looks fine, if you want to avoid copying the cert to disk you might want to switch to slurp and template to generate the copy.
On Mon, Jun 6, 2016 at 9:13 AM, Gordon Cooke <[email protected]> wrote: > I am trying to figure out how to copy a cert file generated on a specific > host (ca-server) to the list of hosts defined in the playbook. The > scenario is something like this: > > 1) using delegate_to go to the ca-server and generate the client cert > (stored locally on the ca-server) > 2) copy the client cert to local > 3) push cert file to all targets in the play > > using the "standard" modules, copy, fetch, synchronize etc. all seem to > want to copy the file from local to the targets or fetch from the targets > to local. I do not have direct ssh access from the ca-server to the > targets so cannot use "delegate_to" to copy as this appears to execute on > the ca-server and tries to connect from there to the targets. > > copy: issue here is that it copies from local to the targets unless you > define remote_sec as true in which case it is all on the target. > fetch: tries to pull from targets, if delegate_to is used it tries to pull > from the targets directly to the delegate > synchronize: requires direct access from ca-server to the targets > > The following is the short version of what I am trying to do... > > > - hosts: not-the-ca-server > become_user: root > become_method: sudo > tasks: > > - name: Generate the p12 cert > command: "do stuff, execute custom script etc." > delegate_to: ca-server > > - name: copy the p12 file locally > # this is where I am trying to figure out how to grab the file from the > ca-server > fetch (or something like this): > > dest=ssl-certs > src="<path to certs>/foo.p12" > > - name: copy the cert file to the targets > copy: > > dest=/etc/ssl/certs/ > src="ssl-certs/foo.p12" > > There may be an obvious answer here as I am pretty new to ansible but I > havce bounced this off of a couple of people I know and it stumped them as > well... > > Thanks for any help. > > Gordon > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/6a6f36c6-6398-4fb9-83f9-59e8368cb58f%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/6a6f36c6-6398-4fb9-83f9-59e8368cb58f%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- ---------- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CACVha7dAL0TXVTiZfM52-n0Y5QAqi-JWRRoGH37fCB0mjY7xgA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
