sa_8001/offline_kubespray
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
85d097ab18c3392284b6d16f80182be685b6349c
offline_kubespray/collection/cisco/ise/playbooks/certificate_management.yml
ByeonJungHun 360c6eef4a offline 작업
2024-02-19 16:02:29 +09:00

76 lines
2.3 KiB
YAML
Raw Blame History

- hosts: ise_servers
gather_facts: no
name: Certificate management
tasks:
# - name: Import certificate into ISE node
# cisco.ise.trusted_certificate_import:
# ise_hostname: "{{ise_hostname}}"
# ise_username: "{{ise_username}}"
# ise_password: "{{ise_password}}"
# ise_verify: "{{ise_verify}}"
# data: "{{ lookup('file', item) }}"
# description: Root CA public certificate
# name: RootCert
# allowBasicConstraintCAFalse: true
# allowOutOfDateCert: false
# allowSHA1Certificates: true
# trustForCertificateBasedAdminAuth: true
# trustForCiscoServicesAuth: true
# trustForClientAuth: true
# trustForIseAuth: true
# validateCertificateExtensions: true
# with_fileglob:
# - "/Users/rcampos/Downloads/RootCACert.pem"
- name: Generate CSR
cisco.ise.csr_generate:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
allowWildCardCert: true
subjectCommonName: ise.securitydemo.net
subjectOrgUnit: Sample OU
subjectOrg: Sample Org
subjectCity: San Francisco
subjectState: CA
subjectCountry: US
keyType: ECDSA
keyLength: 1024
digestType: SHA-256
usedFor: MULTI-USEw
register: result
- name: Set ID value to variable
ansible.builtin.set_fact:
csr_id: "{{result['ise_response']['response'][0]['id']}}"
when: not ansible_check_mode
- name: Pause until the CSR has been signed by the CA
pause:
- name: Bind Signed Certificate
cisco.ise.bind_signed_certificate:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
admin: true
allowExtendedValidity: true
allowOutOfDateCert: true
allowReplacementOfCertificates: true
allowReplacementOfPortalGroupTag: true
data: "{{ lookup('file', item) }}"
hostName: ise.securitydemo.net
name: My Signed Certificate
validateCertificateExtensions: true
id: "{{csr_id}}"
eap: true
radius: true
pxgrid: true
ims: true
portal: true
with_fileglob:
- "/Users/rcampos/Downloads/RootCACert.pem"
when: not ansible_check_mode
Reference in New Issue View Git Blame Copy Permalink