infra.aap_utilities.aap_certs
Ansible role to install SSL certificates for AAP automation controller and/or automation hub and/or EDA controller.
Certificates are only installed if the underlying destination directory does already exist, this allows to point the role at all servers in the cluster.
Note it is also possible to deploy the certificates at install time with the proper inventory variables.
Requirements
The certificates must have been created with certificate and key.
Role Variables
Available variables are listed below, along with default values defined (see defaults).
Variables to point at the source certificates and keys for controller, respective automation hub. They are undefined by default which means that no certificate is installed:
aap_certs_controller_ssl_cert: "/tower.cert"
aap_certs_controller_ssl_key: "/tower.key"
aap_certs_autohub_ssl_cert: "/pulp.cert"
aap_certs_autohub_ssl_key: "/pulp.key"
aap_certs_eda_ssl_cert: "/server.cert"
aap_certs_eda_ssl_key: "/server.key"
The content of the certificates and keys can also be set rather than specifying a file. This is useful when you’re using a secrets backend like HashiCorp Vault. Note that these are each mutually exclusive with the variables above.
The following variable defines if the old certificates/keys should be backed-up:
aap_certs_create_backup: false
Example Playbook
The following playbook and accompanying vars file containing the defined seed objects can be invoked in the following manner.
ansible-playbook playbook.yml -e @aap_vars.yml
- name: Install AAP certificates
hosts: aap_servers
become: true
vars:
aap_certs_controller_ssl_cert: "/tower.cert"
aap_certs_controller_ssl_key: "/tower.key"
aap_certs_autohub_ssl_cert: ""
aap_certs_autohub_ssl_key: ""
roles:
- infra.aap_utilities.aap_certs
License
Author Information
Tom Page