maxhoesel.smallstep.step_bootstrap_host role – Install step-cli
on a host and configure it to trust your CA.
Note
This role is part of the maxhoesel.smallstep collection (version 0.24.5).
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it use: ansible-galaxy collection install maxhoesel.smallstep
.
To use it in a playbook, specify: maxhoesel.smallstep.step_bootstrap_host
.
Entry point main
– Install step-cli
on a host and configure it to trust your CA.
Synopsis
This is intended as a one-stop role that sets up all the components neccessary for using
step-cli
on a given host.This role will perform the following steps:
Install
step-cli
if required (using the step_cli role)Install the CA root cert into the system trust store
Configure the root user to automatically connect to your CA when running
step-cli
Requirements:
Root access using
become: yes
or equivalent
Supported distributions:
Ubuntu 18.04 LTS or newer
Debian 10 or newer
Fedora 36 or newer
A CentOS-compatible distribution like RockyLinux/AlmaLinux 8 or newer. RockyLinux is used for testing
Parameters
Parameter |
Comments |
---|---|
URL of the step-ca CA Example: |
|
Fingerprint of the CA root cert This is used to verify the authenticity of the remote CA |
|
Whether to force bootstrapping of the CA configuration. If true, will cause an overwrite of any existing CA configuration, including root certificate. This should only be used in exceptional circumstances, such as when changing the CA or CA URL. Applies to all users Choices:
|
|
Whether to install the CA cert into the system root trust store(s) If set to false, this role only installs Choices:
|
|
List of users that You can optionally set a custom Note that this role does *not* alter the users environment variables to load the custom ⚠️ Deprecated ⚠️ If step_bootstrap_users only contains Default: |
|
What to name and where to put the Can be an absolute path (make sure that the parent directory is in If this executable is not found and step_cli_executable is a path, the executable will be installed there If this executable is not found and step_cli_executable is a name, the executable will be installed at step_cli_install_dir with the given name Default: |
|
Whether to install the Set this to Choices:
|
|
Used if the binary defined by step_cli_executable is not found on the system and step_cli_executable contains a executable name Sets the directory to install step_cli_executable into The directory must already exist Ignored if step_cli_executable contains a directory already Default: |
|
Set the version of step to install Can be a version tag (e.g. It is highly recommended that your cli version matches the collection version (e.g. if you are using the collection version Note that the role will query the GitHub API if this value is set to Default: |