You've already forked ansible-role-certificate-authority
							
							Compare commits
	
		
			19 Commits
		
	
	
		
			0.2.0
			...
			a416b01dd9
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| a416b01dd9 | |||
| 3432d1dc89 | |||
| 42b3e7a5db | |||
| 3344723187 | |||
| 085ad44e8f | |||
| 786a4e9385 | |||
| 75241aa759 | |||
| f9592e9a03 | |||
| a71af04b83 | |||
| 60e11b1276 | |||
| dfac82a1f8 | |||
| 594325b852 | |||
| f3e818b07c | |||
| 29c166acda | |||
| a14c799290 | |||
| 6208d55dcb | |||
| ac6f54d360 | |||
| 9267a743e7 | |||
| ef2c31e64e | 
| @@ -14,7 +14,7 @@ jobs: | ||||
|     steps: | ||||
|     - uses: actions/checkout@v4 | ||||
|     - name: Run ansible-lint | ||||
|       uses: ansible/ansible-lint@v25.6.1 | ||||
|       uses: ansible/ansible-lint@v25.9.0 | ||||
|       with: | ||||
|         args: "--config-file .ansible-lint" | ||||
|         setup_python: "true" | ||||
|   | ||||
| @@ -12,7 +12,7 @@ jobs: | ||||
|     runs-on: | ||||
|     - ubuntu-latest | ||||
|     steps: | ||||
|     - uses: actions/checkout@v4.2.2 | ||||
|     - uses: actions/checkout@v4.3.0 | ||||
|     - uses: DavidAnson/markdownlint-cli2-action@v20.0.0 | ||||
|       with: | ||||
|         globs: '**/*.md' | ||||
|   | ||||
| @@ -28,12 +28,11 @@ certificate_authority_client_subject_alternative_names: | ||||
| | `certificate_authority_root_ca_import`                    | Import the TLS certificate of the root certificate authority into the systems trust store.                                                    | `true`                         | | ||||
| | `certificate_authority_root_ca_path`                      | Directory where the private and public TLS key of the root certificate authority should be stored.                                            | `/etc/ansible-playbook/pki/ca` | | ||||
| | `certificate_authority_root_ca_common_name`               | Common Name (CN) of the root certificate authority.                                                                                           | `Ansible Root CA`              | | ||||
| | `certificate_authority_root_ca_country_name`              | Common Name (CN) of the root certificate authority.                                                                                           | `""`                           | | ||||
| | `certificate_authority_root_ca_country_name`              | Common Name (CN) of the root certificate authority. For example `US`, `FR` or `DE`.                                                           | `""`                           | | ||||
| | `certificate_authority_root_ca_email_address`             | E-Mail Address of the root certificate authority owner.                                                                                       | `""`                           | | ||||
| | `certificate_authority_root_ca_organization_name`         | Organization name of the root certificate authority owner.                                                                                    | `""`                           | | ||||
| | `certificate_authority_root_ca_organizational_unit_name`  | Organizational unit name of the root certificate authority.                                                                                   | `""`                           | | ||||
| | `certificate_authority_root_ca_state_or_province_name`    | State or province name where the owner of the root certificate authority is located.                                                          | `""`                           | | ||||
| | `certificate_authority_root_ca_state`                     | State where the owner of the root certificate authority is located                                                                            | `""`                           | | ||||
| | `certificate_authority_root_ca_subject_alternative_names` | Subject Alternative Names (SAN) of the root certificate authority.                                                                            | `[]`                           | | ||||
| | `certificate_authority_root_ca_not_after`                 | Time in the future from now when the TLS certificate should expire                                                                            | `+3650d`                       | | ||||
| | `certificate_authority_root_ca_not_before`                | Time in the past from now when the TLS certificate should be valid.                                                                           | `+0s`                          | | ||||
| @@ -50,12 +49,11 @@ certificate_authority_client_subject_alternative_names: | ||||
| | `certificate_authority_intermediate_ca_create`                    | Create intermediate certificate from scratch or import via `certificate_authority_intermediate_ca_tls` prefixed variables.                            | `true`                                   | | ||||
| | `certificate_authority_intermediate_ca_path`                      | Directory where the private and public TLS key of the intermediate certificate authority should be stored.                                            | `/etc/ansible-playbook/pki/intermediate` | | ||||
| | `certificate_authority_intermediate_ca_common_name`               | Common Name (CN) of the intermediate certificate authority.                                                                                           | `Ansible Intermediate CA`                | | ||||
| | `certificate_authority_intermediate_ca_country_name`              | Country name of the intermediate certificate authority.                                                                                               | `""`                                     | | ||||
| | `certificate_authority_intermediate_ca_country_name`              | Country name of the intermediate certificate authority. For example `US`, `FR` or `DE`.                                                               | `""`                                     | | ||||
| | `certificate_authority_intermediate_ca_email_address`             | E-Mail Address of the intermediate certificate authority owner.                                                                                       | `""`                                     | | ||||
| | `certificate_authority_intermediate_ca_organization_name`         | Organization name of the intermediate certificate authority owner.                                                                                    | `""`                                     | | ||||
| | `certificate_authority_intermediate_ca_organizational_unit_name`  | Organizational unit name of the intermediate certificate authority.                                                                                   | `""`                                     | | ||||
| | `certificate_authority_intermediate_ca_state_or_province_name`    | State or province name where the owner of the intermediate certificate authority is located.                                                          | `""`                                     | | ||||
| | `certificate_authority_intermediate_ca_state`                     | State where the owner of the intermediate certificate authority is located.                                                                           | `""`                                     | | ||||
| | `certificate_authority_intermediate_ca_subject_alternative_names` | Subject Alternative Names (SAN) of the intermediate certificate authority.                                                                            | `[]`                                     | | ||||
| | `certificate_authority_intermediate_ca_not_after`                 | Time in the future from now when the TLS certificate should expire                                                                                    | `+1825d`                                 | | ||||
| | `certificate_authority_intermediate_ca_not_before`                | Time in the past from now when the TLS certificate should be valid.                                                                                   | `+0s`                                    | | ||||
| @@ -72,12 +70,11 @@ certificate_authority_client_subject_alternative_names: | ||||
| | `certificate_authority_client_create`                    | Create client certificate from scratch or import via `certificate_authority_client_tls` prefixed variables. | `true`                             | | ||||
| | `certificate_authority_client_path`                      | Directory where the private and public TLS key of the client certificate authority should be stored.        | `/etc/ansible-playbook/pki/client` | | ||||
| | `certificate_authority_client_common_name`               | Common Name (CN) of the client certificate.                                                                 | `Ansible Client Certificate`       | | ||||
| | `certificate_authority_client_country_name`              | Country Name (CN) of the client certificate.                                                                | `""`                               | | ||||
| | `certificate_authority_client_country_name`              | Country Name (CN) of the client certificate. For example `US`, `FR` or `DE`.                                | `""`                               | | ||||
