cloudera.exe.freeipa_server_unenrolled_tls role – Issue a TLS certificate for an unenrolled host

Note

This role is part of the cloudera.exe collection (version 3.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install cloudera.exe..

To use it in a playbook, specify: cloudera.exe.freeipa_server_unenrolled_tls.

Entry point main – Issue a TLS certificate for an unenrolled host

New in cloudera.exe 3.1.0

Synopsis

• Issue a TLS certificate for an unenrolled host in FreeIPA.

• This process involves creating a host entry in FreeIPA, generating a private key and CSR, and requesting a certificate.

• Optionally, the certificate can be created with a given profile.

• The role expects to run on the FreeIPA server.

Parameters

Parameter	Comments
ipaadmin_password string / required	FreeIPA admin password used for authentication.
ipaadmin_principal string	FreeIPA admin principal used for authentication. Default: "admin"
unenrolled_cert_csr_path string	The path to the CSR file for the TLS certificate. Default: "/etc/pki/tls/private/<unenrolled_hostname>.csr"
unenrolled_cert_key_path string	The path to the private key file for the TLS certificate. Default: "/etc/pki/tls/private/<unenrolled_hostname>.pem"
unenrolled_cert_path string	The path of issued TLS certificate. Default: "/etc/pki/tls/certs/<unenrolled_hostname>.crt"
unenrolled_cert_profile string	The certificate profile to use for the TLS certificate for the host.
unenrolled_description string	A description for the unenrolled host.
unenrolled_hostname string / required	The hostname to be managed in FreeIPA. The host will not have a DNS record created for it.

Authors

• Cloudera Labs

Collection Links

• Issue Tracker
• Repository (Sources)
• Submit a Bug Report
• Request a Feature