This works. The set_fact makes a global variable for the entire playbook.
- hosts: localhost
connection: local
gather_facts: false
become: false
vars_prompt:
- name: "pemno"
prompt: "Enter the number of the created pems"
private: no
tasks:
- set_fact:
pemno: "{{ pemno }}"
- hosts: all
gather_facts: false
become: false
tasks:
- debug: var=pemno
Walter
--
Walter Rowe, Division Chief
Infrastructure Services Division
Mobile: 202.355.4123
On Feb 21, 2024, at 8:03 AM, Dimitri Yioulos <[email protected]> wrote:
Dick, I'm not getting that to work. For now, I'm prompting again for the pemno
withing the second set of tasks. That works, but isn't ideal. I'd like to see
if I can "re-use" the pemno gathered from the first tasks prompt in the second
set of tasks:
- hosts: localhost
connection: local
gather_facts: false
vars_prompt:
- name: "pemno"
prompt: "Enter the number of the created pems"
private: no
tasks:
<first set of plays>
- hosts: myhost
become: yes
tasks:
<second set of plays> <----- use pemno here from above
On Tuesday, February 20, 2024 at 9:15:29 AM UTC-5 Dick Visser wrote:
I *think* the vars from vars_prompt are tied to localhost in the first play, so
if you need them in any next plays, you would need to reference them as
localhost's hostvars:
{{ hostvars['localhost'].pemno }}
(not tested)
On Tue, 20 Feb 2024 at 14:10, Dimitri Yioulos <[email protected]> wrote:
Good morning.
In the following playbook, i have prompts to capture certain information. The
created variables work fine in the first set of tasks in the playbook. However,
they don't carry over into the second set of tasks in the playbook, based on
what I've tried (as seen in the playbook, which is probably not the most
efficient). Is there a way to do this?
---
- hosts: localhost
connection: local
gather_facts: false
vars_prompt:
- name: "domainfile"
prompt: "Enter domain short name"
private: no
- name: "pemno"
prompt: "Enter the number of the created pems"
private: no
#- name: ""
#prompt: ""
#private: no
tasks:
- name: Create directory
ansible.builtin.file:
path: '/home/deploy/{{ domainfile }}'
state: directory
owner: deploy
owner: deploy
group: deploy
mode: '0755'
tags:
- create_dir
- name: Copy pem files to directory
ansible.builtin.copy:
src: "{{ item.src }}"
dest: '/home/deploy/{{ domainfile }}'
owner: deploy
group: deploy
mode: '0644'
remote_src: yes
with_items:
- { src:
'/etc/letsencrypt/archive/myhost.com/privkey{{<http://myhost.com/privkey%7B%7B>
pemno }}.pem' }
- { src:
'/etc/letsencrypt/archive/myhost.com/cert{{<http://myhost.com/cert%7B%7B> pemno
}}.pem' }
- { src:
'/etc/letsencrypt/archive/myhost.com/chain{{<http://myhost.com/chain%7B%7B>
pemno }}.pem' }
- { src:
'/etc/letsencrypt/archive/myhost.com/fullchain{{<http://myhost.com/fullchain%7B%7B>
pemno }}.pem' }
become: yes
become_user: root
become_method: sudo
tags:
- copy_pems
- name: Change privkey permission
ansible.builtin.file:
path: '/home/deploy/{{ domainfile }}/privkey{{ pemno }}.pem'
mode: '0600'
tags:
- chg_privkey_perm
- name: Save our variables to localhost facts for next tasks
run_once: yes
delegate_to: localhost
delegate_facts: yes
set_fact:
domainfile: "{{ domainfile }}"
pemno: "{{ pemno }}"
- hosts: another_host
become: yes
become_user: root
become_method: sudo
vars:
a_domainfile: "{{ domainfile }}"
pemno: "{{ pemno }}"
tasks:
- name: Copy pem files to hosts
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: preserve
remote_src: yes
with_items:
- { src:
'/etc/letsencrypt/archive/myhost.com/privkey{{<http://myhost.com/privkey%7B%7B>
pemno }}.pem' ,dest: '/home/deploy/' }
- { src:
'/etc/letsencrypt/archive/myhost.com/cert{{<http://myhost.com/cert%7B%7B> pemno
}}.pem' ,dest: '/home/deploy/' }
- { src:
'/etc/letsencrypt/archive/myhost.com/chain{{<http://myhost.com/chain%7B%7B>
pemno }}.pem' ,dest: '/home/deploy/' }
- { src:
'/etc/letsencrypt/archive/myhost.com/fullchain{{<http://myhost.com/fullchain%7B%7B>
pemno }}.pem',dest: '/home/deploy/' }
tags:
- copypems
- name: Copy pem files to letsencrypt archive directory
shell: cp -p '/home/deploy/{{ pemno }}.pem
/etc/letsencrypt/archive/myhost.com/<http://myhost.com/>'
tags:
- cppems
- name: Set selinux
shell: |
semanage fcontext -a -t etc_t
"/etc/letsencrypt/archive/myhost.com<http://myhost.com/>(/.*)?"
