-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathupdate_aap_certificates.yml
99 lines (83 loc) · 2.62 KB
/
update_aap_certificates.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
---
- name: Collect certificates to push to AAP
hosts: micro.lan
gather_facts: no
become: yes
vars:
remote_base_dir: "/etc/letsencrypt"
remote_certs: "certs"
remote_keys: "keys"
certificate_file: "aapnew.opti.blasco.id.au-fullchain.crt"
key_file: "aapnew.opti.blasco.id.au.key"
local_tmp_dir: "/var/tmp/aap_certificates"
tasks:
- name: Pull the certificates down
ansible.builtin.fetch:
src: "{{ item }}"
dest: "{{ local_tmp_dir }}/"
flat: true
loop:
- "{{ remote_base_dir }}/{{ remote_certs }}/{{ certificate_file }}"
- "{{ remote_base_dir }}/{{ remote_keys }}/{{ key_file }}"
register: synchronize_output
tags:
- remotefiles
- name: Show synchronization output
ansible.builtin.debug:
var: synchronize_output
tags:
- remotefiles
- name: Set facts for the next play
ansible.builtin.set_fact:
certificate_file: "{{ certificate_file }}"
key_file: "{{ key_file }}"
local_tmp_dir: "{{ local_tmp_dir }}"
- name: Show the host vars
ansible.builtin.debug:
var: hostvars['micro.lan']['certificate_file']
- name: Copy updated certificates to AAP
hosts: aapnew.opti.blasco.id.au
gather_facts: no
become: yes
become_user: aap
vars:
# Grab the facts set in the previous play so they are easier to use here
certificate_file: "{{ hostvars['micro.lan']['certificate_file'] }}"
key_file: "{{ hostvars['micro.lan']['key_file'] }}"
local_tmp_dir: "{{ hostvars['micro.lan']['local_tmp_dir'] }}"
tasks:
- name: Show the host vars
ansible.builtin.debug:
var: hostvars['micro.lan']['certificate_file']
- name: Push the certificates out
ansible.builtin.copy:
src: "{{ local_tmp_dir }}/{{ certificate_file }}"
dest: "{{ item }}"
mode: '0644'
loop:
- "~/aap/controller/etc/tower.cert"
- "~/aap/hub/etc/pulp.cert"
- "~/aap/eda/etc/eda.cert"
notify:
- Restart AAP front-end
- name: Push the keys out
ansible.builtin.copy:
src: "{{ local_tmp_dir }}/{{ key_file }}"
dest: "{{ item }}"
mode: '0400'
loop:
- "~/aap/controller/etc/tower.key"
- "~/aap/hub/etc/pulp.key"
- "~/aap/eda/etc/eda.key"
notify:
- Restart AAP front-end
handlers:
- name: Restart AAP front-end
ansible.builtin.service:
name: "{{ item }}"
state: restarted
scope: user
loop:
- automation-controller-web.service
- automation-hub-web.service
- automation-eda-web.service