0

I'm creating private key and csr file through ansible. im stuck on how do i pass CN and alt names(comma separated list) to ansible playbook.

manual command and config file. 

openssl req -new -sha256 -nodes -out NEW.csr -newkey rsa:2048 -keyout NEW.key -config config.txt

[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[dn]
C=US
ST=NEWYORK
L=CITY
O=ABC
OU=XYZ
emailAddress=ABC@XYZ.com
CN = uat.com

[req_ext]
subjectAltName = @alt_names

[alt_names]
DNS.1 = us.uat.com
DNS.2 = apac.uat.com 
DNS.3 =  123
DNS.4 =  abc
DNS.5 =  xyz

I created playbook below, but stuck on how to pass the CN and alt_names as a comma separated list as input, also if there is an existing CN with alt_names, i want the ansible to append/add the DNS server entries to config file and generate new csr file.

   - name: Generate an OpenSSL private RSA key with size-2048 bits
     openssl_privatekey:
      path: API.key_{{ansible_date_time.iso8601}}
      type: RSA
      size: 2048
     register: privatekey

   - name: Generate an OpenSSL certificate signing request file bases on input key values
     openssl_csr:
       path: API.csr_{{ansible_date_time.iso8601}}
       privatekey_path: "{{ privatekey.filename }}"
       common_name: "{{ CN }}"
       group: apigee
       owner: apigee
       mode: '700'
       digest: sha256
       email_address:  abc@xyz.com
       country_name: US
       locality_name:  
       organization_name:  
       organizational_unit_name:  
       state_or_province_name:  
       subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
     with_dict:
       dns_server:
       - www.ansible.com
       - m.ansible.com
   - debug: var="{{ item }}"
     with_items:
     - csr.filename
     - csr.privatekey
     - csr.subject
     - csr.subjectAltName

2 Answers2

0

Hi pls try this snippet

  vars:
    CN: uat.com
    dns_server:
      - www.ansible.com
      - m.ansible.com

  tasks:

  - name: Generate an OpenSSL private RSA key with size-2048 bits
    openssl_privatekey:
      path: API.key_{{ansible_date_time.iso8601}}
      type: RSA
      size: 2048
    register: privatekey

  - name: Generate an OpenSSL certificate signing request file bases on input key values
    openssl_csr:
      path: API.csr_{{ansible_date_time.iso8601}}
      privatekey_path: "{{ privatekey.filename }}"
      common_name: "{{ CN }}"
      group: apigee
      owner: apigee
      mode: '700'
      digest: sha256
      email_address:  abc@xyz.com
      country_name: US
      locality_name:  
      organization_name:  
      organizational_unit_name:  
      state_or_province_name:  
      subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
    with_dict:
      dns_server: "{{dns_server}}"
    register: csr

  - set_fact:
      res: "{{csr.results[0]}}"

  - debug: var="{{item}}"
    with_items:
    - res.filename
    - res.privatekey
    - res.subject
    - res.subjectAltName
itiic
  • 3,284
  • 4
  • 20
  • 31
  • i've tried using this, but not working.. i need to pass the DNS list as a dynamic list input to playbook but not hardcode in it. –  May 28 '20 at 03:49
  • ` vars: dns_server: - "{{ dns_server_list }}" openssl_csr: path: {{API_EP}}.csr_{{ansible_date_time.iso8601}} privatekey_path: "{{ privatekey.filename }}" common_name: "{{ CN }}" subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}" with_dict: dns_server: "{{ dns_server }}" register: csr ` –  May 28 '20 at 03:55
  • to dynamically set vars add `-e` filed to the execution. For example: `-e '{"CN":"aaaaa.bbbb.com","dns_server":["google.com","m.ansible.com"]}'` – itiic May 28 '20 at 12:55
  • this works fine, but if i am using with_dict in module, register option in csr module is not taken, hence not able to use registered values and use in further modules. –  Jun 02 '20 at 11:51
  • subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}" with_dict: dns_server: "{{ dns_server }}" register: csr - shell: cat {{ csr.filename }} register: result - debug: msg: "{{ result.stdout_lines }}" - command: "{{ item }}" with_items: - echo "Private key generated - {{ csr.privatekey }}" - echo "CSR file generated - {{ csr.filename }}" - echo "Common Name - {{ csr.subject[5] }}" –  Jun 02 '20 at 11:54
  • Next task is failed mentioned undefined variable as used from openssl_csr module, how to i use with_dict and register in same module. –  Jun 02 '20 at 11:55
0

Option 1: pass extra_vars as dictionary

ansible-playbook test.yaml -vv -e '{"CN":"uat.com","dns_server":["www.ansible.com","m.ansible.com"]}'

Option 2: multiple extra_vars, but need to do variable editing dns_server: "{{ dns_server_list.split(',') }}"

ansible-playbook test.yaml -vv -e "dns_server_list=www.ansible.com,m.ansible.com" -e "CN=uat.com"

for below test.yaml

---
- hosts: loadbalancer
  vars:
    dns_server: "{{ dns_server_list.split(',') }}"
  tasks:
  - name: debug CN
    debug:
      msg: "{{ CN }}"
    when: CN is defined
  - name: debug dns_server
    debug:
      msg: "{{ dns_server }}"
    when: dns_server is defined

will resulting on 

TASK [debug CN] ************************************************************************************************************************************
task path: /vagrant/provisioning/testvar.yaml:4
ok: [loadbalancer] => {
    "msg": "uat.com"
}

TASK [debug dns_server] ****************************************************************************************************************************
task path: /vagrant/provisioning/testvar.yaml:8
ok: [loadbalancer] => {
    "msg": [
        "www.ansible.com", 
        "m.ansible.com"
    ]
}
Johanes Anggara
  • 24
  • 6
  • i need to pass on the DNS server list as an input value to playbook like ansible-playbook openssl_csr.yaml -e "dns_server_list=abc.com,xyz.com,123.com" –  May 28 '20 at 04:07
  • Sorry mistakenly understanding your question, i revised my answer – Johanes Anggara May 28 '20 at 12:22