From: Kienan Stewart <kstewart@efficios.com>
Date: Mon, 12 Feb 2024 15:48:45 +0000 (-0500)
Subject: ansible: Add configurable path prefix for the internal certificate
X-Git-Url: http://git.liburcu.org/?a=commitdiff_plain;h=b519cea92eec9ed3de853764208a9f4454b7a726;p=lttng-ci.git

ansible: Add configurable path prefix for the internal certificate

This allows a task or role to change the variable and deploy the files
in another location. Eg., for samba they can be deployed into
/etc/samba/tls instead.

Change-Id: I0ee629e7b83f2ef4304948aa2627100ebe1b8cef
Signed-off-by: Kienan Stewart <kstewart@efficios.com>
---

diff --git a/automation/ansible/roles/common/defaults/main.yml b/automation/ansible/roles/common/defaults/main.yml
index 70a3e63..ef157af 100644
--- a/automation/ansible/roles/common/defaults/main.yml
+++ b/automation/ansible/roles/common/defaults/main.yml
@@ -1,2 +1,5 @@
 ---
 unattended_upgrades: true
+common_certificate_cert_path_prefix: '/etc/ssl/certs'
+common_certificate_key_path_prefix: '/etc/ssl/private'
+common_certificate_deploy_combined_pem: true
diff --git a/automation/ansible/roles/common/tasks/certs.yml b/automation/ansible/roles/common/tasks/certs.yml
index b306cb5..eeb1bfa 100644
--- a/automation/ansible/roles/common/tasks/certs.yml
+++ b/automation/ansible/roles/common/tasks/certs.yml
@@ -1,7 +1,7 @@
 ---
 - name: Deploy internal certificate
   ansible.builtin.copy:
-    dest: /etc/ssl/certs/internal.efficios.com.pem
+    dest: "{{common_certificate_cert_path_prefix}}/internal.efficios.com.pem"
     mode: '0644'
     owner: 'root'
     group: 'root'
@@ -9,7 +9,7 @@
   register: cert
 - name: Deploy internal certificate key
   ansible.builtin.copy:
-    dest: /etc/ssl/private/internal.efficios.com.key
+    dest: "{{common_certificate_key_path_prefix}}/internal.efficios.com.key"
     mode: '0640'
     owner: 'root'
     group: 'root'
@@ -17,6 +17,6 @@
   register: key
 - name: Deploy combined cert+key
   # haproxy uses a combined certificate and key file
-  when: cert.changed or key.changed
+  when: (cert.changed or key.changed) and common_certificate_deploy_combined_pem
   ansible.builtin.shell:
-    cmd: 'cat /etc/ssl/certs/internal.efficios.com.pem /etc/ssl/private/internal.efficios.com.key > /etc/ssl/private/internal.efficios.com.pem'
+    cmd: "cat {{common_certificate_cert_path_prefix}}/internal.efficios.com.pem {{common_certificate_key_path_prefix}}/internal.efficios.com.key > {{common_certificate_key_path_prefix}}/internal.efficios.com.pem"