Custom file management
If you need to, you can copy custom files or even create files with content in YAML templates using a set of list variables. You can use this feature to install private keys and certificates stored as YAML text blocks in a file encrypted with ansible-vault which is unlocked during Ansible run.
Each element of the file list is a dict with specific parameters:
src
Required, unless
content
is specified. Path to a file on the Ansible Controller, which will be copied to the remote host.content
Required, unless
src
is specified. A YAML text block or a Jinja variable, contents of which will be copied to the specified file on the remote host.dest
Required. Path to the destination file on the remote host.
owner
Owner of the created file, by default
root
.group
File group, depending on the file type it will be
root
(for public files) or a group specified by thepki_private_group
variable, usuallyssl-cert
(for private files).mode
File permissions, by default public files are copied with permissions
644
and private files will have640
permissions.force
Boolean. If
True
(default), an existing file will be replaced with the specified file or contents.
There are multiple list variables which can be used on multiple inventory levels:
all hosts in the inventory: -
pki_private_files
-pki_public_files
hosts in specific inventory group: -
pki_group_private_files
-pki_group_public_files
specific hosts: -
pki_host_private_files
-pki_host_public_files
The private files will be copied before PKI realms are created, so that you can provide private keys if you want to. Public files will be copied after PKI realms are created, and internal certificates are signed.
Examples
Install a custom private key from a Jinja variable on all hosts:
pki_private_files:
- content: '{{ custom_variable }}'
dest: '/etc/pki/realms/domain/private/key.pem'