Ah, I thought I was done with this. But,now, running the Perl script
failed. I guess the script module only works with bash scripts? So, that's
probably out. Among other things, I tried this, but it didn't work:
tasks:
- name: Run scripts to create Letsencrypt keys
local_action: ansible.builtin.shell
/etc/ansible/playbooks/files/renew_le_domain.pl {{ domain }}
~
This is the last piece I need to make this work completely.
On Wednesday, March 6, 2024 at 11:52:00 AM UTC-5 Dimitri Yioulos wrote:
> Hey, Stuart. Yup, use of set_fact was really the key (pardon the pun).
> Here's the playbook, which now works perfectly, if it might be useful to
> anyone else (the debug stuff in it can, of course, be removed):
>
>
>
>
> *---- hosts: dns1,dns2 gather_facts: True*
>
>
>
>
>
>
> * become: yes become_method: sudo vars_prompt:*
> * - name: "domain"*
>
>
>
>
> * prompt: "Enter host domain name" private: no*
>
>
>
>
> * vars: serial_num: "{{ lookup('pipe', 'date +%Y%m%d%S') }}" year:
> "{{ lookup('pipe', 'date +%Y) }}" zonedir:
> '/var/named/chroot/var/named/'*
>
>
> * keys: "{{ lookup('file', '{{ domain }}-le.txt') }}" tasks:*
>
>
>
>
>
>
>
>
>
>
>
>
> * - name: Run scripts to create Letsencrypt keys script:
> renew_le_domain.pl <http://renew_le_domain.pl> delegate_to: localhost
> tags: - createkeys - name: set fact set_fact:
> extract_key1: "{{ keys.split('\n')[1] }}" extract_key2: "{{
> keys.split('\n')[2] }}" tags:*
>
>
>
>
>
>
>
>
>
>
>
> * - key - name: Print le file ansible.builtin.debug:
> msg: "{{ item }}" with_items: - "{{ extract_key1 }}" -
> "{{ extract_key2 }}" delegate_to: localhost run_once: yes
> tags: - key*
>
>
>
> * - name: Create backup of zone file*
> * shell: cp /var/named/chroot/var/named/{{ domain }}.hosts
> /root/zonebackups/{{ domain }}.hosts.{{ ansible_date_time.iso8601 }}*
>
>
>
>
>
> * tags: - backup - name: Remove old TXT entries*
> * become: yes*
>
>
>
>
>
>
>
> * replace: path: "{{ item }}" regexp:
> '^_acme-challenge.*\n' replace: '' after: "Lets Encrypt
> Validation" backup: yes*
>
> * with_items: '{{ zonedir }}{{ domain }}.hosts'*
>
>
>
>
> * tags: - remove - name: Update serial number*
> * become: yes*
>
>
>
>
>
> * replace: dest: "{{ item }}" regexp:
> '202[3-5][0-1][0-9][0-9][0-9][0-9][0-9]' replace: '{{ serial_num }}'*
> * with_items: '{{ zonedir }}{{ domain }}.hosts'*
>
>
>
>
>
> * tags: - updsrl - name: Add TXT entry 1 to zone file*
> * become: yes*
>
>
>
>
> * lineinfile: dest: "{{ item }}" insertafter: EOF*
>
> * line: '_acme-challenge TXT
> "{{ extract_key1 }}"' with_items: '{{ zonedir }}{{ domain }}.hosts'*
>
>
>
>
>
>
>
> * register: add_txt1 - name: Add TXT entry 2 to zone file
> lineinfile: dest: "{{ item }}" insertafter: EOF*
>
>
> * line: '_acme-challenge TXT
> "{{ extract_key2 }}"' with_items: '{{ zonedir }}{{ domain }}.hosts'*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> * register: add_txt2 - name: Show add_txt
> ansible.builtin.debug: var: add_txt1 - name: Show add_txt
> ansible.builtin.debug: var: add_txt2 - name: reload named-chroot
> service: name: named-chroot state: reloaded tags:
> - restart_named*
> On Wednesday, March 6, 2024 at 11:02:09 AM UTC-5 Stuart Lowe wrote:
>
>> Probably dirty but something like reading out the file and setting facts
>> based on the line?
