cloudera.exe.tls_install_certs role – Copy and install the signed TLS certificates to each cluster

Note

This role is part of the cloudera.exe collection (version 3.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install cloudera.exe..

To use it in a playbook, specify: cloudera.exe.tls_install_certs.

Entry point main – Copy and install the signed TLS certificates to each cluster

New in cloudera.exe 3.0.0

Synopsis

• Copies the signed TLS cert to each cluster host.

• Updates the Java keystore with the renewed certificate

Parameters

Parameter	Comments
base_dir_security string	Base directory for Cloudera CDP security related files Default: "/opt/cloudera/security"
base_dir_security_pki string	Base directory for Cloudera CDP PKI security related files Default: "{{ base_dir_security }}/pki"
openssl_path string	Absolute path to the openssl executable Default: "/usr/bin/openssl"
tls_ca_chain_path string	Full path to the TLS CA chain file Default: "{{ base_dir_security_pki }}/chain.pem"
tls_cert_path string	Location where the signed TLS certificate should be copied. Default: "{{ base_dir_security_pki }}/{{ inventory_hostname }}.pem"
tls_cert_path_generic string	Host agnostic file name for the signed TLS certificate Default: "{{ base_dir_security_pki }}/host.pem"
tls_key_path_generic string	Host agnostic file name for the encrypted TLS key Default: "{{ base_dir_security_pki }}/host.key"
tls_key_path_plaintext_generic string	Host agnostic file name for the unencrypted TLS key Default: "{{ tls_key_path_generic }}.unenc"
tls_keystore_password string	Password for the Java Keystore Default: "changeme"
tls_keystore_path string	Full path to Java Keystore file Default: "{{ base_dir_security_pki }}/{{ inventory_hostname }}.jks"

Authors

• Jim Enright

Collection Links

• Issue Tracker
• Repository (Sources)
• Submit a Bug Report
• Request a Feature