You can set become: no on a task and it should override the play default. If that doesn't help , I'd just have one task retrieve the certs at the top of the play, and then push them out locally when you come to run tasks on the servers.
On 31 October 2016 at 08:00, marko <[email protected]> wrote: > > During our server provisioning process we issue certificates for new > servers. Certificates are issued by running a script on our CA host after > which the certificate files need to be copied to the provisioned server. > We'd like to include this as part of our Ansible based server provisioning > process. > > I tried including the certificate issuance task in our server provisioning > playbook, but being a bit of a Ansible newbie, I'm running into problems. > When I run the certificate issuance task on host CA, I need to copy the > certificate from host CA to the provisioned host P. Apparently, I can't use > copy or fetch because they work between the Ansible host A and the newly > provisioned server P - instead of hosts CA and P. I've tried using the > synchronize plugin, but ran into authentication problems since the usernames > can be different on Ansible host A, and hosts CA and P. Also, the other > tasks in the playbook are run using become, so synchronize authentication > fails because it's run as root. > > Any recommendations on how to implement the certificate issuance task in > Ansible? > > marko > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/fa8ca25c-c233-4439-92db-63e1ed18da4f%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAK5eLPRj32gCfZQVpSo5%2B3QQR1U0P4BNgXBxO0ujUk1fCLUyMg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
