diff options
author | Aaron LI <aly@aaronly.me> | 2018-04-09 15:03:10 +0800 |
---|---|---|
committer | Aaron LI <aly@aaronly.me> | 2018-04-09 15:03:10 +0800 |
commit | 40f44a1f486116b8fcae7e307ec1bd82fe433bc6 (patch) | |
tree | a4dd572b78eb543150be4dad47a32d35bd071d72 /roles | |
parent | 50866de332539350b3d7184d6e7606b171aca8f4 (diff) | |
download | ansible-dfly-vps-40f44a1f486116b8fcae7e307ec1bd82fe433bc6.tar.bz2 |
web/acme: tag acme and acme-renew; add deploy-acme handler
Diffstat (limited to 'roles')
-rw-r--r-- | roles/web/handlers/main.yml | 3 | ||||
-rw-r--r-- | roles/web/tasks/main.yml | 18 |
2 files changed, 21 insertions, 0 deletions
diff --git a/roles/web/handlers/main.yml b/roles/web/handlers/main.yml index 765d2c1..7772422 100644 --- a/roles/web/handlers/main.yml +++ b/roles/web/handlers/main.yml @@ -1,3 +1,6 @@ --- - name: reload-nginx command: rcreload nginx + +- name: deploy-acme + command: sh /usr/local/etc/acme/deploy.sh diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml index b45e0ec..8d48e52 100644 --- a/roles/web/tasks/main.yml +++ b/roles/web/tasks/main.yml @@ -85,6 +85,7 @@ path: "{{ playbook_dir }}/private/acme/privkey.pem" delegate_to: localhost register: stat_result + tags: acme - name: (local) acme - generate account private key (4096 bit) become: false @@ -93,28 +94,37 @@ -out "{{ playbook_dir }}/private/acme/privkey.pem" 4096 delegate_to: localhost when: not stat_result.stat.exists + tags: acme - name: acme - copy account private key copy: src: "{{ playbook_dir }}/private/acme/privkey.pem" dest: /usr/local/etc/acme/privkey.pem mode: 0400 + tags: acme - name: acme - create domain private directory file: path: /usr/local/etc/ssl/acme/private/ state: directory mode: 0700 + tags: acme # Credit: https://shasawas.wordpress.com/2016/05/23/how-to-loop-over-a-set-of-tasks-in-ansible/ - name: acme - generate and copy domain private keys include_tasks: acme-domainkey.yml domain={{ item.name }} with_items: "{{ domains }}" + tags: + - acme + - acme-renew - name: acme - generate domains.txt template: src: domains.txt.j2 dest: /usr/local/etc/acme/domains.txt + tags: + - acme + - acme-renew - name: acme - create challenge directory file: @@ -122,12 +132,20 @@ state: directory group: www recurse: true + tags: acme - name: nginx - force reload command: rcreload nginx + tags: + - acme + - acme-renew - name: acme - request domain certificates command: sh /usr/local/etc/acme/acme-client.sh -e + notify: deploy-acme + tags: + - acme + - acme-renew - name: acme - setup periodic tasks for cert renewal blockinfile: |