{"id":20238461,"url":"https://github.com/smallstep/ansible-collection-agent","last_synced_at":"2026-05-05T01:36:03.208Z","repository":{"id":207035278,"uuid":"670315165","full_name":"smallstep/ansible-collection-agent","owner":"smallstep","description":"An Ansible Collection for installing the smallstep agent","archived":false,"fork":false,"pushed_at":"2024-04-16T17:19:10.000Z","size":61,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-01-14T01:14:59.162Z","etag":null,"topics":["agent","ansible","ansible-collection","ansible-playbook","ansible-role","automation","pki","smallstep"],"latest_commit_sha":null,"homepage":"https://smallstep.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/smallstep.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-07-24T19:17:17.000Z","updated_at":"2023-11-13T22:48:22.000Z","dependencies_parsed_at":null,"dependency_job_id":"2d593b90-9e68-4fcc-b68e-71e935215a1f","html_url":"https://github.com/smallstep/ansible-collection-agent","commit_stats":null,"previous_names":["smallstep/ansible-collection-agent"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallstep%2Fansible-collection-agent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallstep%2Fansible-collection-agent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallstep%2Fansible-collection-agent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallstep%2Fansible-collection-agent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/smallstep","download_url":"https://codeload.github.com/smallstep/ansible-collection-agent/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241685556,"owners_count":20003102,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","ansible","ansible-collection","ansible-playbook","ansible-role","automation","pki","smallstep"],"created_at":"2024-11-14T08:34:17.597Z","updated_at":"2026-05-05T01:35:58.185Z","avatar_url":"https://github.com/smallstep.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ansible Collection - smallstep.agent\n\nThis collection provides the `smallstep.agent.install`, `smallstep.agent.configure` roles and `smallstep.agent.install_step_agent` playbook which can be used to install and configure the [Smallstep Agent](https://smallstep.com) on your servers. It uses the [smallstep.sigstore](https://github.com/smallstep/ansible-collection-sigstore) collection to verify the [Sigstore](https://sigstore.dev/) signatures which Smallstep uses to sign our software artifacts for binary installs only.\n\nFor Fedora, EL, Debian and Ubuntu installs, it will default to using our system packages (RPM and Deb) over installing the binary. Please note the binary install only installs the binary. It does not install all of the other supporting files (systemd unit, polkit policy rules etc..) and we highly recommend that you use the officially supported Linux distributions below with the system packages.\n\nThis collection currently supports:\n\n* Fedora (Current Releases)\n* Enterprise Linux (RHEL, CentOS Stream, Rocky Linux, Alma Linux, etc)\n* Ubuntu (Current Stable and LTS releases)\n* Debian (Current Releases)\n\n## Requirements\n\n* `ansible-galaxy collection install smallstep.sigstore` on control node\n* Python 3.8 or greater on servers\n* `pip` installed on servers\n* `pip install sigstore` on servers that are using the binary install\n\n## Role: smallstep.agent.install\n\n### smallstep.agent.install Role variables\n\n```yaml\nsmallstep_agent_version: # (Optional) Format: v0.0.1. Default: latest version\nsmallstep_agent_download_url: # (Optional) Default: https://dl.smallstep.com/step-agent-plugin\n```\n\n## Role: smallstep.agent.configure\n\n### smallstep.agent.configure Role variables\n\n```yaml\nsmallstep_api_token: eyJhb...\nsmallstep_collections:\n - collection_slug: hotdog-staging\n display_name: \"Hotdog App staging\"\n admin_emails:\n - jdoss@smallstep.com\n device_type:\n aws_vm:\n disable_custom_sans: False\n accounts:\n - \"123456789011\"\n state: present\nsmallstep_workloads:\n - admin_emails:\n - jdoss@smallstep.com\n display_name: Hotdog App Nginx\n collection_slug: hotdog-staging\n workload_slug: \"hotdog-nginx-staging\"\n workload_type: nginx\n state: present\nsmallstep_collection_instances:\n - instance_id: i-0d69ab001748ab4444\n collection_slug: \"{{ smallstep_collection }}\"\n instance_metadata:\n name: stage-001\n role: nginx\n location: us-east-2\n state: present\n```\n\n### Example Playbook\n\nHere's an example playbook for Enterprise Linux based servers. (Fedora, RHEL, CentOS Stream, Rocky Linux, Alma Linux, etc) on AWS:\n\n```yaml\n---\n- hosts: all\n become: True\n\n collections:\n - smallstep.sigstore\n - smallstep.cli\n - smallstep.agent\n\n pre_tasks:\n - name: Make sure the current version of pip is installed.\n dnf:\n name: python3-pip\n state: latest\n\n roles:\n - role: smallstep.cli.install\n - role: smallstep.agent.install\n - role: smallstep.agent.configure\n vars:\n smallstep_api_token: eyJhb...