playbook: Allow correct certificate with domain

For most of cases the default approach, with generated certificate, is
enough, but sometimes the playbooks are used in environment, where
real certificates with domain names shall be used.

For such scenarios, prepare the system to use ansible-playbook
--extra-vars which can override the defaults.

Note that frontend requester is improved, to support case of passed or not
certificate files.

playbook/roles/standalone-shared/files/erp5-show

@@ -121,14 +121,19 @@ def status():
     zope_ip, pw = get_connection_information(erp5_sr)
 
     try:
-      ip = open('/tmp/playbook-public-ipv4').read().strip()
+      # by default try new apporach (domain based)...
+      hostname = open('/tmp/playbook-frontend-custom-domain').read().strip()
     except Exception:
-      frontend = None
+      try:
+        # ...and fall back to old one (IP based)
+        hostname = open('/tmp/playbook-public-ipv4').read().strip()
+      except Exception:
+        frontend = None
     else:
-      if len(ip) == 0:
+      if len(hostname) == 0:
         frontend = zope_ip
       else:
-        frontend = 'https://' + ip
+        frontend = 'https://' + hostname
     frontend_ip, _ = get_connection_information(frn_sr)
 
     connected = False

playbook/roles/standalone-shared/tasks/main.yml

 ---
   - include: debian9-gcc-4.9.yml
 
-  - name: Store public IPv4 for other scripts
-    copy: content="{{ ansible_default_ipv4.address }}" dest=/tmp/playbook-public-ipv4 mode=0644
+  - name: Store domain for other scripts
+    copy: content="{{ frontend_custom_domain }}" dest=/tmp/playbook-frontend-custom-domain mode=0644
 
   - name: create instance request script
     template: src={{ request_instance_template }} dest=/tmp/playbook-request-{{ playbook_name }} mode=0700

playbook/roles/standalone-shared/templates/request-erp5-frontend.j2

@@ -12,15 +12,29 @@ except Exception:
   pass
 
 if backend_url is not None:
+  file_dict = dict(
+    ssl_crt='{{ frontend_ssl_crt_file }}',
+    ssl_key='{{ frontend_ssl_key_file }}',
+    ssl_ca_crt='{{ frontend_ssl_ca_crt_file }}'
+  )
+  partition_parameter_kw = {
+    'url': backend_url,
+    'type': 'zope',
+    'custom_domain': '{{ frontend_custom_domain }}',
+    'server-alias': '{{ frontend_server_alias }}',
+    'https-only': 'true',
+
+  }
+  for key in ['ssl_crt', 'ssl_key', 'ssl_ca_crt']:
+    try:
+      data = open(file_dict[key]).read().strip()
+      if data:
+        partition_parameter_kw[key] = data
+    except IOError:
+      pass
   request(
     software_release=frontend_software_release_url,
     partition_reference='{{ frontend_slave_reference }}',
     shared=True,
-    partition_parameter_kw={
-        'url': backend_url,
-        'type': 'zope',
-        'custom_domain': '{{ ansible_default_ipv4.address }}',
-        'server-alias': '*',
-        'https-only': 'true'
-    }
+    partition_parameter_kw=partition_parameter_kw
   )

playbook/roles/standalone-shared/vars/main.yml

@@ -6,4 +6,9 @@ frontend_master_reference: master-frn-{{ playbook_name }}
 frontend_slave_reference: slave-srn-{{ playbook_name }}
 backend_instance_reference: instance-of-{{ playbook_name }}
 backend_url_path: /tmp/playbook-{{ playbook_name }}-backend-url
-public_ipv4_path: /tmp/playbook-{{ playbook_name }}-public_ipv4
+public_ipv4_path: /tmp/playbook-{{ playbook_name }}-public_ipv4
\ No newline at end of file
+frontend_custom_domain: "{{ ansible_default_ipv4.address }}"
+frontend_server_alias: "*"
+frontend_ssl_crt_file: ""
+frontend_ssl_key_file: ""
+frontend_ssl_ca_crt_file: ""