Update to 2020-10-05 15:00

master
Daniel Berteaud 4 years ago
parent e51300774d
commit f5414ee42a
  1. 16
      roles/letsencrypt/tasks/main.yml

@ -6,6 +6,7 @@
- dehydrated
- python2-dns-lexicon
when: ansible_os_family == 'RedHat'
tags: web,ssl
- name: Install dependencies
apt:
@ -14,6 +15,7 @@
- python-setuptools
- curl
when: ansible_os_family == 'Debian'
tags: web,ssl
- name: Create needed directories
file: path={{ item }} state=directory
@ -21,6 +23,7 @@
- /etc/dehydrated
- /var/lib/dehydrated/certificates
- /var/lib/dehydrated/challenges
tags: web,ssl
- name: Install dehydrated
get_url:
@ -36,12 +39,14 @@
- url: https://git.fws.fr/fws/dehydrated/raw/branch/master/dehydrated_hooks
dest: /usr/local/bin/dehydrated_hooks
when: ansible_os_family == 'Debian'
tags: web,ssl
- name: Install lexicon
pip: name=dns-lexicon state=latest
environment:
- https_proxy: "{{ system_proxy | default('') }}"
when: ansible_os_family == 'Debian'
tags: web,ssl
- name: Create hook directories
file: path=/etc/dehydrated/hooks_{{ item }}.d state=directory
@ -55,6 +60,7 @@
- generate_csr
- startup_hook
- exit_hook
tags: web,ssl
- name: Deploy default hooks
copy: content={{ letsencrypt_hooks[item] }} dest=/etc/dehydrated/hooks_{{ item }}.d/00-default mode=755
@ -68,12 +74,14 @@
- generate_csr
- startup_hook
- exit_hook
tags: web,ssl
- name: Remove obsolete gandi_live backend # merged with gandi now
file: path=/usr/lib/python2.7/site-packages/lexicon/providers/{{ item }} state=absent
loop:
- gandi_live.py
- gandi_live.pyc
tags: web,ssl
- name: Deploy lexicon hooks
template: src=dns-lexicon-{{ item }}.j2 dest=/etc/dehydrated/hooks_{{ item }}.d/dns-lexicon mode=755
@ -84,6 +92,7 @@
- letsencrypt_challenge == 'dns'
- letsencrypt_dns_provider is defined
- letsencrypt_dns_auth_token is defined
tags: web,ssl
- name: Remove lexicon hooks
file: path=/etc/dehydrated/hooks_{{ item }}.d/dns-lexicon state=absent
@ -91,6 +100,7 @@
- deploy_challenge
- clean_challenge
when: letsencrypt_challenge != 'dns' or letsencrypt_dns_provider is not defined or letsencrypt_dns_auth_token is not defined
tags: web,ssl
- name: Deploy dehydrated configuration
template: src={{ item.src }} dest={{item.dest }} mode={{ item.mode | default('644') }}
@ -104,10 +114,12 @@
dest: /etc/cron.daily/dehydrated
mode: 755
notify: renew dehydrated
tags: web,ssl
- name: Create httpd conf dir
file: path=/etc/httpd/ansible_conf.d state=directory
when: ansible_os_family == 'RedHat'
tags: web,ssl
- name: Deploy dehydrated config for apache
copy: src={{ item.src }} dest={{ item.dest }}
@ -118,11 +130,13 @@
dest: /etc/httpd/ansible_conf.d/common_letsencrypt.inc
register: letsencrypt_httpd_conf
when: ansible_os_family == 'RedHat'
tags: web,ssl
- name: Check if Apache httpd is installed
stat: path=/lib/systemd/system/httpd.service
register: letsencrypt_httpd
when: ansible_os_family == 'RedHat'
tags: web,ssl
- name: Reload httpd config
command: /bin/systemctl condreload httpd
@ -130,11 +144,13 @@
- letsencrypt_httpd_conf.changed
- letsencrypt_httpd.stat.exists
- ansible_os_family == 'RedHat'
tags: web,ssl
- name: Register on Let's Encrypt
command: dehydrated --register --accept-terms
changed_when: False
environment:
- https_proxy: "{{ system_proxy | default('') }}"
tags: web,ssl
...

Loading…
Cancel
Save