community.general.java_keystore – Create or delete a Java keystore in JKS format.

From Get docs
Ansible/docs/2.11/collections/community/general/java keystore module


community.general.java_keystore – Create or delete a Java keystore in JKS format.

Note

This plugin is part of the community.general collection (version 2.0.1).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.java_keystore.


Synopsis

  • Create or delete a Java keystore in JKS format for a given certificate.

Requirements

The below requirements are needed on the host that executes this module.

  • openssl
  • keytool

Parameters

Parameter Choices/Defaults Comments

attributes

string

added in 2.3 of ansible.builtin

The attributes the resulting file or directory should have.

To get supported flags look at the man page for chattr on the target system.

This string should contain the attributes in the same order as the one displayed by lsattr.

The = operator is assumed as default, otherwise + or - operators need to be included in the string.


aliases: attr

certificate

string / required

Certificate that should be used to create the key store.

dest

path / required

Absolute path where the jks should be generated.

force

boolean

  • no

  • yes

Key store will be created even if it already exists.

group

string

Name of the group that should own jks file.

mode

raw

Mode the file should be.

name

string / required

Name of the certificate.

owner

string

Name of the user that should own jks file.

password

string / required

Password that should be used to secure the key store.

private_key

string / required

Private key that should be used to create the key store.

private_key_passphrase

string

added in 0.2.0 of community.general

Pass phrase for reading the private key, if required.

selevel

string

The level part of the SELinux file context.

This is the MLS/MCS attribute, sometimes known as the range.

When set to _default, it will use the level portion of the policy if available.

serole

string

The role part of the SELinux file context.

When set to _default, it will use the role portion of the policy if available.

setype

string

The type part of the SELinux file context.

When set to _default, it will use the type portion of the policy if available.

seuser

string

The user part of the SELinux file context.

By default it uses the system policy, where applicable.

When set to _default, it will use the user portion of the policy if available.

unsafe_writes

boolean

added in 2.2 of ansible.builtin

  • no

  • yes

Influence when to use atomic operation to prevent data corruption or inconsistent reads from the target file.

By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target files, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted files, which cannot be updated atomically from inside the container and can only be written in an unsafe manner.

This option allows Ansible to fall back to unsafe methods of updating files when atomic operations fail (however, it doesn't force Ansible to perform unsafe writes).

IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption.



Examples

- name: Create a key store for the given certificate (inline)
  community.general.java_keystore:
    name: example
    certificate: |
      -----BEGIN CERTIFICATE-----
      h19dUZ2co2fI/ibYiwxWk4aeNE6KWvCaTQOMQ8t6Uo2XKhpL/xnjoAgh1uCQN/69
      MG+34+RhUWzCfdZH7T8/qDxJw2kEPKluaYh7KnMsba+5jHjmtzix5QIDAQABo4IB
      -----END CERTIFICATE-----
    private_key: |
      -----BEGIN RSA PRIVATE KEY-----
      DBVFTEVDVFJJQ0lURSBERSBGUkFOQ0UxFzAVBgNVBAsMDjAwMDIgNTUyMDgxMzE3
      GLlDNMw/uHyME7gHFsqJA7O11VY6O5WQ4IDP3m/s5ZV6s+Nn6Lerz17VZ99
      -----END RSA PRIVATE KEY-----
    password: changeit
    dest: /etc/security/keystore.jks

- name: Create a key store for the given certificate (lookup)
  community.general.java_keystore:
    name: example
    certificate: "{{lookup('file', '/path/to/certificate.crt') }}"
    private_key: "{{lookup('file', '/path/to/private.key') }}"
    password: changeit
    dest: /etc/security/keystore.jks

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

cmd

string

changed and failure

Executed command to get action done


Sample:

openssl x509 -noout -in /tmp/cert.crt -fingerprint -sha256

msg

string

changed and failure

Output from stdout of keytool/openssl command after execution of given command or an error.


Sample:

Unable to find the current certificate fingerprint in ...

rc

integer

changed and failure

keytool/openssl command execution return value


Sample:

0




Authors

  • Guillaume Grossetie (@Mogztter)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/general/java_keystore_module.html


Retrieved from "https://getdocs.org/index.php?title=Ansible/docs/2.11/collections/community/general/java_keystore_module&oldid=61858"
Powered by MediaWiki