Issue #134: Snap install method.

2025-04-16 07:41:38 +02:00 · 2021-01-19 10:54:42 -06:00 · 2021-01-19 10:54:42 -06:00 · 0ba7078e8c
commit 0ba7078e8c
parent b96acd79ec
7 changed files with 77 additions and 10 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -52,6 +52,8 @@ jobs:
            playbook: converge.yml
          - distro: centos7
            playbook: playbook-source-install.yml
+          - distro: centos7
+            playbook: playbook-snap-install.yml

    steps:
      - name: Check out the codebase.
--- a/README.md
+++ b/README.md
@ -12,7 +12,8 @@ Generally, installing from source (see section `Source Installation from Git`) l

 ## Role Variables

-The variable `certbot_install_from_source` controls whether to install Certbot from Git or package management. The latter is the default, so the variable defaults to `no`.
+TODO.
+

    certbot_auto_renew: true
    certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
@ -60,16 +61,23 @@ Services that should be stopped while `certbot` runs it's own standalone server

 These services will only be stopped the first time a new cert is generated.

+### Snap Installation
+
+Beginning in December 2020, the Certbot maintainers decided to recommend installing Certbot from Snap rather than maintain scripts like `certbot-auto`.
+
+Setting `certbot_install_method: snap` configures this role to install Certbot via Snap.
+
+This install method is currently experimental and may or may not work across all Linux distributions.
+
 ### Source Installation from Git

-You can install Certbot from it's Git source repository if desired. This might be useful in several cases, but especially when older distributions don't have Certbot packages available (e.g. CentOS < 7, Ubuntu < 16.10 and Debian < 8).
+You can install Certbot from it's Git source repository if desired with `certbot_install_method: source`. This might be useful in several cases, but especially when older distributions don't have Certbot packages available (e.g. CentOS < 7, Ubuntu < 16.10 and Debian < 8).

-    certbot_install_from_source: false
    certbot_repo: https://github.com/certbot/certbot.git
    certbot_version: master
    certbot_keep_updated: true

-Certbot Git repository options. To install from source, set `certbot_install_from_source` to `yes`. This clones the configured `certbot_repo`, respecting the `certbot_version` setting. If `certbot_keep_updated` is set to `yes`, the repository is updated every time this role runs.
+Certbot Git repository options. If installing from source, the configured `certbot_repo` is cloned, respecting the `certbot_version` setting. If `certbot_keep_updated` is set to `yes`, the repository is updated every time this role runs.

    certbot_dir: /opt/certbot

--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -27,9 +27,10 @@ certbot_create_standalone_stop_services:
  # - apache
  # - varnish

-# To install from source (on older OSes or if you need a specific or newer
-# version of Certbot), set this variable to `yes` and configure other options.
-certbot_install_from_source: false
+# Available options: 'package', 'snap', 'source'.
+certbot_install_method: 'package'
+
+# Source install configuration.
 certbot_repo: https://github.com/certbot/certbot.git
 certbot_version: master
 certbot_keep_updated: true
--- a/molecule/default/playbook-snap-install.yml
+++ b/molecule/default/playbook-snap-install.yml
@ -0,0 +1,26 @@
+---
+- name: Converge
+  hosts: all
+  become: true
+
+  vars:
+    certbot_install_method: 'snap'
+    certbot_auto_renew_user: root
+
+  pre_tasks:
+    - name: Update apt cache.
+      apt: update_cache=yes cache_valid_time=600
+      when: ansible_os_family == 'Debian'
+      changed_when: false
+
+    - name: Install cron (RedHat).
+      yum: name=cronie state=present
+      when: ansible_os_family == 'RedHat'
+
+    - name: Install cron (Debian).
+      apt: name=cron state=present
+      when: ansible_os_family == 'Debian'
+
+  roles:
+    - geerlingguy.git
+    - geerlingguy.certbot
--- a/molecule/default/playbook-source-install.yml
+++ b/molecule/default/playbook-source-install.yml
@ -4,7 +4,7 @@
  become: true

  vars:
-    certbot_install_from_source: true
+    certbot_install_method: 'source'
    certbot_auto_renew_user: root

  pre_tasks:
--- a/tasks/install-with-snap.yml
+++ b/tasks/install-with-snap.yml
@ -0,0 +1,27 @@
+---
+- name: Ensure snapd is installed.
+  package:
+    name: snapd
+    state: present
+
+- name: Ensure snapd is enabled.
+  systemd:
+    name: snapd.socket
+    enabled: true
+
+- name: Enable classic snap support.
+  file:
+    source: /var/lib/snapd/snap
+    dest: /snap
+    state: link
+
+- name: Install certbot via snap.
+  snap:
+    name: certbot
+    classic: true
+
+- name: Symlink certbot into place.
+  file:
+    source: /snap/bin/certbot
+    dest: /usr/bin/certbot
+    state: link
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -5,10 +5,13 @@
  when: ansible_os_family == 'RedHat'

 - import_tasks: install-with-package.yml
-  when: not certbot_install_from_source
+  when: certbot_install_method == 'package'
+
+- import_tasks: install-with-snap.yml
+  when: certbot_install_method == 'snap'

 - import_tasks: install-from-source.yml
-  when: certbot_install_from_source
+  when: certbot_install_method == 'source'

 - include_tasks: create-cert-standalone.yml
  with_items: "{{ certbot_certs }}"