From 38d899f422a15d72d09a0e3e9fff16f7788f65e7 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 15 Dec 2017 15:43:45 +0100 Subject: [PATCH] letsencrypt: Put the cron job commands inside a bash script --- letsencrypt-acmetool-client/tasks/main.yml | 9 +++++++-- .../templates/cron-acme-cert-request.j2 | 12 ++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 letsencrypt-acmetool-client/templates/cron-acme-cert-request.j2 diff --git a/letsencrypt-acmetool-client/tasks/main.yml b/letsencrypt-acmetool-client/tasks/main.yml index 100f1d33..c429d206 100644 --- a/letsencrypt-acmetool-client/tasks/main.yml +++ b/letsencrypt-acmetool-client/tasks/main.yml @@ -122,12 +122,17 @@ - letsencrypt_certs_revoke_list is defined tags: letsencrypt +- name: Install a script that will be used to renew the certificate when needed + template: src=cron-acme-cert-request.j2 dest=/usr/local/bin/cron-acme-cert-request mode=0755 + when: letsencrypt_acme_install + tags: [ 'letsencrypt', 'letsencrypt_cron' ] + - name: Install a daily cron job to renew the certificates when needed become: True become_user: '{{ letsencrypt_acme_user }}' - cron: name="Letsencrypt certificate renewal" special_time=daily job="SLEEP_SECONDS=$(echo $[($RANDOM %1200)]) ; sleep ${SLEEP_SECONDS} ; /usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1" + cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/bin/cron-acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1" when: letsencrypt_acme_install - tags: letsencrypt + tags: [ 'letsencrypt', 'letsencrypt_cron' ] - name: letsencrypt acmetool request the first certificate become: True diff --git a/letsencrypt-acmetool-client/templates/cron-acme-cert-request.j2 b/letsencrypt-acmetool-client/templates/cron-acme-cert-request.j2 new file mode 100644 index 00000000..7e3dd9e3 --- /dev/null +++ b/letsencrypt-acmetool-client/templates/cron-acme-cert-request.j2 @@ -0,0 +1,12 @@ +#!/bin/bash + +CMD=/usr/local/bin/acme-cert-request + +SLEEP_SECONDS=$(echo $[($RANDOM %1200)]) +sleep ${SLEEP_SECONDS} + +/usr/local/bin/acme-cert-request +RETVAL=$? + +exit $RETVAL +