Update to 2021-05-27 00:00

4 years ago · 800ebd0ff9
parent 92813968b5
commit 800ebd0ff9
5 changed files with 24 additions and 3 deletions
--- a/roles/letsencrypt/templates/domains.txt.j2
+++ b/roles/letsencrypt/templates/domains.txt.j2
@ -1,4 +1,4 @@
-{% for cert in letsencrypt_certs | default([]) %}
+{#{% for cert in letsencrypt_certs | default([]) %}
 {{ cert.common_name }} {{ cert.alt_names | default([]) | join(' ') }}
 {% endfor %}
 {% if nginx_auto_letsencrypt_cert is defined and nginx_auto_letsencrypt_cert and nginx_vhosts is defined %}
@ -23,7 +23,7 @@
 {% endif %}
 {% if graylog_letsencrypt_cert is defined and graylog_letsencrypt_cert not in letsencrypt_certs | default([]) | map(attribute='common_name') %}
 {{ graylog_letsencrypt_cert }}
-{% endif %}
+{% endif %} #}
 {% if zcs_letsencrypt is defined and zcs_letsencrypt and inventory_hostname not in letsencrypt_certs | default([]) | map(attribute='common_name') %}
 {{ inventory_hostname }} {{ zcs_vhosts | default([]) | join(' ') }}
 {% endif %}
@ -39,10 +39,13 @@
 {% if turn_letsencrypt_cert is defined and turn_letsencrypt_cert not in letsencrypt_certs | default([]) | map(attribute='common_name') %}
 {{ turn_letsencrypt_cert }}
 {% endif %}
-{% if rabbitmq_letsencrypt_cert is defined %}
+{% if rabbitmq_letsencrypt_cert is defined and rabbitmq_letsencrypt_cert != False %}
 {% if rabbitmq_letsencrypt_cert is string and rabbitmq_letsencrypt_cert not in letsencrypt_certs | default([]) | map(attribute='common_name') %}
 {{ rabbitmq_letsencrypt_cert }}
 {% elif rabbitmq_letsencrypt_cert == True and inventory_hostname not in letsencrypt_certs | default([]) | map(attribute='common_name') %}
 {{ inventory_hostname }}
 {% endif %}
 {% endif %}
 {% if pbs_letsencrypt_cert is defined and pbs_letsencrypt_cert not in letsencrypt_certs | default([]) | map(attribute='common_name') %}
 {{ pbs_letsencrypt_cert }}
 {% endif %}
--- a/roles/pbs/defaults/main.yml
+++ b/roles/pbs/defaults/main.yml
@ -2,3 +2,6 @@
 # This control access on port 8007. Note that the port is not configurable
 pbs_src_ip: []
 # If pbs_letsencrypt_cert can be defined to the name of dehydrated (Let's Encrypt) cert
 # letsencrypt_cert: pbs.example.org
--- a/roles/pbs/meta/main.yml
+++ b/roles/pbs/meta/main.yml
@ -2,3 +2,4 @@
 dependencies:
  - role: repo_pbs
  - role: mkdir
--- a/roles/pbs/tasks/install.yml
+++ b/roles/pbs/tasks/install.yml
@ -7,3 +7,6 @@
    policy_rc_d: 101 # Prevent the daemon from starting automatically after install
  tags: pbs
 - name: Install dehydrated hook
  template: src=dehydrated_hook.sh.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/pbs.sh mode=755
  tags: pbs
--- a/roles/pbs/templates/dehydrated_hook.sh.j2
+++ b/roles/pbs/templates/dehydrated_hook.sh.j2
@ -0,0 +1,11 @@
 #!/bin/bash
 {% if pbs_letsencrypt_cert is defined and pbs_letsencrypt_cert is string %}
 if [ $1 == "{{ pbs_letsencrypt_cert }}" ]; then
  cat /var/lib/dehydrated/certificates/certs/{{ pbs_letsencrypt_cert }}/privkey.pem > /etc/proxmox-backup/proxy.key
  cat /var/lib/dehydrated/certificates/certs/{{ pbs_letsencrypt_cert }}/fullchain.pem > /etc/proxmox-backup/proxy.pem
  chown root:backup /etc/proxmox-backup/proxy.{key,pem}
  chmod 640 /etc/proxmox-backup/proxy.{key,pem}
  /bin/systemctl reload proxmox-backup-proxy
 fi
 {% endif %}