Do not add cacert when it does not exist

Right now we assume, that ca-cert is always present. Though, it might not be the case for user-provided certs or let's encrypt, as they are already in ca-certificates. Change-Id: I101f82c5e378596e76a160aacb34a9e1e7e0c123
2022-08-08 14:09:12 +02:00 · 2022-08-08 14:09:12 +02:00 · dd842f4eb4
parent 06e76706c7
commit dd842f4eb4
1 changed files with 3 additions and 1 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -15,9 +15,11 @@

 - name: regen pem
  shell: >
-    cat {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item  ~ '.crt' }} {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item  ~ '-ca.crt' }} {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item  ~ '.key' }} > {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item  ~ '.pem' }}
+    cat {{ item_base_path ~ '.crt' }} $(test -f {{ item_base_path  ~ '-ca.crt' }} && echo {{ item_base_path  ~ '-ca.crt' }}) {{ item_base_path  ~ '.key' }} > {{ item_base_path  ~ '.pem' }}
  notify: Reload haproxy
  with_items: "{{ _haproxy_tls_vip_binds }}"
+  vars:
+    item_base_path: "{{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item }}"
  listen:
    - cert installed