>>
>> - name: Read certificate file
>>
>> shell: cat {{ certdir }}/{{ zonefile }}-le.txt
>>
>> register: cert_content
>>
>>
>>
>> - name: Set cert variables from file
>>
>> set_fact:
>>
>> acmechallenge1: "{{ cert_content.stdout_lines[1] }}"
>>
>> acmechallenge2: "{{ cert_content.stdout_lines[2] }}"
>>
>>
>>
>> *From:* ansible...@googlegroups.com <ansible...@googlegroups.com> *On
>> Behalf Of *Dimitri Yioulos
>> *Sent:* Wednesday, March 6, 2024 2:09 PM
>> *To:* Ansible Project <ansible...@googlegroups.com>
>> *Subject:* [ansible-project] Parsing a local file to get variables
>>
>>
>>
>> You don't often get email from dyio...@gmail.com. Learn why this is
>> important <https://aka.ms/LearnAboutSenderIdentification>
>>
>>
>>
>> *Caution:* This email originated from outside of the organisation. Do
>> not click links or open attachments unless you recognise the sender and
>> know the content is safe
>>
>>
>>
>> Good morning. Here's a bit of a challenge. I'm working on a playbook to
>> get certs from letsencrypt, then put those into zone files. Rather than use
>> the Ansible letsencrypt module, we've written a Perl script to get the
>> certs. For each domain that we get certs for, a separate file named
>> <domain>-le.txt is created in /etc/ansible/playbooks/files. It looks like
>> this:
>>
>> *mydomain.com <http://mydomain.com>*
>>
>> *cert1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx*
>>
>> *cert2yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy*
>>
>>
>>
>> I need to extract the certs and put them into the domain's zone file.
>> This is what the playbook looks like right now, where we currently have to
>> paste in the certs, as can be seen from the two prompts. That's what I'm
>> trying to further automate:
>>
>>
>>
>>
>> *--- - hosts: dns1,dns2 gather_facts: yes*
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> * become: yes become_method: sudo vars_prompt: - name:
>> "zonefile" prompt: "Enter host domain name" private: no -
>> name: "acmechallenge1" prompt: "Enter first DNS TXT record"
>> private: no - name: "acmechallenge2" prompt: "Enter second DNS
>> TXT record" private: no vars: serial_num: "{{ lookup('pipe',
>> 'date +%Y%m%d%S') }}" year: "{{ lookup('pipe', 'date +%Y) }}"
>> zonedir: '/var/named/chroot/var/named/' tasks:*
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> * - name: Create backup of zone file shell: cp
>> /var/named/chroot/var/named/{{ zonefile }}.hosts /root/zonebackups/{{
>> zonefile }}.hosts.{{ ansible_date_time.iso8601 }} tags: -
>> backup - name: Remove old TXT entries replace: path: "{{
>> item }}" regexp: '^_acme-challenge.*\n' replace: ''
>> after: "Lets Encrypt Validation" backup: yes with_items: '{{
>> zonedir }}{{ zonefile }}.hosts' tags: - remove - name:
>> Update serial number replace: dest: "{{ item }}"
>> regexp: '202[3-5][0-1][0-9][0-9][0-9][0-9][0-9]' replace: '{{
>> serial_num }}' with_items: '{{ zonedir }}{{ zonefile }}.hosts'
>> tags: - updsrl - name: Add TXT entry 1 to zone file
>> lineinfile:*
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> * dest: "{{ item }}" insertafter: EOF line:
>> '_acme-challenge TXT "{{ acmechallenge1
>> }}"' with_items: '{{ zonedir }}{{ zonefile }}.hosts' register:
>> add_txt1 - name: Add TXT entry 2 to zone file lineinfile:
>> dest: "{{ item }}" insertafter: EOF line: '_acme-challenge
>> TXT "{{ acmechallenge2 }}"'
>> with_items: '{{ zonedir }}{{ zonefile }}.hosts' register: add_txt2
>> - name: Show add_txt ansible.builtin.debug: var: add_txt1
>> - name: Show add_txt ansible.builtin.debug: var: add_txt2
>> - name: reload named-chroot service: name: named-chroot
>> state: reloaded tags: - restart_named*
>>
>>
>>
>> Getting this more fullu automated would be huge. Your help would be most
>> appreciated.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-proje...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/54de77a5-70fc-4b99-b240-ead1e7b09246n%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/54de77a5-70fc-4b99-b240-ead1e7b09246n%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> ---------------
>>
>> *Stuart Lowe* He/Him
>> Zen Cloud Engineering - Team Leader
>> *Zen Internet*
>> Team: 01706 902009
>> www.zen.co.uk
>>
>> Proud to be a certified B Corporation
>>
>> This message is private and confidential. If you have received this
>> message in error, please notify us and remove it from your system.
>>
>> Zen Internet Limited may monitor email traffic data to manage billing, to
>> handle customer enquiries, and for the prevention and detection of fraud.
>> We may also monitor the content of emails sent to and/or from Zen Internet
>> Limited for the purposes of security, staff training and to monitor the
>> quality of service.
>> Zen Internet Limited is registered in England and Wales, Sandbrook Park,
>> Sandbrook Way, Rochdale, OL11 1RY Company No. 03101568 VAT Reg No. 686 0495
>> 01
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/11720df4-4ab1-473e-b877-fa1f0666bf32n%40googlegroups.com.
