ansible-roles/import_vault_root_ca
ansible-roles/import_vault_root_ca
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
c54c1bb67e
import_vault_root_ca/README.md
Bertrand Lanson c54c1bb67e
All checks were successful
test / Linting (push) Successful in 8s
Details
test / Molecule tests (default, debian11) (push) Successful in 1m17s
Details
test / Molecule tests (default, debian12) (push) Successful in 1m18s
Details
test / Molecule tests (default, ubuntu2004) (push) Successful in 1m19s
Details
test / Molecule tests (with_custom_ca, debian12) (push) Successful in 1m11s
Details
test / Molecule tests (default, ubuntu2204) (push) Successful in 1m16s
Details
test / Molecule tests (with_custom_ca, debian11) (push) Successful in 1m20s
Details
test / Molecule tests (with_custom_ca, ubuntu2204) (push) Successful in 48s
Details
test / Molecule tests (with_custom_ca, ubuntu2004) (push) Successful in 56s
Details
added gitea actions, formatting and debian 12 support
2023-07-02 19:41:15 +02:00

52 lines
1.5 KiB
Markdown
Raw Blame History

import_vault_root_ca
=========
> This repository is only a mirror. Development and testing is done on a private gitlab server.
This role imports root CA certificates from Vault to the trust store on **debian-based** distributions.
Requirements
------------
None.
Role Variables
--------------
Available variables are listed below, along with default values. A sample file for the default values is available in `default/import_vault_root_ca.yml.sample` in case you need it for any `group_vars` or `host_vars` configuration.
```yaml
import_vault_root_ca_certificate_force_download: false # by default, set to false
```
This variable defines whether the role should always download the provided certificate even if it already exists. This can be useful if you want to replace an existing CA, but note that **it breaks idempotence**.
```yaml
import_vault_root_ca_certificate_list: [] # by default, set to an empty dict
- url: <someurl>
cert_name: <name_of_ca>
```
This variable defines which CA certificate to install on the machine, it is only tested with CA from Hashicorp Vault pki engine, but should work with any CA that can be downloaded from a webserver.
Dependencies
------------
None.
Example Playbook
----------------
```yaml
# calling the role inside a playbook with either the default or group_vars/host_vars
- hosts: servers
roles:
- ednxzu.import_vault_root_ca
```
License
-------
MIT / BSD
Author Information
------------------
This role was created by Bertrand Lanson in 2023.
Reference in New Issue View Git Blame Copy Permalink