From efc9f6706461b60268ae4989be5372da96e64f59 Mon Sep 17 00:00:00 2001 From: Thiago Almeida Date: Sat, 12 Sep 2020 16:51:27 +0200 Subject: [PATCH] Fix tests on debian10, CentOS 7 and remove support for CentOS 6 --- .travis.yml | 6 ++--- README.md | 16 ++++++------- defaults/main.yml | 2 +- meta/main.yml | 6 ++--- molecule/default/converge.yml | 2 +- molecule/default/molecule.yml | 2 -- molecule/default/playbook-source-install.yml | 24 +++++++++++++++---- .../default/playbook-standalone-nginx-aws.yml | 2 +- tasks/include-vars.yml | 1 + tasks/install-from-source.yml | 11 ++++----- tasks/install-with-package.yml | 3 +-- tasks/main.yml | 2 +- vars/CentOS-7.yml | 3 +++ vars/default.yml | 1 + 14 files changed, 47 insertions(+), 34 deletions(-) create mode 100644 vars/CentOS-7.yml diff --git a/.travis.yml b/.travis.yml index 71ad73c..921d41d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,8 +9,6 @@ env: matrix: - MOLECULE_DISTRO: centos8 - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: centos6 - MOLECULE_PLAYBOOK: playbook-source-install.yml - MOLECULE_DISTRO: ubuntu2004 - MOLECULE_DISTRO: ubuntu1804 - MOLECULE_DISTRO: debian10 @@ -26,8 +24,8 @@ install: before_script: # Use actual Ansible Galaxy role name for the project directory. - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME + - mv ansible-role-$ROLE_NAME thiagoalmeidasa.$ROLE_NAME + - cd thiagoalmeidasa.$ROLE_NAME script: # Run tests. diff --git a/README.md b/README.md index a720e0d..f3cf8e9 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ # Ansible Role: Certbot (for Let's Encrypt) -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-certbot.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-certbot) +[![Build Status](https://travis-ci.org/thiagoalmeidasa/ansible-role-certbot.svg?branch=master)](https://travis-ci.org/thiagoalmeidasa/ansible-role-certbot) Installs and configures Certbot (for Let's Encrypt). ## Requirements -If installing from source, Git is required. You can install Git using the `geerlingguy.git` role. +If installing from source, Git is required. You can install Git using the `thiagoalmeidasa.git` role. Generally, installing from source (see section `Source Installation from Git`) leads to a better experience using Certbot and Let's Encrypt, especially if you're using an older OS release. @@ -29,9 +29,9 @@ Currently there is one built-in method for generating new certificates using thi **For a complete example**: see the fully functional test playbook in [molecule/default/playbook-standalone-nginx-aws.yml](molecule/default/playbook-standalone-nginx-aws.yml). certbot_create_if_missing: false - certbot_create_method: standalone + certbot_create_method: certonly -Set `certbot_create_if_missing` to `yes` or `True` to let this role generate certs. Set the method used for generating certs with the `certbot_create_method` variable—current allowed values include: `standalone`. +Set `certbot_create_if_missing` to `yes` or `True` to let this role generate certs. Set the method used for generating certs with the `certbot_create_method` variable—current allowed values include: `certonly`. certbot_admin_email: email@example.com @@ -77,7 +77,7 @@ The directory inside which Certbot will be cloned. ### Wildcard Certificates -Let's Encrypt supports [generating wildcard certificates](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579), but the process for generating and using them is slightly more involved. See comments in [this pull request](https://github.com/geerlingguy/ansible-role-certbot/pull/60#issuecomment-423919284) for an example of how to use this role to maintain wildcard certs. +Let's Encrypt supports [generating wildcard certificates](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579), but the process for generating and using them is slightly more involved. See comments in [this pull request](https://github.com/thiagoalmeidasa/ansible-role-certbot/pull/60#issuecomment-423919284) for an example of how to use this role to maintain wildcard certs. Michael Porter also has a walkthrough of [Creating A Let’s Encrypt Wildcard Cert With Ansible](https://www.michaelpporter.com/2018/09/creating-a-wildcard-cert-with-ansible/), specifically with Cloudflare. @@ -88,14 +88,14 @@ None. ## Example Playbook - hosts: servers - + vars: certbot_auto_renew_user: your_username_here certbot_auto_renew_minute: "20" certbot_auto_renew_hour: "5" - + roles: - - geerlingguy.certbot + - thiagoalmeidasa.certbot See other examples in the `tests/` directory. diff --git a/defaults/main.yml b/defaults/main.yml index 0250b36..52f2c68 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -10,7 +10,7 @@ certbot_auto_renew_options: >- # Parameters used