Bertrand Lanson
33941ed34a
All checks were successful
test / Linting (push) Successful in 17s
test / Molecule tests (default, debian11) (push) Successful in 58s
test / Molecule tests (default, debian12) (push) Successful in 38s
test / Molecule tests (default, ubuntu2204) (push) Successful in 43s
test / Molecule tests (default, ubuntu2004) (push) Successful in 1m20s
test / Molecule tests (with_custom_ca, debian12) (push) Successful in 45s
test / Molecule tests (with_custom_ca, debian11) (push) Successful in 1m2s
test / Molecule tests (with_custom_ca, ubuntu2204) (push) Successful in 48s
test / Molecule tests (with_custom_ca, ubuntu2004) (push) Successful in 1m7s
|
||
---|---|---|
.gitea/workflows | ||
.github/workflows | ||
defaults | ||
handlers | ||
meta | ||
molecule | ||
tasks | ||
vars | ||
.ansible-lint | ||
.gitignore | ||
.yamllint | ||
LICENSE | ||
README.md |
import_vault_root_ca
This repository is only a mirror. Development and testing is done on a private gitea server.
This role imports root CA certificates from Vault to the trust store on debian-based distributions.
Requirements
None.
Role Variables
Available variables are listed below, along with default values. A sample file for the default values is available in default/import_vault_root_ca.yml.sample
in case you need it for any group_vars
or host_vars
configuration.
import_vault_root_ca_certificate_force_download: false # by default, set to false
This variable defines whether the role should always download the provided certificate even if it already exists. This can be useful if you want to replace an existing CA, but note that it breaks idempotence.
import_vault_root_ca_certificate_list: [] # by default, set to an empty dict
- url: <someurl>
cert_name: <name_of_ca>
This variable defines which CA certificate to install on the machine, it is only tested with CA from Hashicorp Vault pki engine, but should work with any CA that can be downloaded from a webserver.
Dependencies
ednxzu.manage_apt_packages
to install consul-template.
Example Playbook
# calling the role inside a playbook with either the default or group_vars/host_vars
- hosts: servers
roles:
- ednxzu.import_vault_root_ca
License
MIT / BSD
Author Information
This role was created by Bertrand Lanson in 2023.