Ansible Integration Guide

Prerequisites

Before beginning, ensure the following:

  • You have Ansible 2.9+ installed on your Linux/Mac system.
  • You have SSH access to Linux target machines or WinRM access to Windows machines.
  • Python and pip are installed on the control node.
  • Ansible Vault password is known (for encrypted files).

Step-by-Step Guide

  1. Extract the Ansible.zip
    • unzip Ansble.zip
    cd CLMAnsible
  2. Populate the Inventory File
    • Edit the inventory/hosts file to define your targets.
    • Linux Example:
      • Populate the Inventory File (Linux)
    • Windows Example:
      • Populate the Inventory File for Windows
  3. Encrypt the Inventory File and the API Credentials file(Optional but Recommended) 
    ansible-vault encrypt inventory/hosts
    ansible-vault encrypt vars/api_credentials.yml
  4. Fill in Certificate Details
    • Open vars/cert_config.yml and fill in required certificate attributes like Certificate template, common name, key length etc.
  5. Test Machine Connectivity

    For Linux Machines:

    ansible linux -m ping -i inventory/hosts --ask-vault-pass
    sudo ssh -i /root/.ssh/id_rsa root@s

    For Windows Machines:

    ansible -i inventory/hosts windows -m win_ping
  6. Run the Playbook (Interactive Prompt) 
    ansible-playbook -i inventory/hosts certificate_playbook.yml --ask-vault-pass

    This will ask what operation you want to perform: enroll, renew, view the status of the previously issued certificates, or download.

  7. Run Specific Operations

    Enroll a new certificate:

    ansible-playbook -i inventory/hosts certificate_playbook.yml --ask-vault-pass -e "operation=generate"

    Renew a certificate using serial number:

    ansible-playbook -i inventory/hosts certificate_playbook.yml --ask-vault-pass -e "operation=renew serial_number="

    View the certificate status:

    ansible-playbook -i inventory/hosts certificate_playbook.yml --ask-vault-pass -e "operation=view"

    Download a certificate:

    ansible-playbook -i inventory/hosts certificate_playbook.yml --ask-vault-pass -e "operation=download"
  8. Customize Certificate Request (Optional)

    You can override any field at runtime:

    ansible-playbook -i inventory/hosts certificate_playbook.yml --ask-vault-pass -e "common_name=example.org organization='Example_Test'"
  9. Check Logs

    All logs will be saved to:

    logs/ansible-execution.log