# msvsphere.ci.koji_server_ca

An Ansible role that creates a Koji server CA and issues an HTTPS certificate.

For production Koji deployment it's recommended to use FreeIPA or other
centralized certificate management system. This role is intended for
development purposes.

The role creates the `/etc/pki/koji` directory and produces the following
artifacts:

* `koji-ca.crt` - CA certificate.
* `koji-ca.key` - CA private key.
* `koji.msvsphere.test.key` - Koji server HTTPS certificate private key.
* `build.msvsphere.test.csr` - Koji server HTTPS certificate signing request.
* `build.msvsphere.test.crt` - Koji server HTTPS certificate.
* `build.msvsphere.test.chain.crt` - Koji server HTTPS certificate chain.

Here `koji.msvsphere.test` is the `koji_server_ca_fqdn` value.

Also, the role will add the CA certificate to the list of trusted
certificates.

## Variables

| Variable | Default value | Type | Description | Required |
| -------- | ------------- | ---- | ----------- | -------- |
| koji_server_ca_fqdn | | string | Koji server domain name. | yes |

## Example playbook

```yaml
---
- hosts: all
  roles:
    - role: msvsphere.ci.koji_server_ca
      koji_server_ca_fqdn: koji.msvsphere.test
```

## License

MIT.

## Authors

* [Eugene Zamriy](mailto:ezamriy@msvsphere-os.ru)