debfranca
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,634 Commits 1 Branch 0 Tags 525 MiB
Commit Graph

37 Commits

Author SHA1 Message Date
Andrea Dell'Amico 296afdf738 Fix a path. 2018-08-03 17:18:11 +02:00
Andrea Dell'Amico 5dedaab7c0 Remove the old letsencrypt cron script, now we randomise the time inside the cron job definition itself. 2018-07-17 18:11:56 +02:00
Andrea Dell'Amico 86b8d03a17 Fix the minutes range. 2018-07-17 17:23:10 +02:00
Andrea Dell'Amico 1bcc9182f0 letsencrypt cron job: use a random range for the hour and minute, and let the user customise the day of month too. See https://support.d4science.org/issues/12173 2018-07-17 17:20:53 +02:00
Andrea Dell'Amico f36c4061d4 library/roles/letsencrypt-acmetool-client/defaults/main.yml: Add a new variable so that changing the certs dir is easier. 2018-04-11 15:27:02 +02:00
Andrea Dell'Amico ed312768d2 library/roles/letsencrypt-acmetool-client/defaults/main.yml: disable 'must staple' by default. Our nginx and haproxy are too old for that. 2018-04-03 11:56:47 +02:00
Andrea Dell'Amico 38d899f422 letsencrypt: Put the cron job commands inside a bash script 2017-12-15 15:43:45 +01:00
Andrea Dell'Amico 94eba820ae letsencrypt: sleep for at most 1200 seconds before running the certificate renewal script. 2017-11-21 16:43:01 +01:00
Andrea Dell'Amico 4ecc39e18f Fix a warning in the acmetool role. 2017-11-20 19:28:25 +01:00
Andrea Dell'Amico f1b286dbe0 letsencrypt: add a specific tag for the user task. 2017-11-17 13:11:48 +01:00
Andrea Dell'Amico 33fe3715b6 letsencrypt changed the TOS document. 2017-11-17 11:59:42 +01:00
Andrea Dell'Amico f11655bb1b letsencrypt: now that the user has no valid shell, use the command module to run the certificate request. 2017-11-07 15:34:27 +01:00
Andrea Dell'Amico 1648cc50e7 letsencrypt: Run the script that requires the certificates only when the desired file changed. 2017-10-30 15:41:31 +01:00
Andrea Dell'Amico 220af7bf9d letsencrypt-acme-tool: ocsp must staple option True by default. 2017-10-20 15:55:17 +02:00
Andrea Dell'Amico 21dbb22b48 library/roles/letsencrypt-acmetool-client/handlers/main.yml: Ignore the handler errors. It fails if we reached the 20 certificates/week cap. 2017-02-02 14:30:12 +01:00
Andrea Dell'Amico 86422ed956 library/roles/letsencrypt-acmetool-client/defaults/main.yml: Change the default behaviour to 'listener' so that we can ask for a certificate if the web server is not yet configured. 2017-01-27 02:56:36 +01:00
Andrea Dell'Amico 2e766d138f library/roles/letsencrypt-acmetool-client/tasks/main.yml: Add an update_cache to the letsencrypt package installation task. 2016-11-02 16:56:36 +01:00
Andrea Dell'Amico bbab9edbeb library/roles/letsencrypt-acmetool-client/tasks/main.yml: Change the cron job task. Now if a user is specified, a file is required too. 2016-10-18 19:31:19 +02:00
Andrea Dell'Amico c9850ead39 library/roles/letsencrypt-acmetool-client/defaults/main.yml: Fix a typo. 2016-10-03 22:57:43 +02:00
Andrea Dell'Amico 7044dcd55f library/roles/letsencrypt-acmetool-client: Install libcap2-bin too. Needed to let acmetool bind port 80 when needed. 2016-10-03 22:56:27 +02:00
Andrea Dell'Amico 0bffd9592e library/roles/letsencrypt-acmetool-client/tasks/main.yml: add the tag letsencrypt_responses so that we can update the responses file only. Useful when the letsencrypt service agreement changes. 2016-09-09 13:39:03 +02:00
Andrea Dell'Amico eb7989f07a library: Fixed some typos and some ansible 2 compatibility warnings. 2016-09-05 18:11:36 +02:00
Andrea Dell'Amico c97f934863 library/roles/letsencrypt-acmetool-client: The TOS document URL has changed. Reflect it int the acmetool configuration, otherwise the first configuration fails. 2016-08-04 16:57:32 +02:00
Andrea Dell'Amico a21d62af25 library/roles/letsencrypt-acmetool-client/tasks/main.yml: workaround for the distributions that do not have binaries capabilities support. 
d4science-ghn-cluster: install letsencrypt certificates on the iMarine portal.
