forked from ISTI-ansible-roles/ansible-roles
library/roles/haproxy/tasks: Fix to the letsencrypt hooks handling.
library/roles/letsencrypt-acmetool-client/tasks: Do not fail if the quickstart does not succeed. The web service could be not configured yet.
This commit is contained in:
Andrea Dell'Amico
parent
bb862c8405
commit
8fde6bb113
|
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
- name: Install a script that fix the letsencrypt certificate for haproxy and then reload the service
|
||||||
|
copy: src=haproxy-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/haproxy owner=root group=root mode=4555
|
||||||
|
when:
|
||||||
|
- haproxy_letsencrypt_managed
|
||||||
|
- letsencrypt_acme_install
|
||||||
|
tags: [ 'haproxy', 'letsencrypt' ]
|
||||||
|
|
||||||
|
|
@ -5,11 +5,3 @@
|
||||||
- haproxy_letsencrypt_managed
|
- haproxy_letsencrypt_managed
|
||||||
- letsencrypt_install
|
- letsencrypt_install
|
||||||
tags: [ 'haproxy', 'letsencrypt' ]
|
tags: [ 'haproxy', 'letsencrypt' ]
|
||||||
|
|
||||||
- name: Install a script that fix the letsencrypt certificate for haproxy and then reload the service
|
|
||||||
copy: src=haproxy-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/haproxy owner=root group=root mode=4550
|
|
||||||
when:
|
|
||||||
- haproxy_letsencrypt_managed
|
|
||||||
- letsencrypt_acme_install
|
|
||||||
tags: [ 'haproxy', 'letsencrypt' ]
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,10 @@
|
||||||
---
|
---
|
||||||
- include: haproxy-service.yml
|
- include: haproxy-service.yml
|
||||||
- include: haproxy-letsencrypt.yml
|
- include: haproxy-letsencrypt.yml
|
||||||
when: haproxy_letsencrypt_managed
|
when:
|
||||||
|
- haproxy_letsencrypt_managed
|
||||||
|
- letsencrypt_install is defined
|
||||||
|
- include: haproxy-letsencrypt-acmetool.yml
|
||||||
|
when:
|
||||||
|
- haproxy_letsencrypt_managed
|
||||||
|
- letsencrypt_acme_install is defined
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Initialize letsencrypt acmetool
|
||||||
|
become: True
|
||||||
|
become_user: '{{ letsencrypt_acme_user }}'
|
||||||
|
command: '{{ letsencrypt_acme_command }} {{ letsencrypt_acme_command_opts }} quickstart ; {{ letsencrypt_acme_command }} {{ letsencrypt_acme_command_opts }} reconcile'
|
||||||
|
args:
|
||||||
|
creates: '{{ letsencrypt_acme_user_home }}/accounts'
|
||||||
|
when: letsencrypt_acme_install
|
||||||
|
|
||||||
|
|
@ -4,6 +4,7 @@
|
||||||
when:
|
when:
|
||||||
- letsencrypt_acme_install
|
- letsencrypt_acme_install
|
||||||
- is_ubuntu
|
- is_ubuntu
|
||||||
|
notify: Initialize letsencrypt acmetool
|
||||||
tags: letsencrypt
|
tags: letsencrypt
|
||||||
|
|
||||||
- name: Install the letsencrypt acmetool repo key on debian
|
- name: Install the letsencrypt acmetool repo key on debian
|
||||||
|
|
@ -18,6 +19,7 @@
|
||||||
when:
|
when:
|
||||||
- letsencrypt_acme_install
|
- letsencrypt_acme_install
|
||||||
- is_debian
|
- is_debian
|
||||||
|
notify: Initialize letsencrypt acmetool
|
||||||
tags: letsencrypt
|
tags: letsencrypt
|
||||||
|
|
||||||
- name: Create the letsencrytp acme user
|
- name: Create the letsencrytp acme user
|
||||||
|
|
@ -82,24 +84,6 @@
|
||||||
- "'{{ letsencrypt_acme_authenticator }}' != 'listener'"
|
- "'{{ letsencrypt_acme_authenticator }}' != 'listener'"
|
||||||
tags: letsencrypt
|
tags: letsencrypt
|
||||||
|
|
||||||
- name: letsencrypt acmetool initializaztion
|
|
||||||
become: True
|
|
||||||
become_user: '{{ letsencrypt_acme_user }}'
|
|
||||||
command: '{{ letsencrypt_acme_command }} {{ letsencrypt_acme_command_opts }} quickstart'
|
|
||||||
args:
|
|
||||||
creates: '{{ letsencrypt_acme_user_home }}/accounts'
|
|
||||||
when: letsencrypt_acme_install
|
|
||||||
tags: letsencrypt
|
|
||||||
|
|
||||||
- name: letsencrypt acmetool request the first certificate
|
|
||||||
become: True
|
|
||||||
become_user: '{{ letsencrypt_acme_user }}'
|
|
||||||
command: '{{ letsencrypt_acme_command }} {{ letsencrypt_acme_command_opts }} reconcile'
|
|
||||||
args:
|
|
||||||
creates: '{{ letsencrypt_acme_certs_dir }}/cert'
|
|
||||||
when: letsencrypt_acme_install
|
|
||||||
tags: letsencrypt
|
|
||||||
|
|
||||||
- name: Install the sudoers config needed to run the acmetool hooks
|
- name: Install the sudoers config needed to run the acmetool hooks
|
||||||
template: src=acme-sudoers.j2 dest=/etc/sudoers.d/letsencrypt-acme owner=root group=root mode=0440
|
template: src=acme-sudoers.j2 dest=/etc/sudoers.d/letsencrypt-acme owner=root group=root mode=0440
|
||||||
when: letsencrypt_acme_install
|
when: letsencrypt_acme_install
|
||||||
|
|
@ -110,3 +94,23 @@
|
||||||
when: letsencrypt_acme_install
|
when: letsencrypt_acme_install
|
||||||
tags: letsencrypt
|
tags: letsencrypt
|
||||||
|
|
||||||
|
- name: letsencrypt acmetool initializaztion
|
||||||
|
become: True
|
||||||
|
become_user: '{{ letsencrypt_acme_user }}'
|
||||||
|
command: '{{ letsencrypt_acme_command }} {{ letsencrypt_acme_command_opts }} quickstart'
|
||||||
|
args:
|
||||||
|
creates: '{{ letsencrypt_acme_user_home }}/accounts'
|
||||||
|
when: letsencrypt_acme_install
|
||||||
|
ignore_errors: True
|
||||||
|
tags: letsencrypt
|
||||||
|
|
||||||
|
- name: letsencrypt acmetool request the first certificate
|
||||||
|
become: True
|
||||||
|
become_user: '{{ letsencrypt_acme_user }}'
|
||||||
|
command: '{{ letsencrypt_acme_command }} {{ letsencrypt_acme_command_opts }} reconcile'
|
||||||
|
args:
|
||||||
|
creates: '{{ letsencrypt_acme_certs_dir }}/cert'
|
||||||
|
when: letsencrypt_acme_install
|
||||||
|
ignore_errors: True
|
||||||
|
tags: letsencrypt
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue