Deployment model
The solution components are required on different nodes in the target environment. Within an environment controlled by Ansible you can identify two main kinds of nodes:
-
Control node: The node where the user invokes Ansible on a playbook
-
Managed node: The target for the execution of the tasks in a playbook or role
An additional node is represented by the Sectigo API Service.
While each user environment is different, these kinds of nodes can be used as basic elements of the deployment model.
The managed nodes server01, server02, and server03 are the servers defined in the Inventory.
Control node
The control node hosts the example playbook and the example role. Ansible must be installed on the control node. The node requires SSH access to the set of managed nodes defined in the inventory.
Managed nodes
The certificate issuance module and the Sectigo Python client will be running on the managed nodes. Ansible ensures that the module code is delivered to each managed node. It is up to the user playbook or role to set up all the module prerequisites on each managed node—this is usually accomplished with tasks in the playbook or role that installs all the module prerequisites on the target host. The managed nodes will also require access to the internet to contact the Sectigo REST API.
Each certificate is delivered on each managed node.
| The connection to the internet is rarely direct. Often an HTTP proxy is restricting access to a limited set of hosts. In such cases, the Sectigo REST API endpoints must be allowed by the proxy configuration. |
