volker.raschek/ansible-role-certificate-authority
1
0
Fork 0
Code Issues Pull Requests -1 Actions Packages Projects Releases Wiki Activity

docs(meta): add argument_specs

Browse Source
This commit is contained in:
Markus Pesch
2026-01-14 21:53:39 +01:00
parent 708c02d4b4
commit 64f1fc52ef
1 changed files with 228 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

228
meta/argument_specs.yaml Normal file
View File

@@ -0,0 +1,228 @@
---
argument_specs:
main:
short_description: "Role to create and manage an existing PKI infrastructure"
description:
- "This Ansible role can be used to create a root and intermediate certificate authority and issue client certificates from them."
- "Additionally offers the ansible role the feature to import the certificates of the authority into the systems trust store."
author: "Markus Pesch"
options:
# Root Certificate Authority (CA)
certificate_authority_root_ca_skip:
description: "Skip creation or import of a root certificate authority in general."
type: bool
default: false
certificate_authority_root_ca_create:
description: "Create root certificate from scratch or import via certificate_authority_root_ca_tls prefixed variables."
type: bool
default: true
certificate_authority_root_ca_import:
description: "Import the TLS certificate of the root certificate authority into the systems trust store."
type: bool
default: true
certificate_authority_root_ca_path:
description: "Directory where the private and public TLS key of the root certificate authority should be stored."
type: str
default: "/etc/ansible-playbook/pki/ca"
certificate_authority_root_ca_common_name:
description: "Common Name (CN) of the root certificate authority."
type: str
default: "Ansible Root CA"
certificate_authority_root_ca_country_name:
description: "Common Name (CN) of the root certificate authority. For example US, FR or DE."
type: str
default: ""
certificate_authority_root_ca_email_address:
description: "E-Mail Address of the root certificate authority owner."
type: str
default: ""
certificate_authority_root_ca_organization_name:
description: "Organization name of the root certificate authority owner."
type: str
default: ""
certificate_authority_root_ca_organizational_unit_name:
description: "Organizational unit name of the root certificate authority."
type: str
default: ""
certificate_authority_root_ca_state_or_province_name:
description: "State or province name where the owner of the root certificate authority is located."
type: str
default: ""
certificate_authority_root_ca_subject_alternative_names:
description: "Subject Alternative Names (SAN) of the root certificate authority."
type: list
elements: str
default: []
certificate_authority_root_ca_not_after:
description: "Time in the future from now when the TLS certificate should expire"
type: str
default: "+3650d"
certificate_authority_root_ca_not_before:
description: "Time in the past from now when the TLS certificate should be valid."
type: str
default: "+0s"
certificate_authority_root_ca_tls_key_content:
description: "Content of a custom used root certificate authority. Will only be imported, when certificate_authority_root_ca_create: false."
type: str
default: ""
certificate_authority_root_ca_tls_crt_content:
description: "Content of a custom used certificate of the certificate authority. Will only be imported, when certificate_authority_root_ca_create: false."
type: str
default: ""
certificate_authority_root_ca_tls_key_passphrase:
description: "Passphrase for the private key of the generated or imported root certificate authority."
type: str
default: ""
no_log: true
certificate_authority_root_ca_tls_key_type:
description: "Algorithm of the private key of the root certificate authority."
type: str
default: "RSA"
choices:
- RSA
- DSA
- ECC
# Intermediate Certificate Authority (CA)
certificate_authority_intermediate_ca_skip:
description: "Skip creation or import of a intermediate certificate authority in general."
type: bool
default: false
certificate_authority_intermediate_ca_create:
description: "Create intermediate certificate from scratch or import via certificate_authority_intermediate_ca_tls prefixed variables."
type: bool
default: true
certificate_authority_intermediate_ca_path:
description: "Directory where the private and public TLS key of the intermediate certificate authority should be stored."
type: str
default: "/etc/ansible-playbook/pki/intermediate"
certificate_authority_intermediate_ca_common_name:
description: "Common Name (CN) of the intermediate certificate authority."
type: str
default: "Ansible Intermediate CA"
certificate_authority_intermediate_ca_country_name:
description: "Country name of the intermediate certificate authority. For example US, FR or DE."
type: str
default: ""
certificate_authority_intermediate_ca_email_address:
description: "E-Mail Address of the intermediate certificate authority owner."
type: str
default: ""
certificate_authority_intermediate_ca_organization_name:
description: "Organization name of the intermediate certificate authority owner."
type: str
default: ""
certificate_authority_intermediate_ca_organizational_unit_name:
description: "Organizational unit name of the intermediate certificate authority."
type: str
default: ""
certificate_authority_intermediate_ca_state_or_province_name:
description: "State or province name where the owner of the intermediate certificate authority is located."
type: str
default: ""
certificate_authority_intermediate_ca_subject_alternative_names:
description: "Subject Alternative Names (SAN) of the intermediate certificate authority."
type: list
elements: str
default: []
certificate_authority_intermediate_ca_not_after:
description: "Time in the future from now when the TLS certificate should expire"
type: str
default: "+1825d"
certificate_authority_intermediate_ca_not_before:
description: "Time in the past from now when the TLS certificate should be valid."
type: str
default: "+0s"
certificate_authority_intermediate_ca_tls_key_content:
description: "Content of a custom used intermediate certificate authority. Will only be imported, when certificate_authority_intermediate_ca_create: false."
type: str
default: ""
certificate_authority_intermediate_ca_tls_crt_content:
description: "Content of a custom used certificate of the certificate authority. Will only be imported, when certificate_authority_intermediate_ca_create: false."
type: str
default: ""
certificate_authority_intermediate_ca_tls_key_passphrase:
description: "Passphrase for the private key of the generated or imported intermediate certificate authority."
type: str
default: ""
no_log: true
certificate_authority_intermediate_ca_tls_key_type:
description: "Algorithm of the private key of the intermediate certificate authority."
type: str
default: "RSA"
choices:
- RSA
- DSA
- ECC
# Client Certificate
certificate_authority_client_skip:
description: "Skip creation or import of a client certificate in general."
type: bool
default: true
certificate_authority_client_create:
description: "Create client certificate from scratch or import via certificate_authority_client_tls prefixed variables."
type: bool
default: true
certificate_authority_client_path:
description: "Directory where the private and public TLS key of the client certificate authority should be stored."
type: str
default: "/etc/ansible-playbook/pki/client"
certificate_authority_client_common_name:
description: "Common Name (CN) of the client certificate."
type: str
default: "Ansible Client Certificate"
certificate_authority_client_country_name:
description: "Country Name (CN) of the client certificate. For example US, FR or DE."
type: str
default: ""
certificate_authority_client_email_address:
description: "E-Mail Address of the client certificate owner."
type: str
default: ""
certificate_authority_client_organization_name:
description: "Organization name of the client certificate owner."
type: str
default: ""
certificate_authority_client_organizational_unit_name:
description: "Common Name (CN) of the client certificate."
type: str
default: ""
certificate_authority_client_state_or_province_name:
description: "State or province name where the owner of the client certificate is located."
type: str
default: ""
certificate_authority_client_subject_alternative_names:
description: "Subject Alternative Names (SAN) of the client certificate."
type: list
elements: str
default: []
certificate_authority_client_not_after:
description: "Time in the future from now when the TLS certificate should expire"
type: str
default: "+397d"
certificate_authority_client_not_before:
description: "Time in the past from now when the TLS certificate should be valid."
type: str
default: "+0s"
certificate_authority_client_tls_key_passphrase:
description: "Passphrase for the private key of the generated or imported client certificate."
type: str
default: ""
no_log: true
certificate_authority_client_tls_key_type:
description: "Algorithm of the private key of the client certificate."
type: str
default: "RSA"
choices:
- RSA
- DSA
- ECC
certificate_authority_client_tls_crt_content:
description: "Passphrase for the private key of the generated or imported client certificate."
type: str
default: ""
certificate_authority_client_tls_key_content:
description: "Algorithm of the private key of the client certificate"
type: str
default: ""