openstack-ansible-rabbitmq_server/tasks/rabbitmq_ssl_key_distribute.yml

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Distribute self signed ssl key
  copy:
    dest: "{{ rabbitmq_ssl_key }}"
    content: "{{ item.name }}"
    owner: "rabbitmq"
    group: "rabbitmq"
    mode: "{{ item.file_mode }}"
  with_items:
    - { name: "{{ rabbitmq_ssl_key_fact }}", file_mode: "0640" }
  tags:
    - rabbitmq-ssl

- name: Distribute self signed ssl cert
  copy:
    dest: "{{ rabbitmq_ssl_cert }}"
    content: "{{ item.name }}"
    owner: "rabbitmq"
    group: "rabbitmq"
    mode: "{{ item.file_mode }}"
  with_items:
    - { name: "{{ rabbitmq_ssl_cert_fact }}", file_mode: "0640" }
  tags:
    - rabbitmq-ssl

- name: Ensure rabbitmq user owns the self-signed key and certificate
  file:
    path: "{{ item }}"
    owner: rabbitmq
    group: rabbitmq
  with_items:
    - "{{ rabbitmq_ssl_key }}"
    - "{{ rabbitmq_ssl_cert }}"
  tags:
    - rabbitmq-ssl

# This is here because there was a different way of configuring SSL/TLS
# for RabbitMQ that used a mode of 0750 for the RabbitMQ directory.  That has
# since been updated but we need to ensure that old environments get this
# critical update during upgrades.
#
# See bug 1513668 in Launchpad for more details.
- name: Ensure /etc/rabbitmq is set to the default mode of 0755
  file:
    path: /etc/rabbitmq
    mode: 0755
  tags:
    - rabbitmq-ssl