call a role with different parameters from the same playbook

Hello the list,

I’m quite new in Ansible world and I just wrote an Ansible role and playbook to handle my Let’s Encrypt SSL certificates.

Here is my role :

a)
Call playbook several times using parameter --extra-vars to provide a different set of
Vars each time

b)
Call the role several times in the playbook with a different set of vars each time

Read the docs regarding extra-vars and role vars

Hello,

Thanks to you suggestion, I re-factored my code and putting the variables into vars/meddle.yml :

  • ssl_certs:
  • mailgate:
    key: ‘/etc/ssl/private/letsencrypt_meddle.example.com_mailgate.key’
    csr: ‘/tmp/letsencrypt_meddle.example.com_mailgate.csr’
    crt: ‘/etc/ssl/certs/letsencrypt_meddle.example.com_mailgate.pem’
    fullchain_crt: ‘/etc/ssl/certs/letsencrypt_meddle.example.com_mailgate_fullchain.pem’
    email: ‘postmaster@example.com’
    subjectAltName: ‘DNS:mail.example.com,DNS:smtp.example.com,DNS:imap.example.com’
  • http:
    key: ‘/etc/ssl/private/letsencrypt_meddle.example.com_http.key’
    csr: ‘/tmp/letsencrypt_meddle.example.com_http.csr’
    crt: ‘/etc/ssl/certs/letsencrypt_meddle.example.com_http.pem’
    fullchain_crt: ‘/etc/ssl/certs/letsencrypt_meddle.example.com_http_fullchain.pem’
    email: ‘webmaster@example.com’
    subjectAltName: ‘DNS:example.com,DNS:www.example.com,DNS:webmail.example.com,DNS:photo.example.com’

The playbook looks now like this :

What do you expect it to contain?
Since you haven't provided the role code I'll have to guess you are using ssl_cert.key, ssl_cert.csr and so on in you role code.
If so you need change the vars file to:

ssl_certs:
   mailgate:
     key: '/etc/ssl/private/letsencrypt_meddle.example.com_mailgate.key'
     csr: '/tmp/letsencrypt_meddle.example.com_mailgate.csr'
     crt: '/etc/ssl/certs/letsencrypt_meddle.example.com_mailgate.pem'
     fullchain_crt: '/etc/ssl/certs/letsencrypt_meddle.example.com_mailgate_fullchain.pem'
     email: 'postmaster@example.com'
     subjectAltName: 'DNS:mail.example.com,DNS:smtp.example.com,DNS:imap.example.com'
   http:
     key: '/etc/ssl/private/letsencrypt_meddle.example.com_http.key'
     csr: '/tmp/letsencrypt_meddle.example.com_http.csr'
     crt: '/etc/ssl/certs/letsencrypt_meddle.example.com_http.pem'
     fullchain_crt: '/etc/ssl/certs/letsencrypt_meddle.example.com_http_fullchain.pem'
     email: 'webmaster@example.com'
     subjectAltName: 'DNS:example.com,DNS:www.example.com,DNS:webmail.example.com,DNS:photo.example.com'

And roles to:
   - { role: sslcert, ssl_cert: '{{ ssl_certs.mailgate }}' }
   - { role: sslcert, ssl_cert: '{{ ssl_certs.http }}' }

I am a little confused in this discussion - looks like the OP is using individual certs but Kai Stian Olstad, you are using a SAN cert, no?

I am currently working on getting a playbook together to manage a SAN cert on haproxy - works pretty well but still a few manual steps.

I just took the OP variable ssl_certs and changed it from a list to a dict, to make it work when providing parameters to the role.