A role to contextualise the security and trust anchors for hosts in AAROC inventories. This is an evolution of the previous certificates role in @AAROC/DevOps/Ansible/roles , but created with Ansible Galaxy so as to promote re-use.
This role is to be used on AAROC sites wishing to ensure that the certificate roll is up to date.
CRLs are not tested in this role, but in AAROC.UMD-role. The reasoning is described in #1.
This role will install the necessary files for the host to trust others in the EGI and IGTF circle. Files installed are the public keys of the certificate authorities which make up these PMA's. For more information, see IGTF and EGI websites.
We follow the IGTF release cycle - versions follow the form v <major>.<patch>.<IGTF-release>
When new tickets are opened for the IGTF release, we create a branch for the version and check it.
The only file which should change across versions, in a stable state, is defaults/main.yml, where igtf_release_version is set.
Requires escalation priveliges on the managed hosts, since it will install packages.
needs_cert: does this host need a host certificate ? (truthy)igtf_release_version: the IGTF release version
None
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role:AAROC.certificates, become: true, needs_cert: false }
Apache-2.0
Bruce Becker CSIR Meraka Institute @brucellino
Cite as :
Bruce Becker. (2017, November 17). AAROC/AAROC.certificates: IGTF and EGI release 1.87-1 (Version v1.0.87-1). Zenodo. http://doi.org/10.5281/zenodo.1052867