try and deal with name scoping some more

playbooks/groups/batcave.yml

@@ -26,7 +26,9 @@
   - rsyncd
   - apache
   - httpd/mod_ssl
-  - { role: httpd/certificate, name: "{{wildcard_cert_name}}", SSLCertificateChainFile: "{{wildcard_int_file}}" }
+  - role: httpd/certificate
+    certname: "{{wildcard_cert_name}}"
+    SSLCertificateChainFile: "{{wildcard_int_file}}"
   - openvpn/client
   - batcave
 

playbooks/groups/people.yml

@@ -75,7 +75,7 @@
   - role: apache
 
   - role: httpd/certificate
-    name: wildcard-2017.fedorapeople.org
+    certname: wildcard-2017.fedorapeople.org
     SSLCertificateChainFile: wildcard-2017.fedorapeople.org.intermediate.cert
 
   - people

playbooks/groups/secondary.yml

@@ -37,15 +37,16 @@
   - role: httpd/mod_ssl
 
   - role: httpd/certificate
-    name: "{{wildcard_cert_name}}"
+    certname: "{{wildcard_cert_name}}"
     SSLCertificateChainFile: "{{wildcard_int_file}}"
 
-  - role: httpd/website
+  - { role: httpd/website
-    name: secondary.fedoraproject.org
+    vars:
-    cert_name: "{{wildcard_cert_name}}"
+    - name: secondary.fedoraproject.org
+    - cert_name: "{{wildcard_cert_name}}"
     server_aliases:
     - archive.fedoraproject.org
-    - archives.fedoraproject.org
+    - archives.fedoraproject.org }
   tasks:
   - import_tasks: "{{ tasks_path }}/yumrepos.yml"
   - import_tasks: "{{ tasks_path }}/2fa_client.yml"

playbooks/groups/torrent.yml

@@ -26,13 +26,10 @@
   - role: httpd/mod_ssl
 
   - role: httpd/certificate
-    name: "{{wildcard_cert_name}}"
+    certname: "{{wildcard_cert_name}}"
-    SSLCertificateChainFile: "{{wildcard_int_file}}"
+    SSLCertificateChainFile: "{{wildcard_int_file}}"}}
 
-  - role: httpd/website
+  - {role: httpd/website, vars: {name: torrent.fedoraproject.org, cert_name: "{{wildcard_cert_name}}", sslonly: true}}
-    name: torrent.fedoraproject.org
-    cert_name: "{{wildcard_cert_name}}"
-    sslonly: true
 
   tasks:
   - import_tasks: "{{ tasks_path }}/yumrepos.yml"

playbooks/include/proxies-certificates.yml

@@ -16,72 +16,72 @@
   - role: httpd/mod_ssl
 
   - role: httpd/certificate
-    name: wildcard-2017.fedoraproject.org
+    certname: wildcard-2017.fedoraproject.org
     SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
 
   - role: httpd/certificate
-    name: wildcard-2017.fedorahosted.org
+    certname: wildcard-2017.fedorahosted.org
     SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert
 
   - role: httpd/certificate
-    name: wildcard-2017.id.fedoraproject.org
+    certname: wildcard-2017.id.fedoraproject.org
     SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert
 
   - role: httpd/certificate
-    name: wildcard-2017.stg.fedoraproject.org
+    certname: wildcard-2017.stg.fedoraproject.org
     SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
     when: env == "staging"
 
   - role: httpd/certificate
-    name: wildcard-2017.app.os.stg.fedoraproject.org
+    certname: wildcard-2017.app.os.stg.fedoraproject.org
     SSLCertificateChainFile: wildcard-2017.app.os.stg.fedoraproject.org.intermediate.cert
     when: env == "staging"
     tags:
     - app.os.fedoraproject.org
 
   - role: httpd/certificate
-    name: wildcard-2017.app.os.fedoraproject.org
+    certname: wildcard-2017.app.os.fedoraproject.org
     SSLCertificateChainFile: wildcard-2017.app.os.fedoraproject.org.intermediate.cert
     tags:
     - app.os.fedoraproject.org
 
   - role: httpd/certificate
-    name: fedoramagazine.org
+    certname: fedoramagazine.org
     SSLCertificateChainFile: fedoramagazine.org.intermediate.cert
 
   - role: httpd/certificate
-    name: fpaste.org
+    certname: fpaste.org
     SSLCertificateChainFile: fpaste.org.intermediate.cert
 
   - role: httpd/certificate
-    name: getfedora.org
+    certname: getfedora.org
     SSLCertificateChainFile: getfedora.org.intermediate.cert
 
   - role: httpd/certificate
-    name: flocktofedora.org
+    certname: flocktofedora.org
     SSLCertificateChainFile: flocktofedora.org.intermediate.cert
 
   - role: httpd/certificate
-    name: qa.stg.fedoraproject.org
+    certname: qa.stg.fedoraproject.org
     SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
     when: env == "staging"
 
   - role: httpd/certificate
-    name: qa.fedoraproject.org
+    certname: qa.fedoraproject.org
     SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert
 
   - role: httpd/certificate
-    name: secondary.koji.fedoraproject.org.letsencrypt
+    certname: secondary.koji.fedoraproject.org.letsencrypt
     SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt
 
   - role: httpd/certificate
-    name: whatcanidoforfedora.org
+    certname: whatcanidoforfedora.org
     SSLCertificateChainFile: whatcanidoforfedora.org.intermediate.crt
     tags:
     - whatcanidoforfedora.org
 
   - role: httpd/certificate
-    name: fedoracommunity.org
+    certname: fedoracommunity.org
     SSLCertificateChainFile: fedoracommunity.org.intermediate.cert
     tags:
     - fedoracommunity.org

roles/httpd/certificate/tasks/main.yml

@@ -18,7 +18,7 @@
   - httpd
   - httpd/certificate
 
-- name: Copy {{name}}.cert
+- name: Copy {{certname}}.cert
   copy: >
     src={{item}}
     dest=/etc/pki/tls/certs/{{item | basename}}
@@ -27,14 +27,14 @@
     mode=0644
   with_first_found:
   - "{{private}}/files/httpd/{{cert}}.cert"
-  - "{{private}}/files/httpd/{{name}}.cert"
+  - "{{private}}/files/httpd/{{certname}}.cert"
   notify:
   - reload proxyhttpd
   tags:
   - httpd
   - httpd/certificate
 
-- name: Copy {{name}}.key
+- name: Copy {{certname}}.key
   copy: >
     src={{item}}
     dest=/etc/pki/tls/private/{{item | basename}}
@@ -43,7 +43,7 @@
     mode=0600
   with_first_found:
   - "{{private}}/files/httpd/{{key}}.key"
-  - "{{private}}/files/httpd/{{name}}.key"
+  - "{{private}}/files/httpd/{{certname}}.key"
   notify:
   - reload proxyhttpd
   tags: