From 072cf88ae0f72a6b5daf021bf2cbde5eea01d67f Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 19 Jan 2016 18:02:09 +0000
Subject: [PATCH] Have infinote use it's own cert. Install it in infinote role
 so we can have perms we need without changing every run.

---
 playbooks/groups/infinote.yml           |  3 --
 roles/infinote/tasks/main.yml           | 43 +++++++++++++++++++++++--
 roles/infinote/templates/infinoted.conf |  4 +--
 3 files changed, 43 insertions(+), 7 deletions(-)

diff --git a/playbooks/groups/infinote.yml b/playbooks/groups/infinote.yml
index 11c6317317..b6751e2c37 100644
--- a/playbooks/groups/infinote.yml
+++ b/playbooks/groups/infinote.yml
@@ -26,9 +26,6 @@
   - git/server
   - role: apache
   - role: httpd/mod_ssl
-  - role: httpd/certificate
-    name: wildcard-2014.fedoraproject.org
-    SSLCertificateChainFile: wildcard-2014.fedoraproject.org.intermediate.cert
   - infinote
 
   tasks:
diff --git a/roles/infinote/tasks/main.yml b/roles/infinote/tasks/main.yml
index 07f63f0a30..ec4ef76713 100644
--- a/roles/infinote/tasks/main.yml
+++ b/roles/infinote/tasks/main.yml
@@ -26,9 +26,48 @@
   - infinote
   - config
 
-- name: allow infinote user to read ssl certs
-  file: dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key mode=640 owner=infinote group=apache
+- name: Copy over SSLCertificateChainFile
+  copy: >
+    src={{private}}/files/httpd/wildcard-2014.fedoraproject.org.intermediate.cert
+    dest=/etc/pki/tls/certs/
+    owner=root
+    group=root
+    mode=0644
+  notify:
+  - reload httpd
   tags:
+  - httpd
+  - httpd/certificate
+  - infinote
+  - config
+
+- name: Copy infinote.fedoraproject.org .cert
+  copy: >
+    src="{{private}}/files/httpd/infinote.fedoraproject.org.cert"
+    dest=/etc/pki/tls/certs/infinote.fedoraproject.org.cert
+    owner=root
+    group=root
+    mode=0644
+  notify:
+  - reload httpd
+  tags:
+  - httpd
+  - httpd/certificate
+  - infinote
+  - config
+
+- name: Copy infinote.fedoraproject.org .key
+  copy: >
+    src="{{private}}/files/httpd/infinote.fedoraproject.org.key"
+    dest=/etc/pki/tls/private/infinote.fedoraproject.org.key
+    owner=infinote
+    group=apache
+    mode=0640
+  notify:
+  - reload httpd
+  tags:
+  - httpd
+  - httpd/certificate
   - infinote
   - config
 
diff --git a/roles/infinote/templates/infinoted.conf b/roles/infinote/templates/infinoted.conf
index 082d886138..e372e23191 100644
--- a/roles/infinote/templates/infinoted.conf
+++ b/roles/infinote/templates/infinoted.conf
@@ -1,6 +1,6 @@
 [infinoted]
-certificate-file=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert
-key-file=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
+certificate-file=/etc/pki/tls/certs/infinote.fedoraproject.org.cert
+key-file=/etc/pki/tls/private/infinote.fedoraproject.org.key
 certificate-chain=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert
 port=6523
 security-policy=require-tls