From c7f95e7c9e36debe3b6d798188a57b15a072bb19 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 5 Apr 2018 20:48:29 +0000 Subject: [PATCH] try and deal with name scoping some more --- playbooks/groups/batcave.yml | 4 ++- playbooks/groups/people.yml | 2 +- playbooks/groups/secondary.yml | 11 ++++---- playbooks/groups/torrent.yml | 9 +++---- playbooks/include/proxies-certificates.yml | 30 +++++++++++----------- roles/httpd/certificate/tasks/main.yml | 8 +++--- 6 files changed, 32 insertions(+), 32 deletions(-) diff --git a/playbooks/groups/batcave.yml b/playbooks/groups/batcave.yml index 2444497020..85c06ce1e2 100644 --- a/playbooks/groups/batcave.yml +++ b/playbooks/groups/batcave.yml @@ -26,7 +26,9 @@ - rsyncd - apache - httpd/mod_ssl - - { role: httpd/certificate, name: "{{wildcard_cert_name}}", SSLCertificateChainFile: "{{wildcard_int_file}}" } + - role: httpd/certificate + certname: "{{wildcard_cert_name}}" + SSLCertificateChainFile: "{{wildcard_int_file}}" - openvpn/client - batcave diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml index 8dbaa957b6..e7661b4b41 100644 --- a/playbooks/groups/people.yml +++ b/playbooks/groups/people.yml @@ -75,7 +75,7 @@ - role: apache - role: httpd/certificate - name: wildcard-2017.fedorapeople.org + certname: wildcard-2017.fedorapeople.org SSLCertificateChainFile: wildcard-2017.fedorapeople.org.intermediate.cert - people diff --git a/playbooks/groups/secondary.yml b/playbooks/groups/secondary.yml index d01b35d9f4..05df30fe35 100644 --- a/playbooks/groups/secondary.yml +++ b/playbooks/groups/secondary.yml @@ -37,15 +37,16 @@ - role: httpd/mod_ssl - role: httpd/certificate - name: "{{wildcard_cert_name}}" + certname: "{{wildcard_cert_name}}" SSLCertificateChainFile: "{{wildcard_int_file}}" - - role: httpd/website - name: secondary.fedoraproject.org - cert_name: "{{wildcard_cert_name}}" + - { role: httpd/website + vars: + - name: secondary.fedoraproject.org + - cert_name: "{{wildcard_cert_name}}" server_aliases: - archive.fedoraproject.org - - archives.fedoraproject.org + - archives.fedoraproject.org } tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - import_tasks: "{{ tasks_path }}/2fa_client.yml" diff --git a/playbooks/groups/torrent.yml b/playbooks/groups/torrent.yml index f80e989edb..f0bb95844f 100644 --- a/playbooks/groups/torrent.yml +++ b/playbooks/groups/torrent.yml @@ -26,13 +26,10 @@ - role: httpd/mod_ssl - role: httpd/certificate - name: "{{wildcard_cert_name}}" - SSLCertificateChainFile: "{{wildcard_int_file}}" + certname: "{{wildcard_cert_name}}" + SSLCertificateChainFile: "{{wildcard_int_file}}"}} - - role: httpd/website - name: torrent.fedoraproject.org - cert_name: "{{wildcard_cert_name}}" - sslonly: true + - {role: httpd/website, vars: {name: torrent.fedoraproject.org, cert_name: "{{wildcard_cert_name}}", sslonly: true}} tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" diff --git a/playbooks/include/proxies-certificates.yml b/playbooks/include/proxies-certificates.yml index 65d86804d0..9a68eb7e5e 100644 --- a/playbooks/include/proxies-certificates.yml +++ b/playbooks/include/proxies-certificates.yml @@ -16,72 +16,72 @@ - role: httpd/mod_ssl - role: httpd/certificate - name: wildcard-2017.fedoraproject.org + certname: wildcard-2017.fedoraproject.org SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert - role: httpd/certificate - name: wildcard-2017.fedorahosted.org + certname: wildcard-2017.fedorahosted.org SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert - role: httpd/certificate - name: wildcard-2017.id.fedoraproject.org + certname: wildcard-2017.id.fedoraproject.org SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert - role: httpd/certificate - name: wildcard-2017.stg.fedoraproject.org + certname: wildcard-2017.stg.fedoraproject.org SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert when: env == "staging" - role: httpd/certificate - name: wildcard-2017.app.os.stg.fedoraproject.org + certname: wildcard-2017.app.os.stg.fedoraproject.org SSLCertificateChainFile: wildcard-2017.app.os.stg.fedoraproject.org.intermediate.cert when: env == "staging" tags: - app.os.fedoraproject.org - role: httpd/certificate - name: wildcard-2017.app.os.fedoraproject.org + certname: wildcard-2017.app.os.fedoraproject.org SSLCertificateChainFile: wildcard-2017.app.os.fedoraproject.org.intermediate.cert tags: - app.os.fedoraproject.org - role: httpd/certificate - name: fedoramagazine.org + certname: fedoramagazine.org SSLCertificateChainFile: fedoramagazine.org.intermediate.cert - role: httpd/certificate - name: fpaste.org + certname: fpaste.org SSLCertificateChainFile: fpaste.org.intermediate.cert - role: httpd/certificate - name: getfedora.org + certname: getfedora.org SSLCertificateChainFile: getfedora.org.intermediate.cert - role: httpd/certificate - name: flocktofedora.org + certname: flocktofedora.org SSLCertificateChainFile: flocktofedora.org.intermediate.cert - role: httpd/certificate - name: qa.stg.fedoraproject.org + certname: qa.stg.fedoraproject.org SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert when: env == "staging" - role: httpd/certificate - name: qa.fedoraproject.org + certname: qa.fedoraproject.org SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert - role: httpd/certificate - name: secondary.koji.fedoraproject.org.letsencrypt + certname: secondary.koji.fedoraproject.org.letsencrypt SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt - role: httpd/certificate - name: whatcanidoforfedora.org + certname: whatcanidoforfedora.org SSLCertificateChainFile: whatcanidoforfedora.org.intermediate.crt tags: - whatcanidoforfedora.org - role: httpd/certificate - name: fedoracommunity.org + certname: fedoracommunity.org SSLCertificateChainFile: fedoracommunity.org.intermediate.cert tags: - fedoracommunity.org diff --git a/roles/httpd/certificate/tasks/main.yml b/roles/httpd/certificate/tasks/main.yml index afae3243eb..afad02c105 100644 --- a/roles/httpd/certificate/tasks/main.yml +++ b/roles/httpd/certificate/tasks/main.yml @@ -18,7 +18,7 @@ - httpd - httpd/certificate -- name: Copy {{name}}.cert +- name: Copy {{certname}}.cert copy: > src={{item}} dest=/etc/pki/tls/certs/{{item | basename}} @@ -27,14 +27,14 @@ mode=0644 with_first_found: - "{{private}}/files/httpd/{{cert}}.cert" - - "{{private}}/files/httpd/{{name}}.cert" + - "{{private}}/files/httpd/{{certname}}.cert" notify: - reload proxyhttpd tags: - httpd - httpd/certificate -- name: Copy {{name}}.key +- name: Copy {{certname}}.key copy: > src={{item}} dest=/etc/pki/tls/private/{{item | basename}} @@ -43,7 +43,7 @@ mode=0600 with_first_found: - "{{private}}/files/httpd/{{key}}.key" - - "{{private}}/files/httpd/{{name}}.key" + - "{{private}}/files/httpd/{{certname}}.key" notify: - reload proxyhttpd tags: