Refactor HAProxy configuration and certificate management

- Updated HAProxy configuration template to reflect changes for the Taurus Production Environment, including SSL settings and rate limiting for specific endpoints. - Introduced new playbooks for certificate distribution and validation with OCI Vault, ensuring certificates are correctly managed and renewed. - Added hooks for uploading renewed certificates to OCI Vault and validating their integrity. - Enhanced the HAProxy configuration playbook to ensure proper service management and verification of the HAProxy service. - Updated inventory variables for certificate management and ensured compatibility with the new structure.
2026-03-17 13:13:38 -04:00
parent 856d7e2ef2
commit 0a053c1cd6
13 changed files with 1268 additions and 204 deletions
--- a/ansible/inventory/host_vars/titania.incus.yml
+++ b/ansible/inventory/host_vars/titania.incus.yml
@@ -26,10 +26,10 @@ certbot_group: certbot
 certbot_directory: /srv/certbot
 certbot_email: webmaster@helu.ca
 certbot_cert_name: ouranos.helu.ca
-certbot_domains:
-  - "*.ouranos.helu.ca"
-  - "ouranos.helu.ca"
 prometheus_node_exporter_text_directory: /var/lib/prometheus/node-exporter
+certbot_certificates:
+  - cert_name: wildcard.ouranos.helu.ca
+    domains: ["*.ouranos.helu.ca"]

 # HAProxy Configuration
 haproxy_user: haproxy