trombik.x509_certificate
trombik.x509_certificate
管理X509秘密和/或公钥。此角色假定您已拥有有效的秘密密钥或签名公钥。该角色不创建或管理CSR。
要求
该角色使用ansible集合。请参见requirements.yml。
角色变量
| 变量 | 描述 | 默认值 |
|---|---|---|
x509_certificate_dir |
存放证书和密钥的默认目录的路径 | {{ __x509_certificate_dir }} |
x509_certificate_packages |
管理密钥的程序包列表,例如验证证书 | {{ __x509_certificate_packages }} |
x509_certificate_default_owner |
密钥的默认所有者 | {{ __x509_certificate_default_owner }} |
x509_certificate_default_group |
密钥的默认组 | {{ __x509_certificate_default_group }} |
x509_certificate_additional_packages |
要安装的其他程序包列表。这些程序包会在管理证书和密钥之前安装。当文件的所有者尚不存在时,可以稍后通过其他角色或任务创建。使用此变量时需要谨慎。当此角色安装程序包后,随后安装的任务不会被触发,这可能会导致意外效果。在这种情况下,您需要自行创建用户和组。 | [] |
x509_certificate_validate_command |
验证证书和密钥的命令。该命令必须在x509_certificate_validate_command_secret和x509_certificate_validate_command_public中定义为键 |
openssl |
x509_certificate_validate_command_secret |
验证秘密密钥的命令字典(见下文) | {"openssl"=>"openssl rsa -check -in %s"} |
x509_certificate_validate_command_public |
验证公钥的命令字典(见下文) | {"openssl"=>"openssl x509 -noout -in %s"} |
x509_certificate |
要管理的密钥(见下文) | [] |
x509_certificate_debug_log |
如果设置为yes,则启用在播放期间记录敏感数据。请注意,如果设置为yes,日志将显示x509_certificate的值,包括秘密密钥。 |
no |
x509_certificate_update_ca_store_command |
更新根CA证书存储时运行的命令 | {{ __x509_certificate_update_ca_store_command }} |
x509_certificate_cfssl_scheme |
cfssl URL的协议部分 |
https |
x509_certificate_cfssl_host |
cfssl URL的主机部分 |
127.0.0.1 |
x509_certificate_cfssl_port |
cfssl的端口 |
8888 |
x509_certificate_cfssl_endpoint_base_path |
cfssl URL的路径部分 |
/api/v1/cfssl |
x509_certificate_cfssl_retries |
连接cfssl时的重试次数 |
3 |
x509_certificate_cfssl_delay |
连接cfssl时重试之间的延迟(秒) |
10 |
x509_certificate_cfssl_uri_param |
连接cfssl时传递给ansible的uri模块的附加参数字典 |
{} |
x509_certificate_cfssl_certificate_newcert |
要发送到cfssl的证书列表。见下文 |
[] |
x509_certificate_cfssl_info |
见下文 | [] |
x509_certificate_commands |
见下文 | [] |
x509_certificate_validate_command_secret
该变量是一个字典。键是命令名称,值用于在创建时验证秘密密钥文件。
x509_certificate_validate_command_public
该变量是一个字典。键是命令名称,值用于在创建时验证公共证书文件。
x509_certificate
该变量是一个字典列表。键和值的解释如下。
| 键 | 值 | 必需? |
|---|---|---|
name |
密钥的描述性名称 | 是 |
state |
present 或 absent之一。当为present时角色会创建密钥,为absent时会删除密钥 |
是 |
public |
表示公证书的字典 | 否 |
secret |
表示秘密密钥的字典 | 否 |
public和secret在x509_certificate中
public和secret必须包含一个字典。字典的解释如下。
| 键 | 值 | 必需? |
|---|---|---|
path |
文件的路径。如果未定义,文件将在x509_certificate_dir下创建,名称为$name.pem |
否 |
owner |
文件的所有者(默认为x509_certificate_default_owner) |
否 |
group |
文件的组(默认为x509_certificate_default_group) |
否 |
mode |
文件的权限(公共证书的默认值为0444,秘密密钥的默认值为0400) |
否 |
key |
密钥的内容 | 否 |
notify |
要通知的处理器的名称字符串或列表 | 否 |
x509_certificate_commands
该变量是一个字典列表。每个列表元素是ansible.builtin.command和ansible.builtin.file的混合。该元素首先传递给ansible.builtin.command,预期创建一个文件,然后使用指定的owner、group和mode进行修复。
该变量用于任意文件格式转换,例如将PKCS#1中的秘密密钥转换为某些应用程序(例如Java)使用的PKCS#8。
命令在任务结束时执行。
该操作不是原子操作。
接受的键是:
| 名称 | 描述 | 必需? |
|---|---|---|
cmd |
要运行的命令 | 是 |
creates |
要创建的文件的路径 | 是 |
owner |
文件所有者的名称 | 否 |
group |
文件组的名称 | 否 |
mode |
文件权限 | 否 |
notify |
要通知的处理器名称字符串或列表 | 否 |
x509_certificate_cfssl_certificate_newcert
由于该变量是非常实验性的,因此故意未进行文档说明。
请参见tests/serverspec/cfssl.yml中的示例。
x509_certificate_cfssl_info
调用info API并从cfssl服务器检索根CA证书。
该变量是一个字典列表。字典中的键是:
| 键 | 描述 | 必需? |
|---|---|---|
path |
存放证书的文件路径。 | 是 |
body |
请求中要发送的正文参数字典 | 是 |
notify |
当证书文件被修改时要通知的处理器列表。默认为更新根CA存储处理器(见下文) |
否 |
x509_certificate_update_ca_store_command
在添加CA证书到系统的根CA证书存储时,在更新根CA存储处理器中调用此命令。
更新根CA存储处理器
在您向系统的根CA证书存储中添加CA证书时,请通知更新根CA存储处理器。
该处理器在OpenBSD上尚未工作。
包含trombik.x509_certificate
您可以从任务或角色中包含此角色。使用vars通过vars定义特定的角色变量。
- name: 包含角色 trombik.x509_certificate
include_role:
name: trombik.x509_certificate
vars:
x509_certificate: "{{ my_valiable }}"
x509_certificate_debug_log: yes
但是,当您想传递一个包含角色变量的单个变量时,您需要将变量传递给一个特殊的桥接角色变量x509_certificate_vars。
- name: 包含角色 trombik.x509_certificate
include_role:
name: trombik.x509_certificate
vars:
x509_certificate_vars: "{{ my_variable }}"
以下示例无效:
- name: 包含角色 trombik.x509_certificate
include_role:
name: trombik.x509_certificate
vars: "{{ my_variable }}"
有关详细信息,请查看问题19084。
Debian
| 变量 | 默认值 |
|---|---|
__x509_certificate_dir |
/etc/ssl |
__x509_certificate_packages |
["openssl"] |
__x509_certificate_default_owner |
root |
__x509_certificate_default_group |
root |
Debian
| 变量 | 默认值 |
|---|---|
__x509_certificate_dir |
/etc/ssl |
__x509_certificate_packages |
["openssl"] |
__x509_certificate_default_owner |
root |
__x509_certificate_default_group |
root |
__x509_certificate_update_ca_store_command |
update-ca-certificates |
FreeBSD
| 变量 | 默认值 |
|---|---|
__x509_certificate_dir |
/usr/local/etc/ssl |
__x509_certificate_packages |
[] |
__x509_certificate_default_owner |
root |
__x509_certificate_default_group |
wheel |
__x509_certificate_update_ca_store_command |
/usr/sbin/certctl rehash |
OpenBSD
| 变量 | 默认值 |
|---|---|
__x509_certificate_dir |
/etc/ssl |
__x509_certificate_packages |
[] |
__x509_certificate_default_owner |
root |
__x509_certificate_default_group |
wheel |
__x509_certificate_update_ca_store_command |
echo |
RedHat
| 变量 | 默认值 |
|---|---|
__x509_certificate_dir |
/etc/ssl |
__x509_certificate_packages |
["openssl"] |
__x509_certificate_default_owner |
root |
__x509_certificate_default_group |
root |
__x509_certificate_update_ca_store_command |
update-ca-trust |
依赖
无
示例剧本
---
- hosts: localhost
pre_tasks:
- name: 在Fedora上安装rsyslog
ansible.builtin.yum:
name: rsyslog
state: installed
when:
- ansible_distribution == 'Fedora'
- name: 启用rsyslog
ansible.builtin.service:
name: rsyslog
enabled: yes
when:
- ansible_distribution == 'Fedora'
- name: 启动rsyslog
ansible.builtin.service:
name: rsyslog
state: started
when:
- ansible_distribution == 'Fedora'
roles:
- ansible-role-x509_certificate
handlers:
# XXX 仅用于测试
- name: 重启foo
command: "logger foo is notified"
- name: 重启bar
command: "logger bar is notified"
- name: 重启buz
command: "logger buz is notified"
- name: 重启foobar
command: "logger foobar is notified"
vars:
os_project_some_user:
FreeBSD: www
Debian: www-data
RedHat: ftp
OpenBSD: www
project_some_user: "{{ os_project_some_user[ansible_os_family] }}"
os_project_some_group:
FreeBSD: www
Debian: www-data
RedHat: ftp
OpenBSD: www
project_some_group: "{{ os_project_some_group[ansible_os_family] }}"
os_project_quagga_cert_dir:
FreeBSD: /usr/local/etc/quagga/certs
OpenBSD: /etc/quagga/certs
Debian: /etc/quagga/certs
RedHat: /etc/quagga/certs
project_quagga_cert_dir: "{{ os_project_quagga_cert_dir[ansible_os_family] }}"
os_project_quagga_user:
FreeBSD: quagga
Debian: quagga
RedHat: quagga
OpenBSD: _quagga
project_quagga_user: "{{ os_project_quagga_user[ansible_os_family] }}"
os_project_quagga_group:
FreeBSD: quagga
Debian: quagga
RedHat: quagga
OpenBSD: _quagga
project_quagga_group: "{{ os_project_quagga_group[ansible_os_family] }}"
# XXX 除非您确切知道自己在做什么,否则永远不要将此变量设置为`yes`。
x509_certificate_debug_log: yes
x509_certificate_additional_packages:
- quagga
x509_certificate:
- name: foo
state: present
public:
notify:
- 重启 foo
- 重启 buz
key: |
-----BEGIN CERTIFICATE-----
MIIDOjCCAiICCQDaGChPypIR9jANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJB
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMRgwFgYDVQQDDA9mb28uZXhhbXBsZS5vcmcwHhcNMTcwNzE4MDUx
OTAxWhcNMTcwODE3MDUxOTAxWjBfMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRgwFgYD
VQQDDA9mb28uZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDZ9nd1isoGGeH4OFbQ6mpzlldo428LqEYSH4G7fhzLMKdYsIqkMRVl1J3s
lXtsMQUUP3dcpnwFwKGzUvuImLHx8McycJKwOp96+5XD4QAoTKtbl59ZRFb3zIjk
Owd94Wp1lWvptz+vFTZ1Hr+pEYZUFBkrvGtV9BoGRn87OrX/3JI9eThEpksr6bFz
QvcGPrGXWShDJV/hTkWxwRicMMVZVSG6niPusYz2wucSsitPXIrqXPEBKL1J8Ipl
8dirQLsH02ZZKcxGctEjlVgnpt6EI+VL6fs5P6A45oJqWmfym+uKztXBXCx+aP7b
YUHwn+HV4qzZQld80PSTk6SS3hMXAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAKgf
x3K9GHDK99vsWN8Ej10kwhMlBWBGuM0wkhY0fbxJ0gW3sflK8z42xMc2dhizoYsY
sLfN0aylpN/omocl+XcYugLHnW2q8QdsavWYKXqUN0neIMr/V6d1zXqxbn/VKdGr
CD4rJwewBattCIL4+S2z+PKr9oCrxjN4i3nujPhKv/yijhrtV+USw1VwuFqsYaqx
iScC13F0nGIJiUVs9bbBwBKn1c6GWUHHiFCZY9VJ15SzilWAY/TULsRsHR53L+FY
mGfQZBL1nwloDMJcgBFKKbG01tdmrpTTP3dTNL4u25+Ns4nrnorc9+Y/wtPYZ9fs
7IVZsbStnhJrawX31DQ=
-----END CERTIFICATE-----
- name: bar
state: present
public:
path: /usr/local/etc/ssl/bar/bar.pub
owner: "{{ project_some_user }}"
group: "{{ project_some_group }}"
mode: "0644"
key: |
-----BEGIN CERTIFICATE-----
MIIDOjCCAiICCQDaGChPypIR9jANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJB
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMRgwFgYDVQQDDA9mb28uZXhhbXBsZS5vcmcwHhcNMTcwNzE4MDUx
OTAxWhcNMTcwODE3MDUxOTAxWjBfMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRgwFgYD
VQQDDA9mb28uZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDZ9nd1isoGGeH4OFbQ6mpzlldo428LqEYSH4G7fhzLMKdYsIqkMRVl1J3s
lXtsMQUUP3dcpnwFwKGzUvuImLHx8McycJKwOp96+5XD4QAoTKtbl59ZRFb3zIjk
Owd94Wp1lWvptz+vFTZ1Hr+pEYZUFBkrvGtV9BoGRn87OrX/3JI9eThEpksr6bFz
QvcGPrGXWShDJV/hTkWxwRicMMVZVSG6niPusYz2wucSsitPXIrqXPEBKL1J8Ipl
8dirQLsH02ZZKcxGctEjlVgnpt6EI+VL6fs5P6A45oJqWmfym+uKztXBXCx+aP7b
YUHwn+HV4qzZQld80PSTk6SS3hMXAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAKgf
x3K9GHDK99vsWN8Ej10kwhMlBWBGuM0wkhY0fbxJ0gW3sflK8z42xMc2dhizoYsY
sLfN0aylpN/omocl+XcYugLHnW2q8QdsavWYKXqUN0neIMr/V6d1zXqxbn/VKdGr
CD4rJwewBattCIL4+S2z+PKr9oCrxjN4i3nujPhKv/yijhrtV+USw1VwuFqsYaqx
iScC13F0nGIJiUVs9bbBwBKn1c6GWUHHiFCZY9VJ15SzilWAY/TULsRsHR53L+FY
mGfQZBL1nwloDMJcgBFKKbG01tdmrpTTP3dTNL4u25+Ns4nrnorc9+Y/wtPYZ9fs
7IVZsbStnhJrawX31DQ=
-----END CERTIFICATE-----
secret:
path: /usr/local/etc/ssl/bar/bar.key
owner: "{{ project_some_user }}"
group: "{{ project_some_group }}"
notify: 重启 bar
key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA2fZ3dYrKBhnh+DhW0Opqc5ZXaONvC6hGEh+Bu34cyzCnWLCK
pDEVZdSd7JV7bDEFFD93XKZ8BcChs1L7iJix8fDHMnCSsDqfevuVw+EAKEyrW5ef
WURW98yI5DsHfeFqdZVr6bc/rxU2dR6/qRGGVBQZK7xrVfQaBkZ/Ozq1/9ySPXk4
RKZLK+mxc0L3Bj6xl1koQyVf4U5FscEYnDDFWVUhup4j7rGM9sLnErIrT1yK6lzx
ASi9SfCKZfHYq0C7B9NmWSnMRnLRI5VYJ6behCPlS+n7OT+gOOaCalpn8pvris7V
wVwsfmj+22FB8J/h1eKs2UJXfND0k5Okkt4TFwIDAQABAoIBAHmXVOztj+X3amfe
hg/ltZzlsb2BouEN7okNqoG9yLJRYgnH8o/GEfnMsozYlxG0BvFUtnGpLmbHH226
TTfWdu5RM86fnjVRfsZMsy+ixUO2AaIG444Y4as7HuKzS2qd5ZXS1XB8GbrCSq7r
iF/4tscQrzoG0poQorP9f9y60+z3R45OX3QMVZxP4ZzxXAulHGnECERjLHM5QzTX
