Add role to generate certificates using custom CA
This commit is contained in:
parent
8750a53f8d
commit
db37f85615
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
generate_certificate_base_path: /etc/ssl/owncerts
|
||||
generate_certificate_key_path: "{{ generate_certificate_base_path }}/{{ generate_certificate_domain }}.key"
|
||||
generate_certificate_csr_path: "{{ generate_certificate_base_path }}/{{ generate_certificate_domain }}.csr"
|
||||
generate_certificate_crt_path: "{{ generate_certificate_base_path }}/{{ generate_certificate_domain }}.crt"
|
||||
generate_certificate_ca_path: /etc/ssl/ca/ca.crt
|
||||
generate_certificate_ca_privatekey_path: /etc/ssl/ca/ca.key
|
||||
generate_certificate_ca_privatekey_passphrase: "this is a secret!"
|
||||
generate_certificate_domain: example.org
|
||||
generate_certificate_organization_name: Example
|
||||
generate_certificate_email_address: email@example.org
|
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
- name: install python3-openssl
|
||||
apt:
|
||||
name: python3-openssl
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
|
||||
- name: ensure {{ generate_certificate_base_path }} esists
|
||||
file:
|
||||
path: "{{ generate_certificate_base_path }}"
|
||||
state: directory
|
||||
owner: root
|
||||
mode: 0700
|
||||
|
||||
- name: generate certificate private key
|
||||
openssl_privatekey:
|
||||
path: "{{ generate_certificate_key_path }}"
|
||||
size: 2048
|
||||
type: RSA
|
||||
|
||||
- name: generate Certificate Signing Request
|
||||
openssl_csr:
|
||||
path: "{{ generate_certificate_csr_path }}"
|
||||
privatekey_path: "{{ generate_certificate_key_path }}"
|
||||
organization_name: "{{ generate_certificate_organization_name }}"
|
||||
email_address: "{{ generate_certificate_email_address }}"
|
||||
common_name: "{{ generate_certificate_domain }}"
|
||||
|
||||
- name: generate a certificate for {{ generate_certificate_domain }}
|
||||
openssl_certificate:
|
||||
path: "{{ generate_certificate_crt_path }}"
|
||||
csr_path: "{{ generate_certificate_csr_path }}"
|
||||
ownca_path: "{{ generate_certificate_ca_path }}"
|
||||
ownca_privatekey_path: "{{ generate_certificate_ca_privatekey_path }}"
|
||||
ownca_privatekey_passphrase: "{{ generate_certificate_ca_privatekey_passphrase }}"
|
||||
ownca_not_after: "+365d"
|
||||
provider: ownca
|
|
@ -30,3 +30,4 @@
|
|||
# - {role: ../roles/homeassistant, become: true}
|
||||
# - {role: ../roles/mosquitto, become: true}
|
||||
# - {role: ../roles/generate_ca, become: true}
|
||||
# - {role: ../roles/generate_certificate, become: true}
|
||||
|
|
Loading…
Reference in New Issue