kolla-ansible/ansible/roles/service-cert-copy/tasks/main.yml

---
- name: "{{ project_name }} | Copying over extra CA certificates"
  become: true
  copy:
    src: "{{ kolla_certificates_dir }}/ca/"
    dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
    mode: "0644"
  when:
    - kolla_copy_ca_into_containers | bool
  with_dict: "{{ project_services | select_services_enabled_and_mapped_to_host }}"

- name: "{{ project_name }} | Copying over backend internal TLS certificate"
  vars:
    certs:
      - "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/{{ project_name }}-cert.pem"
      - "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
      - "{{ kolla_certificates_dir }}/{{ project_name }}-cert.pem"
      - "{{ kolla_tls_backend_cert }}"
    backend_tls_cert: "{{ lookup('first_found', certs) }}"
  copy:
    src: "{{ backend_tls_cert }}"
    dest: "{{ node_config_directory }}/{{ item.key }}/{{ project_name }}-cert.pem"
    mode: "0644"
  become: true
  when:
    - kolla_copy_backend_tls_files | bool
  with_dict: "{{ project_services | select_services_enabled_and_mapped_to_host }}"

- name: "{{ project_name }} | Copying over backend internal TLS key"
  vars:
    keys:
      - "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/{{ project_name }}-key.pem"
      - "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
      - "{{ kolla_certificates_dir }}/{{ project_name }}-key.pem"
      - "{{ kolla_tls_backend_key }}"
    backend_tls_key: "{{ lookup('first_found', keys) }}"
  copy:
    src: "{{ backend_tls_key }}"
    dest: "{{ node_config_directory }}/{{ item.key }}/{{ project_name }}-key.pem"
    mode: "0600"
  become: true
  when:
    - kolla_copy_backend_tls_files | bool
  with_dict: "{{ project_services | select_services_enabled_and_mapped_to_host }}"