ansible/cfssl-client-role
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add role

Browse source
This commit is contained in:
Arnaud GRESSE 2022-12-16 18:02:08 +01:00
parent 9ef6449ba6
commit cd0ea94173
5 changed files with 75 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
roles/defaults/main.yml Normal file
View file

@ -0,0 +1,13 @@
---
cfssl_version: 1.6.3
cfssl_bin_directory: /usr/bin
cfssl_serve_url: localhost:8888
cfssl_profile: server
cnf_file: /etc/ssl/server.cnf
key_file: /etc/ssl/private/{{inventory_hostname_short}}.key
csr_file: /etc/ssl/{{inventory_hostname_short}}.csr
cert_file: /etc/ssl/certs/{{inventory_hostname_short}}.pem
integrate_ca: yes
ca_filename : my_intermediate_ca.crt

0
roles/handlers/main.yml Normal file
View file

27
roles/tasks/main.yml Normal file
View file

@ -0,0 +1,27 @@
- name: include pre_requisite.yml
import_tasks: pre_requisite.yml
- name: creating cnf file
template:
src: server.cnf.j2
dest: '{{cnf_file}}'
owner: root
group: root
mode: 0644
- name: create csr and key with openssl
shell: 'openssl req -new -newkey rsa:2048 -nodes -sha256 -config {{cnf_file}} -out {{csr_file}} -keyout {{key_file}}'
- name: sign certificate
shell: '{{cfssl_bin_directory}}/cfssl sign -remote "{{cfssl_serve_url}}" -profile "{{cfssl_profile}}" {{csr_file}} | cfssljson -bare -stdout > {{cert_file}}'
- name: remove csr in content certificate
shell: 'openssl x509 -in {{cert_file}} -out {{cert_file}}'
- name: recuperate ca certificate
shell: '{{cfssl_bin_directory}}/cfssl info -remote "{{cfssl_serve_url}}" | cfssljson -bare -stdout > /usr/local/share/ca-certificates/{{ca_filename}}'
when: integrate_ca
- name: Update CA Store
shell: 'update-ca-certificates'
when: integrate_ca

22
roles/tasks/pre_requisite.yml Normal file
View file

@ -0,0 +1,22 @@
---
- name: Check if cfssl is already available
stat:
path: '{{cfssl_bin_directory}}/cfssl'
register: cfssl_exist
- name: Download statically linked cfssl binary
get_url:
url: https://github.com/cloudflare/cfssl/releases/download/v{{cfssl_version}}/cfssl_{{cfssl_version}}_linux_amd64
dest: '{{cfssl_bin_directory}}/cfssl'
mode: 0755
when: cfssl_exist.stat.exists == false
- name: Check if cfssljson is already available
stat:
path: '{{cfssl_bin_directory}}/cfssljson'
register: cfssljson_exist
- name: Download statically linked cfssljson binary
get_url:
url: https://github.com/cloudflare/cfssl/releases/download/v{{cfssl_version}}/cfssljson_{{cfssl_version}}_linux_amd64
dest: '{{cfssl_bin_directory}}/cfssljson'
mode: 0755
when: cfssljson_exist.stat.exists == false

13
roles/templates/server.cnf.j2 Normal file
View file

@ -0,0 +1,13 @@
[ req ]
prompt = no
distinguished_name = dn
req_extensions = req_ext
[ dn ]
CN = {{inventory_hostname_short}}.{{vm_domain_name}}
[ req_ext ]
subjectAltName = DNS:{{inventory_hostname_short}}.{{vm_domain_name}},DNS:{{inventory_hostname_short}}-adm.{{vm_domain_name}}
[ alt_names ]
DNS.1 = {{inventory_hostname_short}}-adm.{{vm_domain_name}}