Ansible role openssl

Make openssl certificates.

GitHub	GitLab	Downloads	Version

Example Playbook

This example is taken from molecule/default/converge.yml and is tested on each push, pull request and release.

---
- name: Converge
  hosts: all
  become: yes
  gather_facts: yes

  roles:
    - role: robertdebock.openssl
      openssl_items:
        - name: my_openssl_key
          common_name: my.example.com

The machine needs to be prepared. In CI this is done using molecule/default/prepare.yml:

---
- name: Prepare
  hosts: all
  become: yes
  gather_facts: no

  roles:
    - role: robertdebock.bootstrap
    - role: robertdebock.buildtools
    - role: robertdebock.epel
    - role: robertdebock.python_pip

Also see a full explanation and example on how to use these roles.

Role Variables

The default values for the variables are set in defaults/main.yml:

---
# defaults file for openssl

# You can pass a list of ssl key/csr/crt/p12's to generate:
# openssl_items:
#   - name: my_openssl_key
#     common_name: my.example.com

# You can change the paths where to store each type of object (key, csr, crt,
# p12 and pkcs12). This is not required, by default the distributions regular
# location is set in `vars/main.yml`.

# This directory stores sensitive objects. (key, p12 and pkcs12)
openssl_key_directory: "{{ _openssl_key_directory[ansible_os_family] | default(_openssl_key_directory['default']) }}"

# This directory stores public, non-persistent objects. (csr)
openssl_csr_directory: "{{ _openssl_csr_directory[ansible_os_family] | default(_openssl_csr_directory['default']) }}"

# This directory stores public, persistent objects. (crt)
openssl_crt_directory: "{{ _openssl_crt_directory[ansible_os_family] | default(_openssl_crt_directory['default']) }}"

# You can change the owner and group of file created by this role.
openssl_file_owner: root
openssl_file_group: root