This is based on https://kapuablog.wordpress.com/2019/11/26/ansible-reading-a-remote-yaml-file/
It has been used in $my_service to generate client certificates on a protected Certificate Authority (CA) server (accessible only to my Ansible Tower/AWX server) and is then distributed to the client nodes.
| - hosts: all | |
| tasks: | |
| - name: Create Client Certificate | |
| become: true | |
| delegate_to: "{{ ca_server }}" | |
| shell: | |
| cmd: "/opt/my_service/create_cert -name {{ inventory_hostname }}" | |
| chdir: /etc/my_service | |
| creates: "/etc/my_service/{{ inventory_hostname }}.crt" | |
| - name: Read CA.crt, node.crt and node.key | |
| # Based on https://kapuablog.wordpress.com/2019/11/26/ansible-reading-a-remote-yaml-file/ | |
| become: true | |
| delegate_to: "{{ ca_server }}" | |
| command: "cat '/etc/my_service/{{ item }}'" | |
| register: keymaterials | |
| loop: | |
| - ca.crt | |
| - "{{ inventory_hostname }}.crt" | |
| - "{{ inventory_hostname }}.key" | |
| - name: Transfer certificates to target | |
| become: true | |
| copy: | |
| content: "{{ item.stdout }}" | |
| dest: "/etc/my_service/{{ item.item }}" | |
| owner: root | |
| group: root | |
| mode: 0700 | |
| loop: "{{ keymaterials.results | default([]) }}" | |
| loop_control: | |
| label: "{{ item.item }}" |