ALV9PHkTRNd1tm9FSJWWGNO5j4CGxFsPL1kdMyvrC7TkYiIiCQ/dd2CIfQyWwyKc
8cHBKnzon0ugr0xlf2B0C7RTXrGAcuBC0yyaLuQTFkocUofgDIFghItH8O8xvvAG
j8HYOwECgYEA9uMLtm2C8SiWFuafrF/pPWvhkBtEHA2g22M29CANrVv1jCEVMti/
7r53fd328/nVxtashnSFz7a3l3s9d9pTR/rk/rNpVS2i7JGvCXXE3DeoD6Zf4utD
MLEs2bI0KabdamIywc77CkVj9WUKd53tlcdcn7AsHwESU4Zjk08ie0kCgYEA4gIa
R+a9jmKEk9l5Gn7jroxDJdI0gEfuA7It5hshEDcSvjF+Fs5+1tVgfBI1Mx4/0Eaj
6E57Ln3WFKPJKuG0HwLNanZcqLFgiC/7ANbyKxfONPVrqC2TClImBhkQ74BLafZg
yY8/N/g/5RIMpYvQ9snBRsah9G2cBfuPTHjku18CgYBHylPQk12dJJEoTZ2msSkQ
jDtF/Te79JaO1PXY3S08+N2ZBtG0PGTrVoVGm3HBFif8rtXyLxXuBZKzQMnp/Rl0
d9d43NDHTQLwSZidZpp88s4y5s1BHeom0Y5aK0CR0AzYb3+U7cv/+5eKdvwpNkos
4JDleoQJ6/TZRt3TqxI6yQKBgA8sdPc+1psooh4LC8Zrnn2pjRiM9FloeuJkpBA+
4glkqS17xSti0cE6si+iSVAVR9OD6p0+J6cHa8gW9vqaDK3IUmJDcBUjU4fRMNjt
lXSvNHj5wTCZXrXirgraw/hQdL+4eucNZwEq+Z83hwHWUUFAammGDHmMol0Edqp7
s1+hAoGBAKCGZpDqBHZ0gGLresidH5resn2DOvbnW1l6b3wgSDQnY8HZtTfAC9jH
DZERGGX2hN9r7xahxZwnIguKQzBr6CTYBSWGvGYCHJKSLKn9Yb6OAJEN1epmXdlx
kPF7nY8Cs8V8LYiuuDp9UMLRc90AmF87rqUrY5YP2zw6iNNvUBKs
-----END RSA PRIVATE KEY-----
- name: quagga
state: present
public:
path: "{{ project_quagga_cert_dir }}/quagga.pem"
owner: "{{ project_quagga_user }}"
group: "{{ project_quagga_group }}"
key: |
-----BEGIN CERTIFICATE-----
MIIDOjCCAiICCQDaGChPypIR9jANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJB
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMRgwFgYDVQQDDA9mb28uZXhhbXBsZS5vcmcwHhcNMTcwNzE4MDUx
OTAxWhcNMTcwODE3MDUxOTAxWjBfMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRgwFgYD
VQQDDA9mb28uZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDZ9nd1isoGGeH4OFbQ6mpzlldo428LqEYSH4G7fhzLMKdYsIqkMRVl1J3s
lXtsMQUUP3dcpnwFwKGzUvuImLHx8McycJKwOp96+5XD4QAoTKtbl59ZRFb3zIjk
Owd94Wp1lWvptz+vFTZ1Hr+pEYZUFBkrvGtV9BoGRn87OrX/3JI9eThEpksr6bFz
QvcGPrGXWShDJV/hTkWxwRicMMVZVSG6niPusYz2wucSsitPXIrqXPEBKL1J8Ipl
8dirQLsH02ZZKcxGctEjlVgnpt6EI+VL6fs5P6A45oJqWmfym+uKztXBXCx+aP7b
YUHwn+HV4qzZQld80PSTk6SS3hMXAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAKgf
x3K9GHDK99vsWN8Ej10kwhMlBWBGuM0wkhY0fbxJ0gW3sflK8z42xMc2dhizoYsY
sLfN0aylpN/omocl+XcYugLHnW2q8QdsavWYKXqUN0neIMr/V6d1zXqxbn/VKdGr
CD4rJwewBattCIL4+S2z+PKr9oCrxjN4i3nujPhKv/yijhrtV+USw1VwuFqsYaqx
iScC13F0nGIJiUVs9bbBwBKn1c6GWUHHiFCZY9VJ15SzilWAY/TULsRsHR53L+FY
mGfQZBL1nwloDMJcgBFKKbG01tdmrpTTP3dTNL4u25+Ns4nrnorc9+Y/wtPYZ9fs
7IVZsbStnhJrawX31DQ=
-----END CERTIFICATE-----
secret:
path: "{{ project_quagga_cert_dir }}/quagga.key"
owner: "{{ project_quagga_user }}"
group: "{{ project_quagga_group }}"
mode: "0440"
