Ansible-common
An Ansible role with common tasks that ran on all (or most) hosts. The tls_key_path, tls_cert_path and tls_ca_cert_path facts are added to point to the path of the host's key and cert. Gathering facts on the first run on an OpenBSD system fails, so the role runs the setup module in case gather_facts was set to False.
Requirements
Debian Wheezy or later or OpenBSD 5.5 or later (best effort, Ubuntu Precise or later should also work, but aren't tested).
Role Variables
extra_tls_certs: [] # List of filenames of TLS certs to be added.
ssh_ca: # TBD.
syslog_server: # The address of syslog server to forward.
tls_cert: # Filename of the TLS cert for that host.
tls_key: # Filename of the TLS key for that host.
tls_ca_cert: #Filename of the TLS CA cert for that host.
# If tls_key or tls_cert aren't defined, self-signed key and cert are
# generated and used.Dependencies
Part of the point is to run first, before any other role, so that other roles can make certain assumptions (for example, that a TLS cert is available).
Example Playbook
- hosts:
- all
gather_facts: False
roles:
- role: common
extra_tls_certs: ['vagrant.crt', 'example.com.crt']
tls_key: 'servers.key'
tls_cert: 'server.crt'Example requirements.yml
- src: https://www.shore.co.il/cgit/ansible-common
scm: git
path: roles/
name: commonLicense
This software is licnesed under the MIT licese (see the LICENSE.txt file).
Author Information
Nimrod Adar, contact me or visit my website. Patches are welcome via git send-email. The repository is located at: https://www.shore.co.il/cgit/.
TODO
- Implement: - collectd_agent. - ssh_ca. - syslog_forwarding.
- Test.
- Wait for services to come online.
- Document.
- Create a module to add a TLS certificate to store for both Debian-based and OpenBSD.