This is an Ansible role for configuring trust of DHS CA certificates at the OS level.
This role makes use of the community.general.json_query
Ansible
filter,
which requires that the jmespath
Python
package be installed on the local
host.
Variable | Description | Default | Required |
---|---|---|---|
cer_filename | The filename to use for the DHS certificate cer bundle (translated from the p7b bundle). | dhsca.cer |
No |
cert_url | The URL where the DHS certificate p7b bundle can be downloaded. | https://pki.treas.gov/dhsca_fullpath.p7b |
No |
p7b_filename | The filename to use for the DHS certificate p7b bundle after it is downloaded from cert\_url . |
dhsca.p7b |
No |
single_cert_filename_prefix | The prefix to use when creating the individual certificate files extracted from the DHS certificate p7b bundle. If the prefix is "zz-" then individual certificate files will be named "zz-00", "zz-01", etc. | dhs-cert- |
No |
None.
Here's how to use it in a playbook:
- hosts: all
become: yes
become_method: sudo
roles:
- dhs_certificates
We welcome contributions! Please see CONTRIBUTING.md
for
details.
This project is in the worldwide public domain.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.
Shane Frasier - [email protected]