Cara Generate OpenSSL Certificate dengan Ansible

Untuk tutorial Ansible kali ini kita akan membuat sebuah OpenSSL Certificate pribadi yang kita gunakan. Sebelum mengikuti tutorial kali ini, silakan install ansible dulu ya.

[sourcecode]

#fedora
sudo dnf install ansible

#centOS
$ sudo yum -y install epel-release
$ sudo yum install ansible

#ubuntu
$ sudo apt update
$ sudo apt install software-properties-common
$ sudo apt-add-repository –yes –update ppa:ansible/ansible
$ sudo apt install ansible

#debian
$ echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" | sudo tee -a /etc/apt/sources.list
$ sudo apt-key adv –keyserver keyserver.ubuntu.com –recv-keys 93C4A3FD7BB9C367
$ sudo apt update
$ sudo apt install ansible

#arch linux
$ pacman -S ansible
[/sourcecode]

cek dulu versi ansbile ini dengan perintah ansible –version

ansible --version
ansible 2.9.11
  config file = None
  configured module search path = ['/Users/jkmutai/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/2.9.11/libexec/lib/python3.8/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.8.5 (default, Jul 21 2020, 10:48:26) [Clang 11.0.3 (clang-1103.0.32.62)]

Install Dependensi SSL

Silakan install dengan perintah:

[sourcecode]sudo pip install pyOpenSSL[/sourcecode]

jika menggunakan Python 3:
[sourcecode]sudo pip3 install pyOpenSSL[/sourcecode]

Contoh Skrip Ansible SSL

Silakan buat sebuah folder dengan nama certificates, files dan template

mkdir -p ~/server/ansible/{certificates,files,templates}

kemudian masuk ke sana.

buat schema ansible disana:

nano ~/server/ansible/openssl_certificates.yml

tuliskan:

[sourcecode]

– hosts: localhost
vars:
– server_hostname: emka.web.id
– key_size: 4096
– passphrase: # tulis phaseprase
– key_type: DSA # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
tasks:
– name: Generate an OpenSSL private key
openssl_privatekey:
path: "./certificates/{{ server_hostname }}_privkey.pem"
size: "{{ key_size }}"
type: "{{ key_type }}"
backup: yes
[/sourcecode]

kemudian jalankan schema tersebut:

[sourcecode]ansible-playbook openssl_certificates.yml[/sourcecode]

contoh hasilnya:

PLAY [localhost] *************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************
ok: [localhost]

TASK [Generate an OpenSSL private key] ***************************************************************************************************************************
changed: [localhost]

PLAY RECAP *******************************************************************************************************************************************************
localhost                  : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

cek file PEM sudah dibuat atau belum.