ansible/cfssl-server-role
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix role

Browse source
This commit is contained in:
nono 2022-12-21 20:51:34 +01:00
parent f2816881b3
commit a171adff47
5 changed files with 78 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
defaults/main.yml
View file

@ -1,25 +1,24 @@
---
cfssl_version: 1.6.3
cfssl_bin_directory: /usr/bin
cfssl_port: 8888
cfssl_bin_directory: '/usr/bin'
cfssl_port: '8888'
cfssl_auth_key: "0123456789ABCDEF0123456789ABCDEF"
pki_dir: /opt/cfssl
pki_dir: '/opt/cfssl'
pki_key:
algo: rsa
algo: 'rsa'
size: 4096
pki_names:
- C: FR
- C: 'FR'
L: 'Paris'
O: 'Acme'
OU: 'IT'
pki_ca:
cname: My Internal Certification Authority
expiry: 262800h
cname: 'My Internal Certification Authority'
expiry: '262800h'
pki_intermediate_ca:
cname: My Intermediate Internal Certification Authority
expirity: 262800h
cname: 'My Intermediate Internal Certification Authority'

3
tasks/main.yml
View file

@ -92,16 +92,19 @@
shell: '{{cfssl_bin_directory}}/cfssl gencert -initca {{pki_dir}}/csr/csr_ROOT_CA.json | {{cfssl_bin_directory}}/cfssljson -bare ca'
args:
chdir: '{{pki_dir}}/CA/'
creates: '{{pki_dir}}/CA/ca-key.pem'
- name: create intermediate certificate authority key pair and CSR, autosign it
shell: '{{cfssl_bin_directory}}/cfssl gencert -ca {{pki_dir}}/CA/ca.pem -ca-key {{pki_dir}}/CA/ca-key.pem -config={{pki_dir}}/etc/cfssl.json -profile="intermediate_ca" {{pki_dir}}/csr/csr_intermediate_CA.json | {{cfssl_bin_directory}}/cfssljson -bare ca-server'
args:
chdir: '{{pki_dir}}/CA/'
creates: '{{pki_dir}}/CA/ca-server-key.pem'
- name: create sqlite3 database
shell: 'cat {{pki_dir}}/data/init.sql | sqlite3 {{pki_dir}}/data/certdb.db'
args:
chdir: '{{pki_dir}}/CA/'
creates: '{{pki_dir}}/data/certdb.db'
- name: Change owner of ca-server.pem by cfssl

3
templates/cfssl.json.j2
View file

@ -2,7 +2,7 @@
"auth_keys": {
"key_srv": {
"type": "standard",
"key":"{{cfssl_auth_key}}"
"key": "{{cfssl_auth_key}}"
}
},
"signing": {
@ -68,5 +68,4 @@
}
}
}
}
}

6
templates/csr_ROOT_CA.json.j2
View file

@ -1,6 +1,6 @@
{
"CN": {{pki_ca.cname | to_json}},
"key" : {{pki_key | to_json}},
"names" : {{pki_names | to_json}},
"ca": {"expiry": "{{pki_ca.expiry | to_json}}"}
"key": {{pki_key | to_json}},
"names": {{pki_names | to_json}},
"ca": {"expiry": {{pki_ca.expiry | to_json}}}
}

5
templates/csr_intermediate_CA.json.j2
View file

@ -1,6 +1,5 @@
{
"CN": {{pki_intermediate_ca.cname | to_json}},
"key" : {{pki_key | to_json}},
"names" : {{pki_names | to_json}},
"ca": {"expiry": "{{pki_intermediate_ca.expiry | to_json}}"}
"key": {{pki_key | to_json}},
"names": {{pki_names | to_json}}
}