LILiK
/
ca_manager
5
0
Fork 0
Code Issues 0 Pull Requests 2 Releases 0 Wiki Activity
Browse Source

add example for ansible playbook integration

master
Edoardo Putti 7 years ago
parent
73a5ff2b3d
commit
7ffa4ca4f8
2 changed files with 69 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -0
      README.md
  2. +67
    -0
      ansible.yaml

+ 2
- 0
README.md View File

@ -19,6 +19,8 @@ This is a shell for a user, the shell only reads the input from the user and ret
The server logs can be found at `/home/request/request_server.log`
A playbook example can be found in `ansible.yaml`
#### ca-shell
This is a shell for a user, the shell limits the commands to the one we are interested, like generating a SSH/SSL CA, signing keys.


+ 67
- 0
ansible.yaml View File

@ -0,0 +1,67 @@
---
# This is an example of how to use Ansible with the ca-server shell.
# In this playbook we assume that you are requesting a ssh-host certificate
# to be used by the host `machine.example.com` and that the server hosting
# the ca-server shell is in your inventory under the name `ca_server`.
#
# We are using ed25519 as our preferred algorithm but any other one may be
# just right, be sure to change both the key and certificate destination.
#
- name: Read host public key
slurp:
src: "/etc/ssh/ssh_host_ed25519_key.pub"
register: vm_public_key
- debug:
var: vm_public_key['content']
verbosity: 2
- name: generate host request
set_fact:
ca_request:
type: 'sign_request'
request:
keyType: 'ssh_host'
hostName: 'machine.example.com'
keyData: "{{ vm_public_key['content'] | b64decode | replace('\n', '')}}"
- debug:
var: ca_request | to_json
verbosity: 2
- raw: "{{ ca_request | to_json }}"
delegate_to: ca_server
delegate_facts: True
register: request_result
failed_when: "( request_result.stdout | string | from_json ).failed"
- set_fact:
request_output: "{{ request_result.stdout | string | from_json }}"
- debug:
var: request_output
verbosity: 2
- debug:
msg: "Please manualy confirm sign request with id {{ request_output.requestID }}"
- name: generate get request
set_fact:
ca_request:
type: 'get_certificate'
requestID: '{{ request_output.requestID }}'
- raw: "{{ ca_request | to_json }}"
delegate_to: ca_server
delegate_facts: True
register: request_result
failed_when: "( request_result.stdout | string | from_json ).failed"
- set_fact:
cert_key: "{{ request_result.stdout | string | from_json }}"
- name: write certificate to host
copy:
content: "{{ cert_key.result }}"
dest: "/etc/ssh/ssh_host_ed25519_key-cert.pub"
register: set_pub_key

Write Preview
Loading…
Cancel
Save