Certificate issuance and copying files across servers

During our server provisioning process we issue certificates for new servers. Certificates are issued by running a script on our CA host after which the certificate files need to be copied to the provisioned server.
We’d like to include this as part of our Ansible based server provisioning process.

I tried including the certificate issuance task in our server provisioning playbook, but being a bit of a Ansible newbie, I’m running into problems.
When I run the certificate issuance task on host CA, I need to copy the certificate from host CA to the provisioned host P. Apparently, I can’t use copy or fetch because they work between the Ansible host A and the newly provisioned server P - instead of hosts CA and P. I’ve tried using the synchronize plugin, but ran into authentication problems since the usernames can be different on Ansible host A, and hosts CA and P. Also, the other tasks in the playbook are run using become, so synchronize authentication fails because it’s run as root.

Any recommendations on how to implement the certificate issuance task in Ansible?

marko

You can set become: no on a task and it should override the play default.

If that doesn't help , I'd just have one task retrieve the certs at
the top of the play, and then
push them out locally when you come to run tasks on the servers.

You can use fetch with delegate_to: CA, den the files will be fetched from the CA server instead of host P to host A, and then a copy will copy the files to host P.

Got it working with your suggestions - thanks guys!

marko