Create OpenSSL Certificate with Ansible :
1) When working with OpenSSL, public keys are derived from the corresponding private key.
The first step will always be to generate a private key using a specific algorithm.
2) For production use, you need a Certification Authority (CA) or Certification Authority that is responsible for signing a certificate that you can trust on the Internet.
Since we are talking about Dev and Lab use cases, we are creating a self signed certificate.
3) Create OpenSSL Certificate with Ansible
In the examples shown in this article, the private key is named hostname_privkey.pem, the certificate file is hostname_fullchain.pem, and the CSR file is hostname.csr, where hostname is the actual DNS for which the certificate was generated.
Before we start
$ sudo dnf install ansible
$ sudo yum -y install epel-release
$ sudo yum install ansible
$ sudo apt update
$ sudo apt install software-properties-common
$ sudo apt-add-repository --yes --update ppa:ansible/ansible
$ sudo apt install ansible
$ echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" | sudo tee -a /etc/apt/sources.list
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
$ sudo apt update
$ sudo apt install ansible
$ pacman -S ansible
Confirm the Ansible installation by checking the version.
$ ansible --version
ansible --version
ansible 2.9.11
config file = None
configured module search path = ['/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/2.9.11/libexec/lib/python3.8/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.8.5 (default, Jul 21 2020, 10:48:26) [Clang 11.0.3 (clang-1103.0.32.62)]
Install dependencies
pyOpenSSL is required to generate keys and certificates using Ansible.
$ sudo pip install pyOpenSSL
$ sudo pip3 install pyOpenSSL
Writing an Ansible playbook to generate a self signed certificate
With the dependencies installed, we need to start creating the certificate using Ansible.
We will make a single playbook with tasks for creating a private key, CSR and certificate.
I'll walk through each feature block by block, and later we'll combine everything to get a working playbook.
Create project folders:
$ mkdir -p ~/projects/ansible/{certificates,files,templates}
$ cd ~/projects/
$ tree
.
`-- ansible
|-- certificates
|-- files
`-- templates
4 directories, 0 files
Create a playbook template
$ vim ~/projects/ansible/openssl_certificates.yml
Add standard sections.
---
- hosts: localhost
vars: