Merge branch 'master' of github.com:monash-merc/ansible_cluster_in_a_box

roles/extra_rpms/tasks/main.yml

 ---
-
-- name: "update cache"
-  shell: yum update -y
-  sudo: true
-  when: ansible_os_family == 'RedHat'
-
 - name: "Install extra packages"
   yum: "name={{ item }} state=latest"
   with_items:

roles/karaage3.1.17/tasks/main.yml

 ---
  - name: "Copying the apache key file"
-   template: src="files/{{ apache_key_file }}" dest="{{ x509_key_file }}" mode=0644
+   template: src="files/{{ apache_key_file }}" dest="/etc/ssl/private/{{ apache_key_file }}" mode=0600 owner=www-data group=www-data
    sudo: true
    when: apache_key_file is defined
  
  - name: "Copying the apache cert file"
-   template: src="files/{{ apache_cert_file }}" dest="{{ x509_cert_file }}" mode=0644
+   template: src="files/{{ apache_cert_file }}" dest="/etc/ssl/certs/{{ apache_cert_file }}" mode=0644 owner=www-data group=www-data
    sudo: true
    when: apache_cert_file is defined
+ 
+ - name: "Copying the apache cert chain file"
+   template: src="files/{{ apache_chain_file }}" dest="/etc/ssl/certs/{{ apache_chain_file }}" mode=0644 owner=www-data group=www-data
+   sudo: true
+   when: apache_chain_file is defined
 
  - name: "Copying the ldap ca cert file"
    template: src="files/{{ ldap_TLSCARoot }}" dest="{{ ldapCaCertFile }}" mode=0644

roles/karaage3.1.17/templates/default-ssl.j2

@@ -42,15 +42,16 @@
 	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
 	#   If both key and certificate are stored in the same file, only the
 	#   SSLCertificateFile directive is needed.
-	SSLCertificateFile    {{ x509_cert_file }}
-	SSLCertificateKeyFile {{ x509_key_file }} 
+	SSLCertificateFile    /etc/ssl/certs/{{ apache_cert_file }}
+	SSLCertificateKeyFile /etc/ssl/private/{{ apache_key_file }} 
+
 	#   Server Certificate Chain:
 	#   Point SSLCertificateChainFile at a file containing the
 	#   concatenation of PEM encoded CA certificates which form the
 	#   certificate chain for the server certificate. Alternatively
 	#   when the CA certificates are directly appended to the server
 	#   certificate for convinience.
-	#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+	SSLCertificateChainFile /etc/ssl/certs/{{ apache_chain_file }} 
 
 	#   Certificate Authority (CA):
 	#   Set the CA certificate verification path where to find CA

roles/karaage3.1.17/vars/readme.txt

 
 apache_cert_file: "{{ inventory_hostname }}.{{ domain }}.crt"
 apache_key_file: "{{ inventory_hostname }}.{{ domain }}.key"
+apache_chain_file: "merc_hpc_apache_chain.pem"
 

roles/package_update/tasks/main.yml

+---
+
+- name: "update cache centos"
+  shell: yum update -y
+  sudo: true
+  when: ansible_os_family == 'RedHat'
+
+- name: "update cache debian"
+  shell: apt-get update -y
+  sudo: true
+  when: ansible_os_family == 'Debian'
+
+