ansible: Add configurable path prefix for the internal certificate

[lttng-ci.git] / automation / ansible / roles / common / tasks / certs.yml

diff --git a/automation/ansible/roles/common/tasks/certs.yml b/automation/ansible/roles/common/tasks/certs.yml
index 462e76472b3f554f710448f22511f20647584a0b..eeb1bfa9657fb1fc44885afb2d00ad5206531bd0 100644 (file)
--- a/automation/ansible/roles/common/tasks/certs.yml
+++ b/automation/ansible/roles/common/tasks/certs.yml
@@ -1,15 +1,22 @@
 ---
 - name: Deploy internal certificate
   ansible.builtin.copy:
-    dest: /etc/ssl/certs/internal.efficios.com.pem
+    dest: "{{common_certificate_cert_path_prefix}}/internal.efficios.com.pem"
     mode: '0644'
     owner: 'root'
     group: 'root'
     src: 'internal.efficios.com.pem'
+  register: cert
 - name: Deploy internal certificate key
   ansible.builtin.copy:
-    dest: /etc/ssl/private/internal.efficios.com.key
+    dest: "{{common_certificate_key_path_prefix}}/internal.efficios.com.key"
     mode: '0640'
     owner: 'root'
     group: 'root'
     content: "{{lookup('community.general.bitwarden', 'TLS Certificate internal.efficios.com', collection_id='35c5d8b1-2520-4450-a479-aef50131b930')[0]['notes'] }}"
+  register: key
+- name: Deploy combined cert+key
+  # haproxy uses a combined certificate and key file
+  when: (cert.changed or key.changed) and common_certificate_deploy_combined_pem
+  ansible.builtin.shell:
+    cmd: "cat {{common_certificate_cert_path_prefix}}/internal.efficios.com.pem {{common_certificate_key_path_prefix}}/internal.efficios.com.key > {{common_certificate_key_path_prefix}}/internal.efficios.com.pem"