Skip to content
This repository has been archived by the owner on Apr 25, 2020. It is now read-only.

jdauphant/ansible-role-ssl-certs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ansible-role-ssl-certs

@jdauphant : I don't have time to manage anymore this role. Don't hesitate to fork and made your own version.

Generate and/or deploy SSL certificate

Available on Ansible Galaxy: jdauphant.ssl-certs

Examples

Example to generate a self-signed SSL certificate

 - hosts: all
   roles:
     - jdauphant.ssl-certs

This will create certificate and private key in:

  • /etc/ssl/myserver.mydomain.com.key
  • /etc/ssl/myserver.mydomain.com.pem

Example to deploy a SSL certificate

 - hosts: all
   roles:
    - role: jdauphant.ssl-certs
      ssl_certs_common_name: "example.com"

The certificate has to be placed in files/ssl/example.com.key and files/ssl/example.com.pem. If they don't exist, the key and a self-signed certificate will be generated at /etc/ssl/example.com/example.com.key and /etc/ssl/example.com/example.com.pem using the provided common name.

Example to deploy a SSL certificate using local key/pem files

 - hosts: all
   roles:
    - role: jdauphant.ssl-certs
      ssl_certs_local_privkey_path: '/path/to/example.com.key'
      ssl_certs_local_cert_path: '/path/to/example.com.pem'

Example to deploy a SSL certificate stored in variables

An SSL certificate and key are just text that can be stored as a variable, which is useful when using ansible vault.

Example variable data, note how the text blob is indented. This is needed to correctly insert the text via the template module.

ssl_certs_local_privkey_data: |
  -----BEGIN RSA PRIVATE KEY-----
  MIIEpQIBAAKCAQEAu2uhv2cjoN4F3arUZ5cDrwuxf3koCwrKSK75as0WZoxYrpyw
  Lyx9ldyD4nGabVep0R/uAgQ/HqEf2jC7WIvGcEq8bHB9PyEEWzT8IjKQX0YTc//4
  gkHBkpyU0fVrj5nkc30EIbcbH4RHRDwye4VhP/iCPchDG7OqvCyOdm8=
  -----END RSA PRIVATE KEY-----
ssl_certs_local_cert_data: |
  -----BEGIN CERTIFICATE-----
  MIIDmzCCAoOgAwIBAgIJAKWMlgLwrBzXMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNV
  QAL3naEfBSZBl0tBohuxn8Xd3yLPuKGUOk3pSL1IJy0Ca6p+QwjkaZUd9X3gf1V2
  SEfYSaGPvfIlSuHIshno
  -----END CERTIFICATE-----

Then simply include the role as in the first example.

Example to use this role with my Nginx role: jdauphant.nginx

 - hosts: all
   roles:
     - role: jdauphant.ssl-certs
       ssl_certs_generate_dh_param: true
     - role: jdauphant.nginx
       nginx_configs:
          ssl:
               - ssl_certificate_key {{ssl_certs_privkey_path}}
               - ssl_certificate     {{ssl_certs_cert_path}}
               - ssl_dhparam         {{ssl_certs_dhparam_path}}
       nginx_sites:
          default:
               - listen 443 ssl
               - server_name _
               - root "/usr/share/nginx/html"
               - index index.html