dashpay · ktechmidas · Jun 18, 2025 · Jun 18, 2025 · Jun 18, 2025
diff --git a/ansible/roles/dashmate/tasks/main.yml b/ansible/roles/dashmate/tasks/main.yml
@@ -285,6 +285,32 @@
     - dashmate_zerossl_id_result is defined
     - dashmate_zerossl_id_result.stdout != 'null'
 
+# Fast mode: Get ZeroSSL certificate ID from existing config if available
+- name: Get ZeroSSL certificate ID from config (fast mode)
+  ansible.builtin.command: "{{ dashmate_cmd }} config get platform.gateway.ssl.providerConfigs.zerossl.id"
+  become: true
+  become_user: dashmate
+  args:
+    chdir: '{{ dashmate_cwd }}'
+  register: dashmate_zerossl_id_result_fast
+  changed_when: dashmate_zerossl_id_result_fast.rc == 0
+  failed_when: false
+  when:
+    - skip_dashmate_image_update | default(false)
+    - dashmate_platform_enable
+    - dashmate_platform_gateway_ssl_provider == 'zerossl'
+
+- name: Set ZeroSSL certificate ID from config (fast mode)
+  ansible.builtin.set_fact:
+    dashmate_zerossl_config_certificate_id: "{{ dashmate_zerossl_id_result_fast.stdout }}"
+  when:
+    - skip_dashmate_image_update | default(false)
+    - dashmate_platform_enable
+    - dashmate_platform_gateway_ssl_provider == 'zerossl'
+    - dashmate_zerossl_id_result_fast is defined
+    - dashmate_zerossl_id_result_fast.rc == 0
+    - dashmate_zerossl_id_result_fast.stdout != 'null'
+
 - name: Check if existing dashmate config exists
   ansible.builtin.stat:
     path: '{{ dashmate_config_dir }}/config.json'

diff --git a/ansible/roles/dashmate/tasks/ssl/zerossl.yml b/ansible/roles/dashmate/tasks/ssl/zerossl.yml
@@ -4,7 +4,6 @@
   ansible.builtin.set_fact:
     dashmate_zerossl_keys_path: "{{ dashmate_config_dir }}/{{ dash_network_name }}/platform/gateway/ssl"
     dashmate_zerossl_config_path: "platform.gateway.ssl.providerConfigs.zerossl"
-    dashmate_zerossl_ssm_path: "/network-deploy/{{ dash_network_name }}/{{ inventory_hostname }}/zerossl"
     dashmate_zerossl_csr_file_name: "csr.pem"
     dashmate_zerossl_private_key_file_name: "private.key"
     dashmate_zerossl_bundle_file_name: "bundle.crt"
@@ -19,47 +18,24 @@
 
 # Set certificate ID to dashmate config
 
-- name: Check SSM parameter store for ZeroSSL certificate ID
-  delegate_to: localhost
-  become: false
+- name: Get ZeroSSL certificate ID from network config
   ansible.builtin.set_fact:
-    dashmate_zerossl_ssm_certificate_id: "{{ lookup('aws_ssm', '{{ dashmate_zerossl_ssm_path }}-id', on_missing='skip') }}"
+    dashmate_zerossl_certificate_id: "{{ (hp_masternodes[inventory_hostname]['zerossl_certificate_id'] | default('')) if hp_masternodes is defined and inventory_hostname in (hp_masternodes | default({})) else '' }}"
 
-- name: Set ZeroSSL certificate ID to dashmate config from SSM if not set
-  ansible.builtin.command: "{{ dashmate_cmd }} config set {{ dashmate_zerossl_config_path }}.id {{ dashmate_zerossl_ssm_certificate_id }}"
+- name: Set ZeroSSL certificate ID to dashmate config if not set
+  ansible.builtin.command: "{{ dashmate_cmd }} config set {{ dashmate_zerossl_config_path }}.id {{ dashmate_zerossl_certificate_id }}"
   become: true
   become_user: dashmate
   args:
     chdir: '{{ dashmate_cwd }}'
   register: dashmate_zerossl_id
   changed_when: dashmate_zerossl_id.rc == 0
   when:
-    - dashmate_zerossl_ssm_certificate_id != ''
+    - dashmate_zerossl_certificate_id != ''
     - dashmate_zerossl_config_certificate_id is not defined
 
