Gitiles
Code Review Sign In
gerrit.opencord.org / platform-install / 44845c69e17400b051fd2a7cb41de0a4bdb050b6^! / . / roles / cord-profile
commit44845c69e17400b051fd2a7cb41de0a4bdb050b6[log] [tgz]
authorZack Williams <zdw@cs.arizona.edu>Fri Apr 21 13:57:14 2017 -0700
committerZack Williams <zdw@cs.arizona.edu>Thu May 18 14:58:09 2017 -0700
treecc2fd12ab7738f56180c07b7d2d9a71f0db63fa3
parent4ef48392ffd9350ca407f047b63015d50401d351 [diff]
Generate per-site SSL intermediate CA, fix cred/pki paths

Change-Id: I0bda0791d82142acac8c6af0e152d8d0954ef719

diff --git a/roles/cord-profile/defaults/main.yml b/roles/cord-profile/defaults/main.yml
index 00ac764..98734ec 100644
--- a/roles/cord-profile/defaults/main.yml
+++ b/roles/cord-profile/defaults/main.yml

@@ -3,7 +3,8 @@
 
 cord_dir: "{{ ansible_user_dir + '/cord' }}"
 cord_profile_dir: "{{ ansible_user_dir + '/cord_profile' }}"
-pki_dir: "/opt/pki"
+pki_dir: "{{ playbook_dir }}/pki"
+credentials_dir: "{{ playbook_dir }}/credentials"
 
 deploy_docker_registry: ""
 deploy_docker_tag: "candidate"
@@ -77,7 +78,7 @@
 
 # used in deployment.yaml.j2
 xos_admin_user: "xosadmin@opencord.org"
-xos_admin_pass: "{{ lookup('password', 'credentials/xosadmin@opencord.org chars=ascii_letters,digits') }}"
+xos_admin_pass: "{{ lookup('password', credentials_dir ~ '/xosadmin@opencord.org chars=ascii_letters,digits') }}"
 xos_admin_first: XOS
 xos_admin_last: Admin
 

diff --git a/roles/cord-profile/tasks/main.yml b/roles/cord-profile/tasks/main.yml
index 9b39107..d33765e 100644
--- a/roles/cord-profile/tasks/main.yml
+++ b/roles/cord-profile/tasks/main.yml

@@ -16,7 +16,7 @@
     owner: "{{ ansible_user_id }}"
     group: "{{ ansible_user_gid }}"
 
-- name: Create cord_profile/profile_name with the name of the profile
+- name: Create cord_profile/profile_name, containing profile name
   copy:
     dest: "{{ cord_profile_dir }}/profile_name"
     content: "{{ cord_profile }}"
@@ -55,14 +55,16 @@
 
 - name: Copy cert chain and core api key and cert
   copy:
-    src: "{{ pki_dir }}/{{ item }}"
-    dest: "{{ cord_profile_dir }}/{{ item }}"
+    src: "{{ pki_dir }}/{{ item.src }}"
+    dest: "{{ cord_profile_dir }}/{{ item.dest }}"
     mode: 0600
-    remote_src: True
   with_items:
-    - core_api_key.pem
-    - core_api_cert.pem
-    - im_cert_chain.pem
+    - src: "{{ site_name }}_im_ca/private/xos-core.{{ site_suffix }}_key.pem"
+      dest: "core_api_key.pem"
+    - src: "{{ site_name }}_im_ca/certs/xos-core.{{ site_suffix }}_cert_chain.pem"
+      dest: "core_api_cert.pem"
+    - src: "{{ site_name }}_im_ca/certs/im_cert_chain.pem"
+      dest: "im_cert_chain.pem"
 
 - name: Get localhost facts (to get local uid and gid)
   setup: