update tls dir path for vip-manager

vitabaks · Dec 28, 2024 · da7c6e6 · da7c6e6
1 parent 7b0077a
commit da7c6e6
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/automation/roles/tls_certificate/copy/tasks/main.yml b/automation/roles/tls_certificate/copy/tasks/main.yml
@@ -13,7 +13,7 @@
 - block:
     - name: Create directory {{ tls_etcd_privatekey_path | default('/etc/etcd/tls/server.key') | dirname }}
       ansible.builtin.file:
-        dest: "{{ tls_etcd_privatekey_path | default('/etc/etcd/tls/server.key') | dirname }}"
+        path: "{{ tls_etcd_privatekey_path | default('/etc/etcd/tls/server.key') | dirname }}"
         state: directory
         owner: "etcd"
         group: "etcd"
@@ -35,10 +35,10 @@
 - block:
     - name: Create directory {{ tls_privatekey_path | default('/etc/tls/server.key') | dirname }}
       ansible.builtin.file:
-        dest: "{{ tls_privatekey_path | default('/etc/tls/server.key') | dirname }}"
+        path: "{{ tls_privatekey_path | default('/etc/tls/server.key') | dirname }}"
         state: directory
-        owner: "root"
-        group: "root"
+        owner: "{{ tls_owner }}"
+        group: "{{ tls_owner }}"
         mode: "0755"
 
     - name: Copy PostgreSQL TLS certificate, key and CA to all nodes

diff --git a/automation/roles/tls_certificate/generate/tasks/main.yml b/automation/roles/tls_certificate/generate/tasks/main.yml
@@ -47,7 +47,7 @@
 ######## Generate CA ########
     - name: "Ensure TLS directory exist"
       ansible.builtin.file:
-        dest: "{{ tls_privatekey_path | default('/etc/tls/server.key') | dirname }}"
+        path: "{{ tls_privatekey_path | default('/etc/tls/server.key') | dirname }}"
         state: directory
         owner: "root"
         group: "root"

diff --git a/automation/roles/vip-manager/templates/vip-manager.yml.j2 b/automation/roles/vip-manager/templates/vip-manager.yml.j2
@@ -66,10 +66,10 @@ etcd-password: {{ patroni_etcd_password | default("") }}
 {% endif %}
 {% if tls_cert_generate | default(false) | bool %}
 # when etcd-ca-file is specified, TLS connections to the etcd endpoints will be used.
-etcd-ca-file: {{ tls_etcd_ca_cert_path | default('/etc/etcd/tls/ca.crt') }}
+etcd-ca-file: {{ tls_ca_cert_path | default('/etc/tls/ca.crt') }}
 # when etcd-cert-file and etcd-key-file are specified, we will authenticate at the etcd endpoints using this certificate and key.
-etcd-cert-file: {{ tls_etcd_cert_path | default('/etc/etcd/tls/server.crt') }}
-etcd-key-file: {{ tls_etcd_privatekey_path | default('/etc/etcd/tls/server.key') }}
+etcd-cert-file: {{ tls_cert_path | default('/etc/tls/server.crt') }}
+etcd-key-file: {{ tls_privatekey_path | default('/etc/tls/server.key') }}
 {% endif %}
 {% endif %}