diff --git a/roles/anitya/fedmsg/tasks/main.yml b/roles/anitya/fedmsg/tasks/main.yml index b5c8fbc8de..fec0f9888d 100644 --- a/roles/anitya/fedmsg/tasks/main.yml +++ b/roles/anitya/fedmsg/tasks/main.yml @@ -77,7 +77,7 @@ - name: install fedmsg ca.cert copy: > - src="{{ puppet_private }}/fedmsg-certs/keys/ca.crt" + src="{{ private }}/files/fedmsg-certs/keys/ca.crt" dest=/etc/pki/fedmsg/ca.crt owner=root group=root diff --git a/roles/bodhi/backend/tasks/main.yml b/roles/bodhi/backend/tasks/main.yml index c9686da59a..adfe775d4e 100644 --- a/roles/bodhi/backend/tasks/main.yml +++ b/roles/bodhi/backend/tasks/main.yml @@ -140,7 +140,7 @@ # - name: copy koji ssl cert for owner sync - copy: src="{{ puppet_private }}/pkgdb_key_and_cert.pem" dest=/etc/pki/pkgdb/pkgdb.pem mode=600 + copy: src="{{ private }}/files/pkgdb_key_and_cert.pem" dest=/etc/pki/pkgdb/pkgdb.pem mode=600 tags: - config diff --git a/roles/bodhi/base/tasks/main.yml b/roles/bodhi/base/tasks/main.yml index e704028d56..017c584edd 100644 --- a/roles/bodhi/base/tasks/main.yml +++ b/roles/bodhi/base/tasks/main.yml @@ -52,7 +52,7 @@ - name: install bodhi.pem file copy: > - src="{{ puppet_private }}/bodhi_key_and_cert.pem" + src="{{ private }}/files/bodhi_key_and_cert.pem" dest="/etc/pki/bodhi/bodhi.pem" owner=bodhi group=bodhi @@ -64,7 +64,7 @@ - name: install bodhi certificates copy: > - src="{{ puppet_private }}/fedora-ca.cert" + src="{{ private }}/files/fedora-ca.cert" dest="/etc/pki/bodhi/{{ item }}" owner=root group=root diff --git a/roles/bodhi2/backend/tasks/main.yml b/roles/bodhi2/backend/tasks/main.yml index 469aa458a8..27297224c5 100644 --- a/roles/bodhi2/backend/tasks/main.yml +++ b/roles/bodhi2/backend/tasks/main.yml @@ -141,13 +141,13 @@ file: path=/etc/pki/pkgdb mode=700 state=directory - name: copy koji ssl cert for owner sync - copy: src="{{ puppet_private }}/pkgdb_key_and_cert.pem" dest=/etc/pki/pkgdb/pkgdb.pem mode=600 + copy: src="{{ private }}/files/pkgdb_key_and_cert.pem" dest=/etc/pki/pkgdb/pkgdb.pem mode=600 tags: - config - name: install /etc/pki/fas/fedora-server-ca.cert file copy: > - src="{{ puppet_private }}/fedora-ca.cert" + src="{{ private }}/files/fedora-ca.cert" dest="/etc/pki/pkgdb/fedora-server-ca.cert" mode=0644 tags: diff --git a/roles/bodhi2/base/tasks/main.yml b/roles/bodhi2/base/tasks/main.yml index 78c0a41ab1..629ab31c1a 100644 --- a/roles/bodhi2/base/tasks/main.yml +++ b/roles/bodhi2/base/tasks/main.yml @@ -99,7 +99,7 @@ - name: install bodhi.pem file copy: > - src="{{ puppet_private }}/bodhi_key_and_cert.pem" + src="{{ private }}/files/bodhi_key_and_cert.pem" dest="/etc/pki/bodhi/bodhi.pem" owner=bodhi group=bodhi @@ -111,7 +111,7 @@ - name: install bodhi certificates copy: > - src="{{ puppet_private }}/fedora-ca.cert" + src="{{ private }}/files/fedora-ca.cert" dest="/etc/pki/bodhi/{{ item }}" owner=root group=root diff --git a/roles/copr/backend/tasks/install_certs.yml b/roles/copr/backend/tasks/install_certs.yml index 0a7ecc7010..a71401c301 100644 --- a/roles/copr/backend/tasks/install_certs.yml +++ b/roles/copr/backend/tasks/install_certs.yml @@ -1,5 +1,5 @@ - name: copy httpd ssl certificates - copy: src="{{ puppet_private }}/httpd/{{ item }}" dest="/etc/lighttpd/{{ item }}" owner=root group=root mode=0600 + copy: src="{{ private }}/files/httpd/{{ item }}" dest="/etc/lighttpd/{{ item }}" owner=root group=root mode=0600 with_items: - copr-be.fedoraproject.org.key - copr-be.fedoraproject.org.crt diff --git a/roles/copr/frontend/tasks/install_certs.yml b/roles/copr/frontend/tasks/install_certs.yml index 276b1b1071..617858a290 100644 --- a/roles/copr/frontend/tasks/install_certs.yml +++ b/roles/copr/frontend/tasks/install_certs.yml @@ -1,10 +1,10 @@ - name: copy httpd ssl certificates (crt) - copy: src="{{ puppet_private }}/httpd/copr-fe.fedoraproject.org.crt" dest="/etc/pki/tls/certs/" owner=root group=root