c703dd6056
* Adjust EE tests to ansible-builder 3.0.0.
* Remove other CI workflows.
* Use docker instead of podman...
* Support Rocky Linux 9+.
* Add CentOS Stream 9 to EE tests.
* Fix installation of PyOpenSSL on CentOS/RHEL/Rocky.
* ansible-builder only attempts to install EPEL deps on CentOS.
* Make EPEL also available on Rocky Linux 9, even though ansible-builder will ignore it.
* Make sure cryptography is already installed.
* Try ansible-runner < 2.0.0 for CentOS Stream 8 / RHEL 8.
* Show more info.
* Start restricting transitive dependencies...
* Looks like PyOpenSSL is **broken** on CentOS Stream 9 + EPEL.
* ansible-builder will NOT work with Python 3.6.
use Python 3.9 on RHEL8 / CentOS Stream 8. Manually install cryptography and PyOpenSSL for Python 3.9 as well.
* PyOpenSSL isn't available for Python 3.8 or 3.9.
* Revert "Remove other CI workflows."
This reverts commit
|
||
|---|---|---|
| .azure-pipelines | ||
| .github | ||
| .reuse | ||
| LICENSES | ||
| changelogs | ||
| docs/docsite | ||
| meta | ||
| plugins | ||
| tests | ||
| .gitignore | ||
| CHANGELOG.rst | ||
| CHANGELOG.rst.license | ||
| COPYING | ||
| README.md | ||
| galaxy.yml | ||
README.md
Ansible Community Crypto Collection
Provides modules for Ansible for various cryptographic operations.
You can find documentation for this collection on the Ansible docs site.
Please note that this collection does not support Windows targets.
Tested with Ansible
Tested with the current Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, and ansible-core 2.14 releases and the current development version of ansible-core. Ansible versions before 2.9.10 are not supported.
External requirements
The exact requirements for every module are listed in the module documentation.
Most modules require a recent enough version of the Python cryptography library. See the module documentations for the minimal version supported for each module.
Collection Documentation
Browsing the latest collection documentation will show docs for the latest version released in the Ansible package, not the latest version of the collection released on Galaxy.
Browsing the devel collection documentation shows docs for the latest version released on Galaxy.
We also separately publish latest commit collection documentation which shows docs for the latest commit in the main branch.
If you use the Ansible package and do not update collections independently, use latest. If you install or update this collection directly from Galaxy, use devel. If you are looking to contribute, use latest commit.
Included content
- OpenSSL / PKI modules:
- openssl_csr_info
- openssl_csr
- openssl_dhparam
- openssl_pkcs12
- openssl_privatekey_info
- openssl_privatekey
- openssl_publickey
- openssl_signature_info
- openssl_signature
- x509_certificate_info
- x509_certificate
- x509_crl_info
- x509_crl
- certificate_complete_chain
- OpenSSH modules:
- openssh_cert
- openssh_keypair
- ACME modules:
- acme_account_info
- acme_account
- acme_certificate
- acme_certificate_revoke
- acme_challenge_cert_helper
- acme_inspect
- ECS modules:
- ecs_certificate
- ecs_domain
- Miscellaneous modules:
- get_certificate
- luks_device
You can also find a list of all modules with documentation on the Ansible docs site.
Using this collection
Before using the crypto community collection, you need to install the collection with the ansible-galaxy CLI:
ansible-galaxy collection install community.crypto
You can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml using the format:
collections:
- name: community.crypto
See Ansible Using collections for more details.
Contributing to this collection
We're following the general Ansible contributor guidelines; see Ansible Community Guide.
If you want to clone this repositority (or a fork of it) to improve it, you can proceed as follows:
- Create a directory
ansible_collections/community; - In there, checkout this repository (or a fork) as
crypto; - Add the directory containing
ansible_collectionsto your ANSIBLE_COLLECTIONS_PATH.
See Ansible's dev guide for more information.
Release notes
See the changelog.
Roadmap
We plan to regularly release minor and patch versions, whenever new features are added or bugs fixed. Our collection follows semantic versioning, so breaking changes will only happen in major releases.
Most modules will drop PyOpenSSL support in version 2.0.0 of the collection, i.e. in the next major version. We currently plan to release 2.0.0 somewhen during 2021. Around then, the supported versions of the most common distributions will contain a new enough version of cryptography.
Once 2.0.0 has been released, bugfixes will still be backported to 1.0.0 for some time, and some features might also be backported. If we do not want to backport something ourselves because we think it is not worth the effort, backport PRs by non-maintainers are usually accepted.
In 2.0.0, the following notable features will be removed:
- PyOpenSSL backends of all modules, except
openssl_pkcs12which does not have acryptographybackend due to lack of support of PKCS#12 functionality incryptography. - The
assertonlyprovider ofx509_certificatewill be removed.
More information
- Ansible Collection overview
- Ansible User guide
- Ansible Developer guide
- Ansible Community code of conduct
Licensing
This collection is primarily licensed and distributed as a whole under the GNU General Public License v3.0 or later.
See LICENSES/GPL-3.0-or-later.txt for the full text.
Parts of the collection are licensed under the Apache 2.0 license (plugins/module_utils/crypto/_obj2txt.py and plugins/module_utils/crypto/_objects_data.py), the BSD 2-Clause license (plugins/module_utils/ecs/api.py), the BSD 3-Clause license (plugins/module_utils/crypto/_obj2txt.py), and the PSF 2.0 license (plugins/module_utils/_version.py). This only applies to vendored files in plugins/module_utils/ and to the ECS module utils.
Almost all files have a machine readable SDPX-License-Identifier: comment denoting its respective license(s) or an equivalent entry in an accompanying .license file. Only changelog fragments (which will not be part of a release) are covered by a blanket statement in .reuse/dep5. Right now a few vendored PEM files do not have licensing information as well. This conforms to the REUSE specification up to the aforementioned PEM files.