Remove duplicates from the acme.sh env. Add tags that permit to install the scripts without executing them.

This commit is contained in:
Andrea Dell'Amico 2019-11-20 13:24:45 +01:00
parent 1bcd77e306
commit 9b4f3d3d46
2 changed files with 13 additions and 9 deletions

View File

@ -31,15 +31,19 @@
- name: Install the acme.sh environment variables file - name: Install the acme.sh environment variables file
template: src=acme_sh_request_env.j2 dest=/etc/default/acme_sh_request_env owner=root group=root mode=0444 template: src=acme_sh_request_env.j2 dest=/etc/default/acme_sh_request_env owner=root group=root mode=0444
register: acme_sh_issue register: acme_sh_issue
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_env' ]
- name: Install the script that initializes the acme.sh environment - name: Install the script that initializes the acme.sh environment
copy: src=acme-sh-install dest=/usr/local/bin/acme-sh-install owner=root group=acme mode=0750 copy: src=acme-sh-install dest=/usr/local/bin/acme-sh-install owner=root group=acme mode=0750
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
- name: Install a script that issues the certificates - name: Install a script that issues the certificates
copy: src=acme-sh-request-cert dest=/usr/local/bin/acme-sh-request-cert owner=root group=acme mode=0750 copy: src=acme-sh-request-cert dest=/usr/local/bin/acme-sh-request-cert owner=root group=acme mode=0750
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
- name: Install a script that installs the issued certificates - name: Install a script that installs the issued certificates
copy: src=acme-sh-install-certs dest=/usr/local/bin/acme-sh-install-certs owner=root group=acme mode=0750 copy: src=acme-sh-install-certs dest=/usr/local/bin/acme-sh-install-certs owner=root group=acme mode=0750
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
- name: Install the script that will run the services hooks when a certificate is installed - name: Install the script that will run the services hooks when a certificate is installed
template: src=acme-services-hook.j2 dest=/usr/local/bin/acme-services-hook owner=root group=acme mode=0750 template: src=acme-services-hook.j2 dest=/usr/local/bin/acme-services-hook owner=root group=acme mode=0750
@ -49,13 +53,13 @@
with_items: with_items:
- acme-sh-cron-script - acme-sh-cron-script
- acme-sh-cron-command - acme-sh-cron-command
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh' ] tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
- name: Install a daily cron job to renew the certificates when needed. It runs as root - name: Install a daily cron job to renew the certificates when needed. It runs as root
cron: name="Letsencrypt certificate renewal" day={{ letsencrypt_acme_cron_day_of_month }} hour={{ letsencrypt_acme_cron_hour }} minute={{ letsencrypt_acme_cron_minute }} job="/usr/local/bin/acme-sh-cron-script > {{ letsencrypt_acme_sh_log_dir }}/acme-cron.log 2>&1" cron: name="Letsencrypt certificate renewal" day={{ letsencrypt_acme_cron_day_of_month }} hour={{ letsencrypt_acme_cron_hour }} minute={{ letsencrypt_acme_cron_minute }} job="/usr/local/bin/acme-sh-cron-script > {{ letsencrypt_acme_sh_log_dir }}/acme-cron.log 2>&1"
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh' ] tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
when: letsencrypt_acme_sh_install when: letsencrypt_acme_sh_install | bool
tags: [ 'letsencrypt', 'letsencrypt_acme_sh' ] tags: [ 'letsencrypt', 'letsencrypt_acme_sh' ]
- block: - block:

View File

@ -26,15 +26,15 @@ ACME_SH_INSTALL_OPTS="$ACME_SH_INSTALL_OPTS --home {{ letsencrypt_acme_sh_user_h
# #
# Certificate issue options # Certificate issue options
# #
ACME_SH_ISSUE_CERT_REQUEST="--issue -k {% if letsencrypt_acme_sh_use_ecc %}{{ letsencrypt_acme_sh_ecc_key_lenght }}{% else %}{{ letsencrypt_acme_sh_rsa_key_lenght }}{% endif %} --log {{ letsencrypt_acme_sh_base_data_dir }}/logs/acme.sh.log" ACME_SH_ISSUE_CERT_REQUEST_OPTIONS="--issue -k {% if letsencrypt_acme_sh_use_ecc %}{{ letsencrypt_acme_sh_ecc_key_lenght }}{% else %}{{ letsencrypt_acme_sh_rsa_key_lenght }}{% endif %} --log {{ letsencrypt_acme_sh_base_data_dir }}/logs/acme.sh.log"
{% if letsencrypt_acme_sh_ocsp_must_staple %} {% if letsencrypt_acme_sh_ocsp_must_staple %}
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST --ocsp" ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS --ocsp"
{% endif %} {% endif %}
{% if letsencrypt_acme_sh_use_syslog %} {% if letsencrypt_acme_sh_use_syslog %}
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST --syslog {{ letsencrypt_acme_sh_syslog_level }}" ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS --syslog {{ letsencrypt_acme_sh_syslog_level }}"
{% endif %} {% endif %}
{% if letsencrypt_acme_sh_test_request %} {% if letsencrypt_acme_sh_test_request %}
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST --test" ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS --test"
{% endif %} {% endif %}
ACME_SH_ISSUE_CERT_DOMAINS="{% for dom in letsencrypt_acme_sh_domains %} -d {{ dom.domain }} {% if dom.dns_provider is defined %} --dns {{ dom.dns_provider }} {% if dom.dns_alias_challenge is defined %} --challenge-alias {{ dom.dns_alias_challenge }} {% endif %} {% endif %} {% if dom.standalone is defined %} --standalone --httpport {{ letsencrypt_acme_standalone_port }} {% endif %} {% endfor %}" ACME_SH_ISSUE_CERT_DOMAINS="{% for dom in letsencrypt_acme_sh_domains %} -d {{ dom.domain }} {% if dom.dns_provider is defined %} --dns {{ dom.dns_provider }} {% if dom.dns_alias_challenge is defined %} --challenge-alias {{ dom.dns_alias_challenge }} {% endif %} {% endif %} {% if dom.standalone is defined %} --standalone --httpport {{ letsencrypt_acme_standalone_port }} {% endif %} {% endfor %}"
@ -42,10 +42,10 @@ ACME_SH_ISSUE_CERT_DOMAINS="{% for dom in letsencrypt_acme_sh_domains %} -d {{ d
ACME_SH_FIRST_REQUEST_CERT_DOMAINS="{% for dom in letsencrypt_acme_sh_domains %} -d {{ dom.domain }} {% if dom.dns_provider is defined %} --dns {{ dom.dns_provider }} {% if dom.dns_alias_challenge is defined %} --challenge-alias {{ dom.dns_alias_challenge }} {% endif %} {% endif %} {% if dom.standalone is defined %} --standalone --httpport 80 {% endif %} {% endfor %}" ACME_SH_FIRST_REQUEST_CERT_DOMAINS="{% for dom in letsencrypt_acme_sh_domains %} -d {{ dom.domain }} {% if dom.dns_provider is defined %} --dns {{ dom.dns_provider }} {% if dom.dns_alias_challenge is defined %} --challenge-alias {{ dom.dns_alias_challenge }} {% endif %} {% endif %} {% if dom.standalone is defined %} --standalone --httpport 80 {% endif %} {% endfor %}"
# The complete command line to issue a certificate # The complete command line to issue a certificate
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST $ACME_SH_ISSUE_CERT_DOMAINS" ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS $ACME_SH_ISSUE_CERT_DOMAINS"
# The complete command line to issue a certificate. The first time we have to use port 80 when not using the dns protocol # The complete command line to issue a certificate. The first time we have to use port 80 when not using the dns protocol
ACME_SH_FIRST_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST $ACME_SH_FIRST_REQUEST_CERT_DOMAINS" ACME_SH_FIRST_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS $ACME_SH_FIRST_REQUEST_CERT_DOMAINS"
# #
# Certificate install options # Certificate install options