openstack-ansible-os_octavia/tasks/octavia_certs_distribute.yml

---

- name: Create certs directory
  file:
    path: /etc/octavia/certs/
    state: directory

- name: Register a fact for the cert and key
  set_fact:
    octavia_ca_private_key_fact: "{{ hostvars[octavia_cert_setup_host]['_octavia_ca_private_key']['content'] | b64decode }}"
    octavia_ca_certificate_fact: "{{ hostvars[octavia_cert_setup_host]['_octavia_ca_certificate']['content'] | b64decode }}"
    octavia_server_ca_fact: "{{ hostvars[octavia_cert_setup_host]['_octavia_server_ca']['content'] | b64decode }}"
    octavia_client_ca_fact: "{{ hostvars[octavia_cert_setup_host]['_octavia_client_ca']['content'] | b64decode }}"
    octavia_client_cert_fact: "{{ hostvars[octavia_cert_setup_host]['_octavia_client_cert']['content'] | b64decode }}"
  when: octavia_cert_setup_host != 'localhost'

- name: Register a fact for the cert and key
  set_fact:
    octavia_ca_private_key_fact: "{{ _octavia_ca_private_key['content'] | b64decode }}"
    octavia_ca_certificate_fact: "{{ _octavia_ca_certificate['content'] | b64decode }}"
    octavia_server_ca_fact:      "{{ _octavia_server_ca['content'] | b64decode }}"
    octavia_client_ca_fact:      "{{ _octavia_client_ca['content'] | b64decode }}"
    octavia_client_cert_fact:    "{{ _octavia_client_cert['content'] | b64decode }}"
  when: octavia_cert_setup_host == 'localhost'

- name: Copy certificates
  copy:
    content: "{{ item.content }}"
    dest: "{{ item.dest }}"
    owner: "{{ octavia_system_user_name }}"
    group: "{{ octavia_system_group_name }}"
    mode: "0640"
  with_items:
    - content: "{{ octavia_ca_private_key_fact }}"
      dest: "/etc/octavia/certs/ca_key.pem"
    - content: "{{ octavia_ca_certificate_fact }}"
      dest: "/etc/octavia/certs/ca.pem"
    - content: "{{ octavia_server_ca_fact }}"
      dest: "/etc/octavia/certs/server_ca.pem"
    - content: "{{ octavia_client_ca_fact }}"
      dest: "/etc/octavia/certs/client_ca.pem"
    - content: "{{ octavia_client_cert_fact }}"
      dest: "/etc/octavia/certs/client.pem"