| | `certificate_authority_client_email_address`             | E-Mail Address of the client certificate owner.                                                             | `""`                               | | ||||
| | `certificate_authority_client_organization_name`         | Organization name of the client certificate owner.                                                          | `""`                               | | ||||
| | `certificate_authority_client_organizational_unit_name`  | Common Name (CN) of the client certificate.                                                                 | `""`                               | | ||||
| | `certificate_authority_client_state_or_province_name`    | State or province name where the owner of the client certificate is located.                                | `""`                               | | ||||
| | `certificate_authority_client_state`                     | State where the owner of the client certificate is located.                                                 | `""`                               | | ||||
| | `certificate_authority_client_subject_alternative_names` | Subject Alternative Names (SAN) of the client certificate.                                                  | `[]`                               | | ||||
| | `certificate_authority_client_not_after`                 | Time in the future from now when the TLS certificate should expire                                          | `+397d`                            | | ||||
| | `certificate_authority_client_not_before`                | Time in the past from now when the TLS certificate should be valid.                                         | `+0s`                              | | ||||
|   | ||||
| @@ -10,12 +10,11 @@ certificate_authority_root_ca_import: true | ||||
|  | ||||
| ## @param certificate_authority_root_ca_path Directory where the private and public TLS key of the root certificate authority should be stored. | ||||
| ## @param certificate_authority_root_ca_common_name Common Name (CN) of the root certificate authority. | ||||
| ## @param certificate_authority_root_ca_country_name Common Name (CN) of the root certificate authority. | ||||
| ## @param certificate_authority_root_ca_country_name Common Name (CN) of the root certificate authority. For example `US`, `FR` or `DE`. | ||||
| ## @param certificate_authority_root_ca_email_address E-Mail Address of the root certificate authority owner. | ||||
| ## @param certificate_authority_root_ca_organization_name Organization name of the root certificate authority owner. | ||||
| ## @param certificate_authority_root_ca_organizational_unit_name Organizational unit name of the root certificate authority. | ||||
| ## @param certificate_authority_root_ca_state_or_province_name State or province name where the owner of the root certificate authority is located. | ||||
| ## @param certificate_authority_root_ca_state State where the owner of the root certificate authority is located | ||||
| ## @param certificate_authority_root_ca_subject_alternative_names Subject Alternative Names (SAN) of the root certificate authority. | ||||
| ## @param certificate_authority_root_ca_not_after Time in the future from now when the TLS certificate should expire | ||||
| ## @param certificate_authority_root_ca_not_before Time in the past from now when the TLS certificate should be valid. | ||||
| @@ -26,7 +25,6 @@ certificate_authority_root_ca_email_address: "" | ||||
| certificate_authority_root_ca_organization_name: "" | ||||
| certificate_authority_root_ca_organizational_unit_name: "" | ||||
| certificate_authority_root_ca_state_or_province_name: "" | ||||
| certificate_authority_root_ca_state: "" | ||||
| certificate_authority_root_ca_subject_alternative_names: [] | ||||
| certificate_authority_root_ca_not_after: "+3650d" | ||||
| certificate_authority_root_ca_not_before: "+0s" | ||||
| @@ -50,12 +48,11 @@ certificate_authority_intermediate_ca_create: true | ||||
|  | ||||
| ## @param certificate_authority_intermediate_ca_path Directory where the private and public TLS key of the intermediate certificate authority should be stored. | ||||
| ## @param certificate_authority_intermediate_ca_common_name Common Name (CN) of the intermediate certificate authority. | ||||
| ## @param certificate_authority_intermediate_ca_country_name Country name of the intermediate certificate authority. | ||||
| ## @param certificate_authority_intermediate_ca_country_name Country name of the intermediate certificate authority. For example `US`, `FR` or `DE`. | ||||
| ## @param certificate_authority_intermediate_ca_email_address E-Mail Address of the intermediate certificate authority owner. | ||||
