Hello the list,
I’m quite new in Ansible world and I just wrote an Ansible role and playbook to handle my Let’s Encrypt SSL certificates.
Here is my role :
Hello the list,
I’m quite new in Ansible world and I just wrote an Ansible role and playbook to handle my Let’s Encrypt SSL certificates.
Here is my role :
a)
Call playbook several times using parameter --extra-vars to provide a different set of
Vars each time
b)
Call the role several times in the playbook with a different set of vars each time
Read the docs regarding extra-vars and role vars
Hello,
Thanks to you suggestion, I re-factored my code and putting the variables into vars/meddle.yml :
The playbook looks now like this :
What do you expect it to contain?
Since you haven't provided the role code I'll have to guess you are using ssl_cert.key, ssl_cert.csr and so on in you role code.
If so you need change the vars file to:
ssl_certs:
mailgate:
key: '/etc/ssl/private/letsencrypt_meddle.example.com_mailgate.key'
csr: '/tmp/letsencrypt_meddle.example.com_mailgate.csr'
crt: '/etc/ssl/certs/letsencrypt_meddle.example.com_mailgate.pem'
fullchain_crt: '/etc/ssl/certs/letsencrypt_meddle.example.com_mailgate_fullchain.pem'
email: 'postmaster@example.com'
subjectAltName: 'DNS:mail.example.com,DNS:smtp.example.com,DNS:imap.example.com'
http:
key: '/etc/ssl/private/letsencrypt_meddle.example.com_http.key'
csr: '/tmp/letsencrypt_meddle.example.com_http.csr'
crt: '/etc/ssl/certs/letsencrypt_meddle.example.com_http.pem'
fullchain_crt: '/etc/ssl/certs/letsencrypt_meddle.example.com_http_fullchain.pem'
email: 'webmaster@example.com'
subjectAltName: 'DNS:example.com,DNS:www.example.com,DNS:webmail.example.com,DNS:photo.example.com'
And roles to:
- { role: sslcert, ssl_cert: '{{ ssl_certs.mailgate }}' }
- { role: sslcert, ssl_cert: '{{ ssl_certs.http }}' }
I am a little confused in this discussion - looks like the OP is using individual certs but Kai Stian Olstad, you are using a SAN cert, no?
I am currently working on getting a playbook together to manage a SAN cert on haproxy - works pretty well but still a few manual steps.
I just took the OP variable ssl_certs and changed it from a list to a dict, to make it work when providing parameters to the role.