Skip to content
This repository was archived by the owner on Jan 5, 2025. It is now read-only.

Commit bd82ad3

Browse files
blalloblallo
committed
Update README
1 parent 92391f3 commit bd82ad3

File tree

1 file changed

+48
-58
lines changed

1 file changed

+48
-58
lines changed

README.md

Lines changed: 48 additions & 58 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ Generates self-signed CA, client and server certificates. Runs locally on contro
44

55
Notes:
66
- Will not overwrite any files in output cert dir
7-
- Ansible crypto modules do not support signing certs with own CA yet, using `shell` command instead. Should be resolved in Ansible 2.7 using the [ownca provider](https://github.com/ansible/ansible/commit/b61b113fb9e3fcfcb25f4a8aaabad618e3209ce1).
7+
- Will not copy the files to the remote servers if the local files are unchanged
88

99

1010
Requirements
@@ -19,68 +19,58 @@ See `defaults/main.yml`
1919

2020
Dependencies
2121
------------
22-
- Refer to [Ansible Crypto modules](http://docs.ansible.com/ansible/latest/modules/list_of_crypto_modules.html)
2322

23+
Install dependencies via
2424

25-
Example Playbook
26-
----------------
27-
**generate-certs.yaml:**
2825
```
29-
---
30-
31-
# ansible-playbook generate-certs.yaml -i localhost,
32-
# ansible-playbook generate-certs.yaml -i inventory.yaml
33-
34-
- hosts: all
35-
36-
gather_facts: false
37-
38-
tasks:
39-
- include_vars: vars.yaml
26+
$ ansible-galaxy collection install community.crypto
27+
```
4028

41-
- name: Generate certs
42-
import_role:
43-
name: generate-tls-certs
29+
Example Playbook
30+
----------------
4431

45-
```
32+
The provided example `playbook.yml` targets two hosts (take a look at the
33+
`Vagrantfile`).
34+
35+
All the cryptographic relevant operations are performed on the host machine and
36+
the resulting relevant files are `copy`ed to the remote target machine.
37+
38+
- `playbook.yml`
39+
```yaml
40+
---
41+
- name: Run role
42+
hosts: all
43+
roles:
44+
- role: generate-tls-certs
45+
```
46+
47+
- `inventory.yml`
48+
```yaml
49+
---
50+
all:
51+
hosts:
52+
srv1:
53+
ansible_host: 192.168.123.30
54+
srv2:
55+
ansible_host: 192.168.123.31
56+
vars:
57+
cert_dir: ./certs
58+
generate_ca_cert: true
59+
generate_client_cert: true
60+
generate_server_cert: true
61+
tls_ca_email: me@example.org
62+
tls_ca_country: EU
63+
tls_ca_state: Italy
64+
tls_ca_locality: Rome
65+
tls_ca_organization: Example Inc.
66+
tls_ca_organizationalunit: SysAdmins
67+
```
68+
69+
If you want to tinker, you can use `vagrant` with the provided `Vagrantfile`.
70+
It assumes `vagrant-libvirt` is installed (along with `libvirt`, of course).
71+
72+
Run it like this:
4673

47-
**vars.yaml:**
4874
```
49-
---
50-
cert_dir: ./certs
51-
generate_ca_cert: true
52-
generate_client_cert: true
53-
generate_server_cert: true
54-
55-
# -------
56-
# CA CERT
57-
# -------
58-
tls_ca_cert: my-ca.pem
59-
tls_ca_csr: my-ca.csr
60-
tls_ca_key: my-ca.key
61-
tls_ca_country: CA
62-
tls_ca_state: Ontario
63-
tls_ca_locality: Toronto
64-
tls_ca_organization: My Company Inc.
65-
tls_ca_organizationalunit: IT
66-
tls_ca_commonname: My Certificate Authority
67-
68-
# -----------
69-
# CLIENT CERT
70-
# -----------
71-
tls_client_cert: my-client.pem
72-
tls_client_key: my-client.key
73-
tls_client_csr: my-client.csr
74-
tls_client_commonname: My Client
75-
75+
$ vagrant up --provider=libvirt --provision
7676
```
77-
78-
79-
License
80-
-------
81-
BSD
82-
83-
84-
Author Information
85-
------------------
86-
[EasyPath IT Solutions Inc.](https://www.easypath.ca)

0 commit comments

Comments
 (0)