x509: add new role managed-ca

author: Christian Pointner <equinox@spreadspace.org> 2023-12-20 11:53:07 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2023-12-20 11:53:07 +0100
commit: f0718f3ceceec13a03b54b8d6d0abd2dac929fc3 (patch)
tree: f3ce530f07496f6b35ab1f11155ce96a83abbc26 /inventory/host_vars
parent: rename: x509/ownca to x509/static-ca (diff)
1 files changed, 21 insertions, 1 deletions
diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml
index 50e625fa..de31921f 100644
--- a/inventory/host_vars/ch-testvm-prometheus.yml
+++ b/inventory/host_vars/ch-testvm-prometheus.yml
@@ -38,6 +38,23 @@ ntp_variant: systemd-timesyncd
 
 
 ###
+managed_ca_authorities:
+  foo:
+    key:
+      type: RSA
+      size: 4096
+    cert:
+      common_name: foo CA
+      country_name: "AT"
+      locality_name: "Graz"
+      organization_name: "spreadspace"
+      organizational_unit_name: "ansible"
+      state_or_province_name: "Styria"
+      digest: sha256
+      not_before: +0h
+      not_after: +520w
+
+
 mosquitto_global_config_options:
   per_listener_settings: "true"
 
@@ -47,8 +64,11 @@ mosquitto_listeners:
     hostnames:
     - mqtt.example.com
     tls:
-      certificate_provider: selfsigned
+      certificate_provider: managed-ca
       certificate_config:
+        ca:
+          host: ch-testvm-prometheus
+          name: foo
         cert:
           organization_name: "spreadspace"
           organizational_unit_name: "ansible"
author	Christian Pointner <equinox@spreadspace.org>	2023-12-20 11:53:07 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2023-12-20 11:53:07 +0100
commit	f0718f3ceceec13a03b54b8d6d0abd2dac929fc3 (patch)
tree	f3ce530f07496f6b35ab1f11155ce96a83abbc26 /inventory/host_vars
parent	rename: x509/ownca to x509/static-ca (diff)