cloudera.exe.prereq_tls_acls role – Set up local user ACLs for TLS

Note

This role is part of the cloudera.exe collection (version 3.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install cloudera.exe..

To use it in a playbook, specify: cloudera.exe.prereq_tls_acls.

Entry point main – Set up local user ACLs for TLS

New in cloudera.exe 3.0.0

Synopsis

  • Set up local user ACLs for TLS entities, i.e. TLS keystore, private key, and password file.

  • The TLS entity variables are typically set as hostvars.

Parameters

Parameter

Comments

acl_user_accounts

list / elements=dictionary

A list of user accounts to apply to the TLS entities.

Default: []

key_acl

boolean

Flag to set ACL on TLS private key variations.

Choices:

  • false ← (default)

  • true

key_password_acl

boolean

Flag to set ACL on TLS private key password file variations.

Choices:

  • false ← (default)

  • true

keystore_acl

boolean

Flag to set ACL on TLS keystore variations.

Choices:

  • false ← (default)

  • true

unencrypted_key_acl

boolean

Flag to set ACL on unencrypted TLS private key variations.

Choices:

  • false ← (default)

  • true

user

string / required

User account name

tls_key_password_file

path

Path of the TLS private key password file.

tls_key_path

path

Path of the encrypted TLS private key.

tls_key_path_generic

path

Path of the hardlink to the encrypted TLS private key.

tls_key_path_plaintext

path

Path of the unencrypted TLS private key.

tls_key_path_plaintext_generic

path

Path of the hardlink to the unencrypted TLS private key.

tls_keystore_path

path

Path of the TLS keystore.

tls_keystore_path_generic

path

Path of the hardlink to the TLS keystore.

Authors

  • Cloudera Labs

Entry point validate – Validate local user ACLs for TLS

Synopsis

  • Assert validity of local user ACLs for TLS entities, i.e. TLS keystore, private key, and password file. The TLS entity variables are typically set as hostvars.

Parameters

Parameter

Comments

acl_user_accounts

list / elements=dictionary

A list of user accounts to check for TLS entity ACLs.

Default: []

key_acl

boolean

Flag to set ACL on TLS private key variations.

Choices:

  • false ← (default)

  • true

key_password_acl

boolean

Flag to set ACL on TLS private key password file variations.

Choices:

  • false ← (default)

  • true

keystore_acl

boolean

Flag to set ACL on TLS keystore variations.

Choices:

  • false ← (default)

  • true

unencrypted_key_acl

boolean

Flag to set ACL on unencrypted TLS private key variations.

Choices:

  • false ← (default)

  • true

user

string / required

User account name

tls_key_password_file

path

Path of the TLS private key password file.

tls_key_path

path

Path of the encrypted TLS private key.

tls_key_path_generic

path

Path of the hardlink to the encrypted TLS private key.

tls_key_path_plaintext

path

Path of the unencrypted TLS private key.

tls_key_path_plaintext_generic

path

Path of the hardlink to the unencrypted TLS private key.

tls_keystore_path

path

Path of the TLS keystore.

tls_keystore_path_generic

path

Path of the hardlink to the TLS keystore.

Authors

  • Cloudera Labs