devops - ansible different sections, different hosts same playbook -
i have use case need task (reissue ssl certs). steps go this:
- open port on ca server
- generate cert on normal server, contacts ca
- close port on ca server
this means have playbook looks this:
- name: open port hosts: caserver become: yes tasks: - name: open firewall iptables: chain=fwr protocol=tcp source={{ item }} destination_port=8888 jump=accept state=present with_inventory_hostnames: here??? - name: generate ssl certificate hosts: all:!caserver become: yes roles: - sslcert - name: close port hosts: caserver become: yes tasks: - name: close firewall iptables: chain=fwr protocol=tcp source={{ item }} destination_port=8888 jump=accept state=absent with_inventory_hostnames: here???
then call command line using limits control machines re-issued.
ansible-playbook -i hosts -l myserver,caserver -c ssh --ask-vault-pass -k generate_certs.yml
the problem not opening port on caserver.
i have been trying of magic variables , no luck.
i thinking have create group in hosts
file , use that. i'd make group, re-issue , remove them group.
i'd not shuffle there better way in ansible?
you should use delegation.
- name: generate ssl certificate hosts: all:!caserver become: yes pre_tasks: - name: open firewall iptables: chain=fwr protocol=tcp source={{ inventory_hostname }} destination_port=8888 jump=accept state=present delegate_to: caserver roles: - sslcert tasks: - name: close firewall iptables: chain=fwr protocol=tcp source={{ inventory_hostname }} destination_port=8888 jump=accept state=absent delegate_to: caserver
Comments
Post a Comment