From 475838940a4e9d5b7fd2c4b2ea3634c80601b0c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Thu, 10 Apr 2025 12:16:51 +0200
Subject: [PATCH] Use lookup instead of assemble for the RabbitMQ CA
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/rabbitmq_cluster/tasks/main.yml | 37 +--------------------------
 1 file changed, 1 insertion(+), 36 deletions(-)

diff --git a/roles/rabbitmq_cluster/tasks/main.yml b/roles/rabbitmq_cluster/tasks/main.yml
index f0bd1fc556..b5c780fb01 100644
--- a/roles/rabbitmq_cluster/tasks/main.yml
+++ b/roles/rabbitmq_cluster/tasks/main.yml
@@ -37,44 +37,9 @@
   - config
   when: "env == 'production'"
 
-- name: Create CA certs directory
-  ansible.builtin.file:
-    path: /etc/rabbitmq/cacerts/
-    owner: root
-    group: root
-    mode: 0755
-    state: directory
-  tags:
-  - rabbitmq_cluster
-  - config
-
 - name: Deploy CA certificate
   ansible.builtin.copy:
-    src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
-    dest: /etc/rabbitmq/cacerts/ca.crt
-    owner: root
-    group: root
-    mode: 0644
-  tags:
-  - rabbitmq_cluster
-  - config
-  when: "env == 'staging'"
-
-- name: Deploy CA certificate
-  ansible.builtin.copy:
-    src: "{{private}}/files/rabbitmq/{{env}}.old-2025-04/pki/ca.crt"
-    dest: /etc/rabbitmq/cacerts/ca.old.crt
-    owner: root
-    group: root
-    mode: 0644
-  tags:
-  - rabbitmq_cluster
-  - config
-  when: "env == 'staging'"
-
-- name: Build combined CA cert
-  ansible.builtin.assemble:
-    src: /etc/rabbitmq/cacerts/
+    content: "{{ lookup('file', private+'/files/rabbitmq/+env+'/pki/ca.crt') }}\n{{ lookup('file', private+'/files/rabbitmq/+env+'.new/pki/ca.crt') }}"
     dest: /etc/rabbitmq/ca.crt
     owner: root
     group: root