No description
Find a file
David Norman 7963279fc2 Generate SHA256 signed certificates for WinRM (#36668)
* Generate SHA256 signed certificates

Vulnerability scanners are increasingly reporting SHA-1 signed certificates as a vulnerability on servers. Before this change, -ForceNewSSLCert generates a signature algorithm that openssl shows as sha1WthRSAEncryption for WinRM port 5986. After, this forces certificates to be signed with SHA256, which openssl shows sha256WithRSAEncryption.

Some example SHA-1 deprecations include:
- https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2017/4010323
- https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/

Also note that RDP 3389 on Windows 2016 also defaults to a SHA256 certificate.

The specifics were merged from a script mod I found at https://gallery.technet.microsoft.com/scriptcenter/PowerShell-script-to-7a0321b7 intended for Exchange. It also includes a mod to add an alternate DNS listing so the cert contains CN=HOSTNAME plus now also an alternative of the FQDN.

I tested this change on Windows 2008R2, 2012R2, and 2016 Datacenter.

* Keep WinRM cert key length at 4096.

* Remove WinRM cert exportpolicy setting.
2018-04-20 09:01:48 +10:00
.github Update Issue & PR templates to make them clearer 2018-04-17 09:52:37 -04:00
bin Normalize usage of temp and tmp on tmp (#36221) 2018-02-15 09:01:02 -08:00
changelogs/fragments Add changelog entry for grafana base64 port 2018-04-17 06:51:59 -07:00
contrib VMware: Support for multiple jinja filters in vmware_inventory (#38173) 2018-04-11 15:50:35 -04:00
docs Fixes for multiline doc descriotions breaking rst formatting 2018-04-19 11:37:37 -07:00
examples Generate SHA256 signed certificates for WinRM (#36668) 2018-04-20 09:01:48 +10:00
hacking [cloud]Add aws_ses_identity_policy module for managing SES sending policies (#36623) 2018-04-05 15:11:12 -04:00
lib/ansible forman as inv plugin 2018-04-19 17:07:47 -04:00
licenses Create a short license for PSF and MIT. (#32212) 2017-11-06 10:25:30 -08:00
packaging README.md was renamed. Fix deb build reference to the README 2018-04-11 11:22:50 -07:00
test Refactor Foreman provider to use simplified img 2018-04-20 00:36:23 +02:00
ticket_stubs Update README.md 2018-03-09 13:53:49 +00:00
.coveragerc Docker image updates for integration tests. (#26054) 2017-06-23 12:45:38 -07:00
.gitattributes avoid exporting files useless to dist 2017-06-23 15:56:43 -04:00
.gitignore Ignore .pytest_cache (#38401) 2018-04-12 09:41:57 -04:00
.gitmodules
.mailmap Fix syntax typo 2017-12-24 12:16:17 +01:00
.yamllint Add module support to yamllint sanity test. (#34964) 2018-01-16 15:08:56 -08:00
ansible-core-sitemap.xml
CHANGELOG.md [cloud]Add aws_ses_identity_policy module for managing SES sending policies (#36623) 2018-04-05 15:11:12 -04:00
CODING_GUIDELINES.md english corrections (#35307) 2018-01-29 21:09:56 -08:00
CONTRIBUTING.md Update CONTRIBUTING.md to point to the right stuff (#32258) 2017-10-27 11:27:25 -04:00
COPYING
docsite_requirements.txt
Makefile Move man pages generations to rst2man (#37861) 2018-03-26 16:28:28 -07:00
MANIFEST.in Convert README from Markdown to ReStructured Text and use as longdesc (#22330) 2018-04-06 12:38:40 -07:00
MODULE_GUIDELINES.md Moving guidelines to the official docs (#32260) 2017-10-27 11:40:42 -04:00
README.rst Upgrade PYPI badge to point to new Warehouse site 2018-04-16 17:16:34 +02:00
RELEASES.txt Add 2.4.3 to releases.txt 2018-01-31 14:56:54 -08:00
requirements.txt Cyptography pr 20566 rebase (#25560) 2017-06-27 06:00:15 -07:00
ROADMAP.rst No hardcoding roadmaps (#32981) 2017-11-16 08:03:10 -08:00
setup.py Suppress a UserWarning about unknown dist option 2018-04-12 23:53:52 +02:00
shippable.yml Rebalance cloud tests into 5 groups. 2018-02-10 00:37:20 -08:00
tox.ini Convert ansible-test compile into a sanity test. 2018-01-25 09:45:36 -08:00
VERSION Update VERSION to match ansible.release (#36212) 2018-02-14 17:59:01 -08:00

