vars_prompt variables carry over into next tasks

Dimitri Yioulos

unread,

Feb 20, 2024, 8:10:26 AM2/20/24

to Ansible Project

Good morning.

In the following playbook, i have prompts to capture certain information. The created variables work fine in the first set of tasks in the playbook. However, they don't carry over into the second set of tasks in the playbook, based on what I've tried (as seen in the playbook, which is probably not the most efficient). Is there a way to do this?

---

- hosts: localhost
connection: local
gather_facts: false

vars_prompt:

- name: "domainfile"
prompt: "Enter domain short name"
private: no

- name: "pemno"
prompt: "Enter the number of the created pems"
private: no

#- name: ""
#prompt: ""
#private: no

tasks:

- name: Create directory
ansible.builtin.file:
path: '/home/deploy/{{ domainfile }}'
state: directory
owner: deploy
owner: deploy
group: deploy
mode: '0755'
tags:
- create_dir

- name: Copy pem files to directory
ansible.builtin.copy:
src: "{{ item.src }}"
dest: '/home/deploy/{{ domainfile }}'
owner: deploy
group: deploy
mode: '0644'
remote_src: yes
with_items:
- { src: '/etc/letsencrypt/archive/myhost.com/privkey{{ pemno }}.pem' }
- { src: '/etc/letsencrypt/archive/myhost.com/cert{{ pemno }}.pem' }
- { src: '/etc/letsencrypt/archive/myhost.com/chain{{ pemno }}.pem' }
- { src: '/etc/letsencrypt/archive/myhost.com/fullchain{{ pemno }}.pem' }
become: yes
become_user: root
become_method: sudo
tags:
- copy_pems

- name: Change privkey permission
ansible.builtin.file:
path: '/home/deploy/{{ domainfile }}/privkey{{ pemno }}.pem'
mode: '0600'
tags:
- chg_privkey_perm

- name: Save our variables to localhost facts for next tasks
run_once: yes
delegate_to: localhost
delegate_facts: yes
set_fact:
domainfile: "{{ domainfile }}"
pemno: "{{ pemno }}"

- hosts: another_host
become: yes
become_user: root
become_method: sudo

vars:
a_domainfile: "{{ domainfile }}"
pemno: "{{ pemno }}"

tasks:

- name: Copy pem files to hosts
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: preserve
remote_src: yes
with_items:
- { src: '/etc/letsencrypt/archive/myhost.com/privkey{{ pemno }}.pem' ,dest: '/home/deploy/' }
- { src: '/etc/letsencrypt/archive/myhost.com/cert{{ pemno }}.pem' ,dest: '/home/deploy/' }
- { src: '/etc/letsencrypt/archive/myhost.com/chain{{ pemno }}.pem' ,dest: '/home/deploy/' }
- { src: '/etc/letsencrypt/archive/myhost.com/fullchain{{ pemno }}.pem',dest: '/home/deploy/' }
tags:
- copypems

- name: Copy pem files to letsencrypt archive directory
shell: cp -p '/home/deploy/{{ pemno }}.pem /etc/letsencrypt/archive/myhost.com/'
tags:
- cppems

- name: Set selinux
shell: |
semanage fcontext -a -t etc_t "/etc/letsencrypt/archive/myhost.com(/.*)?"
restorecon -R -v /etc/letsencrypt/archive/myhost.com/
tags:
- selinux

- name: Unlink pems
shell: |
cd /etc/letsencrypt/live/myhost.com
unlink cert.pem ; 'ln -s /etc/letsencrypt/archive/myhost.com/cert{{ a_)pemno }}.pem cert.pem'
unlink chain.pem ; 'ln -s /etc/letsencrypt/archive/myhost.com/chain{{ pemno }}.pem chain.pem'
unlink fullchain.pem ; 'ln -s /etc/letsencrypt/archive/myhost.com/fullchain{{ pemno }}.pem'
unlink privkey.pem ; 'ln -s /etc/letsencrypt/archive/myhost.com/privkey{{ pemno }}.pem'
tags:
- unlink

- name: Check apache
shell: |
httpd -f /etc/httpd/conf/httpd.conf -t
httpd -f /etc/httpd/conf/httpd.conf -S
register: ck_apache
tags:
- check_apache

