From 9c912de036e1435a4b265c5065c7015c3155ca75 Mon Sep 17 00:00:00 2001
From: Klaus Zerwes <zerwes@users.noreply.github.com>
Date: Tue, 8 Apr 2025 22:15:41 +0200
Subject: [PATCH] use a unique name for the ca cert on the ansible controller

---
 roles/elasticsearch/tasks/elasticsearch-security.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/elasticsearch/tasks/elasticsearch-security.yml b/roles/elasticsearch/tasks/elasticsearch-security.yml
index 3f5fcc75..5e3c9816 100644
--- a/roles/elasticsearch/tasks/elasticsearch-security.yml
+++ b/roles/elasticsearch/tasks/elasticsearch-security.yml
@@ -264,7 +264,7 @@
 - name: Fetch ca certificate from ca host to Ansible controller
   ansible.builtin.fetch:
     src: "{{ elasticstack_ca_dir }}/ca.crt"
-    dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/ca.crt"
+    dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ elasticstack_ca }}.crt"
     flat: yes
   when: inventory_hostname == elasticstack_ca
   tags:
@@ -297,8 +297,8 @@
 
 - name: Copy the ca certificate to elasticsearch nodes
   ansible.builtin.copy:
-    src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/ca.crt"
-    dest: "/etc/elasticsearch/certs"
+    src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ elasticstack_ca }}.crt"
+    dest: "/etc/elasticsearch/certs/ca.crt"
     owner: root
     group: elasticsearch
     mode: 0640