devops - ansible different sections, different hosts same playbook -


i have use case need task (reissue ssl certs). steps go this:

  • open port on ca server
  • generate cert on normal server, contacts ca
  • close port on ca server

this means have playbook looks this:

- name: open port   hosts: caserver   become: yes   tasks:     - name: open firewall       iptables: chain=fwr protocol=tcp source={{ item }} destination_port=8888 jump=accept state=present       with_inventory_hostnames: here???  - name: generate ssl certificate   hosts: all:!caserver   become: yes   roles:     - sslcert  - name: close port   hosts: caserver   become: yes   tasks:     - name: close firewall       iptables: chain=fwr protocol=tcp source={{ item }} destination_port=8888 jump=accept state=absent       with_inventory_hostnames: here??? 

then call command line using limits control machines re-issued.

ansible-playbook -i hosts -l myserver,caserver -c ssh --ask-vault-pass -k generate_certs.yml 

the problem not opening port on caserver.

i have been trying of magic variables , no luck.

i thinking have create group in hosts file , use that. i'd make group, re-issue , remove them group.

i'd not shuffle there better way in ansible?

you should use delegation.

- name: generate ssl certificate   hosts: all:!caserver   become: yes    pre_tasks:     - name: open firewall       iptables: chain=fwr protocol=tcp source={{ inventory_hostname }} destination_port=8888 jump=accept state=present       delegate_to: caserver    roles:     - sslcert    tasks:     - name: close firewall       iptables: chain=fwr protocol=tcp source={{ inventory_hostname }} destination_port=8888 jump=accept state=absent       delegate_to: caserver 

Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -