admin管理员组文章数量:1414897
I'm trying to automate my OpenVPN setup. My setup is as follows:
- One OpenVPN server
- Multiple OpenVPN clients. Clients authenticate to the OpenVPN server with a certificate
- a 'certificate server' (easy-rsa scripts, really) where I produce the client certs (as a matter of fact, currently certificate server is the same as OpenVPN server... but I would like to change this - definitely not best setup from security perspective)
When I add a new client, I need to:
- create its certifiate (+Pri Key) on host 'certificate server' host
- (retrieve it locally, I reckon, and then) ship it somehow to the OpenVPN client host
- and create ccd entry in OpenVPN server host.
That requires 3 hosts to interact. and a file to be bounced from here to there.
But, ideally, I would like to have the configuration for my client to stay within ONE host definition.
something like
- hosts: openvpn_clients
tasks:
...
- name: create OpenVPN config
copy:
dest: /etc/openvpn/client/client.cert
content: "{{ go and create it, if possible dynamically, or fetch it - on the 'certificate server' host}}"
But the only way I can think of this working is:
- host: certificate_server
tasks:
- name: execute easy-rsa to create client cert
script: ...
- name: fetch created certificate
fetch: ...
- host: openvpn_client:
...
In other words: every time I will reconfigure openvpn_client, I will need to step through certificate_server (while my playbook is NOT about reconfiguring certificate_server, so should bear no reference to it ideally...)
Any way to avoid that?
本文标签:
版权声明:本文标题:in Ansible, how to create a file in one host which has been created in another auxiliary host - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745158467a2645318.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论