This allows a task or role to change the variable and deploy the files
in another location. Eg., for samba they can be deployed into
/etc/samba/tls instead.
Change-Id: I0ee629e7b83f2ef4304948aa2627100ebe1b8cef
Signed-off-by: Kienan Stewart <kstewart@efficios.com>
---
unattended_upgrades: true
---
unattended_upgrades: true
+common_certificate_cert_path_prefix: '/etc/ssl/certs'
+common_certificate_key_path_prefix: '/etc/ssl/private'
+common_certificate_deploy_combined_pem: true
---
- name: Deploy internal certificate
ansible.builtin.copy:
---
- name: Deploy internal certificate
ansible.builtin.copy:
- dest: /etc/ssl/certs/internal.efficios.com.pem
+ dest: "{{common_certificate_cert_path_prefix}}/internal.efficios.com.pem"
mode: '0644'
owner: 'root'
group: 'root'
mode: '0644'
owner: 'root'
group: 'root'
register: cert
- name: Deploy internal certificate key
ansible.builtin.copy:
register: cert
- name: Deploy internal certificate key
ansible.builtin.copy:
- dest: /etc/ssl/private/internal.efficios.com.key
+ dest: "{{common_certificate_key_path_prefix}}/internal.efficios.com.key"
mode: '0640'
owner: 'root'
group: 'root'
mode: '0640'
owner: 'root'
group: 'root'
register: key
- name: Deploy combined cert+key
# haproxy uses a combined certificate and key file
register: key
- name: Deploy combined cert+key
# haproxy uses a combined certificate and key file
- when: cert.changed or key.changed
+ when: (cert.changed or key.changed) and common_certificate_deploy_combined_pem
- cmd: 'cat /etc/ssl/certs/internal.efficios.com.pem /etc/ssl/private/internal.efficios.com.key > /etc/ssl/private/internal.efficios.com.pem'
+ cmd: "cat {{common_certificate_cert_path_prefix}}/internal.efficios.com.pem {{common_certificate_key_path_prefix}}/internal.efficios.com.key > {{common_certificate_key_path_prefix}}/internal.efficios.com.pem"