\n smallstep_collection: \"hotdog-staging\"\n smallstep_collections:\n - collection_slug: \"{{ smallstep_collection }}\"\n display_name: \"Hotdog App staging\"\n admin_emails:\n - jdoss@smallstep.com\n device_type:\n aws_vm:\n disable_custom_sans: False\n accounts:\n - \"123456789011\"\n state: present\n smallstep_workloads:\n - admin_emails:\n - jdoss@smallstep.com\n device_metadata_key_sans:\n - Name\n display_name: Hotdog Staging Nginx\n hooks:\n renew:\n after: [\"echo done\"]\n before: [\"echo start\"]\n on_error: [\"echo failed\"]\n shell: \"/bin/bash\"\n sign:\n after: [\"echo done\"]\n before: [\"echo start\"]\n on_error: [\"echo failed\"]\n shell: \"/bin/bash\"\n key_info:\n format: \"DEFAULT\"\n type: \"DEFAULT\"\n reload_info:\n method: \"DBUS\"\n unit_name: \"nginx.service\"\n collection_slug: \"{{ smallstep_collection }}\"\n workload_slug: \"hotdog-nginx-staging\"\n static_sans:\n - staging.hotdog.app\n - staging.nginx.hotdog.app\n - nginx.hotdog.app\n workload_type: nginx\n state: present\n - admin_emails:\n - jdoss@smallstep.com\n certificate_info:\n crt_file: \"/etc/redis/tls/redis.crt\"\n duration: \"24h0m0s\"\n gid: 1001\n key_file: \"/etc/redis/tls/redis.key\"\n type: \"X509\"\n uid: 1001\n device_metadata_key_sans:\n - Name\n display_name: Hotdog Staging Redis\n hooks:\n renew:\n after: [\"echo done\"]\n before: [\"echo start\"]\n on_error: [\"echo failed\"]\n shell: \"/bin/bash\"\n sign:\n after: [\"echo done\"]\n before: [\"echo start\"]\n on_error: [\"echo failed\"]\n shell: \"/bin/bash\"\n key_info:\n format: \"DEFAULT\"\n type: \"DEFAULT\"\n reload_info:\n method: \"DBUS\"\n unit_name: \"redis.service\"\n collection_slug: \"{{ smallstep_collection }}\"\n workload_slug: \"hotdog-staging-redis\"\n static_sans:\n - staging.hotdog.app\n - staging.redis.hotdog.app\n - redis.hotdog.app\n workload_type: redis\n state: present\n smallstep_collection_instances:\n - instance_id: i-0d69ab001748ab4444\n collection_slug: \"{{ smallstep_collection }}\"\n instance_metadata:\n name: stage-001\n role: staging\n location: us-east-2\n smallstep_collection: \"{{ smallstep_collection }}\"\n state: present\n - instance_id: i-0d69ab001748a5555\n collection_slug: \"{{ smallstep_collection }}\"\n instance_metadata:\n name: stage-002\n role: staging\n location: us-east-2\n smallstep_collection: \"{{ smallstep_collection }}\"\n state: present\n - instance_id: i-0d69ab001748a6666\n collection_slug: \"{{ smallstep_collection }}\"\n instance_metadata:\n name: stage-003\n role: staging\n location: us-east-2\n smallstep_collection: \"{{ smallstep_collection }}\"\n state: present\n```\n\n## Playbook: smallstep.agent.install_step_agent\n\nAssuming you have the requirements listed above, run this collection playbook to install the most recent version of `step-agent-plugin`.\n\n### Install the most recent version of step agent\n\n```bash\nansible-playbook smallstep.agent.install_step_agent -i ansible_inventory`\n```\n\n## Local development\n\n### Setup Ansible Collections workspace\n\nIn your source code directory do the following:\n\n```bash\nmkdir ansible_collections\ncd ansible_collections\ngit git@github.com:smallstep/ansible-collection-cli.git smallstep/cli\ngit clone git@github.com:smallstep/ansible-collection-sigstore.git smallstep/sigstore\ngit clone git@github.com:ansible-collections/ansible.windows.git ansible/windows\ncd smallstep/cli\n```\n\nThen make your changes and then run the `ansible-test` commands in the Testing section.\n\n## Testing\n\n### ansible-test sanity\n\n```bash\nansible-test sanity --docker --skip-test validate-modules\n```\n\n### ansible-test integration\n\n```bash\nansible-test integration --docker\n```\n\n## Local install\n\n### Install the collection dependencies\n\n```bash\nansible-galaxy collection install git+https://github.com/smallstep/ansible-collection-sigstore.git\nansible-galaxy collection install git+https://github.com/smallstep/ansible-collection-cli.git\nansible-galaxy collection install ansible.windows # Only needed for Windows installs (Untested!!)\n```\n\n### Install the smallstep.agent collection\n\n```bash\nansible-galaxy collection build --output-path /tmp --force\nansible-galaxy collection install /tmp/smallstep-agent-0.0.1.tar.gz --force\n```\n\n### Symlink your development env to\n\n```bash\nln -s /path/to/development/ansible_collections/smallstep/agent ~/.ansible/collections/ansible_collections/smallstep/agent\n```\n\n## Local uninstall or remove symlink\n\n```bash\nrm -rf ~/.ansible/collections/ansible_collections/smallstep/agent/\n```\n\n## License\n\n[Apache License Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)\n\nCopyright 2023 Smallstep Labs Inc.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmallstep%2Fansible-collection-agent","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsmallstep%2Fansible-collection-agent","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmallstep%2Fansible-collection-agent/lists"}