Certificate issuance and copying files across servers
28 views
Skip to first unread message
marko
Oct 31, 2016, 8:57:19 AM10/31/16
to Ansible Project
During our server provisioning process we issue certificates for new servers. Certificates are issued by running a script on our CA host after which the certificate files need to be copied to the provisioned server.
We'd like to include this as part of our Ansible based server provisioning process.
I tried including the certificate issuance task in our server provisioning playbook, but being a bit of a Ansible newbie, I'm running into problems.
When I run the certificate issuance task on host CA, I need to copy the certificate from host CA to the provisioned host P. Apparently, I can't use copy or fetch because they work between the Ansible host A and the newly provisioned server P - instead of hosts CA and P. I've tried using the synchronize plugin, but ran into authentication problems since the usernames can be different on Ansible host A, and hosts CA and P. Also, the other tasks in the playbook are run using become, so synchronize authentication fails because it's run as root.
Any recommendations on how to implement the certificate issuance task in Ansible?
marko
Dick Davies
Oct 31, 2016, 9:27:26 AM10/31/16
to ansible list
You can set become: no on a task and it should override the play default.
If that doesn't help , I'd just have one task retrieve the certs at
the top of the play, and then
push them out locally when you come to run tasks on the servers.
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/fa8ca25c-c233-4439-92db-63e1ed18da4f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
If that doesn't help , I'd just have one task retrieve the certs at
the top of the play, and then
push them out locally when you come to run tasks on the servers.
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/fa8ca25c-c233-4439-92db-63e1ed18da4f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Kai Stian Olstad
Oct 31, 2016, 10:21:57 AM10/31/16
to ansible...@googlegroups.com
On 31. okt. 2016 09:00, marko wrote:
> I tried including the certificate issuance task in our server provisioning
> playbook, but being a bit of a Ansible newbie, I'm running into problems.
> When I run the certificate issuance task on host CA, I need to copy the
> certificate from host CA to the provisioned host P. Apparently, I can't use
> copy or fetch because they work between the Ansible host A and the newly
> provisioned server P - instead of hosts CA and P.
You can use fetch with delegate_to: CA, den the files will be fetched
> I tried including the certificate issuance task in our server provisioning
> playbook, but being a bit of a Ansible newbie, I'm running into problems.
> When I run the certificate issuance task on host CA, I need to copy the
> certificate from host CA to the provisioned host P. Apparently, I can't use
> copy or fetch because they work between the Ansible host A and the newly
> provisioned server P - instead of hosts CA and P.
from the CA server instead of host P to host A, and then a copy will
copy the files to host P.
--
Kai Stian Olstad
marko
Nov 1, 2016, 2:42:39 AM11/1/16
to Ansible Project, ansible-pr...@olstad.com
Got it working with your suggestions - thanks guys!
marko
Reply all
Reply to author
Forward
0 new messages