gregandev/ansible-role-certbot
gregandev/ansible-role-certbot
1
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-certbot.git synced 2025-04-19 17:01:37 +02:00
Code Issues Projects Releases Wiki Activity

ansible-lint

Browse Source
This commit is contained in:
Zhuravlev E 2024-07-25 13:11:03 +02:00
parent d1cbcde4de
commit 7a5b35d625
9 changed files with 72 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
tasks/create-cert-standalone.yml
View File

@ -1,11 +1,11 @@
--- ---
- name: Check if certificate already exists. - name: Check if certificate already exists.
stat: ansible.builtin.stat:
path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
register: letsencrypt_cert register: letsencrypt_cert
- name: Ensure pre and post hook folders exist. - name: Ensure pre and post hook folders exist.
file: ansible.builtin.file:
path: /etc/letsencrypt/renewal-hooks/{{ item }} path: /etc/letsencrypt/renewal-hooks/{{ item }}
state: directory state: directory
mode: 0755 mode: 0755
@ -16,7 +16,7 @@
- post - post
- name: Create pre hook to stop services. - name: Create pre hook to stop services.
template: ansible.builtin.template:
src: stop_services.j2 src: stop_services.j2
dest: /etc/letsencrypt/renewal-hooks/pre/stop_services dest: /etc/letsencrypt/renewal-hooks/pre/stop_services
owner: root owner: root
@ -27,7 +27,7 @@
- certbot_create_standalone_stop_services - certbot_create_standalone_stop_services
- name: Create post hook to start services. - name: Create post hook to start services.
template: ansible.builtin.template:
src: start_services.j2 src: start_services.j2
dest: /etc/letsencrypt/renewal-hooks/post/start_services dest: /etc/letsencrypt/renewal-hooks/post/start_services
owner: root owner: root
@ -38,5 +38,8 @@
- certbot_create_standalone_stop_services - certbot_create_standalone_stop_services
- name: Generate new certificate if one doesn't exist. - name: Generate new certificate if one doesn't exist.
command: "{{ certbot_create_command }}" ansible.builtin.command: "{{ certbot_create_command }}"
register: certbot_create_command_result
when: not letsencrypt_cert.stat.exists when: not letsencrypt_cert.stat.exists
changed_when:
- certbot_create_command_result.rc is defined and certbot_create_command_result.rc == 0

12
tasks/create-cert-webroot.yml
View File

@ -1,14 +1,20 @@
--- ---
- name: Check if certificate already exists. - name: Check if certificate already exists.
stat: ansible.builtin.stat:
path: /etc/letsencrypt/live/{{ cert_item.domains | first }}/cert.pem path: /etc/letsencrypt/live/{{ cert_item.domains | first }}/cert.pem
register: letsencrypt_cert register: letsencrypt_cert
- name: Create webroot directory if it doesn't exist yet - name: Create webroot directory if it doesn't exist yet
file: ansible.builtin.file:
path: "{{ cert_item.webroot | default(certbot_webroot) }}" path: "{{ cert_item.webroot | default(certbot_webroot) }}"
state: directory state: directory
owner: root
group: root
mode: '0755'
- name: Generate new certificate if one doesn't exist. - name: Generate new certificate if one doesn't exist.
command: "{{ certbot_create_command }}" ansible.builtin.command: "{{ certbot_create_command }}"
register: certbot_create_command_result
when: not letsencrypt_cert.stat.exists when: not letsencrypt_cert.stat.exists
changed_when:
- certbot_create_command_result.rc is defined and certbot_create_command_result.rc == 0

2
tasks/include-vars.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Load a variable file based on the OS type, or a default if not found. - name: Load a variable file based on the OS type, or a default if not found.
include_vars: "{{ item }}" ansible.builtin.include_vars: "{{ item }}"
with_first_found: with_first_found:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
- "{{ ansible_distribution }}.yml" - "{{ ansible_distribution }}.yml"

6
tasks/install-from-source.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Clone Certbot into configured directory. - name: Clone Certbot into configured directory.
git: ansible.builtin.git:
repo: "{{ certbot_repo }}" repo: "{{ certbot_repo }}"
dest: "{{ certbot_dir }}" dest: "{{ certbot_dir }}"
version: "{{ certbot_version }}" version: "{{ certbot_version }}"
@ -8,10 +8,10 @@
force: true force: true
- name: Set Certbot script variable. - name: Set Certbot script variable.
set_fact: ansible.builtin.set_fact:
certbot_script: "{{ certbot_dir }}/certbot-auto" certbot_script: "{{ certbot_dir }}/certbot-auto"
- name: Ensure certbot-auto is executable. - name: Ensure certbot-auto is executable.
file: ansible.builtin.file:
path: "{{ certbot_script }}" path: "{{ certbot_script }}"
mode: 0755 mode: 0755

6
tasks/install-with-package.yml
View File

@ -1,7 +1,9 @@
--- ---
- name: Install Certbot. - name: Install Certbot.
package: "name={{ certbot_package }} state=present" ansible.builtin.package:
name: "{{ certbot_package }}"
state: present
- name: Set Certbot script variable. - name: Set Certbot script variable.
set_fact: ansible.builtin.set_fact:
certbot_script: "{{ certbot_package }}" certbot_script: "{{ certbot_package }}"

