Update SSL key / cert distribution for Horizon

Following on the changes introduced by I98bcd17dac9a47cc19e0d9ec90176945a6d7e355 This patch updates the SSL key and cert distribution for Horizon to use slurp & references the primary node in horizon_ssl_key_distribute.yml when referencing the key and cert facts. Change-Id: Ifc01d8a75b5f0ce26ca1fa754dcccffa2a7e425c Signed-off-by: Javeria Khan <javeriak@plumgrid.com>
2016-04-11 06:00:19 -07:00 · 2016-04-11 06:00:19 -07:00 · 5838bfdb6b
commit 5838bfdb6b
parent afcf852ae3
2 changed files with 37 additions and 31 deletions
--- a/tasks/horizon_ssl_key_distribute.yml
+++ b/tasks/horizon_ssl_key_distribute.yml
@ -13,22 +13,22 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
- name: Distribute self signed ssl
+- name: Distribute self signed ssl key
-  memcached:
+  copy:
-    name: "{{ item.name }}"
+    dest: "{{ horizon_ssl_key }}"
-    file_path: "{{ item.src }}"
+    content: "{{ hostvars[groups['horizon_all'][0]]['horizon_ssl_key_fact'] | b64decode }}"
-    state: "retrieve"
+    owner: "{{ horizon_system_user_name }}"
-    file_mode: "{{ item.file_mode }}"
+    group: "{{ horizon_system_group_name }}"
-    dir_mode: "{{ item.dir_mode }}"
+    mode: "0640"
-    server: "{{ memcached_servers }}"
+  tags:
-    encrypt_string: "{{ memcached_encryption_key }}"
+    - horizon-ssl
-  with_items:
+
-    - { src: "{{ horizon_ssl_cert }}", name: "horizon_ssl_cert", file_mode: "0640", dir_mode: "0750" }
+- name: Distribute self signed ssl cert
-    - { src: "{{ horizon_ssl_key }}", name: "horizon_ssl_key", file_mode: "0640", dir_mode: "0750" }
+  copy:
-  register: memcache_keys
+    dest: "{{ horizon_ssl_cert }}"
-  until: memcache_keys|success
+    content: "{{ hostvars[groups['horizon_all'][0]]['horizon_ssl_cert_fact'] | b64decode }}"
-  retries: 5
+    owner: "{{ horizon_system_user_name }}"
-  delay: 2
+    group: "{{ horizon_system_group_name }}"
-  notify: Restart apache2
+    mode: "0640"
  tags:
    - horizon-ssl
--- a/tasks/horizon_ssl_key_store.yml
+++ b/tasks/horizon_ssl_key_store.yml
@ -13,19 +13,25 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
- name: Store self signed ssl
+- name: Store ssl cert
-  memcached:
+  slurp:
-    name: "{{ item.name }}"
+    src: "{{ horizon_ssl_cert }}"
-    file_path: "{{ item.src }}"
+  register: _horizon_ssl_cert
-    state: "present"
+  changed_when: false
-    server: "{{ memcached_servers }}"
+  tags:
-    encrypt_string: "{{ memcached_encryption_key }}"
+    - horizon-ssl
-  with_items:
+
-    - { src: "{{ horizon_ssl_cert }}", name: "horizon_ssl_cert" }
+- name: Store ssl key
-    - { src: "{{ horizon_ssl_key }}", name: "horizon_ssl_key" }
+  slurp:
-  register: memcache_keys
+    src: "{{ horizon_ssl_key }}"
-  until: memcache_keys|success
+  register: _horizon_ssl_key
-  retries: 5
+  changed_when: false
-  delay: 2
+  tags:
    - horizon-ssl
 - name: Register a fact for the cert and key
  set_fact:
     horizon_ssl_cert_fact: "{{ _horizon_ssl_cert.content }}"
     horizon_ssl_key_fact: "{{ _horizon_ssl_key.content }}"
  tags:
    - horizon-ssl