91faf6f956
All checks were successful
Lint / lint (pull_request) Successful in 10s
Implements mutual TLS for secure agent-to-agent communication (#806). - scripts/gen_fleet_ca.sh: generate fleet CA (4096-bit RSA, 10-year) - scripts/gen_agent_cert.sh: per-agent cert signed by fleet CA (timmy, allegro, ezra) - agent/a2a_mtls.py: A2AServer requiring client cert verification (CERT_REQUIRED), build_server_ssl_context / build_client_ssl_context helpers, server_from_env() - ansible/roles/fleet_mtls_certs/: distribute CA + per-agent certs to fleet nodes, write /etc/hermes/a2a.env, notify hermes-a2a service on change - ansible/fleet_mtls.yml + ansible/inventory/fleet.ini.example: playbook + example inventory - tests/agent/test_a2a_mtls.py: 11 tests — authorized agent accepted (200/202), self-signed cert rejected, no-cert rejected, lifecycle, env-var wiring Fixes #806 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
18 lines
443 B
YAML
18 lines
443 B
YAML
---
|
|
galaxy_info:
|
|
role_name: fleet_mtls_certs
|
|
author: hermes-agent
|
|
description: >
|
|
Distribute fleet CA and per-agent mTLS certificates to Hermes fleet nodes.
|
|
Part of issue #806 — A2A mutual TLS between fleet agents.
|
|
min_ansible_version: "2.14"
|
|
platforms:
|
|
- name: Debian
|
|
versions: [bookworm, bullseye]
|
|
- name: Ubuntu
|
|
versions: ["22.04", "24.04"]
|
|
- name: EL
|
|
versions: ["8", "9"]
|
|
|
|
dependencies: []
|