Ansible – Copy file from node to remote

In this post, I will show you how to read a certificate request file and extract some informations. In the current case, the information is the Subject Alternate Name. If SAN have been specified in the CSR, it will be shown in the message output using a custom XML format.

The module openssl_csr_info is quite new. This module has been introduced with the latest Ansible version (2.8). The documentation is available here.

The following playbook has been tested with a 2048 bits CSR file.

---
- name: Read CSR content
  hosts: mynode
  tasks:
  - name: Read CSR with openssl Ansible module (Ansible 2.8 version min required)
    openssl_csr_info: 
      path: /tmp/myrequest.csr
    register: result

  - name: If SAN exits (previous step output result > 1) print SAN entries using XML
    debug:
      msg: 'MYSANVAR=<SANEntries>
                             {% for result in (result.subject_alt_name | difference(["DNS:"+result.subject["commonName"],"DNS:2048"]))  %}
                                  <SANEntry>
                                       <SubjectAltName>{{ result.split(":")[1] }}</SubjectAltName>
                                  </SANEntry>
                             {% endfor %}
                     </SANEntries>'
    when: result.subject_alt_name | difference(["DNS:"+result.subject["commonName"],"DNS:2048"]) | length > 0

Ansible – Read Certificate request file with the module openssl_csr_info

Leave a Reply

Your email address will not be published. Required fields are marked *