-# Copy ZeroSSL files if they are not present
-
-- name: Check that ZeroSSL CSR and private key files exist
-  ansible.builtin.stat:
-    path: '{{ dashmate_zerossl_keys_path }}/{{ dashmate_zerossl_private_key_file_name }}'
-  register: zero_ssl_files
-
-- name: Get ZeroSSL CSR and private key from SSM
-  ansible.builtin.copy:
-    dest: '{{ dashmate_zerossl_keys_path }}/{{ item }}'
-    content: "{{ lookup('aws_ssm', '{{ dashmate_zerossl_ssm_path }}-{{ item }}', on_missing='skip') }}"
-    owner: '{{ dashmate_user }}'
-    group: '{{ dashmate_group }}'
-    mode: "0644"
-  loop:
-    - '{{ dashmate_zerossl_private_key_file_name }}'
-    - '{{ dashmate_zerossl_csr_file_name }}'
-  when: >
-    not zero_ssl_files.stat.exists and
-    dashmate_zerossl_ssm_certificate_id != ''
-
 # Create a new ZeroSSL certificate if it is not present
-# or download bundle if it's not exist
+# or download bundle if it doesn't exist
 
 - name: Check that ZeroSSL bundle file exists
   ansible.builtin.stat:
@@ -75,60 +51,5 @@
   register: dashmate_obtain
   changed_when: dashmate_obtain.rc == 0
   when: >
-    dashmate_zerossl_ssm_certificate_id == '' or
-    not zero_ssl_bundle_file.stat.exists
-
-# Save new ZeroSSL information to SSM
-
-- name: Get new ZeroSSL certificate ID from dashmate config
-  ansible.builtin.command: "{{ dashmate_cmd }} config get {{ dashmate_zerossl_config_path }}.id"
-  become: true
-  become_user: dashmate
-  args:
-    chdir: '{{ dashmate_cwd }}'
-  register: dashmate_zerossl_id
-  changed_when: dashmate_zerossl_id.rc == 0
-  when: dashmate_obtain is defined and dashmate_obtain.changed
-
-- name: Set new ZeroSSL certificate ID from config
-  ansible.builtin.set_fact:
-    dashmate_zerossl_config_certificate_id: "{{ dashmate_zerossl_id.stdout }}"
-  when: dashmate_obtain is defined and dashmate_obtain.changed
-
-- name: Update ZeroSSL certificate ID in AWS SSM parameter store
-  delegate_to: localhost
-  become: false
-  community.aws.ssm_parameter:
-    name: '{{ dashmate_zerossl_ssm_path }}-id'
-    value: '{{ dashmate_zerossl_config_certificate_id }}'
-  when: dashmate_zerossl_ssm_certificate_id != dashmate_zerossl_config_certificate_id
-
-- name: Read new generated ZeroSSL private key file to variable
-  ansible.builtin.slurp:
-    src: '{{ dashmate_zerossl_keys_path }}/{{ dashmate_zerossl_private_key_file_name }}'
-  register: dashmate_zerossl_private_key_file
-  when: dashmate_zerossl_ssm_certificate_id != dashmate_zerossl_config_certificate_id
-
-- name: Read new generated ZeroSSL CSR file to variable
-  ansible.builtin.slurp:
-    src: '{{ dashmate_zerossl_keys_path }}/{{ dashmate_zerossl_csr_file_name }}'
-  register: dashmate_zerossl_csr_file
-  when: dashmate_zerossl_ssm_certificate_id != dashmate_zerossl_config_certificate_id
-
-- name: Set new generated ZeroSSL CSR and private key files
-  ansible.builtin.set_fact:
-    dashmate_zerossl_files:
-      - name: "{{ dashmate_zerossl_private_key_file_name }}"
-        content: '{{ dashmate_zerossl_private_key_file.content | b64decode }}'
-      - name: "{{ dashmate_zerossl_csr_file_name }}"
-        content: '{{ dashmate_zerossl_csr_file.content | b64decode }}'
-  when: dashmate_zerossl_ssm_certificate_id != dashmate_zerossl_config_certificate_id
-
-- name: Update ZeroSSL private key and CSR files in AWS SSM parameter store
-  delegate_to: localhost
-  become: false
-  community.aws.ssm_parameter:
-    name: '{{ dashmate_zerossl_ssm_path }}-{{ item.name }}'
-    value: '{{ item.content }}'
-  loop: '{{ dashmate_zerossl_files }}'
-  when: dashmate_zerossl_ssm_certificate_id != dashmate_zerossl_config_certificate_id
+    dashmate_zerossl_certificate_id == '' or
+    not zero_ssl_bundle_file.stat.exists