used files for certificate values instead of saving directly in

provisioning file

used files for certificate values instead of saving directly in
provisioning file
8ce3aa4f · Karl Grube · 2d7debfa · 8ce3aa4f · 8ce3aa4f
Commit 8ce3aa4f authored Jul 14, 2022 by Karl Grube
--- a/tasks/all.yml
+++ b/tasks/all.yml
@@ -34,16 +34,6 @@
    dest: /etc/nginx/sites-enabled/grafana
  notify: reload nginx

- name: slurp tls_client_cert
-  slurp:
-    path: /etc/ssl/grafana_client/{{fqdn}}.crt
-  register: tls_client_cert_data
-  tags: provisioning
- name: slurp tls_client_key
-  slurp:
-    path: /etc/ssl/grafana_client/{{fqdn}}.key
-  register: tls_client_key_data
-  tags: provisioning
 - name: prometheus template
  template:
    src: prometheus_datasource.yaml.j2

--- a/templates/prometheus_datasource.yaml.j2
+++ b/templates/prometheus_datasource.yaml.j2
@@ -3,14 +3,11 @@ datasources:
 - name: {{prometheus_server}}
  type: prometheus
  url: https://{{prometheus_server}}
-  editable: true
+  editable: false
  secureJsonData:
-    tlsCACert: |
-      {{(lookup('file',root_ca_crt))|regex_replace('\n','\n      ',)}}
-    tlsClientCert: |
-      {{(tls_client_cert_data['content'] |b64decode)|regex_replace('\n','\n      ',)}}
-    tlsClientKey: |
-      {{(tls_client_key_data['content'] |b64decode)|regex_replace('\n','\n      ',)}}
+    tlsCACert: $__file{/etc/ssl/grafana_client/root.ca.crt}
+    tlsClientCert: $__file{/etc/ssl/grafana_client/{{fqdn}}.crt}
+    tlsClientKey: $__file{/etc/ssl/grafana_client/{{fqdn}}.key}
  jsonData:
    tlsAuth: true
    tlsAuthWithCACert: true