Update SSL key / cert distribution for Horizon

Following on the changes introduced by I98bcd17dac9a47cc19e0d9ec90176945a6d7e355 This patch updates the SSL key and cert distribution for Horizon to use slurp & references the primary node in horizon_ssl_key_distribute.yml when referencing the key and cert facts. Change-Id: Ifc01d8a75b5f0ce26ca1fa754dcccffa2a7e425c Signed-off-by: Javeria Khan <javeriak@plumgrid.com>
2016-04-11 06:00:19 -07:00 · 2016-04-11 06:00:19 -07:00 · 5838bfdb6b
commit 5838bfdb6b
parent afcf852ae3
2 changed files with 37 additions and 31 deletions
--- a/tasks/horizon_ssl_key_distribute.yml
+++ b/tasks/horizon_ssl_key_distribute.yml
@ -13,22 +13,22 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

- name: Distribute self signed ssl
-  memcached:
-    name: "{{ item.name }}"
-    file_path: "{{ item.src }}"
-    state: "retrieve"
-    file_mode: "{{ item.file_mode }}"
-    dir_mode: "{{ item.dir_mode }}"
-    server: "{{ memcached_servers }}"
-    encrypt_string: "{{ memcached_encryption_key }}"
-  with_items:
-    - { src: "{{ horizon_ssl_cert }}", name: "horizon_ssl_cert", file_mode: "0640", dir_mode: "0750" }
-    - { src: "{{ horizon_ssl_key }}", name: "horizon_ssl_key", file_mode: "0640", dir_mode: "0750" }
-  register: memcache_keys
-  until: memcache_keys|success
-  retries: 5
-  delay: 2
-  notify: Restart apache2
+- name: Distribute self signed ssl key
+  copy:
+    dest: "{{ horizon_ssl_key }}"
+    content: "{{ hostvars[groups['horizon_all'][0]]['horizon_ssl_key_fact'] | b64decode }}"
+    owner: "{{ horizon_system_user_name }}"
+    group: "{{ horizon_system_group_name }}"
+    mode: "0640"
+  tags:
+    - horizon-ssl
+
+- name: Distribute self signed ssl cert
+  copy:
+    dest: "{{ horizon_ssl_cert }}"
+    content: "{{ hostvars[groups['horizon_all'][0]]['horizon_ssl_cert_fact'] | b64decode }}"
+    owner: "{{ horizon_system_user_name }}"
+    group: "{{ horizon_system_group_name }}"
+    mode: "0640"
  tags:
    - horizon-ssl
--- a/tasks/horizon_ssl_key_store.yml
+++ b/tasks/horizon_ssl_key_store.yml
@ -13,19 +13,25 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

- name: Store self signed ssl
-  memcached:
-    name: "{{ item.name }}"
-    file_path: "{{ item.src }}"
-    state: "present"
-    server: "{{ memcached_servers }}"
-    encrypt_string: "{{ memcached_encryption_key }}"
-  with_items:
-    - { src: "{{ horizon_ssl_cert }}", name: "horizon_ssl_cert" }
-    - { src: "{{ horizon_ssl_key }}", name: "horizon_ssl_key" }
-  register: memcache_keys
-  until: memcache_keys|success
-  retries: 5
-  delay: 2
+- name: Store ssl cert
+  slurp:
+    src: "{{ horizon_ssl_cert }}"
+  register: _horizon_ssl_cert
+  changed_when: false
+  tags:
+    - horizon-ssl
+
+- name: Store ssl key
+  slurp:
+    src: "{{ horizon_ssl_key }}"
+  register: _horizon_ssl_key
+  changed_when: false
+  tags:
+    - horizon-ssl
+
+- name: Register a fact for the cert and key
+  set_fact:
+     horizon_ssl_cert_fact: "{{ _horizon_ssl_cert.content }}"
+     horizon_ssl_key_fact: "{{ _horizon_ssl_key.content }}"
  tags:
    - horizon-ssl