From b519cea92eec9ed3de853764208a9f4454b7a726 Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Mon, 12 Feb 2024 10:48:45 -0500 Subject: [PATCH] ansible: Add configurable path prefix for the internal certificate This allows a task or role to change the variable and deploy the files in another location. Eg., for samba they can be deployed into /etc/samba/tls instead. Change-Id: I0ee629e7b83f2ef4304948aa2627100ebe1b8cef Signed-off-by: Kienan Stewart --- automation/ansible/roles/common/defaults/main.yml | 3 +++ automation/ansible/roles/common/tasks/certs.yml | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/automation/ansible/roles/common/defaults/main.yml b/automation/ansible/roles/common/defaults/main.yml index 70a3e63..ef157af 100644 --- a/automation/ansible/roles/common/defaults/main.yml +++ b/automation/ansible/roles/common/defaults/main.yml @@ -1,2 +1,5 @@ --- unattended_upgrades: true +common_certificate_cert_path_prefix: '/etc/ssl/certs' +common_certificate_key_path_prefix: '/etc/ssl/private' +common_certificate_deploy_combined_pem: true diff --git a/automation/ansible/roles/common/tasks/certs.yml b/automation/ansible/roles/common/tasks/certs.yml index b306cb5..eeb1bfa 100644 --- a/automation/ansible/roles/common/tasks/certs.yml +++ b/automation/ansible/roles/common/tasks/certs.yml @@ -1,7 +1,7 @@ --- - name: Deploy internal certificate ansible.builtin.copy: - dest: /etc/ssl/certs/internal.efficios.com.pem + dest: "{{common_certificate_cert_path_prefix}}/internal.efficios.com.pem" mode: '0644' owner: 'root' group: 'root' @@ -9,7 +9,7 @@ register: cert - name: Deploy internal certificate key ansible.builtin.copy: - dest: /etc/ssl/private/internal.efficios.com.key + dest: "{{common_certificate_key_path_prefix}}/internal.efficios.com.key" mode: '0640' owner: 'root' group: 'root' @@ -17,6 +17,6 @@ register: key - name: Deploy combined cert+key # haproxy uses a combined certificate and key file - when: cert.changed or key.changed + when: (cert.changed or key.changed) and common_certificate_deploy_combined_pem ansible.builtin.shell: - cmd: 'cat /etc/ssl/certs/internal.efficios.com.pem /etc/ssl/private/internal.efficios.com.key > /etc/ssl/private/internal.efficios.com.pem' + cmd: "cat {{common_certificate_cert_path_prefix}}/internal.efficios.com.pem {{common_certificate_key_path_prefix}}/internal.efficios.com.key > {{common_certificate_key_path_prefix}}/internal.efficios.com.pem" -- 2.34.1