This guide installs easy-rsa and bootstraps a private CA workspace.
/opt/easy-rsa- name: Install easy-rsa on Debian family
hosts: easyrsa_debian
become: true
vars:
easyrsa_dir: /opt/easy-rsa
easyrsa_common_name: "Example-Root-CA"
tasks:
- name: Install dependencies
ansible.builtin.apt:
update_cache: true
name:
- easy-rsa
- openssl
state: present
- name: Ensure easy-rsa workspace exists
ansible.builtin.file:
path: "{{ easyrsa_dir }}"
state: directory
mode: "0700"
- name: Copy easy-rsa scripts
ansible.builtin.command: cp -r /usr/share/easy-rsa/* {{ easyrsa_dir }}/
args:
creates: "{{ easyrsa_dir }}/easyrsa"
- name: Initialize PKI
ansible.builtin.command: ./easyrsa init-pki
args:
chdir: "{{ easyrsa_dir }}"
creates: "{{ easyrsa_dir }}/pki"
- name: Build root CA (nopass)
ansible.builtin.command: ./easyrsa --batch --req-cn={{ easyrsa_common_name }} build-ca nopass
args:
chdir: "{{ easyrsa_dir }}"
creates: "{{ easyrsa_dir }}/pki/ca.crt"
- name: Install easy-rsa on RHEL family
hosts: easyrsa_rhel
become: true
vars:
easyrsa_dir: /opt/easy-rsa
easyrsa_common_name: "Example-Root-CA"
tasks:
- name: Install dependencies
ansible.builtin.dnf:
name:
- easy-rsa
- openssl
state: present
- name: Ensure easy-rsa workspace exists
ansible.builtin.file:
path: "{{ easyrsa_dir }}"
state: directory
mode: "0700"
- name: Copy easy-rsa scripts
ansible.builtin.command: cp -r /usr/share/easy-rsa/* {{ easyrsa_dir }}/
args:
creates: "{{ easyrsa_dir }}/easyrsa"
- name: Initialize PKI
ansible.builtin.command: ./easyrsa init-pki
args:
chdir: "{{ easyrsa_dir }}"
creates: "{{ easyrsa_dir }}/pki"
- name: Build root CA (nopass)
ansible.builtin.command: ./easyrsa --batch --req-cn={{ easyrsa_common_name }} build-ca nopass
args:
chdir: "{{ easyrsa_dir }}"
creates: "{{ easyrsa_dir }}/pki/ca.crt"
ansible-playbook -i inventory.ini easy-rsa-install.yml
easyrsa_debian.nopass and store passphrase securely).We develop tailored automation solutions for:
Let’s discuss your requirements: office@linux-server-admin.com | Contact