update defaults for postgres tls path

automation/roles/tls_certificate/copy/tasks/main.yml

@@ -49,7 +49,7 @@
         group: "{{ tls_owner }}"
         mode: "{{ item.mode }}"
       loop:
-        - { index: 0, path: "{{ tls_privatekey_path | default('/etc/tls/server.key') }}", mode: "0400" }
-        - { index: 1, path: "{{ tls_cert_path | default('/etc/tls/server.crt') }}", mode: "0644" }
-        - { index: 2, path: "{{ tls_ca_cert_path | default('/etc/tls/ca.crt') }}", mode: "0644" }
+        - { index: 0, path: "{{ tls_privatekey_path | default(postgresql_home_dir + '/tls/server.key') }}", mode: "0400" }
+        - { index: 1, path: "{{ tls_cert_path | default(postgresql_home_dir + '/tls/server.crt') }}", mode: "0644" }
+        - { index: 2, path: "{{ tls_ca_cert_path | default(postgresql_home_dir + '/tls/ca.crt') }}", mode: "0644" }
   when: copy_for == 'pg'

automation/roles/tls_certificate/generate/tasks/main.yml

@@ -8,21 +8,21 @@
   delay: 5
   retries: 3
 
-- name: "Clean up existing certificates"
+- name: Clean up existing certificates (if any)
   ansible.builtin.file:
     path: "{{ item }}"
     state: absent
   loop:
-    - "{{ tls_privatekey_path | default('/etc/tls/server.key') }}"
-    - "{{ tls_cert_path | default('/etc/tls/server.crt') }}"
-    - "{{ tls_ca_cert_path | default('/etc/tls/ca.crt') }}"
-    - "{{ tls_ca_privatekey_path | default('/etc/tls/ca.key') }}"
+    - "{{ tls_privatekey_path | default(postgresql_home_dir + '/tls/server.key') }}"
+    - "{{ tls_cert_path | default(postgresql_home_dir + '/tls/server.crt') }}"
+    - "{{ tls_ca_cert_path | default(postgresql_home_dir + '/tls/ca.crt') }}"
     - "{{ tls_etcd_cert_path | default('/etc/etcd/tls/server.crt') }}"
     - "{{ tls_etcd_ca_cert_path | default('/etc/etcd/tls/ca.crt') }}"
     - "{{ tls_etcd_privatekey_path | default('/etc/etcd/tls/server.key') }}"
     - "/etc/tls/server.key"
     - "/etc/tls/server.crt"
     - "/etc/tls/ca.crt"
+    - "etc/tls/ca.key"
 
 - ansible.builtin.set_fact:
     all_san_entries: []