This role creates Certificate Authority certificate and key on 'localhost' and signs per host specific certificate. These signed certificates and private keys (along with Certificate Sign Request) are copied into given node.
See default variables for details like used password, locations, subject/issuer information etc. Some useful information, like locations and passwords, is generated on each host into "{{ amq_ssl_dir_path }}/readme".
Ansible 2.7+
Use this role with a playbook defined like this:
- name: Create CA certificates
hosts: localhost
tasks:
- name: Prepare node dependencies
when: amq_ssl_certs_self_signed is defined and amq_ssl_certs_self_signed == False
include_tasks: roles/ansible-ssl-generation/tasks/install_dependencies.yml
- name: Generate local CA
when: amq_ssl_certs_self_signed is defined and amq_ssl_certs_self_signed == False
include_tasks: roles/ansible-ssl-generation/tasks/generate_root_ca.yml
- name: Generate self-signed SSL keys
hosts: all
gather_facts: True
roles:
- ansible-ssl-generationThis role is to be used with ansible-broker-clusters/playbooks/gen-ssl for start.
Recommended execution via playbook is using following command.
ansible-playbook -i ansible-broker-clusters/dynamic-inventory.py -u root ansible-broker-clusters/playbooks/gen-ssl/provision.yml -e @/Users/mtoth/work/repos/ansible-broker-clusters/playbooks/gen-ssl/defaults/main.yml