我有以下代码块:
- name: Store challenge on DNS server
uri:
headers:
X-API-Key: "{{ rns_dns_apikey }}"
method: PATCH
url: "{{ rns_dns_rest_api}}/{{ rr_item.key.split('.')[-2:] | join('.') }}"
body_format: json
body: '{"rrsets": [
{"name": "{{ rns_ssl_challenge["challenge_data"][rr_item.key]["dns-01"]["record"] }}.",
"type": "TXT",
"ttl": 600,
"changetype": "REPLACE",
"records": [
{"content": "\"{{ rns_ssl_challenge["challenge_data"][rr_item.key]["dns-01"]["resource_value"] }}\"",
"disabled": false
}]}]}'
status_code: 204
loop:
"{{ rns_ssl_challenge['challenge_data'] | dict2items }}"
loop_control:
loop_var: rr_item
它将使用其 REST-API 将 ACME 质询存储在 PowerDNS 服务器上。不幸的是,我忘记了 API 只知道字段 changetype 的“REPLACE”或“DELETE”。所以上面的代码只会在服务器上存储一个挑战。
我需要的和我不知道的是这样的:
- name: Store challenge on DNS server
uri:
headers:
X-API-Key: "{{ rns_dns_apikey }}"
method: PATCH
url: "{{ rns_dns_rest_api}}/{{ rr_item.key.split('.')[-2:] | join('.') }}"
body_format: json
body: '{"rrsets": [
{"name": "{{ rns_ssl_challenge["challenge_data"][rr_item.key]["dns-01"]["record"] }}.",
"type": "TXT",
"ttl": 600,
"changetype": "REPLACE",
"records": [
{% looping here around content %}
{"content": "\"{{ rns_ssl_challenge["challenge_data"][rr_item.key]["dns-01"]["resource_value"] }}\"",
"disabled": false
}
{% end loop %}
]}]}'
status_code: 204
loop:
"{{ rns_ssl_challenge['challenge_data'] | dict2items }}"
loop_control:
loop_var: rr_item
2020 年 12 月 22 日更新:
ok: [localhost] =>
rns_ssl_challenge:
account_uri: https://acme-v02.api.letsencrypt.org/acme/acct/98718156
authorizations:
'*.roessner-net.de':
challenges:
- status: pending
token: ******some_token
type: dns-01
url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/9487231596/jI7d4A
expires: '2020-12-28T23:00:13Z'
identifier:
type: dns
value: roessner-net.de
status: pending
uri: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9487231596
wildcard: true
roessner-net.de:
challenges:
- status: pending
token: ******some_token
type: http-01
url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/9484423630/KhPKIA
- status: pending
token: ******some_token
type: dns-01
url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/9484423630/6UqCWw
- status: pending
token: ******some_token
url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/9484423630/DS0uyg
expires: '2020-12-28T20:03:00Z'
identifier:
type: dns
value: roessner-net.de
status: pending
uri: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9484423630
cert_days: 28
challenge_data:
'*.roessner-net.de':
dns-01:
record: _acme-challenge.roessner-net.de
resource: _acme-challenge
resource_value: ******some_token_example_1
roessner-net.de:
dns-01:
record: _acme-challenge.roessner-net.de
resource: _acme-challenge
resource_value: ******some_token_example_2
http-01:
resource: .well-known/acme-challenge/******some_token
resource_value: ******some_token
tls-alpn-01:
resource: roessner-net.de
resource_original: dns:roessner-net.de
resource_value: ******some_token
challenge_data_dns:
_acme-challenge.roessner-net.de:
- ******some_token
- ******some_token
changed: true
failed: false
finalize_uri: https://acme-v02.api.letsencrypt.org/acme/finalize/98718156/6882152001
order_uri: https://acme-v02.api.letsencrypt.org/acme/order/98718156/6882152001
在“challenge_data”下,所有列出的域都作为键。在这些下您可以找到 dns-01。我需要每个 dns-01 和每个域的“resource_value”字段。这有可能吗?
应构建为:
'{"rrsets": [
{"name": "{{ rns_ssl_challenge["challenge_data"][rr_item.key]["dns-01"]["record"] }}.",
"type": "TXT",
"ttl": 600,
"changetype": "REPLACE",
"records": [
{"content": "\"******some_token_example_1\"",
"disabled": false
},
{"content": "\"******some_token_example_2\"",
"disabled": false
},
]}]}'
提前谢谢了