|
|
|
@ -6,6 +6,7 @@ |
|
|
|
- dehydrated |
|
|
|
- dehydrated |
|
|
|
- python2-dns-lexicon |
|
|
|
- python2-dns-lexicon |
|
|
|
when: ansible_os_family == 'RedHat' |
|
|
|
when: ansible_os_family == 'RedHat' |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Install dependencies |
|
|
|
- name: Install dependencies |
|
|
|
apt: |
|
|
|
apt: |
|
|
|
@ -14,6 +15,7 @@ |
|
|
|
- python-setuptools |
|
|
|
- python-setuptools |
|
|
|
- curl |
|
|
|
- curl |
|
|
|
when: ansible_os_family == 'Debian' |
|
|
|
when: ansible_os_family == 'Debian' |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Create needed directories |
|
|
|
- name: Create needed directories |
|
|
|
file: path={{ item }} state=directory |
|
|
|
file: path={{ item }} state=directory |
|
|
|
@ -21,6 +23,7 @@ |
|
|
|
- /etc/dehydrated |
|
|
|
- /etc/dehydrated |
|
|
|
- /var/lib/dehydrated/certificates |
|
|
|
- /var/lib/dehydrated/certificates |
|
|
|
- /var/lib/dehydrated/challenges |
|
|
|
- /var/lib/dehydrated/challenges |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Install dehydrated |
|
|
|
- name: Install dehydrated |
|
|
|
get_url: |
|
|
|
get_url: |
|
|
|
@ -36,12 +39,14 @@ |
|
|
|
- url: https://git.fws.fr/fws/dehydrated/raw/branch/master/dehydrated_hooks |
|
|
|
- url: https://git.fws.fr/fws/dehydrated/raw/branch/master/dehydrated_hooks |
|
|
|
dest: /usr/local/bin/dehydrated_hooks |
|
|
|
dest: /usr/local/bin/dehydrated_hooks |
|
|
|
when: ansible_os_family == 'Debian' |
|
|
|
when: ansible_os_family == 'Debian' |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Install lexicon |
|
|
|
- name: Install lexicon |
|
|
|
pip: name=dns-lexicon state=latest |
|
|
|
pip: name=dns-lexicon state=latest |
|
|
|
environment: |
|
|
|
environment: |
|
|
|
- https_proxy: "{{ system_proxy | default('') }}" |
|
|
|
- https_proxy: "{{ system_proxy | default('') }}" |
|
|
|
when: ansible_os_family == 'Debian' |
|
|
|
when: ansible_os_family == 'Debian' |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Create hook directories |
|
|
|
- name: Create hook directories |
|
|
|
file: path=/etc/dehydrated/hooks_{{ item }}.d state=directory |
|
|
|
file: path=/etc/dehydrated/hooks_{{ item }}.d state=directory |
|
|
|
@ -55,6 +60,7 @@ |
|
|
|
- generate_csr |
|
|
|
- generate_csr |
|
|
|
- startup_hook |
|
|
|
- startup_hook |
|
|
|
- exit_hook |
|
|
|
- exit_hook |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Deploy default hooks |
|
|
|
- name: Deploy default hooks |
|
|
|
copy: content={{ letsencrypt_hooks[item] }} dest=/etc/dehydrated/hooks_{{ item }}.d/00-default mode=755 |
|
|
|
copy: content={{ letsencrypt_hooks[item] }} dest=/etc/dehydrated/hooks_{{ item }}.d/00-default mode=755 |
|
|
|
@ -68,12 +74,14 @@ |
|
|
|
- generate_csr |
|
|
|
- generate_csr |
|
|
|
- startup_hook |
|
|
|
- startup_hook |
|
|
|
- exit_hook |
|
|
|
- exit_hook |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Remove obsolete gandi_live backend # merged with gandi now |
|
|
|
- name: Remove obsolete gandi_live backend # merged with gandi now |
|
|
|
file: path=/usr/lib/python2.7/site-packages/lexicon/providers/{{ item }} state=absent |
|
|
|
file: path=/usr/lib/python2.7/site-packages/lexicon/providers/{{ item }} state=absent |
|
|
|
loop: |
|
|
|
loop: |
|
|
|
- gandi_live.py |
|
|
|
- gandi_live.py |
|
|
|
- gandi_live.pyc |
|
|
|
- gandi_live.pyc |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Deploy lexicon hooks |
|
|
|
- name: Deploy lexicon hooks |
|
|
|
template: src=dns-lexicon-{{ item }}.j2 dest=/etc/dehydrated/hooks_{{ item }}.d/dns-lexicon mode=755 |
|
|
|
template: src=dns-lexicon-{{ item }}.j2 dest=/etc/dehydrated/hooks_{{ item }}.d/dns-lexicon mode=755 |
|
|
|
@ -84,6 +92,7 @@ |
|
|
|
- letsencrypt_challenge == 'dns' |
|
|
