I am a little confused in this discussion - looks like the OP is using individual certs but Kai Stian Olstad, you are using a SAN cert, no?
I am currently working on getting a playbook together to manage a SAN cert on haproxy - works pretty well but still a few manual steps. On Thursday, March 23, 2017 at 12:19:00 PM UTC-4, Kai Stian Olstad wrote: > > On 23. mars 2017 16:42, Eric Belhomme wrote: > > Hello, > > > > Thanks to you suggestion, I re-factored my code and putting the > variables > > into vars/meddle.yml : > > > > - ssl_certs: > > - mailgate: > > key: > '/etc/ssl/private/letsencrypt_meddle.example.com_mailgate.key' > > csr: '/tmp/letsencrypt_meddle.example.com_mailgate.csr' > > crt: '/etc/ssl/certs/letsencrypt_meddle.example.com_mailgate.pem' > > fullchain_crt: > > '/etc/ssl/certs/letsencrypt_meddle.example.com_mailgate_fullchain.pem' > > email: '[email protected] <javascript:>' > > subjectAltName: > > 'DNS:mail.example.com,DNS:smtp.example.com,DNS:imap.example.com' > > - http: > > key: '/etc/ssl/private/letsencrypt_meddle.example.com_http.key' > > csr: '/tmp/letsencrypt_meddle.example.com_http.csr' > > crt: '/etc/ssl/certs/letsencrypt_meddle.example.com_http.pem' > > fullchain_crt: > > '/etc/ssl/certs/letsencrypt_meddle.example.com_http_fullchain.pem' > > email: '[email protected] <javascript:>' > > subjectAltName: > > 'DNS:example.com,DNS:www.example.com,DNS:webmail.example.com,DNS: > photo.example.com' > > > > > > The playbook looks now like this : > > > > --- > > > > - name: test certificate creation > > hosts: meddle > > strategy: debug > > > > vars_files: > > - "vars/defaults.yml" > > - "vars/meddle.yml" > > > > roles: > > - { role: sslcert, ssl_cert: ssl_certs.mailgate } > > - { role: sslcert, ssl_cert: ssl_certs.http } > > > > But unfortunately this doesn't work : my variable "ssl_cert" does not > > contain what I expect : > > What do you expect it to contain? > Since you haven't provided the role code I'll have to guess you are > using ssl_cert.key, ssl_cert.csr and so on in you role code. > If so you need change the vars file to: > > ssl_certs: > mailgate: > key: '/etc/ssl/private/letsencrypt_meddle.example.com_mailgate.key' > csr: '/tmp/letsencrypt_meddle.example.com_mailgate.csr' > crt: '/etc/ssl/certs/letsencrypt_meddle.example.com_mailgate.pem' > fullchain_crt: > '/etc/ssl/certs/letsencrypt_meddle.example.com_mailgate_fullchain.pem' > email: '[email protected] <javascript:>' > subjectAltName: > 'DNS:mail.example.com,DNS:smtp.example.com,DNS:imap.example.com' > http: > key: '/etc/ssl/private/letsencrypt_meddle.example.com_http.key' > csr: '/tmp/letsencrypt_meddle.example.com_http.csr' > crt: '/etc/ssl/certs/letsencrypt_meddle.example.com_http.pem' > fullchain_crt: > '/etc/ssl/certs/letsencrypt_meddle.example.com_http_fullchain.pem' > email: '[email protected] <javascript:>' > subjectAltName: > 'DNS:example.com,DNS:www.example.com,DNS:webmail.example.com,DNS: > photo.example.com' > > And roles to: > - { role: sslcert, ssl_cert: '{{ ssl_certs.mailgate }}' } > - { role: sslcert, ssl_cert: '{{ ssl_certs.http }}' } > > -- > Kai Stian Olstad > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/59c6cf3b-bb9f-4b69-88cd-0ba435af223d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
