1195355b43
With releasing PKI role we broke Let's Encrypt option because of changing directories where certs should be located and not reflecting these changes for let's encrypt. At the same time we should not generate self-signed cert when let's encrypt path is used. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/811742 Closes-Bug: #1938961 Change-Id: I1a6701b171782528373bc1d0a39e70e6d1ef20ab
10 lines
389 B
Django/Jinja
10 lines
389 B
Django/Jinja
#!/bin/bash
|
|
# renew cert if required and copy to haproxy destination
|
|
|
|
{% for vip in [ haproxy_bind_external_lb_vip_address ] + extra_lb_tls_vip_addresses %}
|
|
cat /etc/letsencrypt/live/{{ haproxy_bind_external_lb_vip_address }}/{fullchain,privkey}.pem \
|
|
> {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ vip ~ '.pem' }}
|
|
{% endfor %}
|
|
|
|
systemctl reload haproxy
|