[ansible-project] Utilizing win_iis_webbinding to update IIS certs

[John Martin]

Hello,

I'm new to Ansible and have been giving it some attention in my test 
environment to see how feasible it is to utilize in production... Mainly to 
provision/configure/manage 30 or so Windows web-servers.

I was able to copy and install my cert and bind it to my site with 
win_iis_webbinding; however, testing if I need to update the cert for 
whatever reason, I upload a new cert, change the certificate_hash, and 
nothing happens. The old cert is still in play. It's my understanding from 
looking around on other sites that the certificate_hash isn't inspected 
when reviewing pending changes on a playbook play regarding this module, so 
I'm curious if there's a way to accomplish updating the cert if the 
certificate_hash is different.

I attempted to run a play in the playbook to mark the port binding as 
absent before setting the new thumbprint in the certificate_hash, but 
received an error stating that it "Cannot create a file when that file 
already exists." 
Digging deeper I found that if I remove the play below that adds SSL 
Binding for new site, and only set state of the binding to absent, then the 
SSL binding is removed. If I try to add the play below in with the new 
thumbprint, I get the error that the file already exists and the binding 
reappears with the original cert, not the new updated one. So regardless of 
what I define the certificate_hash, the original hash always gets added.


Portion of Playbook:

#- name: Remove SSL Binding for newSite
#  win_iis_webbinding:
#    name: newSite
#    protocol: https
#    port: 443
#    state: absent

- name: Add SSL Binding for newSite
  win_iis_webbinding:
    name: newSite
    protocol: https
    port: 443
    certificate_hash: thumbprint (when changed, it gets skipped and never 
updates on IIS sites)
    state: present

Does anyone know of a way to update the cert on a site? Or would it just be 
best to explore options outside of the module to accomplish this task, such 
as running a win_shell command with an args, or something else along those 
lines...?

Thanks,

John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/729a1244-d366-42b2-a85c-c00bf4650439%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.