I believe you're right about the root cause of the issue. However, I believe we already do have a workaround in place.
All PKI role stanzas does contain `condition` field. So while you indeed need to use user_variables or group_vars/all, you still can limit deployment of CA to specific hosts, for example:
Please, let us know if this solution works for you.
PS: worth to mention that you can use any name after pki_search_install_ca_pattern, which is pki_install_ca_.*. So pki_install_ca_keystone_only is real variable you can use.
Hey Adrien,
I believe you're right about the root cause of the issue. However, I believe we already do have a workaround in place.
All PKI role stanzas does contain `condition` field. So while you indeed need to use user_variables or group_vars/all, you still can limit deployment of CA to specific hosts, for example:
pki_install_ ca_keystone_ only: ca/MyRoot. crt certs/MyRoot. crt 'keystone_ all'] }}"
- src: /opt/my-
filename: /etc/ssl/
condition: "{{ inventory_hostname in groups[
Please, let us know if this solution works for you.
PS: worth to mention that you can use any name after pki_search_ install_ ca_pattern, which is pki_install_ca_.*. So pki_install_ ca_keystone_ only is real variable you can use.