cloudera.exe.tls_signing role – Sign of CSRs by a CA Server

Note

This role is part of the cloudera.exe collection (version 3.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install cloudera.exe..

To use it in a playbook, specify: cloudera.exe.tls_signing.

Entry point main – Sign of CSRs by a CA Server

New in cloudera.exe 3.0.0

Synopsis

• Generates a signed TLS certificate from a specified list of Certificate Signing Requests (CSRs).

• The role will optionally override and backup existing certs of the same name if required.

• Upon completion the signed certs are copied back to the Ansible controller.

Parameters

Parameter	Comments
backup_old_certs boolean	Flag to specify if existing signed certs of the same name should be backed up. Choices: false true ← (default)
ca_server_intermediate_key_password string	Password for the intermediate CA TLS key Default: "password"
ca_server_intermediate_path string	Common base directory for all intermediate CA resources Default: "/ca/intermediate"
ca_server_intermediate_path_certs string	Path to intermediate CA certificates directory Default: "{{ ca_server_intermediate_path }}/certs"
ca_server_intermediate_path_csr string	Path to intermediate CA CSR directory Default: "{{ ca_server_intermediate_path }}/csr"
copy_from_controller boolean	Flag to specify if the CSRs should be copied from the Ansible controller. Choices: false true ← (default)
csrs_to_sign list / elements=string / required	List of full path locations of the CSRs to sign.

Authors

• Jim Enright

Collection Links

• Issue Tracker
• Repository (Sources)
• Submit a Bug Report
• Request a Feature