infra.aap_utilities.aap_certs

Ansible role to install SSL certificates for AAP automation controller and/or automation hub and/or EDA controller.

Certificates are only installed if the underlying destination directory does already exist, this allows to point the role at all servers in the cluster.

Note it is also possible to deploy the certificates at install time with the proper inventory variables.

Requirements

The certificates must have been created with certificate and key.

Role Variables

Available variables are listed below, along with default values defined (see defaults).

Variables to point at the source certificates and keys for controller, respective automation hub. They are undefined by default which means that no certificate is installed:

aap_certs_controller_ssl_cert: "/tower.cert"
aap_certs_controller_ssl_key: "/tower.key"
aap_certs_autohub_ssl_cert: "/pulp.cert"
aap_certs_autohub_ssl_key: "/pulp.key"
aap_certs_eda_ssl_cert: "/server.cert"
aap_certs_eda_ssl_key: "/server.key"

The content of the certificates and keys can also be set rather than specifying a file. This is useful when you’re using a secrets backend like HashiCorp Vault. Note that these are each mutually exclusive with the variables above.

The following variable defines if the old certificates/keys should be backed-up:

aap_certs_create_backup: false

Example Playbook

The following playbook and accompanying vars file containing the defined seed objects can be invoked in the following manner.

ansible-playbook playbook.yml -e @aap_vars.yml

- name: Install AAP certificates
  hosts: aap_servers
  become: true
  vars:
    aap_certs_controller_ssl_cert: "/tower.cert"
    aap_certs_controller_ssl_key: "/tower.key"
    aap_certs_autohub_ssl_cert: ""
    aap_certs_autohub_ssl_key: ""
  roles:
    - infra.aap_utilities.aap_certs

License

GPLv3+0

Author Information

Tom Page