Tonight I figured it out. Starting thinking in terms of hosts, not vhosts.
I added this to the hosts file:
In the hosts file I had this:
[mailman_vhosts]
a.example.org
b.example.org
c.example.org
d.example.org
# for now, each mailman vhost lives on the same server,
mailman.vpn.example.org
[mailman_vhosts:vars]
ansible_ssh_host=mailman.vpn.example.org
Then, now that I have listed each vhost which needs an ssl cert added to
the server, I created this:
mailman-vhosts.yml
---
- hosts: mailman_vhosts
sudo: yes
roles:
- ssl-certificates
Works lovely. Very simple too.
On Tuesday, December 16, 2014 10:32:46 PM UTC-5, Dan Langille wrote:
>
> I have a role for installing ssl certificates.
>
> I also have a playbook for installing an instance of mailman with various
> vhosts. One such host like this:
>
> host_vars/mailman.unixathome.org:
> ---
> mailman_vhosts:
> - vhost: lists.freebsddiary.org
> - vhost: lists.freshsource.org
> .... etc
>
> I would like to install an ssl-certificate for each vhost and I already
> have a role which does that (see below).
>
>
> I'm not quite sure how to invoke one task within another task. Is this a
> sign I'm doing it wrong?
>
> FYI:
> roles/ssl-certificates/tasks/main.yml
> ---
> - name: certs
> # see also roles/ssl-certificates/vars/main.yml for definitions of the
> following
> copy: src={{item.path}} dest=/usr/local/etc/ssl/ owner=root group=www
> mode={{item.mode}} backup=yes
> with_items: certs
> tags: ssl-cert
>
> roles/ssl-certificates/defaults/main.yml:
> ---
> # see also roles/logstash-forwarder/defaults/main.yml
> cert_name: "{{ inventory_hostname }}"
> cert_path: "certificates/{{ cert_name }}/{{ cert_name }}.crt"
> key_path: "certificates/{{ cert_name }}/{{ cert_name
> }}.nopassword.key"
> chain_path: "CA/StartSSL/intermediate.startssl.com.pem"
> ca_path: "CA/StartSSL/root.startssl.com.pem"
>
> certs:
> - path: "{{ cert_path }}"
> mode: '644'
> - path: "{{ key_path }}"
> mode: '600'
> - path: "{{ chain_path }}"
> mode: '644'
> - path: "{{ ca_path }}"
> mode: '644'
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/26a16ae4-bdc8-4173-bac9-f9c9f5196dfc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