|PyPI version| |Docs badge| |Build Status|

*******
Ansible
*******

Ansible is a radically simple IT automation system. It handles
configuration-management, application deployment, cloud provisioning,
ad-hoc task-execution, and multinode orchestration -- including
trivializing things like zero-downtime rolling updates with load
balancers.

Read the documentation and more at https://ansible.com/

You can find installation instructions
`here <https://docs.ansible.com/intro_getting_started.html>`_ for a
variety of platforms.

Most users should probably install a released version of Ansible from ``pip``, a package manager or
our `release repository <https://releases.ansible.com/ansible/>`_. `Officially supported
<https://www.ansible.com/ansible-engine>`_ builds of Ansible are also available. Some power users
run directly from the development branch - while significant efforts are made to ensure that
``devel`` is reasonably stable, you're more likely to encounter breaking changes when running
Ansible this way.

Design Principles
=================

*  Have a dead simple setup process and a minimal learning curve
*  Manage machines very quickly and in parallel
*  Avoid custom-agents and additional open ports, be agentless by
   leveraging the existing SSH daemon
*  Describe infrastructure in a language that is both machine and human
   friendly
*  Focus on security and easy auditability/review/rewriting of content
*  Manage new remote machines instantly, without bootstrapping any
   software
*  Allow module development in any dynamic language, not just Python
*  Be usable as non-root
*  Be the easiest IT automation system to use, ever.

Get Involved
============

*  Read `Community
   Information <https://docs.ansible.com/community.html>`_ for all
   kinds of ways to contribute to and interact with the project,
   including mailing list information and how to submit bug reports and
   code to Ansible.
*  All code submissions are done through pull requests. Take care to
   make sure no merge commits are in the submission, and use
   ``git rebase`` vs ``git merge`` for this reason. If submitting a
   large code change (other than modules), it's probably a good idea to
   join ansible-devel and talk about what you would like to do or add
   first to avoid duplicate efforts. This not only helps everyone
   know what's going on, it also helps save time and effort if we decide
   some changes are needed.
*  Users list:
   `ansible-project <https://groups.google.com/group/ansible-project>`_
*  Development list:
   `ansible-devel <https://groups.google.com/group/ansible-devel>`_
*  Announcement list:
   `ansible-announce <https://groups.google.com/group/ansible-announce>`_
   -- read only
*  irc.freenode.net: #ansible

Branch Info
===========

*  Releases are named after Led Zeppelin songs. (Releases prior to 2.0
   were named after Van Halen songs.)
*  The devel branch corresponds to the release actively under
   development.
*  Various release-X.Y branches exist for previous releases.
*  We'd love to have your contributions, read `Community
   Information <https://docs.ansible.com/community.html>`_ for notes on
   how to get started.

Authors
=======

Ansible was created by `Michael DeHaan <https://github.com/mpdehaan>`_
(michael.dehaan/gmail/com) and has contributions from over 1000 users
(and growing). Thanks everyone!

Ansible is sponsored by `Ansible, Inc <https://ansible.com>`_

License
=======

GNU General Public License v3.0

See `COPYING <COPYING>`_ to see the full text.

.. |PyPI version| image:: https://img.shields.io/pypi/v/ansible.svg
   :target: https://pypi.org/project/ansible
.. |Docs badge| image:: https://img.shields.io/badge/docs-latest-brightgreen.svg
   :target: http://docs.ansible.com/ansible
.. |Build Status| image:: https://api.shippable.com/projects/573f79d02a8192902e20e34b/badge?branch=devel
   :target: https://app.shippable.com/projects/573f79d02a8192902e20e34b