Newer
Older
An Ansible role with common tasks that ran on all (or most) hosts.
The tls_key_path, tls_cert_path and tls_ca_cert_path facts are added to point
to the path of the host's key and cert. Gathering facts on the first run on an
OpenBSD system fails, so the role runs the setup module in case gather_facts
was set to False.
Debian Wheezy or later or OpenBSD 5.5 or later (best effort, Ubuntu Precise or
tls_cert: # Filename of the TLS cert for that host.
tls_key: # Filename of the TLS key for that host.
tls_ca_cert: #Filename of the TLS CA cert for that host.
# If tls_key or tls_cert aren't defined, self-signed key and cert are
# generated and used.
Part of the point is to run first, before any other role, so that other roles
can make certain assumptions (for example, that a TLS cert is available).
gather_facts: False
- role: common
extra_tls_certs: ['vagrant.crt', 'example.com.crt']
tls_key: 'servers.key'
tls_cert: 'server.crt'
Example requirements.yml
------------------------
::
scm: git
path: roles/
name: common
This software is licnesed under the MIT licese (see the ``LICENSE.txt`` file).
Nimrod Adar, `contact me <nimrod@shore.co.il>`_ or visit my `website
<https://www.shore.co.il/>`_. Patches are welcome via `git send-email
<http://git-scm.com/book/en/v2/Git-Commands-Email>`_. The repository is located
- Implement:
- collectd_agent.
- ssh_ca.
- syslog_forwarding.
- Create a module to add a TLS certificate to store for both Debian-based and
OpenBSD.