ansible openssl_csr 创建动态 CN 和 alt_namess 列表
ansible openssl_csr creation with dynamic CN and alt_namess list
我正在通过 ansible 创建私钥和 csr 文件。
我坚持如何将 CN 和 alt 名称(逗号分隔列表)传递给 ansible 剧本。
手动命令和配置文件。
openssl req -new -sha256 -nodes -out NEW.csr -newkey rsa:2048 -keyout NEW.key -config config.txt
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[dn]
C=US
ST=NEWYORK
L=CITY
O=ABC
OU=XYZ
emailAddress=ABC@XYZ.com
CN = uat.com
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = us.uat.com
DNS.2 = apac.uat.com
DNS.3 = 123
DNS.4 = abc
DNS.5 = xyz
我在下面创建了剧本,但坚持如何将 CN 和 alt_names 作为逗号分隔列表作为输入传递,如果存在带有 alt_names 的现有 CN,我想要 ansible append/add 将 DNS 服务器条目添加到配置文件并生成新的 csr 文件。
- name: Generate an OpenSSL private RSA key with size-2048 bits
openssl_privatekey:
path: API.key_{{ansible_date_time.iso8601}}
type: RSA
size: 2048
register: privatekey
- name: Generate an OpenSSL certificate signing request file bases on input key values
openssl_csr:
path: API.csr_{{ansible_date_time.iso8601}}
privatekey_path: "{{ privatekey.filename }}"
common_name: "{{ CN }}"
group: apigee
owner: apigee
mode: '700'
digest: sha256
email_address: abc@xyz.com
country_name: US
locality_name:
organization_name:
organizational_unit_name:
state_or_province_name:
subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
with_dict:
dns_server:
- www.ansible.com
- m.ansible.com
- debug: var="{{ item }}"
with_items:
- csr.filename
- csr.privatekey
- csr.subject
- csr.subjectAltName
您好,请试试这个片段
vars:
CN: uat.com
dns_server:
- www.ansible.com
- m.ansible.com
tasks:
- name: Generate an OpenSSL private RSA key with size-2048 bits
openssl_privatekey:
path: API.key_{{ansible_date_time.iso8601}}
type: RSA
size: 2048
register: privatekey
- name: Generate an OpenSSL certificate signing request file bases on input key values
openssl_csr:
path: API.csr_{{ansible_date_time.iso8601}}
privatekey_path: "{{ privatekey.filename }}"
common_name: "{{ CN }}"
group: apigee
owner: apigee
mode: '700'
digest: sha256
email_address: abc@xyz.com
country_name: US
locality_name:
organization_name:
organizational_unit_name:
state_or_province_name:
subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
with_dict:
dns_server: "{{dns_server}}"
register: csr
- set_fact:
res: "{{csr.results[0]}}"
- debug: var="{{item}}"
with_items:
- res.filename
- res.privatekey
- res.subject
- res.subjectAltName
选项 1:将 extra_vars 作为字典传递
ansible-playbook test.yaml -vv -e '{"CN":"uat.com","dns_server":["www.ansible.com","m.ansible.com"]}'
方案二:多个extra_vars,但需要做变量编辑dns_server: "{{ dns_server_list.split(',') }}"
ansible-playbook test.yaml -vv -e "dns_server_list=www.ansible.com,m.ansible.com" -e "CN=uat.com"
以下test.yaml
---
- hosts: loadbalancer
vars:
dns_server: "{{ dns_server_list.split(',') }}"
tasks:
- name: debug CN
debug:
msg: "{{ CN }}"
when: CN is defined
- name: debug dns_server
debug:
msg: "{{ dns_server }}"
when: dns_server is defined
将在
上产生结果
TASK [debug CN] ************************************************************************************************************************************
task path: /vagrant/provisioning/testvar.yaml:4
ok: [loadbalancer] => {
"msg": "uat.com"
}
TASK [debug dns_server] ****************************************************************************************************************************
task path: /vagrant/provisioning/testvar.yaml:8
ok: [loadbalancer] => {
"msg": [
"www.ansible.com",
"m.ansible.com"
]
}
我正在通过 ansible 创建私钥和 csr 文件。 我坚持如何将 CN 和 alt 名称(逗号分隔列表)传递给 ansible 剧本。
手动命令和配置文件。
openssl req -new -sha256 -nodes -out NEW.csr -newkey rsa:2048 -keyout NEW.key -config config.txt
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[dn]
C=US
ST=NEWYORK
L=CITY
O=ABC
OU=XYZ
emailAddress=ABC@XYZ.com
CN = uat.com
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = us.uat.com
DNS.2 = apac.uat.com
DNS.3 = 123
DNS.4 = abc
DNS.5 = xyz
我在下面创建了剧本,但坚持如何将 CN 和 alt_names 作为逗号分隔列表作为输入传递,如果存在带有 alt_names 的现有 CN,我想要 ansible append/add 将 DNS 服务器条目添加到配置文件并生成新的 csr 文件。
- name: Generate an OpenSSL private RSA key with size-2048 bits
openssl_privatekey:
path: API.key_{{ansible_date_time.iso8601}}
type: RSA
size: 2048
register: privatekey
- name: Generate an OpenSSL certificate signing request file bases on input key values
openssl_csr:
path: API.csr_{{ansible_date_time.iso8601}}
privatekey_path: "{{ privatekey.filename }}"
common_name: "{{ CN }}"
group: apigee
owner: apigee
mode: '700'
digest: sha256
email_address: abc@xyz.com
country_name: US
locality_name:
organization_name:
organizational_unit_name:
state_or_province_name:
subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
with_dict:
dns_server:
- www.ansible.com
- m.ansible.com
- debug: var="{{ item }}"
with_items:
- csr.filename
- csr.privatekey
- csr.subject
- csr.subjectAltName
您好,请试试这个片段
vars:
CN: uat.com
dns_server:
- www.ansible.com
- m.ansible.com
tasks:
- name: Generate an OpenSSL private RSA key with size-2048 bits
openssl_privatekey:
path: API.key_{{ansible_date_time.iso8601}}
type: RSA
size: 2048
register: privatekey
- name: Generate an OpenSSL certificate signing request file bases on input key values
openssl_csr:
path: API.csr_{{ansible_date_time.iso8601}}
privatekey_path: "{{ privatekey.filename }}"
common_name: "{{ CN }}"
group: apigee
owner: apigee
mode: '700'
digest: sha256
email_address: abc@xyz.com
country_name: US
locality_name:
organization_name:
organizational_unit_name:
state_or_province_name:
subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
with_dict:
dns_server: "{{dns_server}}"
register: csr
- set_fact:
res: "{{csr.results[0]}}"
- debug: var="{{item}}"
with_items:
- res.filename
- res.privatekey
- res.subject
- res.subjectAltName
选项 1:将 extra_vars 作为字典传递
ansible-playbook test.yaml -vv -e '{"CN":"uat.com","dns_server":["www.ansible.com","m.ansible.com"]}'
方案二:多个extra_vars,但需要做变量编辑dns_server: "{{ dns_server_list.split(',') }}"
ansible-playbook test.yaml -vv -e "dns_server_list=www.ansible.com,m.ansible.com" -e "CN=uat.com"
以下test.yaml
---
- hosts: loadbalancer
vars:
dns_server: "{{ dns_server_list.split(',') }}"
tasks:
- name: debug CN
debug:
msg: "{{ CN }}"
when: CN is defined
- name: debug dns_server
debug:
msg: "{{ dns_server }}"
when: dns_server is defined
将在
上产生结果TASK [debug CN] ************************************************************************************************************************************
task path: /vagrant/provisioning/testvar.yaml:4
ok: [loadbalancer] => {
"msg": "uat.com"
}
TASK [debug dns_server] ****************************************************************************************************************************
task path: /vagrant/provisioning/testvar.yaml:8
ok: [loadbalancer] => {
"msg": [
"www.ansible.com",
"m.ansible.com"
]
}