| ## @param certificate_authority_intermediate_ca_organization_name Organization name of the intermediate certificate authority owner. | ||||
| ## @param certificate_authority_intermediate_ca_organizational_unit_name Organizational unit name of the intermediate certificate authority. | ||||
| ## @param certificate_authority_intermediate_ca_state_or_province_name State or province name where the owner of the intermediate certificate authority is located. | ||||
| ## @param certificate_authority_intermediate_ca_state State where the owner of the intermediate certificate authority is located. | ||||
| ## @param certificate_authority_intermediate_ca_subject_alternative_names Subject Alternative Names (SAN) of the intermediate certificate authority. | ||||
| ## @param certificate_authority_intermediate_ca_not_after Time in the future from now when the TLS certificate should expire | ||||
| ## @param certificate_authority_intermediate_ca_not_before Time in the past from now when the TLS certificate should be valid. | ||||
| @@ -66,7 +63,6 @@ certificate_authority_intermediate_ca_email_address: "" | ||||
| certificate_authority_intermediate_ca_organization_name: "" | ||||
| certificate_authority_intermediate_ca_organizational_unit_name: "" | ||||
| certificate_authority_intermediate_ca_state_or_province_name: "" | ||||
| certificate_authority_intermediate_ca_state: "" | ||||
| certificate_authority_intermediate_ca_subject_alternative_names: [] | ||||
| certificate_authority_intermediate_ca_not_after: "+1825d" | ||||
| certificate_authority_intermediate_ca_not_before: "+0s" | ||||
| @@ -90,12 +86,11 @@ certificate_authority_client_create: true | ||||
|  | ||||
| ## @param certificate_authority_client_path Directory where the private and public TLS key of the client certificate authority should be stored. | ||||
| ## @param certificate_authority_client_common_name Common Name (CN) of the client certificate. | ||||
| ## @param certificate_authority_client_country_name Country Name (CN) of the client certificate. | ||||
| ## @param certificate_authority_client_country_name Country Name (CN) of the client certificate. For example `US`, `FR` or `DE`. | ||||
| ## @param certificate_authority_client_email_address E-Mail Address of the client certificate owner. | ||||
| ## @param certificate_authority_client_organization_name Organization name of the client certificate owner. | ||||
| ## @param certificate_authority_client_organizational_unit_name Common Name (CN) of the client certificate. | ||||
| ## @param certificate_authority_client_state_or_province_name State or province name where the owner of the client certificate is located. | ||||
| ## @param certificate_authority_client_state State where the owner of the client certificate is located. | ||||
| ## @param certificate_authority_client_subject_alternative_names Subject Alternative Names (SAN) of the client certificate. | ||||
| ## @param certificate_authority_client_not_after Time in the future from now when the TLS certificate should expire | ||||
| ## @param certificate_authority_client_not_before Time in the past from now when the TLS certificate should be valid. | ||||
| @@ -106,7 +101,6 @@ certificate_authority_client_email_address: "" | ||||
| certificate_authority_client_organization_name: "" | ||||
| certificate_authority_client_organizational_unit_name: "" | ||||
| certificate_authority_client_state_or_province_name: "" | ||||
| certificate_authority_client_state: "" | ||||
| certificate_authority_client_subject_alternative_names: [] | ||||
| certificate_authority_client_not_after: "+397d" | ||||
| certificate_authority_client_not_before: "+0s" | ||||
|   | ||||
| @@ -1,25 +1,26 @@ | ||||
| dependencies: [] | ||||
| galaxy_info: | ||||
|   namespace: volker-raschek | ||||
|   role_name: "certificate_authority" | ||||
|   author: "Markus Pesch" | ||||
|   description: "Role to create and managed an existing PKI infrastructure" | ||||
|   company: "Cryptic Systems" | ||||
|   description: "Role to create and managed an existing PKI infrastructure" | ||||
|   galaxy_tags: | ||||
|   - ca | ||||
|   - ssl | ||||
|   - tls | ||||
|   license: "MIT" | ||||
|   min_ansible_version: "2.9" | ||||
|   namespace: volker-raschek | ||||
|   platforms: | ||||
|   - name: ArchLinux | ||||
|     versions: | ||||
|     - all | ||||
|   - name: EL | ||||
|     versions: | ||||
|     - all | ||||
|   - name: Fedora | ||||
|     versions: | ||||
|     - all | ||||
|   - name: Ubuntu | ||||
|     versions: | ||||
|     - all | ||||
|   - name: Fedora | ||||
|     versions: | ||||
|     - "35" | ||||
|   galaxy_tags: | ||||
|   - certificate-authority | ||||
|   - ca | ||||
|   - ssl | ||||
|   - tls | ||||
|  | ||||
