Good morning.
In the following playbook, i have prompts to capture certain information.
The created variables work fine in the first set of tasks in the playbook.
However, they don't carry over into the second set of tasks in the
playbook, based on what I've tried (as seen in the playbook, which is
probably not the most efficient). Is there a way to do this?
*---- hosts: localhost connection: local gather_facts: false
vars_prompt: - name: "domainfile" prompt: "Enter domain short
name" private: no - name: "pemno" prompt: "Enter the number of
the created pems" private: no #- name: "" #prompt: ""
#private: no tasks: - name: Create directory
ansible.builtin.file: path: '/home/deploy/{{ domainfile }}'
state: directory owner: deploy owner: deploy group:
deploy mode: '0755' tags: - create_dir - name: Copy
pem files to directory ansible.builtin.copy: src: "{{ item.src
}}" dest: '/home/deploy/{{ domainfile }}' owner: deploy
group: deploy mode: '0644' remote_src: yes
with_items: - { src: '/etc/letsencrypt/archive/myhost.com/privkey{{
pemno }}.pem' } - { src: '/etc/letsencrypt/archive/myhost.com/cert{{
pemno }}.pem' } - { src:
'/etc/letsencrypt/archive/myhost.com/chain{{ pemno }}.pem' } - {
src: '/etc/letsencrypt/archive/myhost.com/fullchain{{ pemno }}.pem' }
become: yes become_user: root become_method: sudo tags:
- copy_pems - name: Change privkey permission
ansible.builtin.file: path: '/home/deploy/{{ domainfile }}/privkey{{
pemno }}.pem' mode: '0600' tags: - chg_privkey_perm -
name: Save our variables to localhost facts for next tasks run_once:
yes delegate_to: localhost delegate_facts: yes set_fact:
domainfile: "{{ domainfile }}" pemno: "{{ pemno }}"- hosts:
another_host become: yes become_user: root become_method: sudo vars:
a_domainfile: "{{ domainfile }}" pemno: "{{ pemno }}" tasks: - name:
Copy pem files to hosts ansible.builtin.copy: src: "{{ item.src
}}" dest: "{{ item.dest }}" owner: root group: root
mode: preserve remote_src: yes with_items: - { src:
'/etc/letsencrypt/archive/myhost.com/privkey{{ pemno }}.pem' ,dest:
'/home/deploy/' } - { src:
'/etc/letsencrypt/archive/myhost.com/cert{{ pemno }}.pem' ,dest:
'/home/deploy/' } - { src:
'/etc/letsencrypt/archive/myhost.com/chain{{ pemno }}.pem' ,dest:
'/home/deploy/' } - { src:
'/etc/letsencrypt/archive/myhost.com/fullchain{{ pemno }}.pem',dest:
'/home/deploy/' } tags: - copypems - name: Copy pem files to
letsencrypt archive directory shell: cp -p '/home/deploy/{{ pemno
}}.pem /etc/letsencrypt/archive/myhost.com/' tags: - cppems
- name: Set selinux shell: | semanage fcontext -a -t etc_t
"/etc/letsencrypt/archive/myhost.com(/.*)?" restorecon -R -v
/etc/letsencrypt/archive/myhost.com/ tags: - selinux - name:
Unlink pems shell: | cd /etc/letsencrypt/live/myhost.com
unlink cert.pem ; 'ln -s /etc/letsencrypt/archive/myhost.com/cert{{
a_)pemno }}.pem cert.pem' unlink chain.pem ; 'ln -s
/etc/letsencrypt/archive/myhost.com/chain{{ pemno }}.pem chain.pem'
unlink fullchain.pem ; 'ln -s
/etc/letsencrypt/archive/myhost.com/fullchain{{ pemno }}.pem' unlink
privkey.pem ; 'ln -s /etc/letsencrypt/archive/myhost.com/privkey{{ pemno
}}.pem' tags: - unlink - name: Check apache shell: |
httpd -f /etc/httpd/conf/httpd.conf -t httpd -f
/etc/httpd/conf/httpd.conf -S register: ck_apache tags: -
check_apache - debug: msg={{ ck_apache.stderr_lines }} tags:
- check_apache - debug: msg={{ ck_apache.stdout }} tags: -
check_apache - name: Reload apache shell: systemctl reload httpd
tags: - reload_apache - name: Check cert expire date
shell: openssl x509 -enddate -noout -in
/etc/letsencrypt/live/myhost.com/cert.pem register: certdate
tags: - ck_cert_date - debug: msg={{ certdate.stdout_lines }}
tags: - ck_cert_date - name: Remove pem files stored
temporarily ansible.builtin.file: path: |
'/home/deploy/privkey{{ pemno }}.pem' '/home/deploy/cert{{ pemno
}}.pem' '/home/deploy/chain{{ pemno }}.pem'
'/home/deploy/fullchain{{ pemno }}.pem' '/tmp/privkey{{ pemno
}}.pem' '/tmp/cert{{ pemno }}.pem' '/tmp/chain{{ pemno
}}.pem' '/tmp/fullchain{{ pemno }}.pem' state: absent
tags: - delfiles*
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/8dc92686-4fc0-4bf5-89b7-43e87e7fd397n%40googlegroups.com.
