/
main.yml
56 lines (54 loc) · 2.52 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
---
- name: "{{ project_name }} | Copying over extra CA certificates"
become: true
copy:
src: "{{ kolla_certificates_dir }}/ca/"
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
mode: "0644"
when:
- kolla_copy_ca_into_containers | bool
with_dict: "{{ project_services | select_services_enabled_and_mapped_to_host }}"
notify:
- "Restart {{ item.key }} container"
- name: "{{ project_name }} | Copying over backend internal TLS certificate"
vars:
certs:
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/{{ project_name }}-cert.pem"
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
- "{{ kolla_certificates_dir }}/{{ project_name }}-cert.pem"
- "{{ kolla_tls_backend_cert }}"
backend_tls_cert: "{{ lookup('first_found', certs) }}"
copy:
src: "{{ backend_tls_cert }}"
dest: "{{ node_config_directory }}/{{ item.key }}/{{ project_name }}-cert.pem"
mode: "0644"
become: true
when:
- item.value.haproxy is defined
- item.value.haproxy.values() | selectattr('enabled', 'defined') | map(attribute='enabled') | map('bool') | select | list | length > 0
- item.value.haproxy.values() | selectattr('tls_backend', 'defined') | map(attribute='tls_backend') | map('bool') | select | list | length > 0
- not kolla_externally_managed_cert | bool
with_dict: "{{ project_services | select_services_enabled_and_mapped_to_host }}"
notify:
- "Restart {{ item.key }} container"
- name: "{{ project_name }} | Copying over backend internal TLS key"
vars:
keys:
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/{{ project_name }}-key.pem"
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
- "{{ kolla_certificates_dir }}/{{ project_name }}-key.pem"
- "{{ kolla_tls_backend_key }}"
backend_tls_key: "{{ lookup('first_found', keys) }}"
copy:
src: "{{ backend_tls_key }}"
dest: "{{ node_config_directory }}/{{ item.key }}/{{ project_name }}-key.pem"
mode: "0600"
become: true
when:
- item.value.haproxy is defined
- item.value.haproxy.values() | selectattr('enabled', 'defined') | map(attribute='enabled') | map('bool') | select | list | length > 0
- item.value.haproxy.values() | selectattr('tls_backend', 'defined') | map(attribute='tls_backend') | map('bool') | select | list | length > 0
- not kolla_externally_managed_cert | bool
with_dict: "{{ project_services | select_services_enabled_and_mapped_to_host }}"
notify:
- "Restart {{ item.key }} container"