volker.raschek/ansible-role-certificate-authority
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: volker.raschek:0.2.1
Branches Tags
volker.raschek:master volker.raschek:renovate/actions
volker.raschek:0.2.3 volker.raschek:0.2.2 volker.raschek:0.2.1 volker.raschek:0.2.0 volker.raschek:0.1.3 volker.raschek:0.1.2 volker.raschek:0.1.1 volker.raschek:0.1.0
...
compare: volker.raschek:renovate/actions
Branches Tags
volker.raschek:master volker.raschek:renovate/actions
volker.raschek:0.2.3 volker.raschek:0.2.2 volker.raschek:0.2.1 volker.raschek:0.2.0 volker.raschek:0.1.3 volker.raschek:0.1.2 volker.raschek:0.1.1 volker.raschek:0.1.0

6 Commits
0.2.1 ... renovate/a

Author SHA1 Message Date
CSRBot
22779aab45 chore(deps): update ansible/ansible-lint action to v25.7.0
Some checks failed
Lint Markdown files / markdown-lint (push) Successful in 18s
Details
Ansible Linter / ansible-lint (push) Failing after 45s
Details
Lint Markdown files / markdown-lint (pull_request) Successful in 11s
Details
Ansible Linter / ansible-lint (pull_request) Failing after 42s
Details
2025-08-06 10:00:35 +00:00
Markus Pesch
29c166acda fix(ansible-galaxy): adapt list of supported platforms
Some checks failed
Lint Markdown files / markdown-lint (push) Successful in 11s
Details
Ansible Linter / ansible-lint (push) Failing after 37s
Details
2025-08-06 11:44:49 +02:00
Markus Pesch
a14c799290 fix(ansible-galaxy): remove namespace
Some checks failed
Lint Markdown files / markdown-lint (push) Successful in 10s
Details
Ansible Linter / ansible-lint (push) Failing after 31s
Details
2025-08-06 11:39:09 +02:00
Markus Pesch
6208d55dcb fix(linter): be compliant with ansible-linter
All checks were successful
Lint Markdown files / markdown-lint (push) Successful in 10s
Details
Ansible Linter / ansible-lint (push) Successful in 33s
Details
2025-08-06 10:55:42 +02:00
Markus Pesch
ac6f54d360 fix(galaxy): change namespace from volker-raschek to volker_raschek
Some checks failed
Lint Markdown files / markdown-lint (push) Successful in 10s
Details
Ansible Linter / ansible-lint (push) Failing after 45s
Details
2025-08-06 10:53:30 +02:00
Markus Pesch
9267a743e7 docs(README): update documentation
Some checks failed
Lint Markdown files / markdown-lint (push) Successful in 10s
Details
Ansible Linter / ansible-lint (push) Failing after 59s
Details
2025-07-31 19:12:06 +02:00
4 changed files with 11 additions and 12 deletions
Expand all files Collapse all files

2
.gitea/workflows/ansible-linters.yaml
View File

@ -14,7 +14,7 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Run ansible-lint - name: Run ansible-lint
uses: ansible/ansible-lint@v25.6.1 uses: ansible/ansible-lint@v25.7.0
with: with:
args: "--config-file .ansible-lint" args: "--config-file .ansible-lint"
setup_python: "true" setup_python: "true"

