Probably dirty but something like reading out the file and setting facts based
on the line?
- name: Read certificate file
shell: cat {{ certdir }}/{{ zonefile }}-le.txt
register: cert_content
- name: Set cert variables from file
set_fact:
acmechallenge1: "{{ cert_content.stdout_lines[1] }}"
acmechallenge2: "{{ cert_content.stdout_lines[2] }}"
From: [email protected] <[email protected]> On
Behalf Of Dimitri Yioulos
Sent: Wednesday, March 6, 2024 2:09 PM
To: Ansible Project <[email protected]>
Subject: [ansible-project] Parsing a local file to get variables
You don't often get email from [email protected]<mailto:[email protected]>.
Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
Caution: This email originated from outside of the organisation. Do not click
links or open attachments unless you recognise the sender and know the content
is safe
Good morning. Here's a bit of a challenge. I'm working on a playbook to get
certs from letsencrypt, then put those into zone files. Rather than use the
Ansible letsencrypt module, we've written a Perl script to get the certs. For
each domain that we get certs for, a separate file named <domain>-le.txt is
created in /etc/ansible/playbooks/files. It looks like this:
mydomain.com
cert1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
cert2yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
I need to extract the certs and put them into the domain's zone file. This is
what the playbook looks like right now, where we currently have to paste in the
certs, as can be seen from the two prompts. That's what I'm trying to further
automate:
---
- hosts: dns1,dns2
gather_facts: yes
become: yes
become_method: sudo
vars_prompt:
- name: "zonefile"
prompt: "Enter host domain name"
private: no
- name: "acmechallenge1"
prompt: "Enter first DNS TXT record"
private: no
- name: "acmechallenge2"
prompt: "Enter second DNS TXT record"
private: no
vars:
serial_num: "{{ lookup('pipe', 'date +%Y%m%d%S') }}"
year: "{{ lookup('pipe', 'date +%Y) }}"
zonedir: '/var/named/chroot/var/named/'
tasks:
- name: Create backup of zone file
shell: cp /var/named/chroot/var/named/{{ zonefile }}.hosts
/root/zonebackups/{{ zonefile }}.hosts.{{ ansible_date_time.iso8601 }}
tags:
- backup
- name: Remove old TXT entries
replace:
path: "{{ item }}"
regexp: '^_acme-challenge.*\n'
replace: ''
after: "Lets Encrypt Validation"
backup: yes
with_items: '{{ zonedir }}{{ zonefile }}.hosts'
tags:
- remove
- name: Update serial number
replace:
dest: "{{ item }}"
regexp: '202[3-5][0-1][0-9][0-9][0-9][0-9][0-9]'
replace: '{{ serial_num }}'
with_items: '{{ zonedir }}{{ zonefile }}.hosts'
tags:
- updsrl
- name: Add TXT entry 1 to zone file
lineinfile:
dest: "{{ item }}"
insertafter: EOF
line: '_acme-challenge TXT "{{
acmechallenge1 }}"'
with_items: '{{ zonedir }}{{ zonefile }}.hosts'
register: add_txt1
- name: Add TXT entry 2 to zone file
lineinfile:
dest: "{{ item }}"
insertafter: EOF
line: '_acme-challenge TXT "{{
acmechallenge2 }}"'
with_items: '{{ zonedir }}{{ zonefile }}.hosts'
register: add_txt2
- name: Show add_txt
ansible.builtin.debug:
var: add_txt1
- name: Show add_txt
ansible.builtin.debug:
var: add_txt2
- name: reload named-chroot
service:
name: named-chroot
state: reloaded
tags:
- restart_named
Getting this more fullu automated would be huge. Your help would be most
appreciated.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
[email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/54de77a5-70fc-4b99-b240-ead1e7b09246n%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/54de77a5-70fc-4b99-b240-ead1e7b09246n%40googlegroups.com?utm_medium=email&utm_source=footer>.
---------------
[https://www.zen.co.uk/resources/images/default-source/image-library/icons/zen-logo_meeting.png]
Stuart Lowe He/Him
Zen Cloud Engineering - Team Leader
Zen Internet
Team: 01706 902009
www.zen.co.uk
<https://www.zen.co.uk/>
Proud to be a certified B Corporation
[https://www.zen.co.uk/resources/images/default-source/image-library/which232221-stacked-emailsig.tmb-0.png]
This message is private and confidential. If you have received this message in
error, please notify us and remove it from your system.
Zen Internet Limited may monitor email traffic data to manage billing, to
handle customer enquiries, and for the prevention and detection of fraud. We
may also monitor the content of emails sent to and/or from Zen Internet Limited
for the purposes of security, staff training and to monitor the quality of
service.
Zen Internet Limited is registered in England and Wales, Sandbrook Park,
Sandbrook Way, Rochdale, OL11 1RY Company No. 03101568 VAT Reg No. 686 0495 01
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/PA4PR01MB8994CAAF601C47BB3A708E2CA8212%40PA4PR01MB8994.eurprd01.prod.exchangelabs.com.
