hi, I've 3 files on a remote server after acme let's encrypt dns-01 process, that need to be concatenated in a specific order (private.key intermediate.cert public.cert ) for my TLS proxy, on the same system.
- the assemble module seems ideal but it doesn't enforce order, and it bundles a given directory, not specific files - using fetch module and jinja ends up with a local copy of a private key which I'd rather avoid - the easiest option (shell script) is not a way to learn new tricks in ansible :D Does anybody have suggestions on using some of the new features in loops to achieve this somehow? https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html BTW this is what I currently tried; the copy/content block doesn't work yet as I've not figured out the correct way inside a jinja template to use {{ item }} inside the lookup: - name: acme | fetch certificates for concatenation fetch: src: "/usr/local/etc/ssl/acme/{{ item }}" dest: "{{ config.domain }}/certs/{{ item }}" with_items: - "{{ config.domain }}.crt" - "intermediate.crt" - "{{ config.domain }}.key" tags: - acme - concatenate - name: acme | concatenate certs for haproxy copy: content: > {{ lookup('file', "{{ config.domain }}/certs/{{ item }}") }} {{ lookup('file', "{{ config.domain }}/certs/{{ item }}") }} {{ lookup('file', "{{ config.domain }}/certs/{{ item }}") }} dest: "/usr/local/etc/ssl/acme/{{ config.domain }}.all" mode: 0600 owner: root.. group: wheel with_items: - "{{ config.domain }}.crt" - "intermediate.crt" - "{{ config.domain }}.key" tags: - acme - concatenate thanks! — Dave Cottlehube Skunkwerks, GmbH -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1535048559.1521752.1484094528.7B885F65%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
