From 5dedaab7c042fdaa100470ca0b5ba4328b04c6c3 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 17 Jul 2018 18:11:56 +0200 Subject: [PATCH] Remove the old letsencrypt cron script, now we randomise the time inside the cron job definition itself. --- letsencrypt-acmetool-client/tasks/main.yml | 10 +++++----- .../templates/cron-acme-cert-request.j2 | 12 ------------ 2 files changed, 5 insertions(+), 17 deletions(-) delete mode 100644 letsencrypt-acmetool-client/templates/cron-acme-cert-request.j2 diff --git a/letsencrypt-acmetool-client/tasks/main.yml b/letsencrypt-acmetool-client/tasks/main.yml index 147a8c89..ceed6ed6 100644 --- a/letsencrypt-acmetool-client/tasks/main.yml +++ b/letsencrypt-acmetool-client/tasks/main.yml @@ -110,7 +110,7 @@ - name: Install a script that requests the certificates and manage the self signed certificate template: src=acme-cert-request.sh.j2 dest=/usr/local/bin/acme-cert-request owner=root group=root mode=0755 when: letsencrypt_acme_install - tags: letsencrypt + tags: [ 'letsencrypt', 'letsencrypt_cron' ] - name: Set certificates as to be revoked become: True @@ -122,15 +122,15 @@ - letsencrypt_certs_revoke_list is defined tags: letsencrypt -- name: Install a script that will be used to renew the certificate when needed - template: src=cron-acme-cert-request.j2 dest=/usr/local/bin/cron-acme-cert-request mode=0755 +- name: Remove the old cron script + file: dest=/usr/local/bin/cron-acme-cert-request state=absent when: letsencrypt_acme_install tags: [ 'letsencrypt', 'letsencrypt_cron' ] - name: Install a daily cron job to renew the certificates when needed become: True become_user: '{{ letsencrypt_acme_user }}' - cron: name="Letsencrypt certificate renewal" day={{ letsencrypt_acme_cron_day_of_month }} hour={{ letsencrypt_acme_cron_hour }} minute={{ letsencrypt_acme_cron_minute }} job="/usr/local/bin/cron-acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1" + cron: name="Letsencrypt certificate renewal" day={{ letsencrypt_acme_cron_day_of_month }} hour={{ letsencrypt_acme_cron_hour }} minute={{ letsencrypt_acme_cron_minute }} job="/usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1" when: letsencrypt_acme_install tags: [ 'letsencrypt', 'letsencrypt_cron' ] @@ -138,7 +138,7 @@ become: True become_user: '{{ letsencrypt_acme_user }}' command: '/usr/local/bin/acme-cert-request' - when: ( letsencrypt_new_desired_file | changed ) + when: letsencrypt_new_desired_file is changed ignore_errors: True tags: letsencrypt diff --git a/letsencrypt-acmetool-client/templates/cron-acme-cert-request.j2 b/letsencrypt-acmetool-client/templates/cron-acme-cert-request.j2 deleted file mode 100644 index 7e3dd9e3..00000000 --- a/letsencrypt-acmetool-client/templates/cron-acme-cert-request.j2 +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -CMD=/usr/local/bin/acme-cert-request - -SLEEP_SECONDS=$(echo $[($RANDOM %1200)]) -sleep ${SLEEP_SECONDS} - -/usr/local/bin/acme-cert-request -RETVAL=$? - -exit $RETVAL -