ansible / ansible.builtin / v2.9.18 / module / java_cert Uses keytool to import/remove key from java keystore (cacerts) | "added in version" 2.3 of ansible.builtin" Authors: Adam Hamsik (@haad) preview | supported by communityansible.builtin.java_cert (v2.9.18) — module
pip
Install with pip install ansible==2.9.18
This is a wrapper module around keytool, which can be used to import/remove certificates from a given java keystore.
- name: Import SSL certificate from google.com to a given cacerts keystore java_cert: cert_url: google.com cert_port: 443 keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts keystore_pass: changeit state: present
- name: Remove certificate with given alias from a keystore java_cert: cert_url: google.com keystore_path: /usr/lib/jvm/jre7/lib/security/cacerts keystore_pass: changeit executable: /usr/lib/jvm/jre7/bin/keytool state: absent
- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist java_cert: cert_url: google.com keystore_path: /tmp/cacerts keystore_pass: changeit keystore_create: yes state: present
- name: Import a pkcs12 keystore with a specified alias, create it if it doesn't exist java_cert: pkcs12_path: "/tmp/importkeystore.p12" cert_alias: default keystore_path: /opt/wildfly/standalone/configuration/defaultkeystore.jks keystore_pass: changeit keystore_create: yes state: present
- name: Import SSL certificate to JCEKS keystore java_cert: pkcs12_path: "/tmp/importkeystore.p12" pkcs12_alias: default pkcs12_password: somepass cert_alias: default keystore_path: /opt/someapp/security/keystore.jceks keystore_type: "JCEKS" keystore_pass: changeit keystore_create: yes state: present
state: choices: - absent - present default: present description: - Defines action which can be either certificate import or removal. type: str cert_url: description: - Basic URL to fetch SSL certificate from. - One of C(cert_url) or C(cert_path) is required to load certificate. type: str cert_path: description: - Local path to load certificate from. - One of C(cert_url) or C(cert_path) is required to load certificate. type: path cert_port: default: 443 description: - Port to connect to URL. - This will be used to create server URL:PORT. type: int cert_alias: description: - Imported certificate alias. - The alias is used when checking for the presence of a certificate in the keystore. type: str executable: default: keytool description: - Path to keytool binary if not used we search in PATH for it. type: str pkcs12_path: description: - Local path to load PKCS12 keystore from. type: path version_added: '2.4' version_added_collection: ansible.builtin pkcs12_alias: description: - Alias in the PKCS12 keystore. type: str version_added: '2.4' version_added_collection: ansible.builtin keystore_pass: description: - Keystore password. required: true type: str keystore_path: description: - Path to keystore. type: path keystore_type: description: - Keystore type (JCEKS, JKS). type: str version_added: '2.8' version_added_collection: ansible.builtin keystore_create: description: - Create keystore if it does not exist. type: bool pkcs12_password: default: '' description: - Password for importing from PKCS12 keystore. type: str version_added: '2.4' version_added_collection: ansible.builtin
cmd: description: Executed command to get action done. returned: success sample: keytool -importcert -noprompt -keystore type: str msg: description: Output from stdout of keytool command after execution of given command. returned: success sample: Module require existing keystore at keystore_path '/tmp/test/cacerts' type: str rc: description: Keytool command execution return value. returned: success sample: '0' type: int