This guide installs step-ca and bootstraps a private certificate authority.
- name: Install step-ca on Debian family
hosts: stepca_debian
become: true
vars:
step_version: "0.27.4"
step_ca_name: "Example Step CA"
step_dns_name: "ca.example.com"
step_address: ":9000"
tasks:
- name: Install dependencies
ansible.builtin.apt:
update_cache: true
name:
- curl
- tar
- openssl
state: present
- name: Download step-ca archive
ansible.builtin.get_url:
url: "https://github.com/smallstep/certificates/releases/download/v{{ step_version }}/step-ca_{{ step_version }}_linux_amd64.tar.gz"
dest: /tmp/step-ca.tar.gz
mode: "0644"
- name: Extract step-ca archive
ansible.builtin.unarchive:
src: /tmp/step-ca.tar.gz
dest: /opt
remote_src: true
- name: Install step-ca binary
ansible.builtin.copy:
src: "/opt/step-ca_{{ step_version }}/bin/step-ca"
dest: /usr/local/bin/step-ca
mode: "0755"
remote_src: true
failed_when: false
- name: Initialize step-ca if missing
ansible.builtin.command: >
step-ca init --name "{{ step_ca_name }}"
--dns "{{ step_dns_name }}"
--address "{{ step_address }}"
--provisioner admin
--password-file /root/stepca-password.txt
args:
creates: /root/.step/config/ca.json
failed_when: false
- name: Install step-ca on RHEL family
hosts: stepca_rhel
become: true
vars:
step_version: "0.27.4"
tasks:
- name: Install dependencies
ansible.builtin.dnf:
name:
- curl
- tar
- openssl
state: present
ansible-playbook -i inventory.ini stepca-install.yml
stepca_debian./root/stepca-password.txt securely before first bootstrap.We develop tailored automation solutions for:
Let’s discuss your requirements: office@linux-server-admin.com | Contact