Cara Generate OpenSSL Certificate dengan Ansible

Untuk tutorial Ansible kali ini kita akan membuat sebuah OpenSSL Certificate pribadi yang kita gunakan. Sebelum mengikuti tutorial kali ini, silakan install ansible dulu ya.


#fedora
sudo dnf install ansible

#centOS
$ sudo yum -y install epel-release
$ sudo yum install ansible

#ubuntu
$ sudo apt update
$ sudo apt install software-properties-common
$ sudo apt-add-repository --yes --update ppa:ansible/ansible
$ sudo apt install ansible

#debian
$ echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" | sudo tee -a /etc/apt/sources.list
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
$ sudo apt update
$ sudo apt install ansible

#arch linux
$ pacman -S ansible

cek dulu versi ansbile ini dengan perintah ansible –version

ansible --version
ansible 2.9.11
  config file = None
  configured module search path = ['/Users/jkmutai/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/2.9.11/libexec/lib/python3.8/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.8.5 (default, Jul 21 2020, 10:48:26) [Clang 11.0.3 (clang-1103.0.32.62)]

Install Dependensi SSL

Silakan install dengan perintah:

sudo pip install pyOpenSSL

jika menggunakan Python 3:

sudo pip3 install pyOpenSSL

Contoh Skrip Ansible SSL

Silakan buat sebuah folder dengan nama certificates, files dan template

mkdir -p ~/server/ansible/{certificates,files,templates}

kemudian masuk ke sana.

buat schema ansible disana:

nano ~/server/ansible/openssl_certificates.yml

tuliskan:

---
- hosts: localhost
  vars:
    - server_hostname: emka.web.id
    - key_size: 4096
    - passphrase: # tulis phaseprase
    - key_type: DSA # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
  tasks:
    - name: Generate an OpenSSL private key
      openssl_privatekey:
        path: "./certificates/{{ server_hostname }}_privkey.pem"
        size: "{{ key_size }}"
        type: "{{ key_type }}"
        backup: yes

kemudian jalankan schema tersebut:

ansible-playbook openssl_certificates.yml

contoh hasilnya:

PLAY [localhost] *************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************
ok: [localhost]

TASK [Generate an OpenSSL private key] ***************************************************************************************************************************
changed: [localhost]

PLAY RECAP *******************************************************************************************************************************************************
localhost                  : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

cek file PEM sudah dibuat atau belum.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: