| 1 | --- |
| 2 | - name: Deploy internal certificate |
| 3 | ansible.builtin.copy: |
| 4 | dest: "{{common_certificate_cert_path_prefix}}/internal.efficios.com.pem" |
| 5 | mode: '0644' |
| 6 | owner: 'root' |
| 7 | group: 'root' |
| 8 | src: 'internal.efficios.com.pem' |
| 9 | register: cert |
| 10 | - name: Deploy internal certificate key |
| 11 | ansible.builtin.copy: |
| 12 | dest: "{{common_certificate_key_path_prefix}}/internal.efficios.com.key" |
| 13 | mode: '0640' |
| 14 | owner: 'root' |
| 15 | group: 'root' |
| 16 | content: "{{lookup('community.general.bitwarden', 'TLS Certificate internal.efficios.com', collection_id='35c5d8b1-2520-4450-a479-aef50131b930')[0]['notes'] }}" |
| 17 | register: key |
| 18 | - name: Deploy combined cert+key |
| 19 | # haproxy uses a combined certificate and key file |
| 20 | when: (cert.changed or key.changed) and common_certificate_deploy_combined_pem |
| 21 | ansible.builtin.shell: |
| 22 | cmd: "cat {{common_certificate_cert_path_prefix}}/internal.efficios.com.pem {{common_certificate_key_path_prefix}}/internal.efficios.com.key > {{common_certificate_key_path_prefix}}/internal.efficios.com.pem" |