Installes CFSSL (CloudFlare's PKI toolkit) binaries. I used it as a lightweight certificate authority (CA) for Kubernetes. This Ansible playbook is used in Kubernetes the not so hard way with Ansible - certificate authority.

I tag every release and try to stay with semantic versioning. If you want to use the role I recommend to checkout the latest tag. The master branch is basically development while the tags mark stable releases. But in general I try to keep master in good shape too.

The tag 8.3.0+1.6.5 means that this is the release 8.3.0 of the Ansible role which uses release 1.6.5 of CFSSL.

Change history:

See full CHANGELOG.md

Recent changes:

• BREAKING

  • remove Ubuntu 18.04 support (reached EOL)
  • remove Debian 10 support (reached EOL)

• UPDATE

  • Update cfssl tools to version 1.6.5
  • add Debian 12 support
  • update Github workflow

• MOLECULE

  • fix ansible-lint issues in converge.yml

• UPDATE
  • Update cfssl tools to version 1.6.4
  • Add support for Ubuntu 22.04
  • Add verify step for Molecule

• Directly download from Github (Change into Ansible roles directory before cloning. You can figure out the role path by using ansible-config dump | grep DEFAULT_ROLES_PATH command): git clone https://github.com/githubixx/ansible-role-cfssl.git githubixx.cfssl

• Via ansible-galaxy command and download directly from Ansible Galaxy: ansible-galaxy install role githubixx.cfssl

• Create a requirements.yml file with the following content (this will download the role from Github) and install with ansible-galaxy role install -r requirements.yml (change version if needed):

---
roles:
 - name: githubixx.cfssl
 src: https://github.com/githubixx/ansible-role-cfssl.git
 version: 8.3.0+1.6.5

# Specifies the version of CFSSL toolkit we want to download and use
cfssl_version: "1.6.5"
# Checksum file
cfssl_checksum_url: "https://github.com/cloudflare/cfssl/releases/download/v{{ cfssl_version }}/cfssl_{{ cfssl_version }}_checksums.txt"
# The directory where CFSSL binaries will be installed
cfssl_bin_directory: "/usr/local/bin"
# Owner of the cfssl binaries
cfssl_owner: "root"
# Group of cfssl binaries
cfssl_group: "root"
# Operating system on which "cfssl/cfssljson" should run on
cfssl_os: "linux" # use "darwin" for MacOS X, "windows" for Windows
# Processor architecture "cfssl/cfssljson" should run on
cfssl_arch: "amd64" # the only supported architecture at the moment

This role has a small test setup that is created using molecule. To run the tests follow the molecule install guide. Also ensure that a Docker daemon runs on your machine.

Assuming Docker is already installed you need at least two Python packages:

pip3 install --user molecule
pip3 install --user molecule-docker

Afterwards molecule can be executed:

molecule converge

This will setup some Docker container with Ubuntu 18.04/20.04 and Debian 10/11 with cfssl installed.

To clean up run

molecule destroy

- hosts: cfssl-hosts
 roles:
 - githubixx.cfssl

GNU GENERAL PUBLIC LICENSE Version 3

http://www.tauceti.blog