From bd58f8e72c4e9511c27def9e9efea36d4005adce Mon Sep 17 00:00:00 2001 From: Romain Porte Date: Sat, 9 May 2020 16:44:27 +0200 Subject: [PATCH] optimize renewal-hook creation: run it only once and not per domain --- tasks/create-cert-webroot.yml | 14 -------------- tasks/install-deploy-hook.yml | 14 ++++++++++++++ tasks/main.yml | 4 ++++ 3 files changed, 18 insertions(+), 14 deletions(-) create mode 100644 tasks/install-deploy-hook.yml diff --git a/tasks/create-cert-webroot.yml b/tasks/create-cert-webroot.yml index 63466c8..8399872 100644 --- a/tasks/create-cert-webroot.yml +++ b/tasks/create-cert-webroot.yml @@ -4,20 +4,6 @@ path: /etc/letsencrypt/live/{{ cert_item.domains | first }}/cert.pem register: letsencrypt_cert -- name: Ensure deploy hook directory exists - file: - path: /etc/letsencrypt/renewal-hooks/deploy - state: directory - mode: 0755 - -- name: Create deploy hook - copy: - content: "{{ certbot_deployhook }}" - dest: /etc/letsencrypt/renewal-hooks/deploy/ansible.sh - mode: u+rwx - run_once: true - when: certbot_deployhook is defined - - name: Create webroot directory if it doesn't exist yet file: path: "{{ cert_item.webroot | default(certbot_webroot) }}" diff --git a/tasks/install-deploy-hook.yml b/tasks/install-deploy-hook.yml new file mode 100644 index 0000000..5bd8a01 --- /dev/null +++ b/tasks/install-deploy-hook.yml @@ -0,0 +1,14 @@ +- name: Ensure deploy hook directory exists + file: + path: /etc/letsencrypt/renewal-hooks/deploy + state: directory + mode: 0755 + when: certbot_deployhook is defined + +- name: Create deploy hook + copy: + content: "{{ certbot_deployhook }}" + dest: /etc/letsencrypt/renewal-hooks/deploy/ansible.sh + mode: u+rwx + when: certbot_deployhook is defined + diff --git a/tasks/main.yml b/tasks/main.yml index 894143c..cd6eb3b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -29,5 +29,9 @@ loop_control: loop_var: cert_item +- include_tasks: install-deploy-hook.yml + when: + - certbot_create_method == 'webroot' + - import_tasks: renew-cron.yml when: certbot_auto_renew