- Notifications
You must be signed in to change notification settings - Fork5
Ansible based hooks for dehydrated to enable ACME certificate automation for F5 BIG-IP systems
License
EquateTechnologies/dehydrated-bigip-ansible
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
NOTE: This project is the replacement for the olddehydrated-bigip project.
dehydrated-bigip-ansible is a set of hooks for dehydrated, which is an ACME API client written entirely in Bash shell. It's typically used with the ACME API provided by Let's Encrypt.
Included are a number of Ansible playbooks, used by the hooks, that perform ACME HTTP-01 or DNS-01 challenge completion; and if successful will deploy keys and certs to targetted F5 BIG-IP systems.
dehydrated-bigip-ansible leverages default Ansible modules for all interaction with BIG-IP systems; mostly we use the official F5 BIG-IP Ansible modules (https://clouddocs.f5.com/products/orchestration/ansible/ ) that are included by default, however direct SSH file transfer and command execution (still using Ansible native modules) is used if deploying an F5 BIG-IP management interface certificate.
This provides automation for obtaining and deploy certificates and keys to F5 BIG-IP appliances from an ACME Certificate Authority.
HTTP-01 and DNS-01 based validation processes can both be used; but are supported using different hook scripts.
Recently tested with BIG-IP versions:
- VE, 13.1.3.2.0.0.4
- VE, 14.1.2.5.0.0.3
- VE, 15.1.0.3.0.0.12
The content in this repository has been used against the following ACME API's,
- Let’s Encrypt (ACMEv2) -https://letsencrypt.org/
- DigiCert CertCentral (ACMEv2) -https://www.digicert.com
HTTP-01 validation based on the content (F5 BIG-IP iRule etc) in this repository has been used against the following DNS service API's,
- Let’s Encrypt (ACMEv2) -https://letsencrypt.org/
- DigiCert CertCentral (ACMEv2) -https://www.digicert.com
DNS-01 validation based on the content in this repository has been used against the following DNS service API's,
- Azure DNS -https://azure.microsoft.com/en-au/services/dns
- CloudFlare -https://cloudflare.com/
All documentation is available in the Wiki connected to this repository, start here:Wiki
The official documentation from the other components involved should be utilised,
- ansible -https://www.ansible.com/
- dehydrated -https://dehydrated.io/
- lexicon -https://github.com/AnalogJ/lexicon
Free support via this repository is available on a best effort basis. Pleaselog an issue describing the problem, and if you've already worked out what the issue is and fixed it in a fork of the repository then feel free to submit apull request.
Equate Technologies can provide full support with SLA's for paying customers. For information please contact us viaour contact page
About
Ansible based hooks for dehydrated to enable ACME certificate automation for F5 BIG-IP systems
Topics
Resources
License
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Releases
Packages0
Uh oh!
There was an error while loading.Please reload this page.
Contributors2
Uh oh!
There was an error while loading.Please reload this page.