-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathdeployVaultEjbcaDemo.yml
69 lines (64 loc) · 2.34 KB
/
deployVaultEjbcaDemo.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
---
#
- hosts: conServers
become: yes
become_method: sudo
vars:
docker_users:
- srajala
roles:
- ansible-role-docker
- hosts: conServers
gather_facts: false
pre_tasks:
- setup:
filter: ansible_env
vars:
vault_int_pki_name: pki_int
vault_int_ca_dn: 'common_name="Vault Intermediate Authority GX2" organization="Skyrim"'
vault_int_ca_keysize: 2048
vault_cli_url: https://releases.hashicorp.com/vault/1.3.4/vault_1.3.4_linux_amd64.zip
roles:
- ansible-ejbca-vault-ca-container
- ansible-ejbca-vault-ca-setup
- hosts: eeCaServers[0]
gather_facts: false
become: yes
become_method: sudo
vars:
vault_int_pki_name: pki_int
vault_int_pki_passwd: "{{ encrypted_vault_int_pki_passwd | default('foo123') }}"
vault_int_root_ca_cert_url: https://enroll.solitude.skyrim/ejbca/publicweb/webdist/certdist?cmd=cacert&issuer=CN%3DSolitude+Root+CA+G1%2COU%3DCertification+Authorities%2COU%3DSolitude%2CO%3DSkyrim&level=0
vault_int_ca_ejbca_dn: 'CN=Vault Intermediate Authority GX2,OU=Certification Authorities,OU=Solitude,O=Skyrim'
vault_int_ca_ejbca_rootca_sign: Solitude-Root-CA
vault_int_ca_ejbca_certprofile: HashiCorp-SubCA-G1
vault_int_ca_ejbca_endentityprofile: Hashicorp-SubCA
ejbcawsracli_url: https://enroll.solitude.skyrim/ejbca/ejbcaws/ejbcaws
ejbcawsracli_keystore_path: /opt/ejbca/p12/SkryimSuperAdministrator.p12
ejbcawsracli_keystore_password: "{{ encrypted_ejbcawsracli_keystore_password | default('foo123') }}"
ejbcawsracli_truststore_path: "{{ ejbca_toolbox }}/truststore"
ejbcawsracli_truststore_url: https://enroll.solitude.skyrim/ejbca/publicweb/webdist/certdist?cmd=cachain&caid=1595111880&format=jks
roles:
- ansible-ejbca-certreq-websvc
- hosts: conServers
gather_facts: false
pre_tasks:
- setup:
filter: ansible_env
vars:
vault_int_pki_domain:
- instance: solitude-skyrim
allowed_domains: solitude.skyrim
allow_subdomains: true
max_ttl: 160h
key_usage: 'DigitalSignature, KeyEncipherment'
vault_int_pki_ee_domain:
- instance: solitude-skyrim
common_name: test1.solitude.skyrim
ttl: 24h
- instance: solitude-skyrim
common_name: test2.solitude.skyrim
ttl: 48h
roles:
- ansible-ejbca-vault-ca-signed-cert
- ansible-ejbca-vault-ca-issue-cert