From 9e00589518e29e0faaa0cb7c36b75a8baca1e3a2 Mon Sep 17 00:00:00 2001 From: nick Date: Tue, 24 Jan 2017 12:48:41 +0200 Subject: [PATCH] Install certificates --- defaults/main.yml | 5 ++++ tasks/main.yml | 74 +++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 77 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 793362c..4d87d75 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -12,3 +12,8 @@ certbot_auto_renew: true certbot_auto_renew_user: "{{ ansible_user }}" certbot_auto_renew_hour: 3 certbot_auto_renew_minute: 30 + +# Install certificates +certbot_email: "" +certbot_domain: "" +certbot_subdomains: [] diff --git a/tasks/main.yml b/tasks/main.yml index ed076dc..a20b7af 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -11,11 +11,81 @@ path: "{{ certbot_dir }}/certbot-auto" mode: 0755 +- name: Stop nginx + service: + name: nginx + state: stopped + when: drupalvm_webserver == 'nginx' + +- name: Stop apache2 + service: + name: apache2 + state: stopped + when: drupalvm_webserver == 'apache' and ansible_os_family == 'Debian' + +- name: Stop httpd + service: + name: httpd + state: stopped + when: drupalvm_webserver == 'apache' and ansible_os_family == 'RedHat' + +- name: Check if letsencrypt certificate file exists + stat: path="/etc/letsencrypt/live/{{ certbot_domain }}/privkey.pem" + register: r_cert_domain + +- name: Run certbot generation for each host + command: "{{ certbot_dir }}/certbot-auto certonly --standalone --email {{ certbot_email }} -d {{ certbot_domain }} -d www.{{ certbot_domain }}" + when: not r_cert_domain.stat.exists + +- name: Run certbot generation for additional subdomains + command: "{{ certbot_dir }}/certbot-auto certonly --standalone --email {{ certbot_email }} -d {{ item }}.{{ certbot_domain }}" + with_items: "{{ certbot_subdomains }}" + when: not r_cert_domain.stat.exists + +- name: Start nginx + service: + name: nginx + state: started + when: drupalvm_webserver == 'nginx' + +- name: Start apache2 + service: + name: apache2 + state: started + when: drupalvm_webserver == 'apache' and ansible_os_family == 'Debian' + +- name: Start httpd + service: + name: httpd + state: started + when: drupalvm_webserver == 'apache' and ansible_os_family == 'RedHat' + - name: Add cron job for 'certbot-auto renew' (if configured). cron: name: Certbot automatic renewal. - job: "{{ certbot_dir }}/certbot-auto renew --quiet --no-self-upgrade" + job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service nginx stop' --post-hook 'service nginx start'" minute: "{{ certbot_auto_renew_minute }}" hour: "{{ certbot_auto_renew_hour }}" user: "{{ certbot_auto_renew_user }}" - when: certbot_auto_renew + cron_file: certbot-cron + when: certbot_auto_renew and drupalvm_webserver == 'nginx' + +- name: Add cron job for 'certbot-auto renew' (if configured). + cron: + name: Certbot automatic renewal. + job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service apache2 stop' --post-hook 'service apache2 start'" + minute: "{{ certbot_auto_renew_minute }}" + hour: "{{ certbot_auto_renew_hour }}" + user: "{{ certbot_auto_renew_user }}" + cron_file: certbot-cron + when: certbot_auto_renew and drupalvm_webserver == 'apache' and ansible_os_family == 'Debian' + +- name: Add cron job for 'certbot-auto renew' (if configured). + cron: + name: Certbot automatic renewal. + job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service httpd stop' --post-hook 'service httpd start'" + minute: "{{ certbot_auto_renew_minute }}" + hour: "{{ certbot_auto_renew_hour }}" + user: "{{ certbot_auto_renew_user }}" + cron_file: certbot-cron + when: certbot_auto_renew and drupalvm_webserver == 'apache' and ansible_os_family == 'RedHat'