community / community.general / 1.3.11 / module / java_keystore Create or delete a Java keystore in JKS format. Authors: Guillaume Grossetie (@Mogztter)community.general.java_keystore (1.3.11) — module
Install with ansible-galaxy collection install community.general:==1.3.11
collections: - name: community.general version: 1.3.11
Create or delete a Java keystore in JKS format for a given certificate.
- name: Create a key store for the given certificate (inline) community.general.java_keystore: name: example certificate: | -----BEGIN CERTIFICATE----- h19dUZ2co2fI/ibYiwxWk4aeNE6KWvCaTQOMQ8t6Uo2XKhpL/xnjoAgh1uCQN/69 MG+34+RhUWzCfdZH7T8/qDxJw2kEPKluaYh7KnMsba+5jHjmtzix5QIDAQABo4IB -----END CERTIFICATE----- private_key: | -----BEGIN RSA PRIVATE KEY----- DBVFTEVDVFJJQ0lURSBERSBGUkFOQ0UxFzAVBgNVBAsMDjAwMDIgNTUyMDgxMzE3 GLlDNMw/uHyME7gHFsqJA7O11VY6O5WQ4IDP3m/s5ZV6s+Nn6Lerz17VZ99 -----END RSA PRIVATE KEY----- password: changeit dest: /etc/security/keystore.jks
- name: Create a key store for the given certificate (lookup) community.general.java_keystore: name: example certificate: "{{lookup('file', '/path/to/certificate.crt') }}" private_key: "{{lookup('file', '/path/to/private.key') }}" password: changeit dest: /etc/security/keystore.jks
dest: description: - Absolute path where the jks should be generated. required: true type: path mode: description: - Mode the file should be. required: false type: raw name: description: - Name of the certificate. required: true type: str force: default: 'no' description: - Key store will be created even if it already exists. required: false type: bool group: description: - Name of the group that should own jks file. required: false type: str owner: description: - Name of the user that should own jks file. required: false type: str serole: description: - The role part of the SELinux filesystem object context. - When set to V(_default), it will use the C(role) portion of the policy if available. type: str setype: description: - The type part of the SELinux filesystem object context. - When set to V(_default), it will use the C(type) portion of the policy if available. type: str seuser: description: - The user part of the SELinux filesystem object context. - By default it uses the V(system) policy, where applicable. - When set to V(_default), it will use the C(user) portion of the policy if available. type: str selevel: description: - The level part of the SELinux filesystem object context. - This is the MLS/MCS attribute, sometimes known as the C(range). - When set to V(_default), it will use the C(level) portion of the policy if available. type: str password: description: - Password that should be used to secure the key store. required: true type: str attributes: aliases: - attr description: - The attributes the resulting filesystem object should have. - To get supported flags look at the man page for I(chattr) on the target system. - This string should contain the attributes in the same order as the one displayed by I(lsattr). - The C(=) operator is assumed as default, otherwise C(+) or C(-) operators need to be included in the string. type: str version_added: '2.3' version_added_collection: ansible.builtin certificate: description: - Certificate that should be used to create the key store. required: true type: str private_key: description: - Private key that should be used to create the key store. required: true type: str unsafe_writes: default: false description: - Influence when to use atomic operation to prevent data corruption or inconsistent reads from the target filesystem object. - By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target filesystem objects, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted filesystem objects, which cannot be updated atomically from inside the container and can only be written in an unsafe manner. - This option allows Ansible to fall back to unsafe methods of updating filesystem objects when atomic operations fail (however, it doesn't force Ansible to perform unsafe writes). - IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption. type: bool version_added: '2.2' version_added_collection: ansible.builtin private_key_passphrase: description: - Pass phrase for reading the private key, if required. required: false type: str version_added: 0.2.0 version_added_collection: community.general
cmd: description: Executed command to get action done returned: changed and failure sample: /usr/bin/openssl x509 -noout -in /tmp/user/1000/tmp8jd_lh23 -fingerprint -sha256 type: str msg: description: Output from stdout of keytool/openssl command after execution of given command or an error. returned: changed and failure sample: Unable to find the current certificate fingerprint in ... type: str rc: description: keytool/openssl command execution return value returned: changed and failure sample: '0' type: int