debops.pki role creates Ansible local facts on each managed remote
host. These local facts can be used by other Ansible roles as an idempotent
source of PKI-related configuration – they should be accessible from any
playbook executed on that host without the requirement of the
role being a part of it or a role dependency.
The local facts are saved in
ansible_local.pki.* namespace. List of
- Boolean. Can be used to determine if PKI is enabled on a given host. This doesn't mean that a particular PKI realm has a correctly configured set of private keys and certificates.
- Boolean. Specifies if an ACME environment is enabled on a given host, which means that the acme-tiny script is installed and any PKI realm that is not configured otherwise will try to register an ACME certificate.
- Boolean. Specifies that PKI realms configured on a given host will request certificates in internal Certificate Authority.
- Directory where PKI realms are located, by default
- Directory where PKI hooks are located, by default
- Default server realm name configured for this system, should be used as the provider of private key and certificate for a given service.
- Default client realm name configured for this system, should be used as the provider of the CA certificate for a given service.
- List which contains names of all PKI realms that might be present on a given remote host. Contents of the list are never removed, only appended. This list can be used to check on the Ansible playbook/role level if a given PKI realm is available to be used.
The facts listed below are currently static, but are planned to be used in the future for better control over PKI realm directory structure:
- Name of the default certificate symlink located in the PKI realm main directory.
- Name of the default private key symlink located in the PKI realm main directory.
- Name of the default private key and certificate bundle symlink located in the PKI realm main directory.
- Name of the default CA certificate symlink located in the PKI realm main directory.
- Name of the trusted CA chain symlink located in the PKI realm main directory.