Use case 1 - Standalone server:
- CA is generated
- Certificate for
hostname --long will be generated. Subject Alternative Names: hostname, localhost, 127.0.0.1, (primary IP?)
Use case 2 - Shared CA for a vDC. CA files live on an infrastructure/CA VM 'infra-vm'
- CA is created on 'infra-vm'
ca_host_delegate_to: 'infra-vm'
- Use CA to create the certificates and import it into the target VM's CA trust store
Variables:
- path
- CN, SAN
- extensions
- algorithms
- key size
The role must accept injections from other roles, e.g. MariaDB. Caution: MariaDB Standalone can hold a MariaDB CA, but MariaDB Galera clusters require a shared CA.
Use case 1 - Standalone server:
hostname --longwill be generated. Subject Alternative Names:hostname, localhost, 127.0.0.1, (primary IP?)Use case 2 - Shared CA for a vDC. CA files live on an infrastructure/CA VM 'infra-vm'
ca_host_delegate_to: 'infra-vm'Variables:
The role must accept injections from other roles, e.g. MariaDB. Caution: MariaDB Standalone can hold a MariaDB CA, but MariaDB Galera clusters require a shared CA.