Introduction to Ansible Transcripts
Lecture: SSL Certificates with the shell and stat Modules
0:00 All right, so we're making our first few
0:01 steps towards completing our vision of the full deployment.
0:05 First step, we set up Namecheap and we pointed it
0:07 to our web server.
0:08 That way when someone accesses Ansible
0:11 Ansibledeploymentexample.com, the domain name
0:13 system refers them to the IP address of our web server.
0:16 Nginx is not yet configured to handle
0:18 these requests but that's what we're going to do
0:20 the next few steps.
0:21 We installed Let's Encrypt as a package
0:23 on our server but we haven't yet gotten
0:25 a certificate or set up our Nginx configuration.
0:27 That's our next step here that we need to do.
0:31 Head back under roles/webserver/tasks.
0:35 We're going to modify Nginx.
0:36 We're going to want to beef up our custom Nginx configuration.
0:39 Right now we have that stored as app.conf
0:41 instead of saying app, which is too generic.
0:45 Let's use a variable for our app_name.
0:51 Okay, a few other steps that we want to take here.
0:53 Nginx comes with a default configuration
0:55 which is why we had a landing page show up
0:57 and we go directly to the IP address.
0:58 We want to remove that.
1:12 We also use a run this step as a superuser.
1:15 All right, a few more tasks here.
1:17 We use the shell module to execute Let's Encrypt command.
1:33 We'll have another variable, fqdn
1:36 is for fully qualified domain name.
1:38 We'll be adding that to our variables file.
1:40 We also need a directory for serving up our certificate.
1:48 I need an email address associated
1:49 with the SSL certificate.
1:52 Agree to the terms of service.
1:59 And we need superuser privileges to execute this.
2:01 One more task and we need to generate
2:04 a key to use as part of this SSL certificate.
2:06 Again, We'll use the shell module to do this.
2:24 All right, so we got some new tasks here.
2:25 Now, the one downside of having some of these
2:27 new tasks is they could take a really long time
2:29 to run, especially if we're trying to generate
2:31 certificates each time that we want to handle
2:33 our Ansible playbook.
2:34 There's a couple ways we could handle this.
2:35 We could create a separate playbook
2:36 that does this, we run once.
2:38 So something as part of an actual configuration.
2:40 Or we can basically use if then conditionals.
2:43 If we've already generated the certificate
2:45 we know don't need to do that one again.
2:47 We can do that with the stat module.
2:49 So we'll give this a try.
2:51 And we're basically going to gather our own
2:53 fact about the situation, which is we're going to see
2:56 if a certificate has already been created.
3:02 That way we'll know is whether the path
3:05 has been created by Let's Encrypt
3:10 with our fully qualified domain name.
3:15 So we're registering a variable named certs
3:17 that we can check and we do need to be superuser
3:20 to check whether that path has been created.
3:22 And now we can use when, which is equivalent
3:26 to a if conditional in most programming languages
3:29 and we can say let's only run this command
3:31 when certificate does not exist.
3:37 We can do the same thing down here.
3:40 That actually should say not certs, and again
3:43 not does not exist.
3:47 So these two tasks will be skipped
3:50 if we've already run this the first time
3:52 and it's created the files for us.
3:54 Super-handy to skip long-running steps
3:56 in your Ansible playbooks.
3:57 With a few extra variables here that we're going to
3:59 need to include as a part of our playbook
4:01 so we've go fully qualified domain name
4:03 got web serve directory, SSL cert email
4:06 and we have app name.
4:07 Let's go ahead and add those to our playbook.
4:18 app_name, Ansible appointment example
4:22 fully qualified domain name is going
4:24 to be www.ansibledeploymentexample.com.
4:30 We'll actually surround this by quotes.
4:43 One more web certificate email.
4:45 We want to put in your email, email@example.com.
4:49 We'll have several other variables that we need
4:50 to add in here but this'll be fine for now.
4:52 We can also upgrade our playbook.
5:01 So we have a more descriptive database name
5:04 and of course don't forget to change that database password.
5:08 We'll also modify these two directories.
5:16 And let's actually change the database name.
5:20 Has to be consistent here.
5:22 Last deploy and app name.
5:24 Change of last deploy.
5:25 Well, user and deploy group the same
5:27 can actually ruse the same SSH key as we had before.
5:35 And now we just need to get to upgrading
5:37 our Nginx configuration file before we kick
5:39 this off and try it out again.