9
README.md
View File

@ -28,12 +28,11 @@ certificate_authority_client_subject_alternative_names:
| `certificate_authority_root_ca_import` | Import the TLS certificate of the root certificate authority into the systems trust store. | `true` | | `certificate_authority_root_ca_import` | Import the TLS certificate of the root certificate authority into the systems trust store. | `true` |
| `certificate_authority_root_ca_path` | Directory where the private and public TLS key of the root certificate authority should be stored. | `/etc/ansible-playbook/pki/ca` | | `certificate_authority_root_ca_path` | Directory where the private and public TLS key of the root certificate authority should be stored. | `/etc/ansible-playbook/pki/ca` |
| `certificate_authority_root_ca_common_name` | Common Name (CN) of the root certificate authority. | `Ansible Root CA` | | `certificate_authority_root_ca_common_name` | Common Name (CN) of the root certificate authority. | `Ansible Root CA` |
| `certificate_authority_root_ca_country_name` | Common Name (CN) of the root certificate authority. | `""` | | `certificate_authority_root_ca_country_name` | Common Name (CN) of the root certificate authority. For example `US`, `FR` or `DE`. | `""` |
| `certificate_authority_root_ca_email_address` | E-Mail Address of the root certificate authority owner. | `""` | | `certificate_authority_root_ca_email_address` | E-Mail Address of the root certificate authority owner. | `""` |
| `certificate_authority_root_ca_organization_name` | Organization name of the root certificate authority owner. | `""` | | `certificate_authority_root_ca_organization_name` | Organization name of the root certificate authority owner. | `""` |
| `certificate_authority_root_ca_organizational_unit_name` | Organizational unit name of the root certificate authority. | `""` | | `certificate_authority_root_ca_organizational_unit_name` | Organizational unit name of the root certificate authority. | `""` |
| `certificate_authority_root_ca_state_or_province_name` | State or province name where the owner of the root certificate authority is located. | `""` | | `certificate_authority_root_ca_state_or_province_name` | State or province name where the owner of the root certificate authority is located. | `""` |
| `certificate_authority_root_ca_state` | State where the owner of the root certificate authority is located | `""` |
| `certificate_authority_root_ca_subject_alternative_names` | Subject Alternative Names (SAN) of the root certificate authority. | `[]` | | `certificate_authority_root_ca_subject_alternative_names` | Subject Alternative Names (SAN) of the root certificate authority. | `[]` |
| `certificate_authority_root_ca_not_after` | Time in the future from now when the TLS certificate should expire | `+3650d` | | `certificate_authority_root_ca_not_after` | Time in the future from now when the TLS certificate should expire | `+3650d` |
| `certificate_authority_root_ca_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` | | `certificate_authority_root_ca_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` |
@ -50,12 +49,11 @@ certificate_authority_client_subject_alternative_names:
| `certificate_authority_intermediate_ca_create` | Create intermediate certificate from scratch or import via `certificate_authority_intermediate_ca_tls` prefixed variables. | `true` | | `certificate_authority_intermediate_ca_create` | Create intermediate certificate from scratch or import via `certificate_authority_intermediate_ca_tls` prefixed variables. | `true` |
| `certificate_authority_intermediate_ca_path` | Directory where the private and public TLS key of the intermediate certificate authority should be stored. | `/etc/ansible-playbook/pki/intermediate` | | `certificate_authority_intermediate_ca_path` | Directory where the private and public TLS key of the intermediate certificate authority should be stored. | `/etc/ansible-playbook/pki/intermediate` |
| `certificate_authority_intermediate_ca_common_name` | Common Name (CN) of the intermediate certificate authority. | `Ansible Intermediate CA` | | `certificate_authority_intermediate_ca_common_name` | Common Name (CN) of the intermediate certificate authority. | `Ansible Intermediate CA` |
| `certificate_authority_intermediate_ca_country_name` | Country name of the intermediate certificate authority. | `""` | | `certificate_authority_intermediate_ca_country_name` | Country name of the intermediate certificate authority. For example `US`, `FR` or `DE`. | `""` |
| `certificate_authority_intermediate_ca_email_address` | E-Mail Address of the intermediate certificate authority owner. | `""` | | `certificate_authority_intermediate_ca_email_address` | E-Mail Address of the intermediate certificate authority owner. | `""` |
| `certificate_authority_intermediate_ca_organization_name` | Organization name of the intermediate certificate authority owner. | `""` | | `certificate_authority_intermediate_ca_organization_name` | Organization name of the intermediate certificate authority owner. | `""` |
| `certificate_authority_intermediate_ca_organizational_unit_name` | Organizational unit name of the intermediate certificate authority. | `""` | | `certificate_authority_intermediate_ca_organizational_unit_name` | Organizational unit name of the intermediate certificate authority. | `""` |