restorecon -R -v
/etc/letsencrypt/archive/myhost.com/<http://myhost.com/>
tags:
- selinux
- name: Unlink pems
shell: |
cd /etc/letsencrypt/live/myhost.com<http://myhost.com/>
unlink cert.pem ; 'ln -s
/etc/letsencrypt/archive/myhost.com/cert{{<http://myhost.com/cert%7B%7B>
a_)pemno }}.pem cert.pem'
unlink chain.pem ; 'ln -s
/etc/letsencrypt/archive/myhost.com/chain{{<http://myhost.com/chain%7B%7B>
pemno }}.pem chain.pem'
unlink fullchain.pem ; 'ln -s
/etc/letsencrypt/archive/myhost.com/fullchain{{<http://myhost.com/fullchain%7B%7B>
pemno }}.pem'
unlink privkey.pem ; 'ln -s
/etc/letsencrypt/archive/myhost.com/privkey{{<http://myhost.com/privkey%7B%7B>
pemno }}.pem'
tags:
- unlink
- name: Check apache
shell: |
httpd -f /etc/httpd/conf/httpd.conf -t
httpd -f /etc/httpd/conf/httpd.conf -S
register: ck_apache
tags:
- check_apache
- debug: msg={{ ck_apache.stderr_lines }}
tags:
- check_apache
- debug: msg={{ ck_apache.stdout }}
tags:
- check_apache
- name: Reload apache
shell: systemctl reload httpd
tags:
- reload_apache
- name: Check cert expire date
shell: openssl x509 -enddate -noout -in
/etc/letsencrypt/live/myhost.com/cert.pem<http://myhost.com/cert.pem>
register: certdate
tags:
- ck_cert_date
- debug: msg={{ certdate.stdout_lines }}
tags:
- ck_cert_date
- name: Remove pem files stored temporarily
ansible.builtin.file:
path: |
'/home/deploy/privkey{{ pemno }}.pem'
'/home/deploy/cert{{ pemno }}.pem'
'/home/deploy/chain{{ pemno }}.pem'
'/home/deploy/fullchain{{ pemno }}.pem'
'/tmp/privkey{{ pemno }}.pem'
'/tmp/cert{{ pemno }}.pem'
'/tmp/chain{{ pemno }}.pem'
'/tmp/fullchain{{ pemno }}.pem'
state: absent
tags:
- delfiles
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/8dc92686-4fc0-4bf5-89b7-43e87e7fd397n%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/8dc92686-4fc0-4bf5-89b7-43e87e7fd397n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
[email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ff8e7017-545c-48f0-99da-b719d789101bn%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/ff8e7017-545c-48f0-99da-b719d789101bn%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7AD6FD44-385B-45BD-876C-E1AAB7D65F0E%40nist.gov.