 2016-05-28 16:31:52 +02:00
Andrea Dell'Amico b861552351 library/roles/letsencrypt-acmetool-client: New variable, default, true. If set to false the repository package installation is skipped. Useful to manage unsupported distributions. 2016-05-28 15:04:01 +02:00
Andrea Dell'Amico 34963cc94d library/roles/letsencrypt-acmetool-client: Fix the initialization procedure. 
library/roles/ubuntu-deb-general/tasks/pki-basics.yml: A link to the fullchain was missing.
 2016-05-06 13:22:34 +02:00
Andrea Dell'Amico 0bff1d735f library/roles/letsencrypt-acmetool-client/tasks/main.yml: Fix a typo. The fakecert key was not removed. 2016-04-27 16:45:09 +02:00
Andrea Dell'Amico 46b2d2cae8 library/roles/haproxy: Fixes to the letsencrypt scripts. 
d4science-infrastructure/roles/redmine: support letsencrypt certificates on the dev redmine virtualhost.
library/roles/apache/tasks/apache-letsencrypt.yml: Support for letsencrypt (acme tool).
library/roles/ubuntu-deb-general/tasks/pki-basics.yml: Do not create the fake certificates if valid ones exist.
 2016-04-22 18:03:57 +02:00
Andrea Dell'Amico b382db3b25 d4science-infrastructure/group_vars/ldap_liferay/all.yml: Enable ssl with the use of letsencrypt certificates. 
library/roles/haproxy/files: Fix to the acme scripts, the certificate path has become /etc/pki/haproxy/haproxy.pem.
library/roles/openldap-server/tasks/openldap_initializazion.yml: Fix the certificates initialization.
library/roles/ubuntu-deb-general/tasks/pki-basics.yml: Create a self signed certificate while waiting the letsencrypt one.
 2016-04-20 15:21:19 +02:00
Andrea Dell'Amico 908e7adce4 library/roles/letsencrypt-acmetool-client/tasks/main.yml: More fixes to the tasks and the scripts. It now works correctly against haproxy. 2016-04-18 17:01:05 +02:00
Andrea Dell'Amico bbe5258949 library/roles/letsencrypt-acmetool-client/templates/responses.j2: added the staging site to the responses template. 2016-04-17 14:20:44 +02:00
Andrea Dell'Amico 8fde6bb113 library/roles/haproxy/tasks: Fix to the letsencrypt hooks handling. 
library/roles/letsencrypt-acmetool-client/tasks: Do not fail if the quickstart does not succeed. The web service could be not configured yet.
 2016-04-16 18:48:54 +02:00
Andrea Dell'Amico bb862c8405 library/roles/openldap-server: Support for ssl when letsencrypt is enabled using the letsencrypt-acme-tool role. 2016-04-15 20:33:23 +02:00
Andrea Dell'Amico 37ff28468e library/roles/letsencrypt-acmetool-client/templates/cert-requirements.j2: rsa key dimension. 
d4science-infrastructure/group_vars/ldap_liferay_dev/all.yml: openldap on ubuntu/debian is linked to gnuTLS and does not support ecdsa keys.
 2016-04-15 20:03:05 +02:00
Andrea Dell'Amico 3085c6b817 library/roles/letsencrypt-acmetool-client/defaults/main.yml: Fix the hooks path 
library/roles/haproxy: Scripts and tasks to add support for the acme letsencrypt tool.
 2016-04-14 19:31:02 +02:00
Andrea Dell'Amico 8b31ee9e9a library/roles/letsencrypt-acmetool-client/templates/acme-sudoers.j2: Fix the directory path. 2016-04-14 19:10:13 +02:00
Andrea Dell'Amico 3fb8d41878 library/roles/letsencrypt-acmetool-client: Letsencrypt acmetool client. Better than the original one, can run as an unprivileged user. See https://support.d4science.org/issues/3164 2016-04-14 19:08:33 +02:00