one task wants to use another.. I think.

25 views
Skip to first unread message

Dan Langille

unread,
Dec 16, 2014, 10:32:46 PM12/16/14
to ansible...@googlegroups.com
I have a role for installing ssl certificates.

I also have a playbook for installing an instance of mailman with various vhosts.  One such host like this:

host_vars/mailman.unixathome.org:
---
  mailman_vhosts:
  - vhost: lists.freebsddiary.org
  - vhost: lists.freshsource.org
  .... etc

I would like to install an ssl-certificate for each vhost and I already have a role which does that (see below).


I'm not quite sure how to invoke one task within another task.  Is this a sign I'm doing it wrong?

FYI:

roles/ssl-certificates/tasks/main.yml
---
  - name: certs
    # see also roles/ssl-certificates/vars/main.yml for definitions of the following
    copy: src={{item.path}}  dest=/usr/local/etc/ssl/ owner=root group=www mode={{item.mode}}  backup=yes
    with_items: certs
    tags: ssl-cert

roles/ssl-certificates/defaults/main.yml:
---
    # see also roles/logstash-forwarder/defaults/main.yml
    cert_name:  "{{ inventory_hostname }}"
    cert_path:  "certificates/{{ cert_name }}/{{ cert_name }}.crt"
    key_path:   "certificates/{{ cert_name }}/{{ cert_name }}.nopassword.key"
    chain_path: "CA/StartSSL/intermediate.startssl.com.pem"
    ca_path:    "CA/StartSSL/root.startssl.com.pem"

    certs:
      - path: "{{ cert_path }}"
        mode: '644'
      - path: "{{ key_path }}"
        mode: '600'
      - path: "{{ chain_path }}"
        mode: '644'
      - path: "{{ ca_path }}"
        mode: '644'


Dan Langille

unread,
Dec 18, 2014, 9:43:48 PM12/18/14
to ansible...@googlegroups.com
Tonight I figured it out.  Starting thinking in terms of hosts, not vhosts.  I added this to the hosts file:

In the hosts file I had this:

[mailman_vhosts]
a.example.org
b.example.org
c.example.org
d.example.org

# for now, each mailman vhost lives on the same server, mailman.vpn.example.org

[mailman_vhosts:vars]
ansible_ssh_host=mailman.vpn.example.org


Then, now that I have listed each vhost which needs an ssl cert added to the server, I created this:

mailman-vhosts.yml

---

- hosts: mailman_vhosts

  sudo: yes

  roles:

  - ssl-certificates

Works lovely.  Very simple too.

Reply all
Reply to author
Forward
0 new messages