Generate SSL certificate
By default, the generation of the SSL certificate for the web server is disabled
poudriere_cert: false
By default, the names of the files are poudriere.key
and poudriere.crt
poudriere_ssl_dir: /usr/local/etc/ssl
poudriere_ssl_private_dir: /usr/local/etc/ssl/private
poudriere_cert_key: "{{ poudriere_ssl_private_dir }}/poudriere.key"
poudriere_csr_path: "{{ poudriere_ssl_dir }}/csr/poudriere.csr"
poudriere_cert_path: "{{ poudriere_ssl_dir }}/crt/poudriere.crt"
Optionally, change the paths and names of the files, e.g.
poudriere_cert_cn: build.example.com
poudriere_cert_key: "{{ poudriere_ssl_private_dir }}/{{ poudriere_cert_cn }}.key"
poudriere_cert_csr: "{{ poudriere_ssl_dir }}/csr/{{ poudriere_cert_cn }}.csr"
poudriere_cert_path: "{{ poudriere_ssl_dir }}/certs/{{ poudriere_cert_cn }}.crt"
Optionally enable and generate the SSL certificate
shell> ansible-playbook pb.yml -t poudriere_cert -e poudriere_cert=true
Review the created files, ownership, and the permissions
1shell> tree /usr/local/etc/ssl/
2/usr/local/etc/ssl/
3|-- cert.pem
4|-- cert.pem.sample -> ../../share/certs/ca-root-nss.crt
5|-- certs
6| `-- build.example.com.crt
7|-- crt
8| `-- build.example.com-sk.crt
9|-- csr
10| `-- build.example.com.csr
11`-- private
12 |-- build.example.com-sk.key
13 `-- build.example.com.key
See also
Source code cert.yml