openstack/bifrost
Code Issues Proposed changes
dc9ac16ea1
bifrost/playbooks/roles/bifrost-tls
History
Dmitry Tantsur ddafc94e30 TLS support for API services 
Change-Id: I084da313eda17435c095ade7cb1b92981f5341dc
2020-09-02 18:23:40 +02:00
..
defaults TLS support for API services 2020-09-02 18:23:40 +02:00
tasks TLS support for API services 2020-09-02 18:23:40 +02:00
README.md TLS support for API services 2020-09-02 18:23:40 +02:00

README.md

bifrost-tls

This role generates TLS certificates for Bifrost and copies the private key to a predefined location.

Requirements

This role requires:

  • Ansible 2.9

Role Variables

generate_tls: Whether the generate new certificates or use existing ones. If the latter, this role only handles copying the private key, all files have to exist. Defaults to false to avoid overwriting operator's files.

network_interface: Network interface services are listening on.

tls_common_name: The common name of the certificate. Defaults to the host's full domain name (FQDN).

tls_hosts: A list of valid IP addresses for the generated certificate. Defaults to public_ip (if set), private_ip (if set), internal_ip and 127.0.0.1. The host localhost is always added.

tls_host_names: A list of valid host names for the generated certificate. Defaults to the host's FQDN + localhost.

tls_certificate_path: Path to the TLS certificate. Can be generated.

tls_private_key_path: Path to the private key. Can be generated.

tls_csr_path: Path to the signing request. Can be generated.

tls_force_regenerate: Boolean, whether to regenerate existing certificates. Defaults to false.

dest_private_key_path: Destination to copy the private key to. Defaults to undefined (not copying).

dest_private_key_owner: Owner of the destination private key. Defaults to root.

dest_private_key_group: Group of the destination private key. Defaults to root.

Dependencies

None at this time.

Example Playbook

  • hosts: localhost connection: local name: "Generate TLS parameters" become: yes gather_facts: yes roles:
    • role: bifrost-tls generate_tls: true tls_common_name: example.com

License

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Author Information

Ironic Developers