Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

How to generate a Self Signed OpenSSL certificate with Ansible playbooks? private key file does not exist

byMR
March 6, 2023

I am showing my task schema

---
- name: Ensure directory exists for local self-signed TLS certs.
  file:
    path: "{{ certificate_dir }}/{{ server_hostname }}"
    state: directory

- name: Generate an OpenSSL private key.
  community.crypto.x509_certificate:
    path: "{{ certificate_dir }}/{{ server_hostname }}/privkey.pem"
    privatekey_path: "{{ certificate_dir }}/{{ server_hostname }}/privkey.pem"
    provider: selfsigned

When I run playbook I got

TASK [Ensure directory exists for local self-signed TLS certs.] ****************
changed: [default]

TASK [Generate an OpenSSL private key.] ****************************************
fatal: [default]: FAILED! => {"changed": false, "msg": "The private key file /etc/ssl/private/https.an/privkey.pem does not exist"}

I looked at official examples(ansible)

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel 

- name: Generate a Self Signed OpenSSL certificate
  community.crypto.x509_certificate:
    path: /etc/ssl/crt/ansible.com.crt
    privatekey_path: /etc/ssl/private/ansible.com.pem
    csr_path: /etc/ssl/csr/ansible.com.csr
    provider: selfsigned

If I go vagrant ssh and check

root@https:/etc/ssl# ll
total 40
drwxr-xr-x  4 root root  4096 Feb 12  2022 ./
drwxr-xr-x 83 root root  4096 Mar  6 12:00 ../
drwxr-xr-x  2 root root 16384 Feb 12  2022 certs/
-rw-r--r--  1 root root 10909 Apr 20  2020 openssl.cnf
drwx------  3 root root  4096 Mar  6 12:00 private/

And

root@https:/etc/ssl/private# ll
total 12
drwx------ 3 root root 4096 Mar  6 12:00 ./
drwxr-xr-x 4 root root 4096 Feb 12  2022 ../
drwxr-xr-x 2 root root 4096 Mar  6 12:00 https.an/

server name is https.an.
That folder is empty.
Should I generate keys on my own?
How it comes that Anisble can not automate this,or somethins is worng with my setup?

>Solution :

You should generate the key by yourself, ansible can handle it like this:
Doc: Openssl Key module

---
- hosts: localhost
  vars:
    - server_hostname: localhost
    - key_size: 2048
    - passphrase: passphrase
    - key_type: DSA
  tasks:
    - name: Generate an OpenSSL private key
      openssl_privatekey:
        path: "{{ certificate_dir }}/{{ server_hostname }}/privkey.pem"
        size: "{{ key_size }}"
        type: "{{ key_type }}"
        backup: yes

After doing it you reference the key in the community.crypto.x509_certificate module.

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading