From eaa05c48a8e4e5d002bf318ec0e95676487311c7 Mon Sep 17 00:00:00 2001 From: Ryan Treat Date: Thu, 22 Oct 2020 08:13:30 -0700 Subject: [PATCH] Document missing role parameters for controlling renewal behavior (#32) --- README.md | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index dfcf1ed..414a63c 100644 --- a/README.md +++ b/README.md @@ -98,24 +98,27 @@ For more information about Ansible Galaxy, go to https://galaxy.ansible.com/docs | Variable Name | Description | | ---------------------------------------- | ------------------------------------------------------------ | - | `credentials_file` | Name of the file containing Venafi credentials and connection settings
Default: credentials.yml | - | `certificate_common_name` | *Common Name* to request for the certificate.
Default: "{{ ansible_fqdn }}" | - | `certificate_alt_name` | Comma separated list of *Subject Alternative Names* to request for the certificate. Prefix each value with the SAN type (e.g. "DNS:host.company.com,IP:10.20.30.40,email:me@company.com") | | - | `certificate_privatekey_type` | Key algorithm, "RSA" or "ECDSA"
Default: "RSA" (from VCert) | - | `certificate_privatekey_size` | Key size in bits for RSA keys
Default: "2048" (from VCert) | - | `certificate_privatekey_curve` | Elliptic Curve for ECDSA keys
Default: "P251" (from VCert) | + | `credentials_file` | Name of the file containing Venafi credentials and connection settings
Default: `credentials.yml` | + | `certificate_common_name` | *Common Name* to request for the certificate.
Default: `"{{ ansible_fqdn }}"` | + | `certificate_alt_name` | Comma separated list of *Subject Alternative Names* to request for the certificate. Prefix each value with the SAN type.
Example: `"DNS:host.example.com,IP:10.20.30.40,email:me@example.com"` | | + | `certificate_privatekey_type` | Key algorithm, "RSA" or "ECDSA"
Default: `"RSA"` (from VCert) | + | `certificate_privatekey_size` | Key size in bits for RSA keys
Default: `"2048"` (from VCert) | + | `certificate_privatekey_curve` | Elliptic Curve for ECDSA keys
Default: `"P251"` (from VCert) | | `certificate_privatekey_passphrase` | Password to use for encrypting the private key | - | `certificate_chain_option` | Specifies whether the root CA certificate appears "last" (default) or "first" in the chain file | - | `certificate_cert_dir` | Local parent directory where the cryptographic assets will be stored
Default: "/etc/ssl/{{ certificate_common_name }}" | - | `certificate_cert_path` | Local directory where certificate files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem" | - | `certificate_chain_path` | Local directory where certificate chain files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem" | - | `certificate_privatekey_path` | Local directory where private key files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.key" | - | `certificate_csr_path` | Local directory where certificate signing request files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.csr" | - | `certificate_remote_execution` | Specifies whether cryptographic assets will be generated remotely, or locally and then provisioned to the remote host
Default: false | - | `certificate_remote_cert_path` | Directory on remote host where certificate files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem" | - | `certificate_remote_chain_path` | Directory on remote host where certificate chain files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem" | - | `certificate_remote_privatekey_path` | Directory on remote host where private key files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.key" | - | `certificate_copy_private_key_to_remote` | Specifies whether to copy the private key file to the remote host
Default: true | + | `certificate_chain_option` | Specifies whether the root CA certificate appears `"last"` (default) or `"first"` in the chain file | + | `certificate_cert_dir` | Local parent directory where the cryptographic assets will be stored
Default: `"/etc/ssl/{{ certificate_common_name }}"` | + | `certificate_cert_path` | Local directory where certificate files will be stored
Default: `{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem"` | + | `certificate_chain_path` | Local directory where certificate chain files will be stored
Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem"` | + | `certificate_privatekey_path` | Local directory where private key files will be stored
Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.key"` | + | `certificate_csr_path` | Local directory where certificate signing request files will be stored
Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.csr"` | + | `certificate_remote_execution` | Specifies whether cryptographic assets will be generated remotely, or locally and then provisioned to the remote host
Default: `false` | + | `certificate_remote_cert_path` | Directory on remote host where certificate files will be stored
Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem"` | + | `certificate_remote_chain_path` | Directory on remote host where certificate chain files will be stored
Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem"` | + | `certificate_remote_privatekey_path` | Directory on remote host where private key files will be stored
Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.key"` | + | `certificate_copy_private_key_to_remote` | Specifies whether to copy the private key file to the remote host
Default: `true` | + | `certificate_before_expired_hours` | Number of hours prior to the expiration of the certificate before it can be renewed
Default: `72` | + | `certificate_renew` | Specifies whether to renew the certificate if it is within the "before_expired_hours" window when the playbook is run
Default: `true` | + | `certificate_force` | Specifies whether to request a new certificate every time the playbook is run
Default: `false` | Defaults are defined in the [defaults/main.yml](defaults/main.yml) file.