{"id":16777320,"url":"https://github.com/githubixx/ansible-role-cfssl","last_synced_at":"2025-06-26T08:02:52.222Z","repository":{"id":45885618,"uuid":"74511754","full_name":"githubixx/ansible-role-cfssl","owner":"githubixx","description":"Ansible role for installing Cloudflares CFSSL PKI toolkit on Ubuntu","archived":false,"fork":false,"pushed_at":"2024-04-16T20:35:49.000Z","size":48,"stargazers_count":13,"open_issues_count":0,"forks_count":12,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-10T20:53:07.696Z","etag":null,"topics":["ansible","ansible-role","certificate","certificate-authority","cfssl","cloudflare-pki-toolkit","kubernetes","security"],"latest_commit_sha":null,"homepage":"https://www.tauceti.blog/posts/kubernetes-the-not-so-hard-way-with-ansible-certificate-authority/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/githubixx.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-11-22T20:47:20.000Z","updated_at":"2024-06-24T03:49:41.000Z","dependencies_parsed_at":"2024-04-16T21:52:02.598Z","dependency_job_id":"f8ea7144-6431-4d17-aa11-6f0588536a37","html_url":"https://github.com/githubixx/ansible-role-cfssl","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/githubixx/ansible-role-cfssl","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubixx%2Fansible-role-cfssl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubixx%2Fansible-role-cfssl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubixx%2Fansible-role-cfssl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubixx%2Fansible-role-cfssl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/githubixx","download_url":"https://codeload.github.com/githubixx/ansible-role-cfssl/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubixx%2Fansible-role-cfssl/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262026908,"owners_count":23246951,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","certificate","certificate-authority","cfssl","cloudflare-pki-toolkit","kubernetes","security"],"created_at":"2024-10-13T07:24:22.878Z","updated_at":"2025-06-26T08:02:52.199Z","avatar_url":"https://github.com/githubixx.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# ansible-role-cfssl\n\nInstalles CFSSL (CloudFlare's PKI toolkit) binaries. I used it as a lightweight certificate authority (CA) for Kubernetes. This Ansible playbook is used in [Kubernetes the not so hard way with Ansible - certificate authority](https://www.tauceti.blog/posts/kubernetes-the-not-so-hard-way-with-ansible-certificate-authority/).\n\n## Versions\n\nI tag every release and try to stay with [semantic versioning](http://semver.org). If you want to use the role I recommend to checkout the latest tag. The master branch is basically development while the tags mark stable releases. But in general I try to keep master in good shape too.\n\nThe tag `8.3.0+1.6.5` means that this is the release `8.3.0` of the Ansible role which uses release `1.6.5` of CFSSL.\n\n## Changelog\n\n**Change history:**\n\nSee full [CHANGELOG.md](https://github.com/githubixx/ansible-role-cfssl/blob/master/CHANGELOG.md)\n\n**Recent changes:**\n\n## 8.3.0+1.6.5\n\n- **BREAKING**\n  - remove Ubuntu 18.04 support (reached EOL)\n  - remove Debian 10 support (reached EOL)\n\n- **UPDATE**\n  - Update `cfssl` tools to version 1.6.5\n  - add Debian 12 support\n  - update Github workflow\n\n- **MOLECULE**\n  - fix ansible-lint issues in `converge.yml`\n\n## 8.2.0+1.6.4\n\n- **UPDATE**\n  - Update `cfssl` tools to version 1.6.4\n  - Add support for Ubuntu 22.04\n  - Add verify step for Molecule\n\n## Installation\n\n- Directly download from Github (Change into Ansible roles directory before cloning. You can figure out the role path by using `ansible-config dump | grep DEFAULT_ROLES_PATH` command):\n`git clone https://github.com/githubixx/ansible-role-cfssl.git githubixx.cfssl`\n\n- Via `ansible-galaxy` command and download directly from Ansible Galaxy:\n`ansible-galaxy install role githubixx.cfssl`\n\n- Create a `requirements.yml` file with the following content (this will download the role from Github) and install with\n`ansible-galaxy role install -r requirements.yml` (change `version` if needed):\n\n```yaml\n---\nroles:\n  - name: githubixx.cfssl\n    src: https://github.com/githubixx/ansible-role-cfssl.git\n    version: 8.3.0+1.6.5\n```\n\n## Role Variables\n\n```yaml\n# Specifies the version of CFSSL toolkit we want to download and use\ncfssl_version: \"1.6.5\"\n\n# Checksum file\ncfssl_checksum_url: \"https://github.com/cloudflare/cfssl/releases/download/v{{ cfssl_version }}/cfssl_{{ cfssl_version }}_checksums.txt\"\n\n# The directory where CFSSL binaries will be installed\ncfssl_bin_directory: \"/usr/local/bin\"\n\n# Owner of the cfssl binaries\ncfssl_owner: \"root\"\n\n# Group of cfssl binaries\ncfssl_group: \"root\"\n\n# Operating system on which \"cfssl/cfssljson\" should run on\ncfssl_os: \"linux\" # use \"darwin\" for MacOS X, \"windows\" for Windows\n\n# Processor architecture \"cfssl/cfssljson\" should run on\ncfssl_arch: \"amd64\" # the only supported architecture at the moment\n```\n\n## Testing\n\nThis role has a small test setup that is created using [molecule](https://github.com/ansible-community/molecule). To run the tests follow the molecule [install guide](https://molecule.readthedocs.io/en/latest/installation.html). Also ensure that a Docker daemon runs on your machine.\n\nAssuming [Docker](https://www.docker.io) is already installed you need at least two Python packages:\n\n```bash\npip3 install --user molecule\npip3 install --user molecule-docker\n```\n\nAfterwards molecule can be executed:\n\n```bash\nmolecule converge\n```\n\nThis will setup some Docker container with Ubuntu 18.04/20.04 and Debian 10/11 with `cfssl` installed.\n\nTo clean up run\n\n```bash\nmolecule destroy\n```\n\n## Example Playbook\n\n```yaml\n- hosts: cfssl-hosts\n  roles:\n    - githubixx.cfssl\n```\n\n## License\n\nGNU GENERAL PUBLIC LICENSE Version 3\n\n## Author Information\n\n[http://www.tauceti.blog](http://www.tauceti.blog)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithubixx%2Fansible-role-cfssl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgithubixx%2Fansible-role-cfssl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithubixx%2Fansible-role-cfssl/lists"}