| dependencies: [] | ||||
|   role_name: "certificate_authority" | ||||
|   | ||||
| @@ -21,7 +21,6 @@ | ||||
|     privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}" | ||||
|     privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem" | ||||
|     state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}" | ||||
|     state: "{{ certificate_authority_client_state }}" | ||||
|   when: | | ||||
|     certificate_authority_client_subject_alternative_names is not defined or | ||||
|     (certificate_authority_client_subject_alternative_names is defined and | ||||
| @@ -41,7 +40,6 @@ | ||||
|     privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem" | ||||
|     privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}" | ||||
|     state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}" | ||||
|     state: "{{ certificate_authority_client_state }}" | ||||
|     subject_alt_name: "{{ certificate_authority_client_subject_alternative_names | map('regex_replace', '^', 'DNS:') | list | join(',') | quote }}" | ||||
|   when: certificate_authority_client_subject_alternative_names is defined and | ||||
|         certificate_authority_client_subject_alternative_names | length > 0 | ||||
|   | ||||
| @@ -19,7 +19,6 @@ | ||||
|     privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}" | ||||
|     privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem" | ||||
|     state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}" | ||||
|     state: "{{ certificate_authority_client_state }}" | ||||
|   when: | | ||||
|     certificate_authority_client_subject_alternative_names is not defined or | ||||
|     (certificate_authority_client_subject_alternative_names is defined and | ||||
| @@ -38,7 +37,6 @@ | ||||
|     path: "{{ certificate_authority_client_path }}/cert-req.pem" | ||||
|     privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem" | ||||
|     state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}" | ||||
|     state: "{{ certificate_authority_client_state }}" | ||||
|     subject_alt_name: "{{ certificate_authority_client_subject_alternative_names | map('regex_replace', '^', 'DNS:') | list | join(',') | quote }}" | ||||
|   when: certificate_authority_client_subject_alternative_names is defined and | ||||
|         certificate_authority_client_subject_alternative_names | length > 0 | ||||
|   | ||||
| @@ -20,7 +20,6 @@ | ||||
|     privatekey_passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}" | ||||
|     privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem" | ||||
|     state_or_province_name: "{{ certificate_authority_intermediate_ca_state_or_province_name }}" | ||||
|     state: "{{ certificate_authority_intermediate_ca_state }}" | ||||
|     use_common_name_for_san: false | ||||
|  | ||||
| - name: Create signed client certificate - unprotected root Certificate Authority (CA) | ||||
|   | ||||
| @@ -17,7 +17,6 @@ | ||||
|     path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem" | ||||
|     privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem" | ||||
|     state_or_province_name: "{{ certificate_authority_intermediate_ca_state_or_province_name }}" | ||||
|     state: "{{ certificate_authority_intermediate_ca_state }}" | ||||
|     use_common_name_for_san: false | ||||
|  | ||||
| - name: Create signed client certificate - unprotected root Certificate Authority (CA) | ||||
|   | ||||
| @@ -3,7 +3,7 @@ | ||||
| - name: Upgrade python package manager pip | ||||
|   ansible.builtin.pip: | ||||
|     name: pip | ||||
|     state: latest | ||||
|     state: present | ||||
|  | ||||
| - name: Install required python library cryptography | ||||
|   ansible.builtin.pip: | ||||
|   | ||||
| @@ -20,7 +20,6 @@ | ||||
|     privatekey_passphrase: "{{ certificate_authority_root_ca_tls_key_passphrase }}" | ||||
|     privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem" | ||||
|     state_or_province_name: "{{ certificate_authority_root_ca_state_or_province_name }}" | ||||
|     state: "{{ certificate_authority_root_ca_state }}" | ||||
|     use_common_name_for_san: false | ||||
|  | ||||
| - name: Create self-signed certificate for root CA | ||||
|   | ||||
| @@ -17,7 +17,6 @@ | ||||
|     path: "{{ certificate_authority_root_ca_path }}/cert-req.pem" | ||||
|     privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem" | ||||
|     state_or_province_name: "{{ certificate_authority_root_ca_state_or_province_name }}" | ||||
|     state: "{{ certificate_authority_root_ca_state }}" | ||||
|     use_common_name_for_san: false | ||||
|  | ||||
| - name: Create self-signed certificate for root CA | ||||
|   | ||||
		Reference in New Issue
	
	Block a user