mode=0600 + copy: src="{{ private }}/files/httpd/copr-fe.fedoraproject.org.crt" dest="/etc/pki/tls/certs/" owner=root group=root mode=0600 tags: - config - name: copy httpd ssl certificates (key) - copy: src="{{ puppet_private }}/httpd/copr-fe.fedoraproject.org.key" dest="/etc/pki/tls/private/" owner=root group=root mode=0600 + copy: src="{{ private }}/files/httpd/copr-fe.fedoraproject.org.key" dest="/etc/pki/tls/private/" owner=root group=root mode=0600 tags: - config diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index 179453df92..b4ed608326 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -59,13 +59,13 @@ - selinux - name: Copy wildcard cert from puppet private - copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0644 + copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0644 - name: Copy wildcard key from puppet private - copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600 + copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600 - name: Copy intermediate wildcard cert from puppet private - copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0644 + copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0644 - name: Configure httpd dl main conf copy: src=httpd/dl.fedoraproject.org.conf dest=/etc/httpd/conf.d/dl.fedoraproject.org.conf diff --git a/roles/fas_server/tasks/main.yml b/roles/fas_server/tasks/main.yml index 980013def3..77be21f881 100644 --- a/roles/fas_server/tasks/main.yml +++ b/roles/fas_server/tasks/main.yml @@ -71,7 +71,7 @@ - name: install /etc/fas-gpg/pubring.gpg file copy: > - src="{{ puppet_private }}/fas-gpg/pubring.gpg" + src="{{ private }}/files/fas-gpg/pubring.gpg" dest="/etc/fas-gpg/pubring.gpg" owner=fas group=fas @@ -82,7 +82,7 @@ - name: install /etc/pki/fas/fedora-server-ca.cert file copy: > - src="{{ puppet_private }}/fedora-ca.cert" + src="{{ private }}/files/fedora-ca.cert" dest="/etc/pki/fas/fedora-server-ca.cert" owner=fas group=fas @@ -93,7 +93,7 @@ - name: install /etc/pki/fas/fedora-upload-ca.cert file copy: > - src="{{ puppet_private }}/fedora-ca.cert" + src="{{ private }}/files/fedora-ca.cert" dest="/etc/pki/fas/fedora-upload-ca.cert" owner=fas group=fas @@ -104,7 +104,7 @@ - name: install /usr/share/fas/static/fedora-server-ca.cert file copy: > - src="{{ puppet_private }}/fedora-ca.cert" + src="{{ private }}/files/fedora-ca.cert" dest="/usr/share/fas/static/fedora-server-ca.cert" owner=root group=root @@ -115,7 +115,7 @@ - name: install /usr/share/fas/static/fedora-upload-ca.cert file copy: > - src="{{ puppet_private }}/fedora-ca.cert" + src="{{ private }}/files/fedora-ca.cert" dest="/usr/share/fas/static/fedora-upload-ca.cert" owner=root group=root @@ -201,7 +201,7 @@ - name: install /var/lib/fedora-ca/private/cakey.pem file copy: > - src="{{ puppet_private }}/cakey.pem" + src="{{ private }}/files/cakey.pem" dest="/var/lib/fedora-ca/private/cakey.pem" owner=fas group=fas @@ -249,7 +249,7 @@ - name: install /var/lib/fedora-ca/cacert.pem file copy: > - src="{{ puppet_private }}/fedora-ca.cert" + src="{{ private }}/files/fedora-ca.cert" dest="/var/lib/fedora-ca/cacert.pem" owner=root group=root diff --git a/roles/fedmsg/crl/tasks/main.yml b/roles/fedmsg/crl/tasks/main.yml index 7d275ee9a6..6984b110f5 100644 --- a/roles/fedmsg/crl/tasks/main.yml +++ b/roles/fedmsg/crl/tasks/main.yml @@ -12,7 +12,7 @@ - name: Copy over our crl from the private repo copy: > - src={{puppet_private}}/fedmsg-certs/keys/crl.pem dest=/srv/web/fedmsg/crl.pem + src={{private}}/files/fedmsg-certs/keys/crl.pem dest=/srv/web/fedmsg/crl.pem owner=root group=root mode=0644 tags: - fedmsg @@ -24,7 +24,7 @@ # messages. - name: Copy over our CA cert from the private repo copy: > - src={{puppet_private}}/fedmsg-certs/keys/ca.crt dest=/srv/web/fedmsg/ca.crt + src={{private}}/files/fedmsg-certs/keys/ca.crt dest=/srv/web/fedmsg/ca.crt owner=root group=root mode=0644 