Hello,
I wrote a script for updating Lets Encrypt certs and I wondering which directory stucture should be used for storing the certs and keys? Currently I have a relative filepath hardcoded, but maybe there are better soutions for that?
Thanks a lot!
Thomas
Hi there,
I have a similar setup for my LE certs, I have my Ansible controller maintain the cert files (as it has access to my DNS to maintain the challenge records). But I donβt consider them βstateβ that should be maintained in my git repo.
So I have them sitting in a folder called resources in the tree where I store all Ansible related stuff:
ansible
βββ projects
β βββ stuff
β βββ cache
β βββ collections
β βββ files -> playbooks/files/
β βββ group_vars -> inventory/group_vars
β βββ host_vars -> inventory/host_vars/
β βββ inventory
β βββ library
β βββ playbooks
β βββ roles
β βββ scripts
βββ resources
β βββ stuff
β βββ acme
β βββ edge_router_conf
β βββ zabbix
βββ tools
β βββ ansible-utils
βββ vaults
Same goes for vault, obviously ;-), that directory contains a GPG encrypted file that contains the Ansible-Vault passphrase.
Also, these are my βmanagementβ scripts for Ansible: GitHub - Thulium-Drake/ansible-utils: Toolkit to make running Ansible even better
Hello @Thulium-Drake,
I assume βansible/β is your working directory from where you call the playbooks? How do you refer from the projects/stuff/roles/β¦ to the resources directory?
Heya,
Nope, the Ansible βProjectβ is the projects/stuff folder (stuff is the name of the project in this case), thatβs what houses my Ansible configuration (and what I have stored in Git).
In the scripts Iβve mentioned earlier I basically do a few steps before starting the playbook:
<wherever>/ansible/projects/stuff)git pull, sometimes with extra magic to clear out any uncommitted changes)ansible playbooks/my_playbook.yml)And thereβs multiple ways to refer to the resources/stuff folder(s), Iβve used absolute paths in my playbooks/roles so far. But if you want relative links, the best would be to make a symlink to the projects/stuff/playbooks folder, as that can be referred to from within playbooks.
I do the same for the projects/stuff/playbooks/files folder, because thatβs in the playbooks folder, Ansible will try looking there for any path that looks like this: files/some/thing.txt
Does that make it a bit more clear? 
Thanks for the explaination, itβs clear now
@Thulium-Drake
one more question: If I run the playbook with ansible playbooks/my_playbook.yml the roles are searched inside the playbooks folder in the subfolder playbooks/roles (At least in my test environment). How can you use the roles in your stuff/roles/ folder?
By telling Ansible where they are 
:
[defaults]
interpreter_python = auto_silent
retry_files_enabled = False
inventory = inventory
remote_user = ansible
ansible_managed = This file is managed with Ansible, your changes will be lost!
stdout_callback = community.general.yaml
roles_path = roles
collections_path = collections
forks = 10
action_plugins = library/action
callback_plugins = library/callback
lookup_plugins = library/lookup
library = library/modules
gathering = smart
fact_caching = jsonfile
fact_caching_connection = cache
# 18 hours
fact_caching_timeout = 64800
[inventory]
cache= true
cache_plugin = jsonfile
# 18 hours
cache_timeout = 64800
[privilege_escalation]
become = true
[ara]
api_client = http
api_server = http://localhost:8000
#api_username = user
#api_password = password
api_timeout = 15
ignored_facts = '["ansible_env", "ansible_all_ipv4_addresses"]'
ignored_arguments = '["extra_vars", "vault_password_files"]'
NOTE: this is the ansible.cfg in the <wherever>/ansible/projects/stuff folder
ah, I see Thanks a lot!