damex.incus.incus_certificate module – Ensure Incus certificate
Note
This module is part of the damex.incus collection (version 1.6.1).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install damex.incus.
To use it in a playbook, specify: damex.incus.incus_certificate.
Synopsis
Add, update, and remove trusted certificates in the Incus trust store via the Incus REST API.
Certificates are identified by their friendly name.
Cluster-wide resource — not scoped to a project.
Parameters
Parameter |
Comments |
|---|---|
PEM-encoded client certificate to add. Required when creating a new trust store entry. Ignored on update. |
|
Path to the client certificate for remote authentication. Requires |
|
Path to the client key for remote authentication. Requires |
|
Friendly name for the certificate in the trust store. |
|
Whether the certificate is restricted to specific projects. Choices:
|
|
Path to the server certificate for remote verification. Requires |
|
Path to the Incus Unix socket for local connections. Default: |
|
Desired state of the certificate. Choices:
|
|
Token for remote authentication. Requires |
|
Certificate type. Choices:
|
|
URL of the remote Incus server (e.g. https://host:8443). If specified, connects via HTTPS instead of Unix socket. |
|
Whether to validate the server TLS certificate. Choices:
|
|
Whether to wait for async operations to complete before returning. Set to Choices:
|
Examples
- name: Add client certificate
damex.incus.incus_certificate:
name: ansible
certificate: "{{ lookup('file', '/etc/incus/client.crt') }}"
- name: Add restricted certificate
damex.incus.incus_certificate:
name: ci-runner
certificate: "{{ lookup('file', 'ci.crt') }}"
restricted: true
projects:
- default
- staging
- name: Remove certificate
damex.incus.incus_certificate:
name: old-client
state: absent