- Notifications
You must be signed in to change notification settings - Fork0
clvx/easy-rsa
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Ansible role to generate an OpenVPN PKI with easy-rsa
- Password support for server and client keys.
- Support to revoke|delete certificates.
- Support to obtain certifciates from a client CRS avoiding to generate keys ina defined pki server.
- Improve documentation,by now check usage in .gitlab-ci.yml
- Ansible >= 2.1
- Ubuntu >= 16.04
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
| Variables | Default | Description |
|---|---|---|
| deploy_key_dir | "{{ playbook_dir }}/files }}" | Where keys will be stored |
| easy_rsa_dir | /usr/share/easy-rsa | Path to easy-rsa executables |
| easy_rsa_keydir | "{{ deploy_key_dir }}" | Where keys will be stored |
| easy_rsa_key_size | 2048 | key size |
| easy_rsa_key_country | "PE" | Country |
| easy_rsa_key_province | "LIMA" | Province |
| easy_rsa_key_city | "LIMA" | City |
| easy_rsa_key_org | "BAR" | Organization } |
| easy_rsa_key_email | "foo@example.com" | |
| easy_rsa_key_ou | "IT" | Organization Unit |
| easy_rsa_force_pki | "False" | If a pki exists, deletes everything and creates a new one |
| easy_rsa_inventory | True | Use inventory names for pki files associated withlab-servers andlab-clients group |
| groups['lab-servers'] | your invetory servers | Wheneasy_rsa_inventory isTrue,Inventory group which list all servers |
| groups['lab-clients'] | your inventory clients | Wheneasy_rsa_inventory isTrue,Inventory group which list all clients |
| server_list | [] | Wheneasy_rsa_inventory isFalse, it will use these servers instead |
| client_list | [] | Wheneasy_rsa_inventory isFalse, it will use these clients instead |
None
This playbook works in 2 ways:
- You can build and mantain your pki with Ansible using inventory hosts to refer your keys and certs.
Inventory:
[lab-clients]localhostPlaybook:
- hosts: lab-clients roles: - clvx.easy-rsa- You can define your own clients and variables with
server_listandclient_list.
Playbook:
- hosts: lab vars: - server_list: - server1 - server2 - client_list: - client1 - client2 roles: - clvx.easy-rsaGPLv3
Luis Michael Ibarra
clvx: irc, twitter, reddit, etc.