I have a setup task that runs when I first create a server, and also at various points in larger playbooks so I can ensure that the baseline state is still maintained. On initial run, ansible_fqdn isn't necessarily correct, so I pass in a fqdn variable on the command line. After that. If I don't explicitly pass fqdn, it can be assumed that ansible_fqdn is accurate.
I also push out SSL certificates by default, but have introduced a noSSL flag for simple hosts that I don't care to set up SSL on.
So I have tasks that look like this:
- name: Copy SSL certificate
copy: src=../ssl/$fqdn.crt dest=/etc/ssl/certs mode=0400
when_set: $fqdn
# when_unset: $noSSL
# notify: $sslHandlers
- name: Copy SSL key
copy: src=../ssl/$fqdn.key dest=/etc/ssl/private mode=0400
when_set: $fqdn
# when_unset: $noSSL
# notify: $sslHandlers
- name: Copy SSL certificate
copy: src=../ssl/$ansible_fqdn.crt dest=/etc/ssl/certs mode=0400
when_unset: $fqdn and $noSSL
# notify: $sslHandlers
- name: Copy SSL key
copy: src=../ssl/$ansible_fqdn.key dest=/etc/ssl/private mode=0400
when_unset: $fqdn and $noSSL
# notify: $sslHandlers
Except the first two with $fqdn don't work with the when_unset uncommented. Basically I'd like to check that fqdn is defined and noSSL isn't. Is there a way to do this?
Even better would be to get rid of this duplication and, say, set fqdn to a command line value, or to ansible_fqdn if it isn't defined. Then the when_set can go, and I'm only checking for one condition. Is this doable?
Thanks.