README.rst

Ansible-common
##############

An Ansible role with common tasks that ran on all (or most) hosts.
The tls_key_path, tls_cert_path and tls_ca_cert_path facts are added to point
to the path of the host's key and cert. Gathering facts on the first run on an
OpenBSD system fails, so the role runs the setup module in case gather_facts
was set to False.

Requirements
------------

Debian Wheezy or later or OpenBSD 5.5 or later (best effort, Ubuntu Precise or
later should also work, but aren't tested).

Role Variables
--------------
::

    tls_cert: # Filename of the TLS cert for that host.
    tls_key: # Filename of the TLS key for that host.
    tls_ca_cert: #Filename of the TLS CA cert for that host.
    # If tls_key or tls_cert aren't defined, self-signed key and cert are
    # generated and used.


Dependencies
------------

Part of the point is to run first, before any other role, so that other roles
can make certain assumptions (for example, that a TLS cert is available).

Example Playbook
----------------
::

    - hosts:
      - all
      gather_facts: False
      roles:
      - role: common
        extra_tls_certs: ['vagrant.crt', 'example.com.crt']
        tls_key: 'servers.key'
        tls_cert: 'server.crt'

Example requirements.yml
------------------------
::

    - src: https://git.shore.co.il/ansible/common
      scm: git
      path: roles/
      name: common

License
-------

This software is licnesed under the MIT licese (see the ``LICENSE.txt`` file).

Author Information
------------------

Nimrod Adar, `contact me <nimrod@shore.co.il>`_ or visit my `website
<https://www.shore.co.il/>`_. Patches are welcome via `git send-email
<http://git-scm.com/book/en/v2/Git-Commands-Email>`_. The repository is located
at: https://git.shore.co.il/explore/.

TODO
----

- Implement:
  - collectd_agent.
  - ssh_ca.
  - syslog_forwarding.
- Test.
- Wait for services to come online.
- Document.
- Create a module to add a TLS certificate to store for both Debian-based and
  OpenBSD.