key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA2fZ3dYrKBhnh+DhW0Opqc5ZXaONvC6hGEh+Bu34cyzCnWLCK
pDEVZdSd7JV7bDEFFD93XKZ8BcChs1L7iJix8fDHMnCSsDqfevuVw+EAKEyrW5ef
WURW98yI5DsHfeFqdZVr6bc/rxU2dR6/qRGGVBQZK7xrVfQaBkZ/Ozq1/9ySPXk4
RKZLK+mxc0L3Bj6xl1koQyVf4U5FscEYnDDFWVUhup4j7rGM9sLnErIrT1yK6lzx
ASi9SfCKZfHYq0C7B9NmWSnMRnLRI5VYJ6behCPlS+n7OT+gOOaCalpn8pvris7V
wVwsfmj+22FB8J/h1eKs2UJXfND0k5Okkt4TFwIDAQABAoIBAHmXVOztj+X3amfe
hg/ltZzlsb2BouEN7okNqoG9yLJRYgnH8o/GEfnMsozYlxG0BvFUtnGpLmbHH226
TTfWdu5RM86fnjVRfsZMsy+ixUO2AaIG444Y4as7HuKzS2qd5ZXS1XB8GbrCSq7r
iF/4tscQrzoG0poQorP9f9y60+z3R45OX3QMVZxP4ZzxXAulHGnECERjLHM5QzTX
ALV9PHkTRNd1tm9FSJWWGNO5j4CGxFsPL1kdMyvrC7TkYiIiCQ/dd2CIfQyWwyKc
8cHBKnzon0ugr0xlf2B0C7RTXrGAcuBC0yyaLuQTFkocUofgDIFghItH8O8xvvAG
j8HYOwECgYEA9uMLtm2C8SiWFuafrF/pPWvhkBtEHA2g22M29CANrVv1jCEVMti/
7r53fd328/nVxtashnSFz7a3l3s9d9pTR/rk/rNpVS2i7JGvCXXE3DeoD6Zf4utD
MLEs2bI0KabdamIywc77CkVj9WUKd53tlcdcn7AsHwESU4Zjk08ie0kCgYEA4gIa
R+a9jmKEk9l5Gn7jroxDJdI0gEfuA7It5hshEDcSvjF+Fs5+1tVgfBI1Mx4/0Eaj
6E57Ln3WFKPJKuG0HwLNanZcqLFgiC/7ANbyKxfONPVrqC2TClImBhkQ74BLafZg
yY8/N/g/5RIMpYvQ9snBRsah9G2cBfuPTHjku18CgYBHylPQk12dJJEoTZ2msSkQ
jDtF/Te79JaO1PXY3S08+N2ZBtG0PGTrVoVGm3HBFif8rtXyLxXuBZKzQMnp/Rl0
d9d43NDHTQLwSZidZpp88s4y5s1BHeom0Y5aK0CR0AzYb3+U7cv/+5eKdvwpNkos
4JDleoQJ6/TZRt3TqxI6yQKBgA8sdPc+1psooh4LC8Zrnn2pjRiM9FloeuJkpBA+
4glkqS17xSti0cE6si+iSVAVR9OD6p0+J6cHa8gW9vqaDK3IUmJDcBUjU4fRMNjt
lXSvNHj5wTCZXrXirgraw/hQdL+4eucNZwEq+Z83hwHWUUFAammGDHmMol0Edqp7
s1+hAoGBAKCGZpDqBHZ0gGLresidH5resn2DOvbnW1l6b3wgSDQnY8HZtTfAC9jH
DZERGGX2hN9r7xahxZwnIguKQzBr6CTYBSWGvGYCHJKSLKn9Yb6OAJEN1epmXdlx
kPF7nY8Cs8V8LYiuuDp9UMLRc90AmF87rqUrY5YP2zw6iNNvUBKs
-----END RSA PRIVATE KEY-----
x509_certificate_commands:
# XXX libressl不支持 `-out -`, 且-in的参数必须为小写。
- cmd: "openssl pkcs8 -inform pem -outform pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -in {{ project_quagga_cert_dir }}/quagga.key -out {{ project_quagga_cert_dir }}/pkcs8.key"
creates: "{{ project_quagga_cert_dir }}/pkcs8.key"
owner: "{{ project_quagga_user }}"
group: "{{ project_quagga_group }}"
mode: "0440"
notify: 重启 foobar
许可证
版权 (c) 2017 Tomoyuki Sakurai <y@trombik.org>
特此授予使用、复制、修改和分发此软件的权限,无论有无费用,只要上述版权声明和此许可声明在所有副本中出现即可。
该软件按“原样”提供,作者对此软件不承担任何保证,包括所有隐含的适销性和适用性保证。在任何情况下,作者均不对因使用、数据或利润的损失而造成的特殊、直接、间接或后果损害或任何损害负责,无论是在合同、过失或其他侵权行为中,均不因使用或性能该软件而产生或与之相关。
作者信息
Tomoyuki Sakurai y@trombik.org
此自述文件由 qansible 创建。
安装
ansible-galaxy install trombik.x509_certificate许可证
isc
下载
5.7k
拥有者
PGP finger print: 03EB 3D97 5E04 9B0C AB21 93A2 D693 42A9 EFBC 3577
Makerspace and Coliving in Siem Reap, Cambodia: http://info.mkrsgh.org/