foobar.com.crt
        cert: "-----BEGIN CERTIFICATE-----\nMIIDuTCCAqGgAwIBAgIJAO7EaRwLzPYyMA0GCSqGSI..."
    openssl_self_signed:
      - name: foobar.org
        subject:
           C: DE
           ST: Bavaria
           L: Munich
           O: Foo Bar Inc
           CN: foobar.org
           emailAddress: null@foobar.org
    openssl_keys_path: /etc/my-ssl/private
    openssl_certs_path: /etc/my-ssl/certs
    openssl_default_key_owner: root
    openssl_default_key_group: root
    openssl_default_cert_owner: root
    openssl_default_cert_group: root
    openssl_config:
      default_bits: 2048
      countryName_default: DE
      stateOrProvinceName_default: Bavaria
      localityName_default: Munich
      organizationName_default: 'My Organization'
      organizationalUnitName_default: 'My Organization Unit'
      commonName_default: 'foobar.com'
    openssl_cacert_import: yes
    openssl_generate_csr: yes

Testing

To test the role, run:

$ git clone https://github.com/weareinteractive/ansible-openssl.git
$ cd ansible-openssl
$ make test

Contributing

To contribute, ensure you maintain the existing coding style. Add unit tests and examples for any new or changed features.

  1. Fork the repo
  2. Create a new feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to your branch (git push origin my-new-feature)
  5. Create a new Pull Request

Note: To update the README.md file, install and run ansible-role:

$ gem install ansible-role
$ ansible-role docgen

License

Copyright (c) We Are Interactive under the MIT license.

Informazioni sul progetto

Installs opensll and creates/imports certificates

role openssl system
Installa
ansible-galaxy install weareinteractive.openssl
GitHub repository
40 stelle
23 fork
2 problemi aperti
Licenza
mit
Download
223.6k
Proprietario