Merge branch 'master' of gitorious.research-infrastructures.eu:infrastructure-management/ansible-playbooks

letsencrypt-acmetool-client/defaults/main.yml

@@ -23,7 +23,6 @@ letsencrypt_acme_certs_dir: '{{ letsencrypt_acme_user_home }}/live/{{ letsencryp
 letsencrypt_acme_services_scripts_dir: /usr/lib/acme/hooks
 
 # responses parameters
-#letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
 letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
 letsencrypt_acme_agree_tos: true  
 letsencrypt_acme_rsa_key_size: 4096
@@ -37,6 +36,9 @@ letsencrypt_key_id: 'some random string'
 # We 'listener' or 'proxy'. Use 'listener' if we need a certificate for a non web service or before the web service has been configured.
 # Need to set cap_net_bind_service=+ep for the acmetool binary so that it is able to bind port 80 in that case.
 letsencrypt_acme_authenticator: listener
+letsencrypt_acme_cron_day_of_month: '*'
+letsencrypt_acme_cron_hour: '{{ range(1, 4) | random }}'
+letsencrypt_acme_cron_minute: '{{ range(0, 59) | random }}'
 
 # desired parameters
 letsencrypt_acme_domains:

letsencrypt-acmetool-client/tasks/main.yml

@@ -110,7 +110,7 @@
 - name: Install a script that requests the certificates and manage the self signed certificate
   template: src=acme-cert-request.sh.j2 dest=/usr/local/bin/acme-cert-request owner=root group=root mode=0755
   when: letsencrypt_acme_install
-  tags: letsencrypt
+  tags: [ 'letsencrypt', 'letsencrypt_cron' ]
 
 - name: Set certificates as to be revoked
   become: True
@@ -122,15 +122,15 @@
     - letsencrypt_certs_revoke_list is defined
   tags: letsencrypt
   
-- name: Install a script that will be used to renew the certificate when needed
+- name: Remove the old cron script 
-  template: src=cron-acme-cert-request.j2 dest=/usr/local/bin/cron-acme-cert-request mode=0755
+  file: dest=/usr/local/bin/cron-acme-cert-request state=absent
   when: letsencrypt_acme_install
   tags: [ 'letsencrypt', 'letsencrypt_cron' ]
 
 - name: Install a daily cron job to renew the certificates when needed
   become: True
   become_user: '{{ letsencrypt_acme_user }}'
-  cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/bin/cron-acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
+  cron: name="Letsencrypt certificate renewal" day={{ letsencrypt_acme_cron_day_of_month }} hour={{ letsencrypt_acme_cron_hour }} minute={{ letsencrypt_acme_cron_minute }}  job="/usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
   when: letsencrypt_acme_install
   tags: [ 'letsencrypt', 'letsencrypt_cron' ]
 
@@ -138,7 +138,7 @@
   become: True
   become_user: '{{ letsencrypt_acme_user }}'
   command: '/usr/local/bin/acme-cert-request'
-  when: ( letsencrypt_new_desired_file | changed )
+  when: letsencrypt_new_desired_file is changed
   ignore_errors: True
   tags: letsencrypt
 

letsencrypt-acmetool-client/templates/cron-acme-cert-request.j2

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-CMD=/usr/local/bin/acme-cert-request
-
-SLEEP_SECONDS=$(echo $[($RANDOM %1200)])
-sleep ${SLEEP_SECONDS}
-
-/usr/local/bin/acme-cert-request
-RETVAL=$?
-
-exit $RETVAL
-

mongodb-org-3.2/tasks/mongodb.yml

@@ -20,9 +20,14 @@
     - name: Install the mongodb apt key
       apt_key: keyserver="hkp://keyserver.ubuntu.com:80" id={{ mongodb_repo_key }} state=present
       when: mongodb_install_from_external_repo
+      register: apt_key_update_cache
+
+    - name: Update the apt cache after adding a new key
+      apt: update_cache=yes
+      when: apt_key_update_cache is changed
 
     - name: Remove the old mongo apt repositories
-      apt_repository: repo="{{ item }}" state=absent
+      apt_repository: repo="{{ item }}" state=absent update_cache=yes
       with_items: '{{ mongodb_old_repositories }}'
       when: mongodb_upgrade_from_older_version