|
- letsencrypt_challenge == 'dns' |
|
|
|
- letsencrypt_dns_provider is defined |
|
|
|
- letsencrypt_dns_provider is defined |
|
|
|
- letsencrypt_dns_auth_token is defined |
|
|
|
- letsencrypt_dns_auth_token is defined |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Remove lexicon hooks |
|
|
|
- name: Remove lexicon hooks |
|
|
|
file: path=/etc/dehydrated/hooks_{{ item }}.d/dns-lexicon state=absent |
|
|
|
file: path=/etc/dehydrated/hooks_{{ item }}.d/dns-lexicon state=absent |
|
|
|
@ -91,6 +100,7 @@ |
|
|
|
- deploy_challenge |
|
|
|
- deploy_challenge |
|
|
|
- clean_challenge |
|
|
|
- clean_challenge |
|
|
|
when: letsencrypt_challenge != 'dns' or letsencrypt_dns_provider is not defined or letsencrypt_dns_auth_token is not defined |
|
|
|
when: letsencrypt_challenge != 'dns' or letsencrypt_dns_provider is not defined or letsencrypt_dns_auth_token is not defined |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Deploy dehydrated configuration |
|
|
|
- name: Deploy dehydrated configuration |
|
|
|
template: src={{ item.src }} dest={{item.dest }} mode={{ item.mode | default('644') }} |
|
|
|
template: src={{ item.src }} dest={{item.dest }} mode={{ item.mode | default('644') }} |
|
|
|
@ -104,10 +114,12 @@ |
|
|
|
dest: /etc/cron.daily/dehydrated |
|
|
|
dest: /etc/cron.daily/dehydrated |
|
|
|
mode: 755 |
|
|
|
mode: 755 |
|
|
|
notify: renew dehydrated |
|
|
|
notify: renew dehydrated |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Create httpd conf dir |
|
|
|
- name: Create httpd conf dir |
|
|
|
file: path=/etc/httpd/ansible_conf.d state=directory |
|
|
|
file: path=/etc/httpd/ansible_conf.d state=directory |
|
|
|
when: ansible_os_family == 'RedHat' |
|
|
|
when: ansible_os_family == 'RedHat' |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Deploy dehydrated config for apache |
|
|
|
- name: Deploy dehydrated config for apache |
|
|
|
copy: src={{ item.src }} dest={{ item.dest }} |
|
|
|
copy: src={{ item.src }} dest={{ item.dest }} |
|
|
|
@ -118,11 +130,13 @@ |
|
|
|
dest: /etc/httpd/ansible_conf.d/common_letsencrypt.inc |
|
|
|
dest: /etc/httpd/ansible_conf.d/common_letsencrypt.inc |
|
|
|
register: letsencrypt_httpd_conf |
|
|
|
register: letsencrypt_httpd_conf |
|
|
|
when: ansible_os_family == 'RedHat' |
|
|
|
when: ansible_os_family == 'RedHat' |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Check if Apache httpd is installed |
|
|
|
- name: Check if Apache httpd is installed |
|
|
|
stat: path=/lib/systemd/system/httpd.service |
|
|
|
stat: path=/lib/systemd/system/httpd.service |
|
|
|
register: letsencrypt_httpd |
|
|
|
register: letsencrypt_httpd |
|
|
|
when: ansible_os_family == 'RedHat' |
|
|
|
when: ansible_os_family == 'RedHat' |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Reload httpd config |
|
|
|
- name: Reload httpd config |
|
|
|
command: /bin/systemctl condreload httpd |
|
|
|
command: /bin/systemctl condreload httpd |
|
|
|
@ -130,11 +144,13 @@ |
|
|
|
- letsencrypt_httpd_conf.changed |
|
|
|
- letsencrypt_httpd_conf.changed |
|
|
|
- letsencrypt_httpd.stat.exists |
|
|
|
- letsencrypt_httpd.stat.exists |
|
|
|
- ansible_os_family == 'RedHat' |
|
|
|
- ansible_os_family == 'RedHat' |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
- name: Register on Let's Encrypt |
|
|
|
- name: Register on Let's Encrypt |
|
|
|
command: dehydrated --register --accept-terms |
|
|
|
command: dehydrated --register --accept-terms |
|
|
|
changed_when: False |
|
|
|
changed_when: False |
|
|
|
environment: |
|
|
|
environment: |
|
|
|
- https_proxy: "{{ system_proxy | default('') }}" |
|
|
|
- https_proxy: "{{ system_proxy | default('') }}" |
|
|
|
|
|
|
|
tags: web,ssl |
|
|
|
|
|
|
|
|
|
|
|
... |
|
|
|
... |
|
|
|
|
Daniel Berteaud
4 years ago