- debug: msg={{ ck_apache.stderr_lines }}
tags:
- check_apache

- debug: msg={{ ck_apache.stdout }}
tags:
- check_apache

- name: Reload apache
shell: systemctl reload httpd
tags:
- reload_apache

- name: Check cert expire date
shell: openssl x509 -enddate -noout -in /etc/letsencrypt/live/myhost.com/cert.pem
register: certdate
tags:
- ck_cert_date

- debug: msg={{ certdate.stdout_lines }}
tags:
- ck_cert_date

- name: Remove pem files stored temporarily
ansible.builtin.file:
path: |
'/home/deploy/privkey{{ pemno }}.pem'
'/home/deploy/cert{{ pemno }}.pem'
'/home/deploy/chain{{ pemno }}.pem'
'/home/deploy/fullchain{{ pemno }}.pem'
'/tmp/privkey{{ pemno }}.pem'
'/tmp/cert{{ pemno }}.pem'
'/tmp/chain{{ pemno }}.pem'
'/tmp/fullchain{{ pemno }}.pem'
state: absent
tags:
- delfiles

Dick Visser

unread,

Feb 20, 2024, 9:15:29 AM2/20/24

to ansible...@googlegroups.com

I *think* the vars from vars_prompt are tied to localhost in the first play, so if you need them in any next plays, you would need to reference them as localhost's hostvars:

(not tested)

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8dc92686-4fc0-4bf5-89b7-43e87e7fd397n%40googlegroups.com.

Dimitri Yioulos

unread,

Feb 21, 2024, 8:03:09 AM2/21/24

to Ansible Project

Dick, I'm not getting that to work. For now, I'm prompting again for the pemno withing the second set of tasks. That works, but isn't ideal. I'd like to see if I can "re-use" the pemno gathered from the first tasks prompt in the second set of tasks:

- hosts: localhost
connection: local
gather_facts: false

vars_prompt:

- name: "pemno"
prompt: "Enter the number of the created pems"
private: no

tasks:

<first set of plays>

- hosts: myhost
become: yes

tasks:

<second set of plays> <----- use pemno here from above

Rowe, Walter P. (Fed)

unread,

Feb 21, 2024, 8:13:23 AM2/21/24

to ansible...@googlegroups.com

This works. The set_fact makes a global variable for the entire playbook.

- hosts: localhost

connection: local

gather_facts: false

become: false

vars_prompt:

- name: "pemno"

prompt: "Enter the number of the created pems"

private: no

tasks:

- set_fact:

pemno: "{{ pemno }}"

- hosts: all

gather_facts: false

become: false

tasks:

- debug: var=pemno

Walter
--
Walter Rowe, Division Chief
Infrastructure Services Division
Mobile: 202.355.4123

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ff8e7017-545c-48f0-99da-b719d789101bn%40googlegroups.com.

Dimitri Yioulos

unread,

Feb 21, 2024, 9:45:46 AM2/21/24

to Ansible Project

Walter, I tried this, which is like what I think you posted:

---

- hosts: localhost
connection: local
gather_facts: false

vars_prompt:

- name: "domainfile"
prompt: "Enter domain short name"
private: no

- name: "pemno"
prompt: "Enter the number of the created pems"
private: no

tasks:

- set_fact:
pemno: "{{ pemno }}"

... other plays

- hosts: myhost
become: yes

tasks:

- name: Copy pem files to hosts
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: preserve

#remote_src: yes
with_items:
- { src: '/home/deploy/somedomain.com/privkey{{ pemno }}.pem', dest: '/etc/letsencrypt/archive/somedomain.com' }
- { src: '/home/deploy/ somedomain.com/cert{{ pemno }}.pem', dest: '/etc/letsencrypt/archive/ somedomain.com' }
- { src: '/home/deploy/ somedomain.com/chain{{ pemno }}.pem', dest: '/etc/letsencrypt/archive/ somedomain.com' }
- { src: '/home/deploy/ somedomain.com/fullchain{{ pemno }}.pem', dest: '/etc/letsencrypt/archive/ somedomain.com' }
tags:
- copypems

It fails:

TASK [Copy pem files to hosts] *********************************************************************
Wednesday 21 February 2024 09:35:38 -0500 (0:00:02.470) 0:00:17.925 ****
Wednesday 21 February 2024 09:35:38 -0500 (0:00:02.469) 0:00:17.924 ****
fatal: [myhost]: FAILED! =>
msg: '''pemno'' is undefined. ''pemno'' is undefined'

Reply all

Reply to author

Forward