From 9da2cfb6f22253eb698bf4ce1ec89ed8f7e51ece Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Thu, 3 Jul 2025 11:54:43 -0700 Subject: [PATCH] haproxy: IPA certs don't depend on data center The IPA cert doesn't change when we move datacenters, because we just replicate across. So it shouldn't have the datacenter in the name. This should fix haproxy deployment (it was broken because we didn't have an 'rdu3' file). Signed-off-by: Adam Williamson --- .../files/{ipa.production-phx2.pem => ipa.production.pem} | 0 roles/haproxy/files/{ipa.staging-phx2.pem => ipa.staging.pem} | 0 roles/haproxy/tasks/main.yml | 3 ++- 3 files changed, 2 insertions(+), 1 deletion(-) rename roles/haproxy/files/{ipa.production-phx2.pem => ipa.production.pem} (100%) rename roles/haproxy/files/{ipa.staging-phx2.pem => ipa.staging.pem} (100%) diff --git a/roles/haproxy/files/ipa.production-phx2.pem b/roles/haproxy/files/ipa.production.pem similarity index 100% rename from roles/haproxy/files/ipa.production-phx2.pem rename to roles/haproxy/files/ipa.production.pem diff --git a/roles/haproxy/files/ipa.staging-phx2.pem b/roles/haproxy/files/ipa.staging.pem similarity index 100% rename from roles/haproxy/files/ipa.staging-phx2.pem rename to roles/haproxy/files/ipa.staging.pem diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index ac3192ba6f..99ecb04f0d 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -36,7 +36,8 @@ dest={{ item.dest }} owner=root group=root mode=0600 with_items: - - { file: "ipa.{{env}}-rdu3.pem", dest: /etc/haproxy/ipa.pem } + # this one does not necessarily change when we move DCs, due to replication + - { file: "ipa.{{env}}.pem", dest: /etc/haproxy/ipa.pem } - { file: "ocp.{{env_short}}-rdu3.pem", dest: "/etc/haproxy/ocp-{{env_short}}.pem" } - { file: "ocp.{{env_short}}-rdu3.pem", dest: "/etc/haproxy/ocp-{{env_short}}-rdu3.pem" } tags: