What module(s) to use for Ansible to act on group of hosts

Can someone help me get my head wrapped around this?

I have a group of over 500 hosts. I want one central server to perform an action locally and create host-specific files for each host. It seems that if I try to use a hosts file, the action would then be performed on each host and I don’t want that.

I need to figure out how to get Ansible to read from a list of hosts, creating files for each host. So host1.file, then host2.file, then host3.file. I’m just not sure what module(s) to use for this effort.

I’m not sure if I really understand. Do you want to create those files on the host where you run ansible?

If this is the case, maybe using a hosts file / normal inventory and delegate_to: localhost might help you.

use template module, but as mariolenz suggested, you want to delegate_to: localhost to ensure the work is done on one host ( or ‘nfs_server’, wherever you want the files to live).

What I’m trying to do is to create the *crt and *.key files necessary to have encrypted rsyslog working. So I would need to run this playbook on our CA server, then figure out a way to copy all those host-specific files to the correct host (that’s a hurdle for another day).
How could I feed ansible a list to run our key creation script against so that host1.crt, host1.key; host2.crt; host2.key is created in some directory on the CA. Later I’d figure out how to send them to the correct host.

Encrypted rsyslog is working within our org, but only against the servers, which there’s only about 40 or so. So running the certificate generation script against them manually was easy. I feel like by the time I figure out how to put a playbook together to do the 500 workstations, I could have just done it manually. But they insist it be automated.

so in general you create the certificate request at each server, copy it to the CA, generate the signed cert, then copy it back to the original host.

There are several ways to do this, I recommend 3 sections (using 1 block to delegate) you can also do 3 plays or other:

  • play 1
    • hosts: all
    • generate requests
    • copy requests to controller (use fetch)
      block: (delegate_to: CA server)
    • copy requests files
    • generate signed
    • copy signed back to controller (fetch again)
      end block
    • copy signed to host
    • clean up files on controller
1 Like