{"id":202,"sha1":"816d288e5a80d60c9eff7820f8f7803e1eb3d48c","playbook":{"id":3,"items":{"plays":37,"tasks":374,"results":364,"hosts":2,"files":208,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":8,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-infrastructure.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:33:24.432723Z","ended":"2025-12-08T13:39:38.483304Z","duration":"00:06:14.050581","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.3","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-infrastructure.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2024, Cleura AB\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n_httpd_vhosts_with_ssl: \"{{ httpd_vhosts | selectattr('ssl', 'defined') | selectattr('ssl') }}\"\n\n_httpd_pki_generate_certificates_vhosts: |-\n  {% set certs_to_generate = [] %}\n  {% for vhost in _httpd_vhosts_with_ssl %}\n  {%   if not ('cert' in vhost['ssl'] and 'key' in vhost['ssl']) %}\n  {%     set _ = certs_to_generate.append({\n           'name': ['httpd', inventory_hostname, vhost['name']] | join('_'),\n           'provider': 'ownca',\n           'cn': inventory_hostname,\n           'san': vhost['ssl']['san'] | default(httpd_pki_default_san),\n           'signed_by': httpd_pki_intermediate_cert_name,\n         })\n  %}\n  {%   endif %}\n  {% endfor %}\n  {{ certs_to_generate }}\n\n_httpd_pki_install_certificates_vhosts: |-\n  {% set certs_to_install = [] %}\n  {% for vhost in _httpd_vhosts_with_ssl %}\n  {%   set cert_name = ['httpd', inventory_hostname, vhost['name']] | join('_') %}\n  {%   if not ('cert' in vhost['ssl'] and 'key' in vhost['ssl']) %}\n  {%     set _ = vhost['ssl'].update({\n           'cert': httpd_pki_certs_path ~ cert_name ~ '-chain.crt',\n           'key': httpd_pki_keys_path ~ cert_name ~ '.key.pem'\n         })\n  %}\n  {%   endif %}\n  {%   set _ = certs_to_install.append({\n         'src': vhost['ssl']['cert'],\n         'dest': httpd_ssl_certs_dir ~ cert_name ~ '.pem',\n         'owner': httpd_service_user_name,\n         'group': httpd_service_group_name,\n         'mode': '0640'\n       })\n  %}\n  {%   set _ = certs_to_install.append({\n         'src': vhost['ssl']['key'],\n         'dest': httpd_ssl_keys_dir ~ cert_name ~ '.key',\n         'owner': httpd_service_user_name,\n         'group': httpd_service_group_name,\n         'mode': '0600'\n       })\n  %}\n  {%   set _ = certs_to_install.append({\n         'src': vhost['ssl'].get('ca'),\n         'dest': httpd_ssl_certs_dir ~ cert_name ~ '-ca.pem',\n         'owner': httpd_service_user_name,\n         'group': httpd_service_group_name,\n         'mode': '0644',\n         'condition': 'ca' in vhost['ssl']\n       })\n  %}\n  {% endfor %}\n  {{ certs_to_install }}\n","created":"2025-12-08T13:33:26.992526Z","updated":"2025-12-08T13:33:26.992568Z","path":"/home/zuul/src/opendev.org/openstack/ansible-role-httpd/vars/main.yml"}