Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The parameter conjur_ssl_certificate requires cert as a string, not a file. #4

Open
jvanderhoof opened this issue Mar 14, 2018 · 1 comment
Open

The parameter conjur_ssl_certificate requires cert as a string, not a file. #4

jvanderhoof opened this issue Mar 14, 2018 · 1 comment

Comments

@jvanderhoof
Copy link
Contributor

When using the role, I got tripped up trying to pass a file path to a cert rather than the contents of the cert. I was able to resolve this issue with the following:

- role: cyberark.conjur-host-identity
  ...
  conjur_ssl_certificate: "{{ lookup('file', '/src/certs/ca.crt') }}"
  ...

I also ran into an issue where I initially uploaded the Conjur Master CRT file rather than the CA CRT. This results in a connection error when conjur_validate_certs=True.

I'd like to propose a few a couple of changes:

  • Rename conjur_ssl_certificate to conjur_ca_certificate
  • Add conjur_ca_certificate_path, which takes a path to the CA certificate.
@mdzieciol
Copy link

I think you have already solved this problem on your own, but without changing anything in playbooks you can do the workaround bypassing file by lookup method:
conjur_ssl_certificate: "{{lookup('file', '../../conjur.pem')}}"

Or change the method of coping string to file in identity.yml to copying the file to file by changing "content" to "src" directive.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jvanderhoof @mdzieciol