when creating new Certbot certs. certbot_create_if_missing: false -certbot_create_method: standalone +certbot_create_method: certonly certbot_admin_email: email@example.com certbot_certs: [] # - email: janedoe@example.com diff --git a/meta/main.yml b/meta/main.yml index e11836d..ebebaa5 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -17,7 +17,6 @@ galaxy_info: platforms: - name: EL versions: - - 6 - 7 - 8 - name: Fedora @@ -25,10 +24,11 @@ galaxy_info: - all - name: Ubuntu versions: - - all + - bionic + - focal - name: Debian versions: - - all + - buster galaxy_tags: - networking - system diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 3e06439..aae9c93 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -38,4 +38,4 @@ when: ansible_os_family == 'Debian' roles: - - geerlingguy.certbot-route53 + - thiagoalmeidasa.certbot-route53 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 8e30f43..2da47dd 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -17,7 +17,5 @@ platforms: pre_build_image: true provisioner: name: ansible - ansible_args: - - -vvvv playbooks: converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/molecule/default/playbook-source-install.yml b/molecule/default/playbook-source-install.yml index 73b635a..4c64401 100644 --- a/molecule/default/playbook-source-install.yml +++ b/molecule/default/playbook-source-install.yml @@ -9,18 +9,32 @@ pre_tasks: - name: Update apt cache. - apt: update_cache=yes cache_valid_time=600 + apt: + name: + - python3-apt + update_cache: true + cache_valid_time: 600 when: ansible_os_family == 'Debian' changed_when: false - name: Install cron (RedHat). - yum: name=cronie state=present + yum: + name: cronie + state: present when: ansible_os_family == 'RedHat' - - name: Install cron (Debian). - apt: name=cron state=present + - name: Install dependencies (Debian). + apt: + name: + - cron + - python-setuptools + - python3 + - python3-apt + - python3-pip + - python3-setuptools + state: present when: ansible_os_family == 'Debian' roles: - geerlingguy.git - - geerlingguy.certbot-route53 + - thiagoalmeidasa.certbot-route53 diff --git a/molecule/default/playbook-standalone-nginx-aws.yml b/molecule/default/playbook-standalone-nginx-aws.yml index 417596e..535fc89 100644 --- a/molecule/default/playbook-standalone-nginx-aws.yml +++ b/molecule/default/playbook-standalone-nginx-aws.yml @@ -125,7 +125,7 @@ when: ansible_os_family == 'Debian' roles: - - geerlingguy.certbot-route53 + - thiagoalmeidasa.certbot-route53 - geerlingguy.nginx tasks: diff --git a/tasks/include-vars.yml b/tasks/include-vars.yml index 0a70e50..94fad7d 100644 --- a/tasks/include-vars.yml +++ b/tasks/include-vars.yml @@ -3,6 +3,7 @@ include_vars: "{{ item }}" with_first_found: - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" + - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - "{{ ansible_distribution }}.yml" - "{{ ansible_os_family }}.yml" - "default.yml" diff --git a/tasks/install-from-source.yml b/tasks/install-from-source.yml index a992749..2a7ea07 100644 --- a/tasks/install-from-source.yml +++ b/tasks/install-from-source.yml @@ -7,12 +7,6 @@ update: "{{ certbot_keep_updated }}" force: true -- name: Install Certbot route53 plugin. - package: - name: - - python3-certbot-dns-route53 - state: present - - name: Set Certbot script variable. set_fact: certbot_script: "{{ certbot_dir }}/certbot-auto" @@ -21,3 +15,8 @@ file: path: "{{ certbot_script }}" mode: 0755 + +- name: Install Certbot route53 plugin. + package: + name: "{{ certbot_route53_package }}" + state: present diff --git a/tasks/install-with-package.yml b/tasks/install-with-package.yml index 6f712be..5e6f491 100644 --- a/tasks/install-with-package.yml +++ b/tasks/install-with-package.yml @@ -6,8 +6,7 @@ - name: Install Certbot route53 plugin. package: - name: - - python3-certbot-dns-route53 + name: "{{ certbot_route53_package }}" state: present - name: Set Certbot script variable. diff --git a/tasks/main.yml b/tasks/main.yml index 52aa6af..e5df862 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -14,7 +14,7 @@ with_items: "{{ certbot_certs }}" when: - certbot_create_if_missing - - certbot_create_method == 'standalone' + - certbot_create_method == 'certonly' loop_control: loop_var: cert_item diff --git a/vars/CentOS-7.yml b/vars/CentOS-7.yml new file mode 100644 index 0000000..f78cec4 --- /dev/null +++ b/vars/CentOS-7.yml @@ -0,0 +1,3 @@ +--- +certbot_package: certbot +certbot_route53_package: python2-certbot-dns-route53 diff --git a/vars/default.yml b/vars/default.yml index d88f2dc..bb4d40d 100644 --- a/vars/default.yml +++ b/vars/default.yml @@ -1,2 +1,3 @@ --- certbot_package: certbot +certbot_route53_package: python3-certbot-dns-route53