Last active
March 2, 2016 21:19
-
-
Save goldyfruit/9f88760ee4382f0e993b to your computer and use it in GitHub Desktop.
[ansible] Running keystone-manage pki_setup on one host and send SSL certificates on other nodes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - name: Ansible tests playbook | |
| hosts: all | |
| remote_user: root | |
| tasks: | |
| - name: Running PKI setup and creating a tarball with certificates | |
| shell: | |
| keystone-manage pki_setup --keystone-user keystone --keystone-group keystone && \ | |
| cd /etc/keystone/ && \ | |
| tar czf ssl_keystone.tar.gz ssl/ | |
| run_once: true | |
| - name: Fetching Keystone SSL certs | |
| fetch: | |
| src=/etc/keystone/ssl_keystone.tar.gz | |
| dest=/tmp/ | |
| flat=yes | |
| - name: Unarchiving PKI SSL files | |
| unarchive: | |
| src=/tmp/ssl_keystone.tar.gz | |
| dest=/etc/keystone | |
| owner=keystone | |
| group=keystone | |
| mode=0640 | |
| when: inventory_hostname != play_hosts[0] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Explanations:
keystone-manage pki_setupcommand on one node only (run_once: true)/etc/keystone/ssl)/etc/keystone/for nodes different ofplay_hosts[0]run_onceget the first host of the inventory or the first host of a group, so it should be equal toplay_hosts[0]