forked from ISTI-ansible-roles/ansible-roles
Remove the old letsencrypt cron script, now we randomise the time inside the cron job definition itself.
This commit is contained in:
Andrea Dell'Amico
parent
86b8d03a17
commit
5dedaab7c0
|
|
@ -110,7 +110,7 @@
|
||||||
- name: Install a script that requests the certificates and manage the self signed certificate
|
- name: Install a script that requests the certificates and manage the self signed certificate
|
||||||
template: src=acme-cert-request.sh.j2 dest=/usr/local/bin/acme-cert-request owner=root group=root mode=0755
|
template: src=acme-cert-request.sh.j2 dest=/usr/local/bin/acme-cert-request owner=root group=root mode=0755
|
||||||
when: letsencrypt_acme_install
|
when: letsencrypt_acme_install
|
||||||
tags: letsencrypt
|
tags: [ 'letsencrypt', 'letsencrypt_cron' ]
|
||||||
|
|
||||||
- name: Set certificates as to be revoked
|
- name: Set certificates as to be revoked
|
||||||
become: True
|
become: True
|
||||||
|
|
@ -122,15 +122,15 @@
|
||||||
- letsencrypt_certs_revoke_list is defined
|
- letsencrypt_certs_revoke_list is defined
|
||||||
tags: letsencrypt
|
tags: letsencrypt
|
||||||
|
|
||||||
- name: Install a script that will be used to renew the certificate when needed
|
- name: Remove the old cron script
|
||||||
template: src=cron-acme-cert-request.j2 dest=/usr/local/bin/cron-acme-cert-request mode=0755
|
file: dest=/usr/local/bin/cron-acme-cert-request state=absent
|
||||||
when: letsencrypt_acme_install
|
when: letsencrypt_acme_install
|
||||||
tags: [ 'letsencrypt', 'letsencrypt_cron' ]
|
tags: [ 'letsencrypt', 'letsencrypt_cron' ]
|
||||||
|
|
||||||
- name: Install a daily cron job to renew the certificates when needed
|
- name: Install a daily cron job to renew the certificates when needed
|
||||||
become: True
|
become: True
|
||||||
become_user: '{{ letsencrypt_acme_user }}'
|
become_user: '{{ letsencrypt_acme_user }}'
|
||||||
cron: name="Letsencrypt certificate renewal" day={{ letsencrypt_acme_cron_day_of_month }} hour={{ letsencrypt_acme_cron_hour }} minute={{ letsencrypt_acme_cron_minute }} job="/usr/local/bin/cron-acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
|
cron: name="Letsencrypt certificate renewal" day={{ letsencrypt_acme_cron_day_of_month }} hour={{ letsencrypt_acme_cron_hour }} minute={{ letsencrypt_acme_cron_minute }} job="/usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
|
||||||
when: letsencrypt_acme_install
|
when: letsencrypt_acme_install
|
||||||
tags: [ 'letsencrypt', 'letsencrypt_cron' ]
|
tags: [ 'letsencrypt', 'letsencrypt_cron' ]
|
||||||
|
|
||||||
|
|
@ -138,7 +138,7 @@
|
||||||
become: True
|
become: True
|
||||||
become_user: '{{ letsencrypt_acme_user }}'
|
become_user: '{{ letsencrypt_acme_user }}'
|
||||||
command: '/usr/local/bin/acme-cert-request'
|
command: '/usr/local/bin/acme-cert-request'
|
||||||
when: ( letsencrypt_new_desired_file | changed )
|
when: letsencrypt_new_desired_file is changed
|
||||||
ignore_errors: True
|
ignore_errors: True
|
||||||
tags: letsencrypt
|
tags: letsencrypt
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,12 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
CMD=/usr/local/bin/acme-cert-request
|
|
||||||
|
|
||||||
SLEEP_SECONDS=$(echo $[($RANDOM %1200)])
|
|
||||||
sleep ${SLEEP_SECONDS}
|
|
||||||
|
|
||||||
/usr/local/bin/acme-cert-request
|
|
||||||
RETVAL=$?
|
|
||||||
|
|
||||||
exit $RETVAL
|
|
||||||
|
|
||||||
Loading…
Reference in New Issue