| `certificate_authority_intermediate_ca_state_or_province_name` | State or province name where the owner of the intermediate certificate authority is located. | `""` | | `certificate_authority_intermediate_ca_state_or_province_name` | State or province name where the owner of the intermediate certificate authority is located. | `""` |
| `certificate_authority_intermediate_ca_state` | State where the owner of the intermediate certificate authority is located. | `""` |
| `certificate_authority_intermediate_ca_subject_alternative_names` | Subject Alternative Names (SAN) of the intermediate certificate authority. | `[]` | | `certificate_authority_intermediate_ca_subject_alternative_names` | Subject Alternative Names (SAN) of the intermediate certificate authority. | `[]` |
| `certificate_authority_intermediate_ca_not_after` | Time in the future from now when the TLS certificate should expire | `+1825d` | | `certificate_authority_intermediate_ca_not_after` | Time in the future from now when the TLS certificate should expire | `+1825d` |
| `certificate_authority_intermediate_ca_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` | | `certificate_authority_intermediate_ca_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` |
@ -72,12 +70,11 @@ certificate_authority_client_subject_alternative_names:
| `certificate_authority_client_create` | Create client certificate from scratch or import via `certificate_authority_client_tls` prefixed variables. | `true` | | `certificate_authority_client_create` | Create client certificate from scratch or import via `certificate_authority_client_tls` prefixed variables. | `true` |
| `certificate_authority_client_path` | Directory where the private and public TLS key of the client certificate authority should be stored. | `/etc/ansible-playbook/pki/client` | | `certificate_authority_client_path` | Directory where the private and public TLS key of the client certificate authority should be stored. | `/etc/ansible-playbook/pki/client` |
| `certificate_authority_client_common_name` | Common Name (CN) of the client certificate. | `Ansible Client Certificate` | | `certificate_authority_client_common_name` | Common Name (CN) of the client certificate. | `Ansible Client Certificate` |
| `certificate_authority_client_country_name` | Country Name (CN) of the client certificate. | `""` | | `certificate_authority_client_country_name` | Country Name (CN) of the client certificate. For example `US`, `FR` or `DE`. | `""` |
| `certificate_authority_client_email_address` | E-Mail Address of the client certificate owner. | `""` | | `certificate_authority_client_email_address` | E-Mail Address of the client certificate owner. | `""` |
| `certificate_authority_client_organization_name` | Organization name of the client certificate owner. | `""` | | `certificate_authority_client_organization_name` | Organization name of the client certificate owner. | `""` |
| `certificate_authority_client_organizational_unit_name` | Common Name (CN) of the client certificate. | `""` | | `certificate_authority_client_organizational_unit_name` | Common Name (CN) of the client certificate. | `""` |
| `certificate_authority_client_state_or_province_name` | State or province name where the owner of the client certificate is located. | `""` | | `certificate_authority_client_state_or_province_name` | State or province name where the owner of the client certificate is located. | `""` |
| `certificate_authority_client_state` | State where the owner of the client certificate is located. | `""` |
| `certificate_authority_client_subject_alternative_names` | Subject Alternative Names (SAN) of the client certificate. | `[]` | | `certificate_authority_client_subject_alternative_names` | Subject Alternative Names (SAN) of the client certificate. | `[]` |
| `certificate_authority_client_not_after` | Time in the future from now when the TLS certificate should expire | `+397d` | | `certificate_authority_client_not_after` | Time in the future from now when the TLS certificate should expire | `+397d` |
| `certificate_authority_client_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` | | `certificate_authority_client_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` |

10
meta/main.yml
View File

@ -1,5 +1,4 @@
galaxy_info: galaxy_info:
namespace: volker-raschek
role_name: "certificate_authority" role_name: "certificate_authority"
author: "Markus Pesch" author: "Markus Pesch"
description: "Role to create and managed an existing PKI infrastructure" description: "Role to create and managed an existing PKI infrastructure"
@ -10,14 +9,17 @@ galaxy_info:
- name: ArchLinux - name: ArchLinux
versions: versions:
- all - all
- name: Ubuntu - name: EL
versions: versions:
- all - all
- name: Fedora - name: Fedora
versions: versions:
- "35" - all
- name: Ubuntu
versions:
- all
galaxy_tags: galaxy_tags:
- certificate-authority
- ca - ca
- ssl - ssl
- tls - tls

2
tasks/main.yaml
View File

@ -3,7 +3,7 @@
- name: Upgrade python package manager pip - name: Upgrade python package manager pip
ansible.builtin.pip: ansible.builtin.pip:
name: pip name: pip
state: latest state: present
- name: Install required python library cryptography - name: Install required python library cryptography
ansible.builtin.pip: ansible.builtin.pip: