Ansible role to install Root CA certificates from Hashicorp Vault PKI engines, on debian-based systems. https://ednz.fr
Go to file
Renovate Bot 1e7da2478b
All checks were successful
test / Linting (push) Successful in 8s
test / Molecule tests (default, debian11) (push) Successful in 41s
test / Molecule tests (default, debian12) (push) Successful in 41s
test / Molecule tests (default, ubuntu2004) (push) Successful in 45s
test / Molecule tests (default, ubuntu2204) (push) Successful in 50s
test / Molecule tests (with_custom_ca, debian11) (push) Successful in 44s
test / Molecule tests (with_custom_ca, debian12) (push) Successful in 50s
test / Molecule tests (with_custom_ca, ubuntu2004) (push) Successful in 50s
test / Molecule tests (with_custom_ca, ubuntu2204) (push) Successful in 48s
Add renovate.json
2023-07-25 20:57:11 +00:00
.gitea/workflows added gitea actions, formatting and debian 12 support 2023-07-02 19:38:44 +02:00
.github/workflows publishing to galaxy 2023-06-03 22:10:48 +02:00
defaults mostly done 2023-05-24 23:00:18 +02:00
handlers no idempotent yet 2023-05-24 00:06:42 +02:00
meta added gitea actions, formatting and debian 12 support 2023-07-02 19:38:44 +02:00
molecule added default test for container health 2023-05-26 22:19:56 +02:00
tasks copy to /tmp the temp cert to avoid not triggering ca-cert update 2023-07-02 20:32:30 +02:00
vars does most of the job 2023-05-22 20:23:57 +02:00
.ansible-lint skeleton 2023-05-21 20:12:26 +02:00
.gitignore ignore .vscode 2023-05-21 20:16:41 +02:00
.yamllint skeleton 2023-05-21 20:12:26 +02:00
LICENSE added gitea actions, formatting and debian 12 support 2023-07-02 19:38:44 +02:00
README.md fix readme 2023-07-11 22:52:44 +02:00
renovate.json Add renovate.json 2023-07-25 20:57:11 +00:00

import_vault_root_ca

This repository is only a mirror. Development and testing is done on a private gitea server.

This role imports root CA certificates from Vault to the trust store on debian-based distributions.

Requirements

None.

Role Variables

Available variables are listed below, along with default values. A sample file for the default values is available in default/import_vault_root_ca.yml.sample in case you need it for any group_vars or host_vars configuration.

import_vault_root_ca_certificate_force_download: false # by default, set to false

This variable defines whether the role should always download the provided certificate even if it already exists. This can be useful if you want to replace an existing CA, but note that it breaks idempotence.

import_vault_root_ca_certificate_list: [] # by default, set to an empty dict
  - url: <someurl>
    cert_name: <name_of_ca>

This variable defines which CA certificate to install on the machine, it is only tested with CA from Hashicorp Vault pki engine, but should work with any CA that can be downloaded from a webserver.

Dependencies

None.

Example Playbook

# calling the role inside a playbook with either the default or group_vars/host_vars
- hosts: servers
  roles:
    - ednxzu.import_vault_root_ca

License

MIT / BSD

Author Information

This role was created by Bertrand Lanson in 2023.