tags: - fedmsg diff --git a/roles/hotness/tasks/main.yml b/roles/hotness/tasks/main.yml index 938cd981d1..12ab6d63ff 100644 --- a/roles/hotness/tasks/main.yml +++ b/roles/hotness/tasks/main.yml @@ -35,7 +35,7 @@ - name: install hotness.pem koji key and cert copy: > - src="{{ puppet_private }}/hotness_key_and_cert.pem" + src="{{ private }}/files/hotness_key_and_cert.pem" dest="/etc/pki/fedmsg/hotness.pem" owner=fedmsg group=fedmsg @@ -46,7 +46,7 @@ - name: install koji ca cert copy: > - src="{{ puppet_private }}/fedora-ca.cert" + src="{{ private }}/files/fedora-ca.cert" dest="/etc/pki/fedmsg/{{ item }}" owner=root group=root diff --git a/roles/keyserver/tasks/main.yml b/roles/keyserver/tasks/main.yml index ff2f0094eb..6a4e03151d 100644 --- a/roles/keyserver/tasks/main.yml +++ b/roles/keyserver/tasks/main.yml @@ -52,27 +52,27 @@ - config - name: /etc/pki/tls/wildcard-2014.fedoraproject.org.cert - copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0600 + copy: src="{{ private }}/files/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0600 tags: - config - name: /etc/pki/tls/wildcard-2014.fedoraproject.org.key - copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600 + copy: src="{{ private }}/files/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600 tags: - config - name: /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert - copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0600 + copy: src="{{ private }}/files/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0600 tags: - config - name: /etc/pki/tls/keys_fedoraproject_org.crt.pem - copy: src="{{ puppet_private }}/httpd/keys_fedoraproject_org-2014.crt.pem" dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600 + copy: src="{{ private }}/files/httpd/keys_fedoraproject_org-2014.crt.pem" dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600 tags: - config - name: /etc/pki/tls/keys_fedoraproject_org.key - copy: src="{{ puppet_private }}/httpd/keys_fedoraproject_org-2014.key" dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600 + copy: src="{{ private }}/files/httpd/keys_fedoraproject_org-2014.key" dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600 tags: - config diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml index b417036d99..7ba3ab08ae 100644 --- a/roles/koji_hub/tasks/main.yml +++ b/roles/koji_hub/tasks/main.yml @@ -80,7 +80,7 @@ # install production certs and keys # - name: install kojiweb_cert_key.pem - copy: src={{ puppet_private }}/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600 + copy: src={{ private }}/files/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600 notify: - restart httpd tags: @@ -89,7 +89,7 @@ when: env != 'staging' and ansible_hostname.startswith('koji') - name: install production koji_cert.pem - copy: src={{ puppet_private }}/koji/koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600 + copy: src={{ private }}/files/koji/koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600 notify: - restart httpd tags: @@ -98,7 +98,7 @@ when: env != 'staging' and ansible_hostname.startswith('koji') - name: install production koji_key.pem - copy: src={{ puppet_private }}/koji/koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600 + copy: src={{ private }}/files/koji/koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600 notify: - restart httpd tags: @@ -140,7 +140,7 @@ # install staging certs and keys # - name: Install staging koji ssl cert - copy: src={{ puppet_private }}/koji/koji.stg_cert.pem dest=/etc/pki/tls/certs/koji.stg_cert.pem + copy: src={{ private }}/files/koji/koji.stg_cert.pem dest=/etc/pki/tls/certs/koji.stg_cert.pem notify: - restart httpd tags: @@ -149,7 +149,7 @@ when: env == 'staging' - name: install staging koji ssl key - copy: src={{ puppet_private }}/koji/koji.stg_key.pem dest=/etc/pki/tls/private/koji.stg_key.pem + copy: src={{ proivate }}/files/koji/koji.stg_key.pem dest=/etc/pki/tls/private/koji.stg_key.pem notify: - restart httpd tags: @@ -158,7 +158,7 @@ when: env == 'staging' - name: instaall fedora-ca.cert in various places - copy: src={{ puppet_private }}/fedora-ca.cert dest={{ item }} owner=apache + copy: src={{ private }}/files/fedora-ca.cert dest={{ item }} owner=apache with_items: - /etc/kojira/extras_cacert.pem - /etc/pki/tls/certs/extras_cacert.pem @@ -169,7 +169,7 @@ - koji_hub - name: install kojira_cert_key - copy: src={{ puppet_private }}/koji/kojira_cert_key.pem dest=/etc/kojira/kojira_cert_key.pem owner=apache mode=600 + copy: src={{ private }}/files/koji/kojira_cert_key.pem dest=/etc/kojira/kojira_cert_key.pem owner=apache mode=600 tags: - config - koji_hub @@ -313,19 +313,19 @@ when: env != 'staging' and ansible_hostname.startswith('koji') - name: install cert for oscar (garbage collector) user - copy: src={{ puppet_private }}/koji/gc/oscar_key_and_cert.pem dest=/etc/koji-gc/client.crt + copy: src={{ private }}/files/koji/gc/oscar_key_and_cert.pem dest=/etc/koji-gc/client.crt tags: - koji_hub when: env != 'staging' and ansible_hostname.startswith('koji') - name: install serverca cert for oscar (garbage collector) user - copy: src={{ puppet_private }}/fedora-ca.cert dest=/etc/koji-gc/serverca.crt + copy: src={{ private }}/files/fedora-ca.cert dest=/etc/koji-gc/serverca.crt tags: - koji_hub when: env != 'staging' and ansible_hostname.startswith('koji') - name: install clientca cert for oscar (garbage collector) user - copy: src={{ puppet_private }}/fedora-ca.cert dest=/etc/koji-gc/clientca.crt + copy: src={{ private }}/files/fedora-ca.cert dest=/etc/koji-gc/clientca.crt tags: - koji_hub when: env != 'staging' and ansible_hostname.startswith('koji') diff --git a/roles/kojipkgs/tasks/main.yml b/roles/kojipkgs/tasks/main.yml index e339ec99d3..a3b6ddc3ce 100644 --- a/roles/kojipkgs/tasks/main.yml +++ b/roles/kojipkgs/tasks/main.yml @@ -78,7 +78,7 @@ - name: Copy squid ssl cert from puppet private copy: > - src="{{puppet_private}}/httpd/wildcard-2014.squid.cert" + src="{{private}}/files/httpd/wildcard-2014.squid.cert" dest=/etc/pki/tls/certs/wildcard-2014.squid.cert owner=root group=root mode=0644 tags: @@ -88,7 +88,7 @@ - name: Copy squid ssl key from puppet private copy: > - src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.key" + src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600 tags: diff --git a/roles/koschei/tasks/main.yml b/roles/koschei/tasks/main.yml index d31509e768..ff2311cbea 100644 --- a/roles/koschei/tasks/main.yml +++ b/roles/koschei/tasks/main.yml @@ -55,7 +55,7 @@ - name: install koji ca cert copy: > - src="{{ puppet_private }}/fedora-ca.cert" + src="{{ private }}/files/fedora-ca.cert" dest="/etc/koschei/fedora-ca.cert" owner=root group=root diff --git a/roles/mirrormanager/backend/tasks/main.yml b/roles/mirrormanager/backend/tasks/main.yml index c0b4d53a57..f6daabfe12 100644 --- a/roles/mirrormanager/backend/tasks/main.yml +++ b/roles/mirrormanager/backend/tasks/main.yml @@ -53,7 +53,7 @@ - name: setup /var/lib/mirrormanager/.ssh directory copy: > - src="{{ puppet_private }}/mirrormanager/" + src="{{ private }}/files/mirrormanager/" dest="/var/lib/mirrormanager/.ssh" directory_mode=yes owner=mirrormanager diff --git a/roles/openvpn/base/tasks/main.yml b/roles/openvpn/base/tasks/main.yml index 08178c2172..faba0ef9cc 100644 --- a/roles/openvpn/base/tasks/main.yml +++ b/roles/openvpn/base/tasks/main.yml @@ -9,7 +9,7 @@ - packages - name: Install certificate and key - copy: src={{ puppet_private }}/vpn/openvpn/keys/ca.crt + copy: src={{ private }}/files/vpn/openvpn/keys/ca.crt dest=/etc/openvpn/ca.crt owner=root group=root mode=0600 tags: diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml index 7b59fc425e..76817a24f9 100644 --- a/roles/openvpn/client/tasks/main.yml +++ b/roles/openvpn/client/tasks/main.yml @@ -17,10 +17,10 @@ - { file: client.conf, dest: /etc/openvpn/openvpn.conf, mode: '0644' } - - { file: "{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt", + - { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt", dest: "/etc/openvpn/client.crt", mode: '0600' } - - { file: "{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key", + - { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.key", dest: "/etc/openvpn/client.key", mode: '0600' } tags: diff --git a/roles/openvpn/server/tasks/main.yml b/roles/openvpn/server/tasks/main.yml index a60bf2adef..ddde7a8c52 100644 --- a/roles/openvpn/server/tasks/main.yml +++ b/roles/openvpn/server/tasks/main.yml @@ -27,16 +27,16 @@ - { file: server.conf, dest: /etc/openvpn/openvpn.conf, mode: '0644' } - - { file: "{{ puppet_private }}/vpn/openvpn/keys/crl.pem", + - { file: "{{ private }}/files/vpn/openvpn/keys/crl.pem", dest: /etc/openvpn/crl.pem, mode: '0644' } - - { file: "{{ puppet_private }}/vpn/openvpn/keys/server.crt", + - { file: "{{ private }}/files/vpn/openvpn/keys/server.crt", dest: /etc/openvpn/server.crt, mode: '0644' } - - { file: "{{ puppet_private }}/vpn/openvpn/keys/server.key", + - { file: "{{ private }}/files/vpn/openvpn/keys/server.key", dest: /etc/openvpn/server.key, mode: '0600' } - - { file: "{{ puppet_private }}/vpn/openvpn/keys/dh2048.pem", + - { file: "{{ private }}/files/vpn/openvpn/keys/dh2048.pem", dest: /etc/openvpn/dh2048.pem, mode: '0644' } tags: diff --git a/roles/pagure/fedmsg/tasks/main.yml b/roles/pagure/fedmsg/tasks/main.yml index fb859260e9..6952551e9a 100644 --- a/roles/pagure/fedmsg/tasks/main.yml +++ b/roles/pagure/fedmsg/tasks/main.yml @@ -84,7 +84,7 @@ - name: install fedmsg ca.cert copy: > - src="{{ puppet_private }}/fedmsg-certs/keys/ca.crt" + src="{{ private }}/files/fedmsg-certs/keys/ca.crt" dest=/etc/pki/fedmsg/ca.crt owner=root group=root diff --git a/roles/totpcgi/tasks/main.yml b/roles/totpcgi/tasks/main.yml index e51c4add8a..23cfd7b180 100644 --- a/roles/totpcgi/tasks/main.yml +++ b/roles/totpcgi/tasks/main.yml @@ -92,7 +92,7 @@ - name: copy staging server cert file over copy: > - src={{ puppet_private }}/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.crt + src={{ private }}/files/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.crt dest=/etc/pki/tls/certs/totpcgi-server.crt owner=root group=totpcgi @@ -104,7 +104,7 @@ - name: copy staging server key file over copy: > - src={{ puppet_private }}/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.key + src={{ private }}/files/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.key dest=/etc/pki/totpcgi/totpcgi-server.key owner=root group=totpcgi @@ -130,7 +130,7 @@ - name: copy server cert file over copy: > - src={{ puppet_private }}/2fa-certs/keys/fas-all.phx2.fedoraproject.org.crt + src={{ private }}/files/2fa-certs/keys/fas-all.phx2.fedoraproject.org.crt dest=/etc/pki/totpcgi/totpcgi-server.crt owner=root group=totpcgi @@ -144,7 +144,7 @@ - name: copy server cert file over copy: > - src={{ puppet_private }}/2fa-certs/keys/fas-all.phx2.fedoraproject.org.key + src={{ private }}/files/2fa-certs/keys/fas-all.phx2.fedoraproject.org.key dest=/etc/pki/totpcgi/totpcgi-server.key owner=root group=totpcgi @@ -174,7 +174,7 @@ - name: copy VPN server cert file over copy: > - src={{ puppet_private }}/2fa-certs/keys/fas-all.vpn.fedoraproject.org.crt + src={{ private }}/files/2fa-certs/keys/fas-all.vpn.fedoraproject.org.crt dest=/etc/pki/totpcgi/totpcgi-server-vpn.crt owner=root group=totpcgi @@ -188,7 +188,7 @@ - name: copy VPN server cert file over copy: > - src={{ puppet_private }}/2fa-certs/keys/fas-all.vpn.fedoraproject.org.key + src={{ private }}/files/2fa-certs/keys/fas-all.vpn.fedoraproject.org.key dest=/etc/pki/totpcgi/totpcgi-server-vpn.key owner=root group=totpcgi @@ -212,7 +212,7 @@ - name: copy ca cert over copy: > - src={{ puppet_private }}/2fa-certs/keys/ca.crt + src={{ private }}/files/2fa-certs/keys/ca.crt dest=/etc/pki/totpcgi/totpcgi-ca.crt owner=root group=totpcgi diff --git a/tasks/2fa_client.yml b/tasks/2fa_client.yml index 62be11cbbd..50d8fcbd0d 100644 --- a/tasks/2fa_client.yml +++ b/tasks/2fa_client.yml @@ -5,12 +5,12 @@ - packages - name: /etc/pki/tls/private/totpcgi.pem - copy: src="{{ puppet_private }}/2fa-certs/keys/{{ inventory_hostname }}.pem" dest=/etc/pki/tls/private/totpcgi.pem mode=0400 + copy: src="{{ private }}/files/2fa-certs/keys/{{ inventory_hostname }}.pem" dest=/etc/pki/tls/private/totpcgi.pem mode=0400 tags: - config - name: /etc/pki/tls/private/totpcgi-ca.cert - copy: src="{{ puppet_private }}/2fa-certs/keys/ca.crt" dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400 + copy: src="{{ private }}/files/2fa-certs/keys/ca.crt" dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400 tags: - config diff --git a/tasks/openvpn_client.yml b/tasks/openvpn_client.yml index 66bd0355b5..6625dc5e4d 100644 --- a/tasks/openvpn_client.yml +++ b/tasks/openvpn_client.yml @@ -6,14 +6,14 @@ - packages - name: /etc/openvpn/ca.crt from vpn/openvpn/keys/ca.crt - copy: src="{{ puppet_private }}/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root + copy: src="{{ private }}/files/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root tags: - config notify: - restart openvpn #- name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem -# copy: src="{{ puppet_private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root +# copy: src="{{ private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root # tags: # - config # notify: @@ -27,14 +27,14 @@ - restart openvpn - name: /etc/openvpn/client.crt - copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root + copy: src="{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root tags: - config notify: - restart openvpn - name: /etc/openvpn/client.key - copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root + copy: src="{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root tags: - config notify: diff --git a/tasks/openvpn_client_7.yml b/tasks/openvpn_client_7.yml index 38a5bc3aae..d60e4bb50e 100644 --- a/tasks/openvpn_client_7.yml +++ b/tasks/openvpn_client_7.yml @@ -6,35 +6,35 @@ - packages - name: /etc/openvpn/ca.crt from vpn/openvpn/keys/ca.crt - copy: src="{{ puppet_private }}/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root + copy: src="{{ private }}/files/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root tags: - config notify: - restart openvpn 7 #- name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem -# copy: src="{{ puppet_private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root +# copy: src="{{ private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root # tags: # - config # notify: # - restart openvpn - name: /etc/openvpn/openvpn.conf - copy: src="{{ files }}/openvpn/client.conf" dest=/etc/openvpn/openvpn.conf + copy: src="{{ files }}/files/openvpn/client.conf" dest=/etc/openvpn/openvpn.conf tags: - config notify: - restart openvpn 7 - name: /etc/openvpn/client.crt - copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root + copy: src="{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root tags: - config notify: - restart openvpn 7 - name: /etc/openvpn/client.key - copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root + copy: src="{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root tags: - config notify: diff --git a/vars/global.yml b/vars/global.yml index 00de5321b3..4228b6c5f0 100644 --- a/vars/global.yml +++ b/vars/global.yml @@ -1,7 +1,6 @@ --- basedir: /srv/web/infra/ansible private: /srv/private/ansible -puppet_private: /var/lib/puppet/git/configs/secure bigfiles: /srv/web/infra/bigfiles files: /srv/web/infra/ansible/files roles: /srv/web/infra/ansible/roles