remote file concatenation
875 views
Skip to first unread message
Dave Cottlehuber
Aug 23, 2018, 2:22:55 PM8/23/18
to ansible...@googlegroups.com
hi,
I've 3 files on a remote server after acme let's encrypt dns-01 process, that need to be concatenated in a specific order (private.key intermediate.cert public.cert ) for my TLS proxy, on the same system.
- the assemble module seems ideal but it doesn't enforce order, and it bundles a given directory, not specific files
- using fetch module and jinja ends up with a local copy of a private key which I'd rather avoid
- the easiest option (shell script) is not a way to learn new tricks in ansible :D
Does anybody have suggestions on using some of the new features in loops to achieve this somehow?
https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html
BTW this is what I currently tried; the copy/content block doesn't work yet as I've not figured out the correct way inside a jinja template to use {{ item }} inside the lookup:
- name: acme | fetch certificates for concatenation
fetch:
src: "/usr/local/etc/ssl/acme/{{ item }}"
dest: "{{ config.domain }}/certs/{{ item }}"
with_items:
- "{{ config.domain }}.crt"
- "intermediate.crt"
- "{{ config.domain }}.key"
tags:
- acme
- concatenate
- name: acme | concatenate certs for haproxy
copy:
content: >
{{ lookup('file', "{{ config.domain }}/certs/{{ item }}") }}
{{ lookup('file', "{{ config.domain }}/certs/{{ item }}") }}
{{ lookup('file', "{{ config.domain }}/certs/{{ item }}") }}
dest: "/usr/local/etc/ssl/acme/{{ config.domain }}.all"
mode: 0600
owner: root..
group: wheel
with_items:
- "{{ config.domain }}.crt"
- "intermediate.crt"
- "{{ config.domain }}.key"
tags:
- acme
- concatenate
thanks!
—
Dave Cottlehube
Skunkwerks, GmbH
I've 3 files on a remote server after acme let's encrypt dns-01 process, that need to be concatenated in a specific order (private.key intermediate.cert public.cert ) for my TLS proxy, on the same system.
- the assemble module seems ideal but it doesn't enforce order, and it bundles a given directory, not specific files
- using fetch module and jinja ends up with a local copy of a private key which I'd rather avoid
- the easiest option (shell script) is not a way to learn new tricks in ansible :D
Does anybody have suggestions on using some of the new features in loops to achieve this somehow?
https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html
BTW this is what I currently tried; the copy/content block doesn't work yet as I've not figured out the correct way inside a jinja template to use {{ item }} inside the lookup:
- name: acme | fetch certificates for concatenation
fetch:
src: "/usr/local/etc/ssl/acme/{{ item }}"
dest: "{{ config.domain }}/certs/{{ item }}"
with_items:
- "{{ config.domain }}.crt"
- "intermediate.crt"
- "{{ config.domain }}.key"
tags:
- acme
- concatenate
- name: acme | concatenate certs for haproxy
copy:
content: >
{{ lookup('file', "{{ config.domain }}/certs/{{ item }}") }}
{{ lookup('file', "{{ config.domain }}/certs/{{ item }}") }}
{{ lookup('file', "{{ config.domain }}/certs/{{ item }}") }}
dest: "/usr/local/etc/ssl/acme/{{ config.domain }}.all"
mode: 0600
owner: root..
group: wheel
with_items:
- "{{ config.domain }}.crt"
- "intermediate.crt"
- "{{ config.domain }}.key"
tags:
- acme
- concatenate
thanks!
—
Dave Cottlehube
Skunkwerks, GmbH
Kai Stian Olstad
Aug 23, 2018, 5:19:53 PM8/23/18
to ansible...@googlegroups.com
On Thursday, 23 August 2018 20.22.39 CEST Dave Cottlehuber wrote:
> hi,
>
> I've 3 files on a remote server after acme let's encrypt dns-01 process, that need to be concatenated in a specific order (private.key intermediate.cert public.cert ) for my TLS proxy, on the same system.
>
> - the assemble module seems ideal but it doesn't enforce order,
It sort of does it's string sorting order.
> hi,
>
> I've 3 files on a remote server after acme let's encrypt dns-01 process, that need to be concatenated in a specific order (private.key intermediate.cert public.cert ) for my TLS proxy, on the same system.
>
> - the assemble module seems ideal but it doesn't enforce order,
> and it bundles a given directory, not specific files
> - using fetch module and jinja ends up with a local copy of a private key which I'd rather avoid
> - the easiest option (shell script) is not a way to learn new tricks in ansible :D
> Does anybody have suggestions on using some of the new features in loops to achieve this somehow?
- shell: cat {{ config.domain }}.crt intermediate.crt {{ config.domain }}.key >/usr/local/etc/ssl/acme/{{ config.domain }}.all
args:
chdir: /usr/local/etc/ssl/acme
> BTW this is what I currently tried; the copy/content block doesn't work yet as I've not figured out the correct way inside a jinja template to use {{ item }} inside the lookup:
>
> - name: acme | fetch certificates for concatenation
> fetch:
> src: "/usr/local/etc/ssl/acme/{{ item }}"
> dest: "{{ config.domain }}/certs/{{ item }}"
> with_items:
> - "{{ config.domain }}.crt"
> - "intermediate.crt"
> - "{{ config.domain }}.key"
> tags:
> - acme
> - concatenate
>
> - name: acme | concatenate certs for haproxy
> copy:
> content: >
> {{ lookup('file', "{{ config.domain }}/certs/{{ item }}") }}
> {{ lookup('file', "{{ config.domain }}/certs/{{ item }}") }}
> {{ lookup('file', "{{ config.domain }}/certs/{{ item }}") }}
{{ lookup('file', config.domain ~ '/certs/' ~ item) }}
--
Kai Stian Olstad
Brian Coca
Aug 23, 2018, 6:03:09 PM8/23/18
to Ansible Project
You can also create dir with symlinks to each file, have the symlink
name keep the order you want 01, 02, 03, then run assemble module.
--
----------
Brian Coca
name keep the order you want 01, 02, 03, then run assemble module.
--
----------
Brian Coca
Reply all
Reply to author
Forward
0 new messages