Hi,
Trying to create an ec2 instance using ansible. which will host a normal webserver but not sure on how to add the self signed certificate to the http - webserver using ansible.
Also how to redirect all the http request to https one using ansible. Could you please suggest. thank you.
Coach,
how do you currently do your certs? you can either use the letsencrypt modules, use copy to put it on webserver you build or use get_url. You can also do the same for the webserver config you are using. You can also template the config file.
Hi,
how do you currently do your certs? you can either use the letsencrypt
modules,
the letsencrypt module was renamed to acme_certificate (to not violate
Let's Encrypt's trademark) for Ansible 2.6.
(The renamed module's documentation: https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html)
Note that it's also possible to use acme-tiny
(https://github.com/diafygi/acme-tiny/) with Ansible using the
openssl_certificate module
(https://docs.ansible.com/ansible/latest/modules/openssl_certificate_module.html).
Depending on your use-case, this can be much simpler than using the
acme_certificate module. There are also roles encapsulating the
acme_certificate module and make it easier to use (for example, one by
myself: https://github.com/felixfontein/acme-certificate/).
Cheers,
Felix
thanks Jonathan for reciprocating, i use the openssl on the OS to generate the pem file and then the crt file but i am checking on how to achieve this on ansible.
just like a private self signed certificate for internal use for the webserver that will be provisioned.
Could you please suggest with your expert advise.
You can do it with the same command that you usually use, Ansible can run OS commands with the command and the shell modules.
Hi Coach,
you can also use the following modules:
* openssl_privatekey to generate the private key
(https://docs.ansible.com/ansible/latest/modules/openssl_privatekey_module.html)
* openssl_csr to generate the CSR
(https://docs.ansible.com/ansible/latest/modules/openssl_csr_module.html)
* openssl_certificate to generate the self-signed certificate
(https://docs.ansible.com/ansible/latest/modules/openssl_certificate_module.html)
Please check out the documentation, it also contains example on how to
use the modules.
Cheers,
Felix
thanks kai…
thanks felix for the module
Could you please help … am unable to retrieve the public ip address of the ec2 instance to add it to the host inventory…
name: Create an ec2 instance
ec2:
key_name: “{{ keypair }}”
group: sg_webserver_group
instance_type: “{{ instance_type}}”
image: “{{ ami }}”
wait: true
region: “{{ region }}”
assign_public_ip: yes
register: ec2
debug: var=ec2.instances.public_ip (or var=ec2.public_ip doesnt give the public ip rather gives undefined variable but whereas var=ec2 gives all the details)
name: Add the newly created host
add_host:
name: “{{ item.public_ip }}”
groups: webserver
with_items: “{{ ec2.instances }}”
Thank you
any valuable inputs from you experts …not sure if calling it the right way after register the variable…
Hi Coach,
you might want to start a new thread for a new question about something
completely different. Re-using the old thread might cause people who
could otherwise help you ignore your question because they think it is
about the old topic. Also, the people who answered to the old thread
earlier might now know enough to answer your new question. That's the
case for me and your new question, as I've never used the ec2 module.
Cheers,
Felix
sure