From dd842f4eb4cfc0e81aea13665c7be2994a289160 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@citynetwork.eu>
Date: Mon, 8 Aug 2022 14:09:12 +0200
Subject: [PATCH] Do not add cacert when it does not exist

Right now we assume, that ca-cert is always present. Though, it might
not be the case for user-provided certs or let's encrypt, as they
are already in ca-certificates.

Change-Id: I101f82c5e378596e76a160aacb34a9e1e7e0c123
---
 handlers/main.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index dceed8f..36fcbe3 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -15,9 +15,11 @@
 
 - name: regen pem
   shell: >
-    cat {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item  ~ '.crt' }} {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item  ~ '-ca.crt' }} {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item  ~ '.key' }} > {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item  ~ '.pem' }}
+    cat {{ item_base_path ~ '.crt' }} $(test -f {{ item_base_path  ~ '-ca.crt' }} && echo {{ item_base_path  ~ '-ca.crt' }}) {{ item_base_path  ~ '.key' }} > {{ item_base_path  ~ '.pem' }}
   notify: Reload haproxy
   with_items: "{{ _haproxy_tls_vip_binds }}"
+  vars:
+    item_base_path: "{{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item }}"
   listen:
     - cert installed