EasyRSA – Make a certificate and copy to ansible staging dir

I use this script on my CA server to create a certificate for each new server we provision. This allows our internal PKI to function.

This script creates a certificate then copies it to the Ansible server where is can be deployed to the destination host

Obviously you’ll need to take the necessary precautions around key security

ISSUE_NAME=$1.domain.local

cd /home/admin/EasyRSA-3.0.5/
/home/admin/EasyRSA-3.0.5/easyrsa build-server-full $ISSUE_NAME nopass
ssh edpk-ansible..local 'mkdir -p /home/admin/ansible/files/'$1'/'
scp /home/admin/EasyRSA-3.0.5/pki/issued/$ISSUE_NAME.crt edpk-ansible..local:/home/admin/ansible/files/$1/$1.crt
scp /home/admin/EasyRSA-3.0.5/pki/private/$ISSUE_NAME.key edpk-ansible..local:/home/admin/ansible/files/$1/$1.key
cd ~

Ubuntu interfaces file examples

Example 1 – Includes some static routes and manually specified IP’s

auto lo
iface lo inet static
address 103.90.59.9/32

auto ens3
iface ens3 inet static
address 172.2.1.17
network 172.2.1.0
netmask 255.255.254.0
up route add -net 172.2.0.0 netmask 255.255.0.0 gw 172.2.1.1
up route add -net 172.2.0.0 netmask 255.255.0.0 gw 172.2.1.1

iface ens3 inet6 static
address 2405:cc:ee:110::7
netmask 64
autoconf 0
accept_ra 0
gateway 2405:cc:ee:110:ff:ff

auto ens4
iface ens4 inet static
address 172.23.2.12
network 172.23.2.0
netmask 255.255.255.0
gateway 172.23.2.254

source /etc/network/interfaces.d/*.cfg