[ansible-project] Need help copying file from specific host to all targets

[Gordon Cooke]

I am trying to figure out how to copy a cert file generated on a specific 
host (ca-server) to the list of hosts defined in the playbook.  The 
scenario is something like this:

1) using delegate_to go to the ca-server and generate the client cert 
(stored locally on the ca-server) 
2) copy the client cert to local
3) push cert file to all targets in the play

using the "standard" modules, copy, fetch, synchronize etc. all seem to 
want to copy the file from local to the targets or fetch from the targets 
to local.   I do not have direct ssh access from the ca-server to the 
targets so cannot use "delegate_to" to copy as this appears to execute on 
the ca-server and tries to connect from there to the targets.  

copy: issue here is that it copies from local to the targets unless you 
define remote_sec as true in which case it is all on the target.
fetch: tries to pull from targets, if delegate_to is used it tries to pull 
from the targets directly to the delegate 
synchronize: requires direct access from ca-server to the targets

The following is the short version of what I am trying to do...


- hosts: not-the-ca-server
  become_user: root
  become_method: sudo
  tasks:

  - name: Generate the p12 cert
    command: "do stuff, execute custom script etc."
    delegate_to: ca-server
        
  - name: copy the p12 file locally
# this is where I am trying to figure out how to grab the file from the 
ca-server
   fetch (or something like this): >
      dest=ssl-certs
      src="<path to certs>/foo.p12"

  - name: copy the cert file to the targets
     copy: >
      dest=/etc/ssl/certs/
      src="ssl-certs/foo.p12"
 
There may be an obvious answer here as I am pretty new to ansible but  I 
havce bounced this off of a couple of people I know and it stumped them as 
well...

Thanks for any help.

Gordon

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6a6f36c6-6398-4fb9-83f9-59e8368cb58f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.