znerol.certhub

Panoramica Versioni Approfondimenti

Ansible Role: Certhub

The Certhub role helps install certhub and git-gau on Linux servers that use systemd.

Requirements

To use this role, you need:

  • Git
  • OpenSSL
  • Rsync (if using the machine as an SSL/TLS server)
  • certbot, dehydrated, or lego (if the machine acts as a controller)

Role Variables

This role has several task files with specific functions:

  1. system-setup.yml: Sets up the certhub user, directory, and home folder.
  2. software-setup.yml: Installs certhub and git-gau.
  3. git-setup.yml: Configures Git user details.
  4. repo-setup.yml: Initializes the local certs Git repository.

Additional tasks include:

  1. certbot-noroot-config.yml: Configures certbot for use by the certhub user.
  2. Environment Variables: Provides paths to environment files used by certhub services.
  3. Repo Push Units: Sets up systems that push the certs repository to SSL/TLS servers when it changes.
  4. Certbot and Lego Units: Manages issuing/renewing of certificates and monitoring for expiration.
  5. Export Units: Deploys certificates and refreshes related services.

Variables Overview

Each task file has specific variables:

  • certhub-system-setup.yml: User and directory setup options.
  • certhub-software-setup.yml: Version and installation paths for certhub and git-gau.
  • certhub-git-setup.yml: Git user configurations.
  • repo-push-units.yml: Configurations for pushing the Git repo.
  • certbot Configurations: Set paths and contents for certbot configuration.

Note: Variables contain default values located in defaults/main.yml.

Example Playbook

Here’s how you can set up Certhub:

- name: Setup Certhub Controller
  hosts: certhub-controller
  tasks:
    - name: Ensure Certhub dependencies are installed
      package:
        name:
          - certbot
          - git
          - lexicon
          - openssl
        state: present

    - name: Install Certhub
      import_role:
        name: znerol.certhub

- name: Setup TLS Server
  hosts: tls-server
  tasks:
    - name: Ensure TLS server dependencies are installed
      package:
        name:
          - git
          - openssl
        state: present

    - name: Install Certhub on server
      import_role:
        name: znerol.certhub

    - name: Setup repo push units
      delegate_to: name-of-certhub-controller
      import_role:
        name: znerol.certhub
        tasks_from: repo-push-units.yml

- name: Configure TLS Certificates
  hosts: tls-server
  tasks:
    - vars:
        certhub_cert_services:
          - nginx
      import_role:
        name: znerol.certhub
        tasks_from: cert-export-units.yml

    - name: Setup Certbot units
      delegate_to: name-of-certhub-controller
      import_role:
        name: znerol.certhub
        tasks_from: certbot-run-units.yml

    - name: Install Certbot CSR
      delegate_to: name-of-certhub-controller
      become: yes
      copy:
        dest: "{{ certhub_cert_csr_path }}"
        content: | 
          -----BEGIN CERTIFICATE REQUEST-----
          ... (CSR content here) ...
          -----END CERTIFICATE REQUEST-----

    - name: Install Certbot Configuration
      delegate_to: name-of-certhub-controller
      become: yes
      copy:
        dest: "{{ certhub_certbot_config_path }}"
        content: |
          staging=true
          agree-tos=true
          ... (Other certbot settings) ...

    - name: Configure Certbot Environment
      delegate_to: name-of-certhub-controller
      become: yes
      vars:
        certhub_unit_prefix: certhub-certbot-run
      copy:
        dest: "{{ certhub_cert_unit_env_path }}"
        content: |
          CERTHUB_LEXICON_PROVIDER=cloudflare
          ... (Other environment variables) ...

License

This project is licensed under the BSD License.

Informazioni sul progetto

Certhub - centralized certificate management the unix way

role
Installa
ansible-galaxy install znerol.certhub
GitHub repository
1 stelle
0 fork
0 problemi aperti
Licenza
Unknown
Download
276
Proprietario