You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
127 lines
3.5 KiB
127 lines
3.5 KiB
---
|
|
|
|
- name: Install dehydrated client
|
|
yum:
|
|
name:
|
|
- dehydrated
|
|
- python2-dns-lexicon
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- name: Install dependencies
|
|
apt:
|
|
name:
|
|
- python-pip
|
|
- python-setuptools
|
|
- curl
|
|
when: ansible_os_family == 'Debian'
|
|
|
|
- name: Create needed directories
|
|
file: path={{ item }} state=directory
|
|
with_items:
|
|
- /etc/dehydrated
|
|
- /var/lib/dehydrated/certificates
|
|
- /var/lib/dehydrated/challenges
|
|
|
|
- name: Install dehydrated
|
|
get_url:
|
|
url: "{{ item.url }}"
|
|
dest: "{{ item.dest }}"
|
|
mode: 755
|
|
force: True
|
|
environment:
|
|
- https_proxy: "{{ system_proxy | default('') }}"
|
|
with_items:
|
|
- url: https://raw.githubusercontent.com/lukas2511/dehydrated/master/dehydrated
|
|
dest: /usr/local/bin/dehydrated
|
|
- url: https://git.fws.fr/fws/dehydrated/raw/branch/master/dehydrated_hooks
|
|
dest: /usr/local/bin/dehydrated_hooks
|
|
when: ansible_os_family == 'Debian'
|
|
|
|
- name: Install lexicon
|
|
pip: name=dns-lexicon state=latest
|
|
environment:
|
|
- https_proxy: "{{ system_proxy | default('') }}"
|
|
when: ansible_os_family == 'Debian'
|
|
|
|
- name: Create hook directories
|
|
file: path=/etc/dehydrated/hooks_{{ item }}.d state=directory
|
|
with_items:
|
|
- clean_challenge
|
|
- deploy_cert
|
|
- deploy_challenge
|
|
- unchanged_cert
|
|
- invalid_challenge
|
|
- request_failure
|
|
- generate_csr
|
|
- startup_hook
|
|
- exit_hook
|
|
|
|
- name: Remove obsolete gandi_live backend # merged with gandi now
|
|
file: path=/usr/lib/python2.7/site-packages/lexicon/providers/{{ item }} state=absent
|
|
loop:
|
|
- gandi_live.py
|
|
- gandi_live.pyc
|
|
|
|
- name: Deploy lexicon hooks
|
|
template: src=dns-lexicon-{{ item }}.j2 dest=/etc/dehydrated/hooks_{{ item }}.d/dns-lexicon mode=755
|
|
with_items:
|
|
- deploy_challenge
|
|
- clean_challenge
|
|
when:
|
|
- letsencrypt_challenge == 'dns'
|
|
- letsencrypt_dns_provider is defined
|
|
- letsencrypt_dns_auth_token is defined
|
|
|
|
- name: Remove lexicon hooks
|
|
file: path=/etc/dehydrated/hooks_{{ item }}.d/dns-lexicon state=absent
|
|
with_items:
|
|
- deploy_challenge
|
|
- clean_challenge
|
|
when: letsencrypt_challenge != 'dns' or letsencrypt_dns_provider is not defined or letsencrypt_dns_auth_token is not defined
|
|
|
|
- name: Deploy dehydrated configuration
|
|
template: src={{ item.src }} dest={{item.dest }} mode={{ item.mode | default('644') }}
|
|
with_items:
|
|
- src: config.j2
|
|
dest: /etc/dehydrated/config
|
|
mode: 600
|
|
- src: domains.txt.j2
|
|
dest: /etc/dehydrated/domains.txt
|
|
- src: cron.j2
|
|
dest: /etc/cron.daily/dehydrated
|
|
mode: 755
|
|
notify: renew dehydrated
|
|
|
|
- name: Create httpd conf dir
|
|
file: path=/etc/httpd/ansible_conf.d state=directory
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- name: Deploy dehydrated config for apache
|
|
copy: src={{ item.src }} dest={{ item.dest }}
|
|
with_items:
|
|
- src: httpd_dehydrated.conf
|
|
dest: /etc/httpd/ansible_conf.d/10-dehydrated.conf
|
|
- src: common_letsencrypt.inc
|
|
dest: /etc/httpd/ansible_conf.d/common_letsencrypt.inc
|
|
register: letsencrypt_httpd_conf
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- name: Check if Apache httpd is installed
|
|
stat: path=/lib/systemd/system/httpd.service
|
|
register: letsencrypt_httpd
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- name: Reload httpd config
|
|
service: name=httpd state=reloaded
|
|
when:
|
|
- letsencrypt_httpd_conf.changed
|
|
- letsencrypt_httpd.stat.exists
|
|
- ansible_os_family == 'RedHat'
|
|
|
|
- name: Register on Let's Encrypt
|
|
command: dehydrated --register --accept-terms
|
|
changed_when: False
|
|
environment:
|
|
- https_proxy: "{{ system_proxy | default('') }}"
|
|
|
|
...
|
|
|