first draft for the crs

This commit is contained in:
histausse 2021-09-09 18:02:00 +02:00
parent 7746ec1079
commit 7368a241f2
Signed by: histausse
GPG key ID: 67486F107F62E9E9

View file

@ -1,8 +1,4 @@
--- ---
- name: Test
ansible.builtin.debug:
msg: "Test"
- name: Ensure the directory containing the cert exist - name: Ensure the directory containing the cert exist
file: file:
path: "{{ directory }}" path: "{{ directory }}"
@ -22,6 +18,31 @@
delegate_to: localhost delegate_to: localhost
when: not key_file.stat.exists when: not key_file.stat.exists
- name: Generate a Certificate Signing Request
become: false
openssl_csr:
path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
private_key_path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
common_name: "{{ cname }}"
country_name: "{{ country_name | default(omit) }}"
locality_name: "{{ locality_name | default(omit) }}"
state_or_province_name: "{{ state_or_province_name | default(omit) }}"
organization_name: "{{ organization_name | default(omit) }}"
organizational_unit_name: "{{ organizational_unit_name | default(omit) }}"
email_address: "{{ email_address | default(omit) }}"
basic_constraints:
- CA:FALSE # syntax?
basic_contraints_critical: yes
key_usage: # need more works on this
- digitalSignature
- keyEncipherment
- clientAuth
key_usage_critical: yes
subject_alt_name: "{{ subject_alt_name | default(omit) }}"
# TODO: add a revocation methode, most probably crl, with crl_distribution_points
delegate_to: localhost
when: no key_file.stat exists
- name: Send private key to the server - name: Send private key to the server
copy: copy:
src: "/tmp/ansible_hacky_pki_{{ cname }}.key" src: "/tmp/ansible_hacky_pki_{{ cname }}.key"
@ -31,7 +52,6 @@
mode: "{{ key_mode | default('u=rw,g=,o=') }}" mode: "{{ key_mode | default('u=rw,g=,o=') }}"
when: not key_file.stat.exists when: not key_file.stat.exists
# Clean up # Clean up
- name: Remove the local cert key - name: Remove the local cert key
become: false become: false