community.general.java_cert – Uses keytool to import/remove key from java keystore (cacerts)
Note
This plugin is part of the community.general collection (version 2.0.1).
To install it use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.java_cert
.
Synopsis
- This is a wrapper module around keytool, which can be used to import/remove certificates from a given java keystore.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
cert_alias string | Imported certificate alias. The alias is used when checking for the presence of a certificate in the keystore. | |
cert_path path | Local path to load certificate from. One of cert_url or cert_path is required to load certificate. | |
cert_port integer | Default: 443 | Port to connect to URL. This will be used to create server URL:PORT. |
cert_url string | Basic URL to fetch SSL certificate from. One of cert_url or cert_path is required to load certificate. | |
executable string | Default: "keytool" | Path to keytool binary if not used we search in PATH for it. |
keystore_create boolean |
| Create keystore if it does not exist. |
keystore_pass string / required | Keystore password. | |
keystore_path path | Path to keystore. | |
keystore_type string | Keystore type (JCEKS, JKS). | |
pkcs12_alias string | Alias in the PKCS12 keystore. | |
pkcs12_password string | Default: "" | Password for importing from PKCS12 keystore. |
pkcs12_path path | Local path to load PKCS12 keystore from. | |
state string |
| Defines action which can be either certificate import or removal. |
trust_cacert boolean added in 0.2.0 of community.general |
| Trust imported cert as CAcert. |
Examples
- name: Import SSL certificate from google.com to a given cacerts keystore community.general.java_cert: cert_url: google.com cert_port: 443 keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts keystore_pass: changeit state: present - name: Remove certificate with given alias from a keystore community.general.java_cert: cert_url: google.com keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts keystore_pass: changeit executable: /usr/lib/jvm/jre7/bin/keytool state: absent - name: Import trusted CA from SSL certificate community.general.java_cert: cert_path: /opt/certs/rootca.crt keystore_path: /tmp/cacerts keystore_pass: changeit keystore_create: yes state: present cert_alias: LE_RootCA trust_cacert: True - name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist community.general.java_cert: cert_url: google.com keystore_path: /tmp/cacerts keystore_pass: changeit keystore_create: yes state: present - name: Import a pkcs12 keystore with a specified alias, create it if it doesn't exist community.general.java_cert: pkcs12_path: "/tmp/importkeystore.p12" cert_alias: default keystore_path: /opt/wildfly/standalone/configuration/defaultkeystore.jks keystore_pass: changeit keystore_create: yes state: present - name: Import SSL certificate to JCEKS keystore community.general.java_cert: pkcs12_path: "/tmp/importkeystore.p12" pkcs12_alias: default pkcs12_password: somepass cert_alias: default keystore_path: /opt/someapp/security/keystore.jceks keystore_type: "JCEKS" keystore_pass: changeit keystore_create: yes state: present
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
cmd string | success | Executed command to get action done. Sample: keytool -importcert -noprompt -keystore |
msg string | success | Output from stdout of keytool command after execution of given command. Sample: Module require existing keystore at keystore_path '/tmp/test/cacerts' |
rc integer | success | Keytool command execution return value. Sample: 0 |
Authors
- Adam Hamsik (@haad)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/general/java_cert_module.html