hyperledger / hyperledger.fabric_ansible_collection / 2.0.7 / module / certificate_authority Manage a Hyperledger Fabric certificate authority Authors: Simon Stone (@sstone1) preview | supported by communityhyperledger.fabric_ansible_collection.certificate_authority (2.0.7) — module
Install with ansible-galaxy collection install hyperledger.fabric_ansible_collection:==2.0.7
collections: - name: hyperledger.fabric_ansible_collection version: 2.0.7
Create, update, or delete a Hyperledger Fabric certificate authority.
This module works with the IBM Support for Hyperledger Fabric software or the Hyperledger Fabric Open Source Stack running in a Red Hat OpenShift or Kubernetes cluster.
- name: Create certificate authority hyperledger.fabric_ansible_collection.certificate_authority: state: present api_endpoint: https://console.example.org:32000 api_authtype: basic api_key: xxxxxxxx api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name: Org1 CA config_override: ca: registry: maxenrollments: -1 identities: - name: admin pass: adminpw type: client maxenrollments: -1 attrs: hf.Registrar.Roles: "*" hf.Registrar.DelegateRoles: "*" hf.Revoker: true hf.IntermediateCA: true hf.GenCRL: true hf.Registrar.Attributes: "*" hf.AffiliationMgr: true
- name: Create certificate authority with custom resources and storage hyperledger.fabric_ansible_collection.certificate_authority: state: present api_endpoint: https://console.example.org:32000 api_authtype: basic api_key: xxxxxxxx api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name: Org1 CA config_override: ca: registry: maxenrollments: -1 identities: - name: admin pass: adminpw type: client maxenrollments: -1 attrs: hf.Registrar.Roles: "*" hf.Registrar.DelegateRoles: "*" hf.Revoker: true hf.IntermediateCA: true hf.GenCRL: true hf.Registrar.Attributes: "*" hf.AffiliationMgr: true resources: ca: requests: cpu: 200m memory: 400M storage: ca: size: 40Gi class: ibmc-file-gold
- name: Create certificate authority that uses an HSM hyperledger.fabric_ansible_collection.certificate_authority: state: present api_endpoint: https://console.example.org:32000 api_authtype: basic api_key: xxxxxxxx api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name: Org1 CA config_override: ca: registry: maxenrollments: -1 identities: - name: admin pass: adminpw type: client maxenrollments: -1 attrs: hf.Registrar.Roles: "*" hf.Registrar.DelegateRoles: "*" hf.Revoker: true hf.IntermediateCA: true hf.GenCRL: true hf.Registrar.Attributes: "*" hf.AffiliationMgr: true hsm: pkcs11endpoint: tcp://pkcs11-proxy.example.org:2345 label: Org1 CA label pin: 12345678
- name: Destroy certificate authority hyperledger.fabric_ansible_collection.certificate_authority: state: absent api_endpoint: https://console.example.org:32000 api_authtype: basic api_key: xxxxxxxx api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name: Org1 CA
hsm: description: - 'The PKCS #11 compliant HSM configuration to use for the certificate authority.' suboptions: label: description: - The HSM label that the certificate authority should use. type: str pin: description: - The HSM pin that the certificate authority should use. type: str pkcs11endpoint: description: - The HSM proxy endpoint that the certificate authority should use. type: str type: dict name: description: - The name of the certificate authority. required: true type: str zone: description: - The Kubernetes zone for this certificate authority. - If you do not specify a Kubernetes zone, and multiple Kubernetes zones are available, then a random Kubernetes zone will be selected for you. - 'See the Kubernetes documentation for more information: https://kubernetes.io/docs/setup/best-practices/multiple-zones/' type: str state: choices: - absent - present default: present description: - C(absent) - A certificate authority matching the specified name will be stopped and removed. - C(present) - Asserts that a certificate authority matching the specified name and configuration exists. If no certificate authority matches the specified name, a certificate authority will be created. If a certificate authority matches the specified name but the configuration does not match, then the certificate authority will be updated, if it can be. If it cannot be updated, it will be removed and re-created with the specified configuration. type: str api_key: description: - The API key for the Fabric operations console. required: true type: str storage: description: - The Kubernetes storage configuration for the certificate authority. suboptions: ca: description: - The Kubernetes storage configuration for the certificate authority container. suboptions: class: description: - The Kubernetes storage class for the the Kubernetes persistent volume claim for the certificate authority container. - By default, the Kubernetes storage class for the Fabric operations console is used. type: str size: default: 20Gi description: - The size of the Kubernetes persistent volume claim for the certificate authority container. type: str type: dict type: dict version: description: - The version of Hyperledger Fabric to use for this certificate authority. - If you do not specify a version, the default Hyperledger Fabric version will be used for a new certificate authority. - If you do not specify a version, an existing certificate authority will not be upgraded. - If you specify a new version, an existing certificate authority will be automatically upgraded. - The version can also be specified as a version range specification, for example C(>=2.2,<3.0), which will match Hyperledger Fabric v2.2 and greater, but not Hyperledger Fabric v3.0 and greater. - 'See the C(semantic_version) Python module documentation for more information: https://python-semanticversion.readthedocs.io/en/latest/reference.html#semantic_version.SimpleSpec' type: str replicas: description: - The number of replicas that the Kubernetes deployment should have for this certificate authority. - If you want to use more than one replica, you must also use PostgreSQL as the database for this certificate authority. type: int resources: description: - The Kubernetes resource configuration for the certificate authority. suboptions: ca: description: - The Kubernetes resource configuration for the certificate authority container. suboptions: requests: description: - The Kubernetes resource requests for the certificate authority container. suboptions: cpu: default: 100m description: - The Kubernetes CPU resource request for the certificate authority container. type: str memory: default: 200M description: - The Kubernetes memory resource request for the certificate authority container. type: str type: str type: dict type: dict api_secret: description: - The API secret for the Fabric operations console. - Only required when I(api_authtype) is C(basic). type: str api_timeout: default: 60 description: - The timeout, in seconds, to use when interacting with the Fabric operations console. type: int api_authtype: description: - C(basic) - Authenticate to the Fabric operations console using basic authentication. You must provide both a valid API key using I(api_key) and API secret using I(api_secret). required: true type: str api_endpoint: description: - The URL for the Fabric operations console. required: true type: str wait_timeout: default: 60 description: - The timeout, in seconds, to wait until the certificate authority is available. type: int config_override: description: - The configuration overrides for the root certificate authority and the TLS certificate authority. - If configuration overrides are provided for the root certificate authority, but not the TLS certificate authority, then the configuration overrides for the root certificate authority will be copied for the TLS certificate authority. suboptions: ca: description: - The configuration overrides for the root certificate authority. - 'See the Hyperledger Fabric documentation for available options: https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/serverconfig.html' type: dict tlsca: description: - The configuration overrides for the TLS certificate authority. - 'See the Hyperledger Fabric documentation for available options: https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/serverconfig.html' type: dict type: dict
certificate_authority: contains: api_url: description: - The URL for the API of the certificate authority. sample: https://org1ca-api.example.org:32000 type: str ca_name: description: - The certificate authority name to use for enrollment requests. sample: ca type: str ca_url: description: - The URL for the API of the certificate authority. sample: https://org1ca-api.example.org:32000 type: str location: description: - The location of the certificate authority. sample: ibmcloud type: str name: description: - The name of the certificate authority. sample: Org1 CA type: str operations_url: description: - The URL for the operations service of the certificate authority. sample: https://org1ca-operations.example.org:32000 type: str pem: description: - The TLS certificate chain for the certificate authority. - The TLS certificate chain is returned as a base64 encoded PEM. sample: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t... type: str tls_cert: description: - The TLS certificate chain for the certificate authority. - The TLS certificate chain is returned as a base64 encoded PEM. sample: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t... type: str tlsca_name: description: - The certificate authority name to use for TLS enrollment requests. sample: tlsca type: str description: - The certificate authority. returned: when I(state) is C(present) type: dict