solace_cert_authority – certificate authority

Allows addition, removal and configuration of certificate authority objects on Solace Brokers in an idempotent manner.

Supports only standalone brokers. The Solace Cloud API is not supported, use solace_client_cert_authority or solace_domain_cert_authority instead.

Examples

hosts: all
gather_facts: no
any_errors_fatal: true
collections:
- solace.pubsub_plus
module_defaults:
  solace_cert_authority:
    host: "{{ sempv2_host }}"
    port: "{{ sempv2_port }}"
    secure_connection: "{{ sempv2_is_secure_connection }}"
    username: "{{ sempv2_username }}"
    password: "{{ sempv2_password }}"
    timeout: "{{ sempv2_timeout }}"
    solace_cloud_api_token: "{{ SOLACE_CLOUD_API_TOKEN if broker_type=='solace_cloud' else omit }}"
    solace_cloud_service_id: "{{ solace_cloud_service_id | default(omit) }}"
tasks:
  - name: set files
    set_fact:
      cert_key_file: ./tmp/key.pem
      cert_file: ./tmp/cert.pem

  - name: generate certificate
    command: >
      openssl req
      -x509
      -newkey
      rsa:4096
      -keyout {{ cert_key_file }}
      -out {{ cert_file }}
      -days 365
      -nodes
      -subj "/C=UK/ST=London/L=London/O=Solace/OU=Org/CN=www.example.com"

  - name: add
    solace_cert_authority:
      name: foo
      settings:
        certContent: "{{ lookup('file', cert_file) }}"
        revocationCheckEnabled: false
      state: present

  - name: remove
    solace_cert_authority:
      name: foo
      state: absent

Notes

Note

See Also

See also

Parameters

host (optional)

Hostname of Solace Broker.

type: str
default: localhost
name (required)

The name of the Certificate Authority. Maps to ‘certAuthorityName’ in the Sempv2 API.

type: str
password (optional)

Administrator password for Solace Broker.

type: str
default: admin
port (optional)

Management port of Solace Broker.

type: int
default: 8080
reverse_proxy (optional)

Use a reverse proxy / api gateway. Note: Experimental. Not permitted for Solace Cloud API.

type: dict
headers (optional)

Additional headers to add to the http call. Example: ‘apiKey: {my-api-key}’.

type: dict
x-asc-module (optional)

Flag for the module to add the header ‘x-asc-module:{module-name}’ to the http call with it’s module name.

type: bool
default: False
x-asc-module-op (optional)

Flag for the module to add the header ‘x-asc-module-op:{module operation}’ to the http call with the module’s operation.

type: bool
default: False
query_params (optional)

Additional query paramters to add to the URL. Example: ‘apiCode: {my-api-code}’.

type: dict
semp_base_path (optional)

Base path prepended to all SEMP calls. Example: ‘my/base/path’. Resulting URL will be: http(s)://{host}:{port}/{semp_base_path}/{module-semp-call-path}

type: str
use_basic_auth (optional)

Flag to use basic authentication in the http(s) call or not. Uses ‘username’/’password’.

type: bool
default: False
secure_connection (optional)

If true, use https rather than http.

type: bool
default: False
sempv2_settings (optional)

JSON dictionary of additional configuration for the SEMP V2 API. See Reference documentation.

type: dict
aliases: settings
state (optional)

Target state.

type: str
default: present
choices: present, absent
timeout (optional)

Connection timeout in seconds for the http request.

type: int
default: 10
username (optional)

Administrator username for Solace Broker.

type: str
default: admin
validate_certs (optional)

Flag to switch validation of client certificates on/off when using a secure connection.

type: bool
default: True
x_broker (optional)

Custom HTTP header with the broker virtual router id, if using a SEMPv2 Proxy/agent infrastructure.

type: str

Return Values

response

The response from the Solace Sempv2 request.

returned: success
type: dict
msg

The response from the HTTP call in case of error.

returned: error
type: dict
rc

Return code. rc=0 on success, rc=1 on error.

returned: always
type: int
sample:
  {
  "error": {
    "rc": 1
  },
  "success": {
    "rc": 0
  }
}