You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 lines
1.3 KiB
47 lines
1.3 KiB
9 months ago
|
# msvsphere.ci.koji_server_ca
|
||
|
|
|
||
|
|
An Ansible role that creates a Koji server CA and issues an HTTPS certificate.
|
||
|
|
|
||
|
|
For production Koji deployment it's recommended to use FreeIPA or other
|
||
|
|
centralized certificate management system. This role is intended for
|
||
|
|
development purposes.
|
||
|
|
|
||
|
|
The role creates the `/etc/pki/koji` directory and produces the following
|
||
|
|
artifacts:
|
||
|
|
|
||
|
|
* `koji-ca.crt` - CA certificate.
|
||
|
|
* `koji-ca.key` - CA private key.
|
||
|
|
* `koji.msvsphere.test.key` - Koji server HTTPS certificate private key.
|
||
|
|
* `build.msvsphere.test.csr` - Koji server HTTPS certificate signing request.
|
||
|
|
* `build.msvsphere.test.crt` - Koji server HTTPS certificate.
|
||
|
|
* `build.msvsphere.test.chain.crt` - Koji server HTTPS certificate chain.
|
||
|
|
|
||
|
|
Here `koji.msvsphere.test` is the `koji_server_ca_fqdn` value.
|
||
|
|
|
||
|
|
Also, the role will add the CA certificate to the list of trusted
|
||
|
|
certificates.
|
||
|
|
|
||
|
|
## Variables
|
||
|
|
|
||
|
|
| Variable | Default value | Type | Description | Required |
|
||
|
|
| -------- | ------------- | ---- | ----------- | -------- |
|
||
|
|
| koji_server_ca_fqdn | | string | Koji server domain name. | yes |
|
||
|
|
|
||
|
|
## Example playbook
|
||
|
|
|
||
|
|
```yaml
|
||
|
|
---
|
||
|
|
- hosts: all
|
||
|
|
roles:
|
||
|
|
- role: msvsphere.ci.koji_server_ca
|
||
|
|
koji_server_ca_fqdn: koji.msvsphere.test
|
||
|
|
```
|
||
|
|
|
||
|
|
## License
|
||
|
|
|
||
|
|
MIT.
|
||
|
|
|
||
|
|
## Authors
|
||
|
|
|
||
|
|
* [Eugene Zamriy](mailto:ezamriy@msvsphere-os.ru)
|