| .github | ||
| defaults | ||
| meta | ||
| molecule/default | ||
| tasks | ||
| templates | ||
| vars | ||
| .ansible-lint | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| .pre-commit-config.yaml | ||
| .yamllint | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| README.md | ||
| requirements.txt | ||
| requirements.yml | ||
| SECURITY.md | ||
| tox.ini | ||
ca
Install and configure a certificate authority on your system.
| GitHub | GitLab | Quality | Downloads | Version |
|---|---|---|---|---|
 |
 |
 |
 |
 |
Example Playbook
This example is taken from molecule/default/converge.yml and is tested on each push, pull request and release.
---
- name: Converge
hosts: all
become: yes
gather_facts: yes
roles:
- role: robertdebock.ca
The machine needs to be prepared. In CI this is done using molecule/default/prepare.yml:
---
- name: Prepare
hosts: all
gather_facts: no
become: yes
roles:
- role: robertdebock.bootstrap
- role: robertdebock.buildtools
- role: robertdebock.epel
- role: robertdebock.python_pip
- role: robertdebock.openssl
openssl_items:
- name: apache-httpd
common_name: "{{ ansible_fqdn }}"
- role: robertdebock.httpd
Also see a full explanation and example on how to use these roles.
Role Variables
The default values for the variables are set in defaults/main.yml:
---
# defaults file for ca
# set ca_init: 'yes' to create CA
ca_init: yes
# ca_own_root: 'yes' if you want to have yout own root CA.
# if no, set ca_certificate_path manually
ca_own_root: yes
# A passphrase for the CA key.
ca_passphrase: SuP3rS3creT
# The common name for the CA.
ca_common_name: example.com
# Other details for the CA.
ca_country_name: NL
ca_email_address: robert@meinit.nl
ca_organization_name: Very little
ca_organizational_unit_name: Even less
ca_state_or_province_name: Utrecht
ca_locality_name: Utrecht
# There are two formats to request a key and certificate:
# 1. With details: (Includes `name:`)
# ca_requests:
# - name: certificate1.example.com
# passphrase: S3creT
#
# 2. Without details: (Does not include `name:`)
# ca_requests:
# - "{{ ansible_fqdn }}"
# You can also mix these formats:
# ca_requests:
# - name: certificate1.example.com
# passphrase: S3creT
# - "{{ ansible_fqdn }}"
# Where to publish the certificates, normally a webserver location.
# If not specified, certificates will not be published.
# {{ httpd_data_directory }} is inheritted from the role robertdebock.httpd.
ca_publication_location: "{{ httpd_data_directory | default('/tmp') }}/pub"
# Where do the certificates need to be stored? By default the distribution
# preferred locations are used (see `vars/main.yml`, under `_ca_openssl_path`.
# If you need a CA certificate somewhere else, simple use something like this:
# ca_openssl_path: /my/preferred/path
ca_openssl_path: "{{ _ca_openssl_path[ansible_os_family] | default(_ca_openssl_path['default']) }}"
Requirements
- pip packages listed in requirements.txt.
State of used roles
The following roles are used to prepare a system. You can prepare your system in another way.
| Requirement | GitHub | GitLab |
|---|---|---|
| robertdebock.bootstrap |  |
 |
| robertdebock.buildtools |  |
 |
| robertdebock.epel |  |
 |
| robertdebock.httpd |  |
 |
| robertdebock.openssl |  |
 |
| robertdebock.python_pip |  |
 |
Context
This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.
Here is an overview of related roles:
Compatibility
This role has been tested on these container images:
| container | tags |
|---|---|
| EL | 8, 9 |
| Debian | all |
| Fedora | all |
| opensuse | all |
| Ubuntu | all |
The minimum version of Ansible required is 2.12, tests have been done to:
- The previous version.
- The current version.
- The development version.
If you find issues, please register them in GitHub
License
Author Information
Please consider sponsoring me.