From 458824b89eda9a262fca2c2bdeec516ab70873a4 Mon Sep 17 00:00:00 2001
From: Kienan Stewart <kstewart@efficios.com>
Date: Tue, 23 Jan 2024 13:53:30 -0500
Subject: [PATCH] ansible: Deploy combined key+cert for haproxy

Change-Id: I7cbb2dee54b8322b1acbcfd440cbbf1efce302d6
Signed-off-by: Kienan Stewart <kstewart@efficios.com>
---
 automation/ansible/roles/common/tasks/certs.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/automation/ansible/roles/common/tasks/certs.yml b/automation/ansible/roles/common/tasks/certs.yml
index 462e764..b306cb5 100644
--- a/automation/ansible/roles/common/tasks/certs.yml
+++ b/automation/ansible/roles/common/tasks/certs.yml
@@ -6,6 +6,7 @@
     owner: 'root'
     group: 'root'
     src: 'internal.efficios.com.pem'
+  register: cert
 - name: Deploy internal certificate key
   ansible.builtin.copy:
     dest: /etc/ssl/private/internal.efficios.com.key
@@ -13,3 +14,9 @@
     owner: 'root'
     group: 'root'
     content: "{{lookup('community.general.bitwarden', 'TLS Certificate internal.efficios.com', collection_id='35c5d8b1-2520-4450-a479-aef50131b930')[0]['notes'] }}"
+  register: key
+- name: Deploy combined cert+key
+  # haproxy uses a combined certificate and key file
+  when: cert.changed or key.changed
+  ansible.builtin.shell:
+    cmd: 'cat /etc/ssl/certs/internal.efficios.com.pem /etc/ssl/private/internal.efficios.com.key > /etc/ssl/private/internal.efficios.com.pem'
-- 
2.34.1