Code Monkey home page Code Monkey logo

ansible-role-pg-cert-store's Introduction

pg_cert_store

Installs and configures pg-cert-store.

Requirements

A PostgreSQL database and credentials to connect to it.

Role Variables

Name Default Value Description
pg_cert_config_path /etc/pg-cert-store Path to config files
pg_cert_default_cert_path /etc/pki/tls/certs Where to place pulled certs if they're missing cert_path
pg_cert_default_key_path /etc/pki/tls/private Where to place pulled private keys if they're missing key_path
pg_cert_default_owner root Owner of certificate files if owner is missing
pg_cert_default_group root Group of certificate files if group is missing
pg_cert_pull [] List of pull configs, see example playbook
pg_cert_pg_host "" Hostname/IP of PG server
pg_cert_pg_db certs Database name to connect to
pg_cert_pg_user certs_pusher PG user to connect as
pg_cert_pg_password "" Password of PG user
pg_cert_pg_schema public Schema name to be used
pg_cert_pull_oncalendar *-*-* 04:00:00 systemd timer OnCalendar to use, default is daily at 04:00 (4am)
pg_cert_pull_hooks [] List of dicts defining hooks, see playbook
pg_cert_hooks_dir /etc/pg-cert-store/hooks.d Path to deploy hooks
pg_cert_pull_hooks_sync true Whether or not to delete hooks no longer defined in pg_cert_pull_hooks
pg_cert_pull_pre_script "" Raw string inserted before pull script is run

Example Playbook

- hosts: servers
  roles:
    - role: cosandr.pg_cert_store
      vars:
        pg_cert_pull:
          # All details
          - name: "example.com"
            cert_path: "/etc/nginx/example.crt"
            key_path: "/etc/nginx/example.key"
            chain_path: "/etc/nginx/example.chain.crt"
            owner: root
            group: nginx
            public_mode: "0644"
            private_mode: "0640"
            chain_mode: "0644"
          # If cert_path or key_path are not specified
          # cert is placed at "{{ pg_cert_default_cert_path }}/{{ c.name }}.crt"
          # key is placed at "{{ pg_cert_default_key_path }}/{{ c.name }}.key"
          - name: "another.example.com"

        pg_cert_pull_hooks:
          - name: restart-nginx
            content: |
              #!/bin/sh

              systemctl restart nginx

          - name: only-once
            disabled: "{{ inventory_hostname != groups['example'][0] }}"
            content: |
              #!/bin/sh

              echo "I will only run on one host"

License

MIT

Author Information

Andrei Costescu

ansible-role-pg-cert-store's People

Contributors

cosandr avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.