21
tasks/install-with-snap.yml
View File

@ -1,41 +1,36 @@
--- ---
- name: Ensure snapd is installed. - name: Ensure snapd is installed.
package: ansible.builtin.package:
name: snapd name: snapd
state: present state: present
register: snapd_install notify:
- Update snap after install
- name: Ensure snapd is enabled. - name: Ensure snapd is enabled.
systemd: ansible.builtin.systemd:
name: snapd.socket name: snapd.socket
enabled: true enabled: true
state: started state: started
- name: Enable classic snap support. - name: Enable classic snap support.
file: ansible.builtin.file:
src: /var/lib/snapd/snap src: /var/lib/snapd/snap
dest: /snap dest: /snap
state: link state: link
when: ansible_os_family != "Debian" when: ansible_os_family != "Debian"
- name: Update snap after install.
shell: snap install core; snap refresh core
changed_when: true
failed_when: false
when: snapd_install is changed
- name: Install certbot via snap. - name: Install certbot via snap.
snap: community.general.snap:
name: certbot name: certbot
classic: true classic: true
- name: Symlink certbot into place. - name: Symlink certbot into place.
file: ansible.builtin.file:
src: /snap/bin/certbot src: /snap/bin/certbot
dest: /usr/bin/certbot dest: /usr/bin/certbot
state: link state: link
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: "{{ ansible_check_mode }}"
- name: Set Certbot script variable. - name: Set Certbot script variable.
set_fact: ansible.builtin.set_fact:
certbot_script: /usr/bin/certbot certbot_script: /usr/bin/certbot

24
tasks/main.yml
View File

@ -1,19 +1,25 @@
--- ---
- import_tasks: include-vars.yml - name: Include vars
ansible.builtin.import_tasks: include-vars.yml
- import_tasks: setup-RedHat.yml - name: Import Redhat task
ansible.builtin.import_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat' when: ansible_os_family == 'RedHat'
- import_tasks: install-with-package.yml - name: Standalone install method choosed
ansible.builtin.import_tasks: install-with-package.yml
when: certbot_install_method == 'package' when: certbot_install_method == 'package'
- import_tasks: install-with-snap.yml - name: Snap install method choosed
ansible.builtin.import_tasks: install-with-snap.yml
when: certbot_install_method == 'snap' when: certbot_install_method == 'snap'
- import_tasks: install-from-source.yml - name: Source install method choosed
ansible.builtin.import_tasks: install-from-source.yml
when: certbot_install_method == 'source' when: certbot_install_method == 'source'
- include_tasks: create-cert-standalone.yml - name: Create certs for standalone install
ansible.builtin.include_tasks: create-cert-standalone.yml
with_items: "{{ certbot_certs }}" with_items: "{{ certbot_certs }}"
when: when:
- certbot_create_if_missing - certbot_create_if_missing
@ -21,7 +27,8 @@
loop_control: loop_control:
loop_var: cert_item loop_var: cert_item
- include_tasks: create-cert-webroot.yml - name: Create certs for webroot install
ansible.builtin.include_tasks: create-cert-webroot.yml
with_items: "{{ certbot_certs }}" with_items: "{{ certbot_certs }}"
when: when:
- certbot_create_if_missing - certbot_create_if_missing
@ -29,5 +36,6 @@
loop_control: loop_control:
loop_var: cert_item loop_var: cert_item
- import_tasks: renew-cron.yml - name: Check cron jobs
ansible.builtin.import_tasks: renew-cron.yml
when: certbot_auto_renew when: certbot_auto_renew

2
tasks/renew-cron.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Add cron job for certbot renewal (if configured). - name: Add cron job for certbot renewal (if configured).
cron: ansible.builtin.cron:
name: Certbot automatic renewal. name: Certbot automatic renewal.
job: "{{ certbot_script }} renew {{ certbot_auto_renew_options }}" job: "{{ certbot_script }} renew {{ certbot_auto_renew_options }}"
minute: "{{ certbot_auto_renew_minute }}" minute: "{{ certbot_auto_renew_minute }}"

47
tasks/setup-RedHat.yml
View File

@ -1,30 +1,27 @@
--- ---
# See: https://github.com/geerlingguy/ansible-role-certbot/issues/107 # See: https://github.com/geerlingguy/ansible-role-certbot/issues/107
- block: - name: Check dnf modules for Redhat family
- name: Ensure dnf-plugins are installed on CentOS 8+.
yum:
name: dnf-plugins-core
state: present
- block:
- name: Enable DNF module for CentOS 8.3+.
shell: |
dnf config-manager --set-enabled powertools
register: dnf_module_enable
changed_when: false
when: ansible_facts['distribution_version'] is version('8.3', '>=')
- name: Enable DNF module for CentOS 8.08.2.
shell: |
dnf config-manager --set-enabled PowerTools
register: dnf_module_enable
changed_when: false
when: ansible_facts['distribution_version'] is version('8.2', '<=')
when: when:
- ansible_distribution == 'CentOS' - ansible_distribution == 'CentOS'
- ansible_distribution_major_version | int >= 8 - ansible_distribution_major_version | int >= 8
block:
- name: Ensure dnf-plugins are installed on CentOS 8+.
ansible.builtin.yum:
name: dnf-plugins-core
state: present
when: ansible_facts['distribution_version'] is version('8.2', '<=')
- name: Check dnf modules for Centos
block:
- name: Enable DNF module for CentOS 8.3+.
ansible.builtin.shell: |
dnf config-manager --set-enabled powertools
register: dnf_module_enable
changed_when: false
when: ansible_facts['distribution_version'] is version('8.3', '>=')
- name: Enable DNF module for CentOS 8.08.2.
ansible.builtin.shell: |
dnf config-manager --set-enabled PowerTools
register: dnf_module_enable
changed_when: false