Skip to content

Instantly share code, notes, and snippets.

@goldyfruit goldyfruit/pki.yml
Last active Mar 2, 2016

Embed
What would you like to do?
[ansible] Running keystone-manage pki_setup on one host and send SSL certificates on other nodes
---
- name: Ansible tests playbook
hosts: all
remote_user: root
tasks:
- name: Running PKI setup and creating a tarball with certificates
shell:
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone && \
cd /etc/keystone/ && \
tar czf ssl_keystone.tar.gz ssl/
run_once: true
- name: Fetching Keystone SSL certs
fetch:
src=/etc/keystone/ssl_keystone.tar.gz
dest=/tmp/
flat=yes
- name: Unarchiving PKI SSL files
unarchive:
src=/tmp/ssl_keystone.tar.gz
dest=/etc/keystone
owner=keystone
group=keystone
mode=0640
when: inventory_hostname != play_hosts[0]
@goldyfruit

This comment has been minimized.

Copy link
Owner Author

goldyfruit commented Mar 2, 2016

Explanations:

  1. - Run keystone-manage pki_setup command on one node only (run_once: true)
  2. - Create a tarball with SSL certificates (/etc/keystone/ssl)
  3. - Fetch the tarball on the Ansible master
  4. - Unarchiving the tarball in /etc/keystone/ for nodes different of play_hosts[0]

run_once get the first host of the inventory or the first host of a group, so it should be equal to play_hosts[0]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.