move cert path

03377087 · nanahira · 0347771d · 03377087 · 03377087 · 03377087
Commit 03377087 authored Dec 18, 2020 by nanahira
Showing with 6 additions and 5 deletions

ansible/protocols/oc/ocserv-pre.yaml ansible/protocols/oc/ocserv-pre.yaml +2 -1

ansible/protocols/oc/ocserv.conf.j2 ansible/protocols/oc/ocserv.conf.j2 +3 -3

src/inventory.ts src/inventory.ts +1 -1

No files found.
--- a/ansible/protocols/oc/ocserv-pre.yaml
+++ b/ansible/protocols/oc/ocserv-pre.yaml
@@ -6,6 +6,7 @@
  with_items:
    - config-per-user
    - env-per-user
+    - certs
 - name: ocserv.conf
  template:
    src: ./ocserv.conf.j2
@@ -22,7 +23,7 @@
 - name: ocserv certs
  synchronize:
    src: ../certs/{{ocservCert}}/
-    dest: '{{ansible_user_dir}}/nextgen-network/services/ocserv/certs'
+    dest: '{{ansible_user_dir}}/nextgen-network/services/ocserv/certs/{{ocservCert}}'
    delete: yes
    copy_links: yes
    verify_host: no

--- a/ansible/protocols/oc/ocserv.conf.j2
+++ b/ansible/protocols/oc/ocserv.conf.j2
@@ -5,9 +5,9 @@ udp-port = {{ocservPort}}
 run-as-user = nobody
 run-as-group = daemon
 socket-file = /run/ocserv.socket
-server-cert = /etc/ssl/certs/fullchain.pem
-server-key = /etc/ssl/certs/privkey.pem
-dh-params = /etc/ssl/certs/dhparam.pem
+server-cert = /etc/ssl/certs/{{ocervCert}}/fullchain.pem
+server-key = /etc/ssl/certs/{{ocervCert}}/privkey.pem
+dh-params = /etc/ssl/certs/{{ocervCert}}/dhparam.pem
 isolate-workers = true
 server-stats-reset-time = 604800
 keepalive = 300

--- a/src/inventory.ts
+++ b/src/inventory.ts
@@ -291,7 +291,7 @@ class InventoryBuilder {
            './ocserv/config-per-user:/etc/ocserv/config-per-user:ro',
            './ocserv/env-per-user:/etc/ocserv/env-per-user:ro',
            './ocserv/ocpasswd:/etc/ocserv/ocpasswd:ro',
-            './ocserv/certs:/etc/ssl/certs:ro',
+            `./ocserv/certs/${local.ocservCert}:/etc/ssl/certs/${local.ocservCert}:ro`,
            '$HOME/nextgen-network/scripts:$HOME/nextgen-network/scripts:ro'
          ]
        };