Custom file management¶
If you need to, you can copy custom files or even create files with content in YAML templates using a set of list variables. You can use this feature to install private keys and certificates stored as YAML text blocks in a file encrypted with ansible-vault which is unlocked during Ansible run.
Each element of the file list is a dict with specific parameters:
src
- Required, unless
content
is specified. Path to a file on the Ansible Controller, which will be copied to the remote host. content
- Required, unless
src
is specified. A YAML text block or a Jinja variable, contents of which will be copied to the specified file on the remote host. dest
- Required. Path to the destination file on the remote host.
owner
- Owner of the created file, by default
root
. group
- File group, depending on the file type it will be
root
(for public files) or a group specified by thepki_private_group
variable, usuallyssl-cert
(for private files). mode
- File permissions, by default public files are copied with permissions
644
and private files will have640
permissions. force
- Boolean. If
True
(default), an existing file will be replaced with the specified file or contents.
There are multiple list variables which can be used on multiple inventory levels:
- all hosts in the inventory:
-
pki_private_files
-pki_public_files
- hosts in specific inventory group:
-
pki_group_private_files
-pki_group_public_files
- specific hosts:
-
pki_host_private_files
-pki_host_public_files
The private files will be copied before PKI realms are created, so that you can provide private keys if you want to. Public files will be copied after PKI realms are created, and internal certificates are signed.
Examples¶
Install a custom private key from a Jinja variable on all hosts:
pki_private_files:
- content: '{{ custom_variable }}'
dest: '/etc/pki/realms/domain/private/key.pem'