create pre and post hooks

* Move 'stop' services to pre-hook and post-hook. This way they will also be stopped and started when renewing.

- remove service stop/start tasks
- add pre-hook/post-hook templates
- add pre-hook/pos-hook template tasks
- create missing directories at first run
- run pre and post hook during first manual run
pull/80/head
Wout van Heeswijk 6 years ago committed by GitHub
parent 00dc226101
commit 8164566c4f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 6
      defaults/main.yml
  2. 41
      tasks/create-cert-standalone.yml
  3. 15
      templates/start_services.j2
  4. 15
      templates/stop_services.j2

@ -21,6 +21,12 @@ certbot_create_command: >-
{{ certbot_script }} certonly --standalone --noninteractive --agree-tos {{ certbot_script }} certonly --standalone --noninteractive --agree-tos
--email {{ cert_item.email | default(certbot_admin_email) }} --email {{ cert_item.email | default(certbot_admin_email) }}
-d {{ cert_item.domains | join(',') }} -d {{ cert_item.domains | join(',') }}
{{ '--pre-hook /etc/letsencrypt/renewal-hooks/pre/stop_services'
if certbot_create_standalone_stop_services
else '' }}
{{ '--post-hook /etc/letsencrypt/renewal-hooks/post/start_services'
if certbot_create_standalone_stop_services
else '' }}
certbot_create_standalone_stop_services: certbot_create_standalone_stop_services:
- nginx - nginx

@ -4,20 +4,35 @@
path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
register: letsencrypt_cert register: letsencrypt_cert
- name: Stop services to allow certbot to generate a cert. - name: create pre and post hook folders because those don't exist yet on a fresh install
service: file:
name: "{{ item }}" path: /etc/letsencrypt/renewal-hooks/{{ item }}
state: stopped state: directory
when: not letsencrypt_cert.stat.exists mode: 0755
with_items: "{{ certbot_create_standalone_stop_services }}" owner: root
group: root
with_items:
- pre
- post
- name: Create pre hook to stop services
template:
src: stop_services.j2
dest: /etc/letsencrypt/renewal-hooks/pre/stop_services
owner: root
group: root
mode: 0750
when: certbot_create_standalone_stop_services is defined and certbot_create_standalone_stop_services
- name: create post hook to start services
template:
src: start_services.j2
dest: /etc/letsencrypt/renewal-hooks/post/start_services
owner: root
group: root
mode: 0750
when: certbot_create_standalone_stop_services is defined and certbot_create_standalone_stop_services
- name: Generate new certificate if one doesn't exist. - name: Generate new certificate if one doesn't exist.
command: "{{ certbot_create_command }}" command: "{{ certbot_create_command }}"
when: not letsencrypt_cert.stat.exists when: not letsencrypt_cert.stat.exists
- name: Start services after cert has been generated.
service:
name: "{{ item }}"
state: started
when: not letsencrypt_cert.stat.exists
with_items: "{{ certbot_create_standalone_stop_services }}"

@ -0,0 +1,15 @@
#!/bin/bash
# {{ ansible_managed }}
{% for item in certbot_create_standalone_stop_services %}
echo "starting service {{ item }}"
{% if ansible_service_mgr == 'systemd' %}
systemctl start {{ item }}
{% elif ansible_service_mgr == 'upstart' %}
initctl start {{ item }}
{% elif ansible_service_mgr == 'openrc' %}
rc-service {{ item }} start
{% else %}
service {{ item }} start
{% endif %}
{% endfor %}

@ -0,0 +1,15 @@
#!/bin/bash
# {{ ansible_managed }}
{% for item in certbot_create_standalone_stop_services %}
echo "stopping service {{ item }}"
{% if ansible_service_mgr == 'systemd' %}
systemctl stop {{ item }}
{% elif ansible_service_mgr == 'upstart' %}
initctl stop {{ item }}
{% elif ansible_service_mgr == 'openrc' %}
rc-service {{ item }} stop
{% else %}
service {{ item }} stop
{% endif %}
{% endfor %}
Loading…
Cancel
Save