ISTI-ansible-roles
/
ansible-role-haproxy
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

skip the service reload in the ocsp script. Reload the container in the cron job.

This commit is contained in:
Andrea Dell'Amico 2020-12-29 22:53:47 +01:00
parent c988d55de6
commit 17223bed9c
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tasks/haproxy-ssl.yml
View File

@ -11,7 +11,7 @@
name: "Refresh the haproxy OCSP information" name: "Refresh the haproxy OCSP information"
user: root user: root
special_time: daily special_time: daily
job: "/usr/local/bin/hapos-upd --cert {{ haproxy_cert_dir }}/haproxy.pem -v {{ letsencrypt_acme_certs_dir }}/fullchain -s {% if not haproxy_docker_container %}{{ haproxy_admin_socket }}{% else %}{{ haproxy_docker_socket_dir }}/{{ haproxy_admin_socket_file }}{% endif %} -v - >/var/log/hapos-upd.log 2>&1" job: "/usr/local/bin/hapos-upd {% if haproxy_docker_container %}-S{% endif %} --cert {{ haproxy_cert_dir }}/haproxy.pem -v {{ letsencrypt_acme_certs_dir }}/fullchain -s {% if not haproxy_docker_container %}{{ haproxy_admin_socket }}{% else %}{{ haproxy_docker_socket_dir }}/{{ haproxy_admin_socket_file }}{% endif %} -v - >/var/log/hapos-upd.log 2>&1{% if haproxy_docker_container %} ; docker kill --signal USR2 $(docker container ls --filter name=haproxy_haproxy --quiet){% endif %}"
tags: [ 'haproxy', 'letsencrypt', 'ssl', 'ssl_ocsp' ] tags: [ 'haproxy', 'letsencrypt', 'ssl', 'ssl_ocsp' ]

4
templates/haproxy-letsencrypt-acme.sh.j2
View File

@ -35,11 +35,11 @@ chgrp haproxy ${HAPROXY_CERTFILE}
if [ -x /usr/local/bin/hapos-upd ] ; then if [ -x /usr/local/bin/hapos-upd ] ; then
upd_retval= upd_retval=
echo "Run the OCSP stapling updater script" >> $LE_LOG_DIR/haproxy.log echo "Run the OCSP stapling updater script" >> $LE_LOG_DIR/haproxy.log
/usr/local/bin/hapos-upd --cert {{ haproxy_cert_dir }}/haproxy.pem -v ${LE_CERTS_DIR}/fullchain -s $haproxy_socket -v - >> $LE_LOG_DIR/haproxy.log 2>&1 /usr/local/bin/hapos-upd {% if haproxy_docker_container %}-S{% endif %} --cert {{ haproxy_cert_dir }}/haproxy.pem -v ${LE_CERTS_DIR}/fullchain -s $haproxy_socket -v - >> $LE_LOG_DIR/haproxy.log 2>&1
upd_retval=$? upd_retval=$?
if [ $upd_retval -ne 0 ] ; then if [ $upd_retval -ne 0 ] ; then
rm -f ${HAPROXY_CERTFILE}.issuer rm -f ${HAPROXY_CERTFILE}.issuer
/usr/local/bin/hapos-upd --cert {{ haproxy_cert_dir }}/haproxy.pem -v ${LE_CERTS_DIR}/fullchain -s $haproxy_socket -v - >> $LE_LOG_DIR/haproxy.log 2>&1 /usr/local/bin/hapos-upd {% if haproxy_docker_container %}-S{% endif %} --cert {{ haproxy_cert_dir }}/haproxy.pem -v ${LE_CERTS_DIR}/fullchain -s $haproxy_socket -v - >> $LE_LOG_DIR/haproxy.log 2>&1
fi fi
else else
echo "No OCPS stapling updater script" >> $LE_LOG_DIR/haproxy.log echo "No OCPS stapling updater script" >> $LE_LOG_DIR/haproxy.log