Good morning. Here's a bit of a challenge. I'm working on a playbook to get
certs from letsencrypt, then put those into zone files. Rather than use the
Ansible letsencrypt module, we've written a Perl script to get the certs.
For each domain that we get certs for, a separate file named
<domain>-le.txt is created in /etc/ansible/playbooks/files. It looks like
this:
*mydomain.com*
*cert1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx*
*cert2yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy*
I need to extract the certs and put them into the domain's zone file. This
is what the playbook looks like right now, where we currently have to paste
in the certs, as can be seen from the two prompts. That's what I'm trying
to further automate:
*---- hosts: dns1,dns2 gather_facts: yes*
* become: yes become_method: sudo vars_prompt: - name: "zonefile"
prompt: "Enter host domain name" private: no - name:
"acmechallenge1" prompt: "Enter first DNS TXT record" private:
no - name: "acmechallenge2" prompt: "Enter second DNS TXT record"
private: no vars: serial_num: "{{ lookup('pipe', 'date +%Y%m%d%S')
}}" year: "{{ lookup('pipe', 'date +%Y) }}" zonedir:
'/var/named/chroot/var/named/' tasks:*
* - name: Create backup of zone file shell: cp
/var/named/chroot/var/named/{{ zonefile }}.hosts /root/zonebackups/{{
zonefile }}.hosts.{{ ansible_date_time.iso8601 }} tags: -
backup - name: Remove old TXT entries replace: path: "{{
item }}" regexp: '^_acme-challenge.*\n' replace: ''
after: "Lets Encrypt Validation" backup: yes with_items: '{{
zonedir }}{{ zonefile }}.hosts' tags: - remove - name:
Update serial number replace: dest: "{{ item }}" regexp:
'202[3-5][0-1][0-9][0-9][0-9][0-9][0-9]' replace: '{{ serial_num
}}' with_items: '{{ zonedir }}{{ zonefile }}.hosts' tags:
- updsrl - name: Add TXT entry 1 to zone file lineinfile:*
* dest: "{{ item }}" insertafter: EOF line:
'_acme-challenge TXT "{{ acmechallenge1
}}"' with_items: '{{ zonedir }}{{ zonefile }}.hosts' register:
add_txt1 - name: Add TXT entry 2 to zone file lineinfile:
dest: "{{ item }}" insertafter: EOF line: '_acme-challenge
TXT "{{ acmechallenge2 }}"'
with_items: '{{ zonedir }}{{ zonefile }}.hosts' register: add_txt2
- name: Show add_txt ansible.builtin.debug: var: add_txt1 -
name: Show add_txt ansible.builtin.debug: var: add_txt2 -
name: reload named-chroot service: name: named-chroot
state: reloaded tags: - restart_named*
Getting this more fullu automated would be huge. Your help would be most
appreciated.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/54de77a5-70fc-4b99-b240-ead1e7b09246n%40googlegroups.com.
