outsideopen.ssl_certificate
ansible-role-ssl-certificate
管理服务器上的SSL证书
安装
ansible-galaxy install outsideopen.ssl_certificate
示例
---
- hosts: webserver
roles:
- role: outsideopen.ssl_certificate
# 证书应该位于 files/certs/example_com/
# 命名为 server.crt, ca.crt 和 server.key
ssl_certificate_name: example_com
角色变量
默认值
| 变量 | 选择/默认值 | 备注 |
|---|---|---|
| ssl_certificate_source_path | certs | 在文件中查找证书的路径 |
| ssl_certificate_path | /etc/ssl/private | 存储证书的位置 |
| ssl_certificate_path_cert | {ssl_certificate_path}/{ssl_certificate_name} |
完整证书路径 |
| ssl_certificate_path_owner | root | 路径的拥有用户 |
| ssl_certificate_path_group | root | 路径的拥有组 |
| ssl_certificate_path_mode | 0700 | 路径的权限 |
| ssl_certificate_owner | root | 证书的拥有用户 |
| ssl_certificate_group | root | 证书的拥有组 |
| ssl_certificate_mode | 0440 | 证书的权限 |
| ssl_certificate_files | 要复制的文件列表 |
ssl_certificate_files
这是一个字典数组,定义了本地文件和目标文件
ssl_certificate_files_default:
- file: server.crt
dest: "{{ ssl_certificate_name }}.crt"
- file: ca.crt
dest: "{{ ssl_certificate_name }}-ca.crt"
- file: server.key
dest: "{{ ssl_certificate_name }}.key"
如果你想复制特定的文件(例如 - server.pfx),你可以添加
ssl_certificate_files_extra:
- file: server.pfx
dest: "{{ ssl_certificate_name }}.pfx"
测试
测试需要Molecule和Docker
pipenv shell
pip install molecule-docker
ansible-galaxy collection install community.general
molecule test
许可证
MIT