MAINT: Replace all occurrences of ssl with {{ env }}_ssl

As we need to generate certificates for distinct environments we must change the name of the SSL directory to a environment specific name so they don't use the same certificates. If we used the same certificates then when either deployment is compromised we would have to change certificates on both environments rather than one.

Author: khalford

chatops_deployment/ansible/roles/alertmanager/tasks/main.yml

@@ -77,7 +77,7 @@
 - name: Copy certificate and key
   become: true
   ansible.builtin.copy:
-    src: "./SSL/alertmanager.{{ item }}"
+    src: "./{{ env }}_ssl/alertmanager.{{ item }}"
     dest: "/opt/alertmanager/alertmanager.{{ item }}"
     owner: alertmanager
     group: alertmanager

chatops_deployment/ansible/roles/elastic/tasks/elasticsearch.yml

@@ -112,7 +112,7 @@
 - name: Copy certificate and key
   become: true
   ansible.builtin.copy:
-    src: "./SSL/elasticsearch.{{ item }}"
+    src: "./{{ env }}_ssl/elasticsearch.{{ item }}"
     dest: "/opt/elasticsearch/config/elasticsearch.{{ item }}"
     owner: elastic
     group: elastic
@@ -124,7 +124,7 @@
 - name: Copy certificate and key
   become: true
   ansible.builtin.copy:
-    src: "./SSL/elasticsearch.{{ item }}"
+    src: "./{{ env }}_ssl/elasticsearch.{{ item }}"
     dest: "/opt/elasticsearch/config/elasticsearch.{{ item }}"
     owner: elastic
     group: elastic

chatops_deployment/ansible/roles/elastic/tasks/kibana.yml

@@ -40,7 +40,7 @@
 - name: Copy certificate and key
   become: true
   ansible.builtin.copy:
-    src: "./SSL/{{ item }}"
+    src: "./{{ env }}_ssl/{{ item }}"
     dest: "/opt/kibana/{{ item }}"
     owner: elastic
     group: elastic

chatops_deployment/ansible/roles/elastic/tasks/logstash.yml

@@ -40,7 +40,7 @@
 - name: Copy certificate and key
   become: true
   ansible.builtin.copy:
-    src: "./SSL/{{ item }}"
+    src: "./{{ env }}_ssl/{{ item }}"
     dest: "/opt/logstash/{{ item }}"
     owner: elastic
     group: elastic

chatops_deployment/ansible/roles/filebeat/tasks/main.yml

@@ -41,7 +41,7 @@
 - name: Copy Logstash SSL certificate
   become: true
   ansible.builtin.copy:
-    src: "./SSL/logstash.crt"
+    src: "./{{ env }}_ssl/logstash.crt"
     dest: "/opt/filebeat"
     owner: root
     group: root

chatops_deployment/ansible/roles/grafana/tasks/main.yml

@@ -79,7 +79,7 @@
 - name: Copy certificate and key
   become: true
   ansible.builtin.copy:
-    src: "./SSL/grafana.{{ item }}"
+    src: "./{{ env }}_ssl/grafana.{{ item }}"
     dest: "/etc/grafana/grafana.{{ item }}"
     owner: root
     group: grafana

chatops_deployment/ansible/roles/haproxy/tasks/haproxy.yml

@@ -21,7 +21,7 @@
     path: /etc/haproxy/{{ domain }}.crt
   register: certificate_file
 
-- name: Create SSL directory to store self signed certificates
+- name: Create ssl directory to store self signed certificates
   become: true
   ansible.builtin.file:
     path: /etc/haproxy/ssl
@@ -33,7 +33,7 @@
 - name: Copy service self signed certificates
   become: true
   ansible.builtin.copy:
-    src: "./SSL/{{ item }}.crt"
+    src: "./{{ env }}_ssl/{{ item }}.crt"
     dest: "/etc/haproxy/ssl/{{ item }}.crt"
     owner: root
     group: haproxy

chatops_deployment/ansible/roles/prometheus/tasks/main.yml

@@ -104,7 +104,7 @@
 - name: Copy certificate and key
   become: true
   ansible.builtin.copy:
-    src: "./SSL/{{ item }}"
+    src: "./{{ env }}_ssl/{{ item }}"
     dest: "/opt/prometheus/{{ item }}"
     owner: prometheus
     group: prometheus

chatops_deployment/ansible/roles/ssh_known_hosts/tasks/main.yml

@@ -15,7 +15,7 @@
       # We must use shell here as here-docs don't work with command
       ansible.builtin.shell: |
         expect << EOF
-          spawn ssh-add bastion-key
+          spawn ssh-add {{ env }}-bastion-key
           expect "Enter passphrase for bastion-key:"
           send "{{ bastion_key_passphrase }}\r"
           expect eof

chatops_deployment/ansible/roles/ssl_certificates/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
-- name: Create SSL directory
+- name: Create ssl directory
   ansible.builtin.file:
-    path: ./SSL
+    path: ./{{ env }}_ssl
     state: directory
     owner: "{{ ansible_env.USER }}"
     group: "{{ ansible_env.USER }}"