Skip to Content
Skip Breadcrumb

Rollout corporate CA with ansible

Posted on Modified on by Aleksandar Lazic

A lot of enterprise companies have there own CA and PKI . The main issue on a own Cloud Infrastructure like kubernetes and openshift is to distribute the CA on every machine.

You can use this small snipplet on a RHEL based machine to distribute your own CA.

Pre-requirement

  • CA in pem format on the management node
  • ansible on the management node
  • ansible must be able to execute root commands

the playbook

⚠ | Please replace the THE-PATH-TO-THE-PEM.pem to the CA pem file

ca-distribute.yaml

--- 
- hosts: all

  vars:
    ANCH_DIR: /usr/share/pki/ca-trust-source/anchors
    CA_PEM: THE-PATH-TO-THE-PEM.pem

  tasks:
  - name: copy corporate-ca pem file
    copy: src={{ CA_PEM }} dest={{ ANCH_DIR }}

  - name: execute update-ca-trust
    command: update-ca-trust

run the playbook

ansible-playbook ca-distribute.yaml

You can finde here more Ansible Tips and Tricks

You can contact me for any further questions and orders