Add creation of chained.pem and dhparam.pem

thejsj · thejsj · commit a26ac6c7a835 · 2017-05-29T21:12:00.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -10,7 +10,8 @@ ca.srl
 .DS_Store
 ansible/roles/hipache/templates/runnable*
 enviroments/**/k8/**/configMaps/*cert*
-environments/*/secrets/**/*
+environments/gamma/secrets/**/*
+environments/delta/secrets/**/*
 *.retry
 *.tfstate*
 terraform/credentials.tfvars
diff --git a/ansible/roles/runnable-domain-proxy/tasks/main.yml b/ansible/roles/runnable-domain-proxy/tasks/main.yml
@@ -1,4 +1,15 @@
 ---
+- name: create chained cert
+  tags: [ certs ]
+  shell: |
+    cat {{ domains_root }}/{{ domain }}/cert.pem  > {{ domains_root }}/{{ domain }}/chained.pem
+    echo "" >> {{ domains_root }}/{{ domain }}/chained.pem # Add newline
+    cat {{ domains_root }}/{{ domain }}/ca.pem  > {{ domains_root }}/{{ domain }}/chained.pem
+
+- name: create dhparam.pem
+  tags: [ certs ]
+  command: openssl dhparam -out {{ domains_root }}/{{ domain }}/dhparam.pem 2048
+
 - set_fact:
     ca_data: "{{ lookup('file', '{{ domains_root }}/{{ domain }}/ca.pem') }}"
 - set_fact:
@@ -8,6 +19,7 @@
 - set_fact:
     chained_data: "{{ lookup('file', '{{ domains_root }}/{{ domain }}/chained.pem') }}"
 - set_fact:
+    # NOTE: We currently have no way of generating this file
     dhparam_data: "{{ lookup('file', '{{ domains_root }}/{{ domain }}/dhparam.pem') }}"
 
 - name: create configMap folder
