Add variables for server and client CA certificates

ehelms · ehelms · commit 338fd536799d · 2025-05-13T10:15:55.000-04:00
Signed-off-by: Eric D. Helms &lt;ericdhelms@gmail.com&gt;
diff --git a/src/playbooks/deploy/deploy.yaml b/src/playbooks/deploy/deploy.yaml
@@ -22,18 +22,18 @@
     candlepin_tomcat_certificate: "{{ localhost_certificate }}"
     candlepin_client_key: "{{ client_key }}"
     candlepin_client_certificate: "{{ client_certificate }}"
-    foreman_proxy_ca_certificate: "{{ ca_certificate }}"
+    foreman_proxy_ca_certificate: "{{ client_ca_certificate }}"
     foreman_proxy_server_key: "{{ server_key }}"
     foreman_proxy_server_certificate: "{{ server_certificate }}"
     foreman_proxy_client_key: "{{ client_key }}"
     foreman_proxy_client_certificate: "{{ client_certificate }}"
-    foreman_ca_certificate: "{{ ca_certificate }}"
+    foreman_ca_certificate: "{{ server_ca_certificate }}"
     foreman_client_key: "{{ client_key }}"
     foreman_client_certificate: "{{ client_certificate }}"
     foreman_oauth_consumer_key: abcdefghijklmnopqrstuvwxyz123456
     foreman_oauth_consumer_secret: abcdefghijklmnopqrstuvwxyz123456
-    httpd_server_ca_certificate: "{{ ca_certificate }}"
-    httpd_client_ca_certificate: "{{ ca_certificate }}"
+    httpd_server_ca_certificate: "{{ server_ca_certificate }}"
+    httpd_client_ca_certificate: "{{ client_ca_certificate }}"
     httpd_server_certificate: "{{ server_certificate }}"
     httpd_server_key: "{{ server_key }}"
     pulp_content_origin: "https://{{ ansible_fqdn }}"
diff --git a/src/vars/default_certificates.yml b/src/vars/default_certificates.yml
@@ -4,7 +4,9 @@ ca_certificate: "{{ certificates_ca_directory }}/certs/ca.crt"
 ca_key: "{{ certificates_ca_directory }}/private/ca.key"
 server_certificate: "{{ certificates_ca_directory }}/certs/{{ ansible_fqdn }}.crt"
 server_key: "{{ certificates_ca_directory }}/private/{{ ansible_fqdn }}.key"
+server_ca_certificate: "{{ certificates_ca_directory }}/certs/ca.crt"
 client_certificate: "{{ certificates_ca_directory }}/certs/{{ ansible_fqdn }}-client.crt"
 client_key: "{{ certificates_ca_directory }}/private/{{ ansible_fqdn }}-client.key"
+client_ca_certificate: "{{ certificates_ca_directory }}/certs/ca.crt"
 localhost_key: "{{ certificates_ca_directory }}/private/localhost.key"
 localhost_certificate: "{{ certificates_ca_directory }}/certs/localhost.crt"
diff --git a/src/vars/installer_certificates.yml b/src/vars/installer_certificates.yml
@@ -4,7 +4,9 @@ ca_certificate: "/root/ssl-build/katello-default-ca.crt"
 ca_key: "/root/ssl-build/katello-default-ca.key"
 server_certificate: "/root/ssl-build/{{ ansible_fqdn }}/{{ ansible_fqdn }}-apache.crt"
 server_key: "/root/ssl-build/{{ ansible_fqdn }}/{{ ansible_fqdn }}-apache.key"
+server_ca_certificate: "/root/ssl-build/katello-server-ca.crt"
 client_certificate: "/root/ssl-build/{{ ansible_fqdn }}/{{ ansible_fqdn }}-foreman-client.crt"
 client_key: "/root/ssl-build/{{ ansible_fqdn }}/{{ ansible_fqdn }}-foreman-client.key"
+client_ca_certificate: "{{ ca_certificate }}"
 localhost_key: "/root/ssl-build/localhost/localhost-tomcat.key"
 localhost_certificate: "/root/ssl-build/localhost/localhost-tomcat.crt"
