WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-30 21:41:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7aa7553b84af5dc8efa78e9d8a4e50dde369052d
fedora-infra_ansible/roles/letsencrypt/tasks/main.yml
Michal Konecny 2ec055db6f Use first uppercase letter for all handlers 
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.

I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```

Then I went through all the changes and removed the ones that wasn't
expected to be changed.

Fixes https://pagure.io/fedora-infrastructure/issue/12391

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-02-10 20:31:49 +00:00

156 lines
3.9 KiB
YAML
Raw Blame History

---
- name: Setup defaults file
delegate_to: "certgetter01.iad2.fedoraproject.org"
ansible.builtin.copy: >
dest=/etc/letsencrypt/cli.ini
src=cli.ini
owner=root
group=root
mode=0644
tags:
- letsencrypt
- name: Generate (or renew) the certificate
delegate_to: "certgetter01.iad2.fedoraproject.org"
ansible.builtin.command: certbot certonly --expand --keep -n --webroot --webroot-path /var/www/html/ -d {{','.join([site_name] + server_aliases)}}
run_once: true
register: certbot_output
check_mode: no
changed_when: "not ('not yet due for renewal' in certbot_output.stdout)"
tags:
- letsencrypt
# Find the directory to use
- name: Get the directory to use
delegate_to: "certgetter01.iad2.fedoraproject.org"
# Sometimes we get directories like site-0001, site-0002, etc. We want the latest
ansible.builtin.shell: "file /etc/letsencrypt/live/{{site_name}}* | tail -1 | sed -e 's/: directory//' | tr -d '\n'"
register: certbot_dir
changed_when: 'false'
check_mode: no
tags:
- letsencrypt
# And once we do that, we need to copy some things.
- name: Obtain the certificate
delegate_to: "certgetter01.iad2.fedoraproject.org"
ansible.builtin.command: "cat {{certbot_dir.stdout}}/cert.pem"
register: certbot_certificate
changed_when: 'false'
check_mode: no
tags:
- letsencrypt
- name: Obtain the intermediate certificate
delegate_to: "certgetter01.iad2.fedoraproject.org"
ansible.builtin.command: cat {{certbot_dir.stdout}}/chain.pem
register: certbot_chain
changed_when: 'false'
check_mode: no
tags:
- letsencrypt
- name: Obtain the key
delegate_to: "certgetter01.iad2.fedoraproject.org"
ansible.builtin.command: cat {{certbot_dir.stdout}}/privkey.pem
register: certbot_key
changed_when: 'false'
check_mode: no
tags:
- letsencrypt
- name: Install the certificate
ansible.builtin.copy: >
dest=/etc/pki/tls/certs/{{site_name}}.cert
content="{{certbot_certificate.stdout}}"
owner=root
group=root
mode=0644
notify:
- Reload proxyhttpd
tags:
- letsencrypt
- name: Install the intermediate/chain certificate
ansible.builtin.copy: >
dest=/etc/pki/tls/certs/{{site_name}}.intermediate.cert
content="{{certbot_chain.stdout}}"
owner=root
group=root
mode=0644
notify:
- Reload proxyhttpd
tags:
- letsencrypt
- name: Install the key
ansible.builtin.copy: >
dest=/etc/pki/tls/private/{{site_name}}.key
content="{{certbot_key.stdout}}"
owner=root
group=root
mode=0600
notify:
- Reload proxyhttpd
tags:
- letsencrypt
- name: Install the certificate (additional host)
ansible.builtin.copy: >
dest=/etc/pki/tls/certs/{{site_name}}.cert
content="{{certbot_certificate.stdout}}"
owner=root
group=root
mode=0644
notify:
- Reload proxyhttpd
tags:
- letsencrypt
delegate_to: "{{ certbot_addhost }}"
when:
- certbot_addhost is defined
- name: Install the intermediate/chain certificate (additional host)
ansible.builtin.copy: >
dest=/etc/pki/tls/certs/{{site_name}}.intermediate.cert
content="{{certbot_chain.stdout}}"
owner=root
group=root
mode=0644
notify:
- Reload proxyhttpd
tags:
- letsencrypt
delegate_to: "{{ certbot_addhost }}"
when:
- certbot_addhost is defined
- name: Install the key (additional host)
ansible.builtin.copy: >
dest=/etc/pki/tls/private/{{site_name}}.key
content="{{certbot_key.stdout}}"
owner=root
group=root
mode=0600
notify:
- Reload proxyhttpd
tags:
- letsencrypt
delegate_to: "{{ certbot_addhost }}"
when:
- certbot_addhost is defined
- name: Install certificate bundle
ansible.builtin.template: >
dest=/etc/pki/tls/certs/{{site_name}}.bundle.cert
src=combined.j2
owner=root
group=root
mode=0644
notify:
- Restart stunnel
tags:
- letsencrypt
delegate_to: "{{ certbot_bundlehost }}"
when: certbot_bundlehost is defined
Reference in New Issue View Git Blame Copy Permalink