aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2018-04-09 15:03:10 +0800
committerAaron LI <aly@aaronly.me>2018-04-09 15:03:10 +0800
commit40f44a1f486116b8fcae7e307ec1bd82fe433bc6 (patch)
treea4dd572b78eb543150be4dad47a32d35bd071d72 /roles
parent50866de332539350b3d7184d6e7606b171aca8f4 (diff)
downloadansible-dfly-vps-40f44a1f486116b8fcae7e307ec1bd82fe433bc6.tar.bz2
web/acme: tag acme and acme-renew; add deploy-acme handler
Diffstat (limited to 'roles')
-rw-r--r--roles/web/handlers/main.yml3
-rw-r--r--roles/web/tasks/main.yml18
2 files changed, 21 insertions, 0 deletions
diff --git a/roles/web/handlers/main.yml b/roles/web/handlers/main.yml
index 765d2c1..7772422 100644
--- a/roles/web/handlers/main.yml
+++ b/roles/web/handlers/main.yml
@@ -1,3 +1,6 @@
---
- name: reload-nginx
command: rcreload nginx
+
+- name: deploy-acme
+ command: sh /usr/local/etc/acme/deploy.sh
diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml
index b45e0ec..8d48e52 100644
--- a/roles/web/tasks/main.yml
+++ b/roles/web/tasks/main.yml
@@ -85,6 +85,7 @@
path: "{{ playbook_dir }}/private/acme/privkey.pem"
delegate_to: localhost
register: stat_result
+ tags: acme
- name: (local) acme - generate account private key (4096 bit)
become: false
@@ -93,28 +94,37 @@
-out "{{ playbook_dir }}/private/acme/privkey.pem" 4096
delegate_to: localhost
when: not stat_result.stat.exists
+ tags: acme
- name: acme - copy account private key
copy:
src: "{{ playbook_dir }}/private/acme/privkey.pem"
dest: /usr/local/etc/acme/privkey.pem
mode: 0400
+ tags: acme
- name: acme - create domain private directory
file:
path: /usr/local/etc/ssl/acme/private/
state: directory
mode: 0700
+ tags: acme
# Credit: https://shasawas.wordpress.com/2016/05/23/how-to-loop-over-a-set-of-tasks-in-ansible/
- name: acme - generate and copy domain private keys
include_tasks: acme-domainkey.yml domain={{ item.name }}
with_items: "{{ domains }}"
+ tags:
+ - acme
+ - acme-renew
- name: acme - generate domains.txt
template:
src: domains.txt.j2
dest: /usr/local/etc/acme/domains.txt
+ tags:
+ - acme
+ - acme-renew
- name: acme - create challenge directory
file:
@@ -122,12 +132,20 @@
state: directory
group: www
recurse: true
+ tags: acme
- name: nginx - force reload
command: rcreload nginx
+ tags:
+ - acme
+ - acme-renew
- name: acme - request domain certificates
command: sh /usr/local/etc/acme/acme-client.sh -e
+ notify: deploy-acme
+ tags:
+ - acme
+ - acme-renew
- name: acme - setup periodic tasks for cert renewal
blockinfile: