richm · July 20, 2020 17:57 · richm · Jul 20, 2020
diff --git a/gistfile1.txt b/gistfile1.txt
 ---
 - hosts: node.example.com
  become: true
  tasks:
    - name: Copy client key for 802.1x authentication
      copy:
        src: "/srv/data/client.key"
        dest: "/etc/pki/tls/private/client.key"
        mode: 0600

    - name: Copy client certificate for 802.1x authentication
      copy:
        src: "/srv/data/client.crt"
        dest: "/etc/pki/tls/certs/client.crt"

    - name: Copy CA certificate for 802.1x authentication
      copy:
        src: "/srv/data/ca.crt"
        dest: "/etc/pki/ca-trust/source/anchors/ca.crt"

    - include_role:
        name: linux-system-roles.network
      vars:
        network_connections:
          - name: enp1s0
            type: ethernet
            autoconnect: yes
            ip:
              address:
                - 192.0.2.1/24
                - 2001:db8:1::1/64
              gateway4: 192.0.2.1
              gateway6: 2001:db8:1::fffe
              dns:
                - 192.0.2.200
                - 2001:db8:1::ffbb
              dns_search:
                - example.com
            ieee802_1x:
              identity: user_name
              eap: tls
              private_key: "/etc/pki/tls/private/client.key"
              private_key_password: "password"
              client_cert: "/etc/pki/tls/certs/client.crt"
              ca_cert: "/etc/pki/ca-trust/source/anchors/ca.crt"
              domain_suffix_match: example.com
            state: up
	---
	- hosts: node.example.com
	become: true
	tasks:
	- name: Copy client key for 802.1x authentication
	copy:
	src: "/srv/data/client.key"
	dest: "/etc/pki/tls/private/client.key"
	mode: 0600

	- name: Copy client certificate for 802.1x authentication
	copy:
	src: "/srv/data/client.crt"
	dest: "/etc/pki/tls/certs/client.crt"

	- name: Copy CA certificate for 802.1x authentication
	copy:
	src: "/srv/data/ca.crt"
	dest: "/etc/pki/ca-trust/source/anchors/ca.crt"

	- include_role:
	name: linux-system-roles.network
	vars:
	network_connections:
	- name: enp1s0
	type: ethernet
	autoconnect: yes
	ip:
	address:
	- 192.0.2.1/24
	- 2001:db8:1::1/64
	gateway4: 192.0.2.1
	gateway6: 2001:db8:1::fffe
	dns:
	- 192.0.2.200
	- 2001:db8:1::ffbb
	dns_search:
	- example.com
	ieee802_1x:
	identity: user_name
	eap: tls
	private_key: "/etc/pki/tls/private/client.key"
	private_key_password: "password"
	client_cert: "/etc/pki/tls/certs/client.crt"
	ca_cert: "/etc/pki/ca-trust/source/anchors/ca.crt"
	domain_suffix_match: example.com
	state: up