gregandev/ansible-role-certbot
gregandev/ansible-role-certbot
1
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-certbot.git synced 2025-04-20 09:11:43 +02:00
Code Issues Projects Releases Wiki Activity

Fix tests on debian10, CentOS 7 and remove support for CentOS 6

Browse Source
This commit is contained in:
Thiago Almeida 2020-09-12 16:51:27 +02:00
parent 9e4cb6fb00
commit efc9f67064
14 changed files with 47 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.travis.yml
View File

@ -9,8 +9,6 @@ env:
matrix: matrix:
- MOLECULE_DISTRO: centos8 - MOLECULE_DISTRO: centos8
- MOLECULE_DISTRO: centos7 - MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: centos6
MOLECULE_PLAYBOOK: playbook-source-install.yml
- MOLECULE_DISTRO: ubuntu2004 - MOLECULE_DISTRO: ubuntu2004
- MOLECULE_DISTRO: ubuntu1804 - MOLECULE_DISTRO: ubuntu1804
- MOLECULE_DISTRO: debian10 - MOLECULE_DISTRO: debian10
@ -26,8 +24,8 @@ install:
before_script: before_script:
# Use actual Ansible Galaxy role name for the project directory. # Use actual Ansible Galaxy role name for the project directory.
- cd ../ - cd ../
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - mv ansible-role-$ROLE_NAME thiagoalmeidasa.$ROLE_NAME
- cd geerlingguy.$ROLE_NAME - cd thiagoalmeidasa.$ROLE_NAME
script: script:
# Run tests. # Run tests.

12
README.md
View File

@ -1,12 +1,12 @@
# Ansible Role: Certbot (for Let's Encrypt) # Ansible Role: Certbot (for Let's Encrypt)
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-certbot.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-certbot) [![Build Status](https://travis-ci.org/thiagoalmeidasa/ansible-role-certbot.svg?branch=master)](https://travis-ci.org/thiagoalmeidasa/ansible-role-certbot)
Installs and configures Certbot (for Let's Encrypt). Installs and configures Certbot (for Let's Encrypt).
## Requirements ## Requirements
If installing from source, Git is required. You can install Git using the `geerlingguy.git` role. If installing from source, Git is required. You can install Git using the `thiagoalmeidasa.git` role.
Generally, installing from source (see section `Source Installation from Git`) leads to a better experience using Certbot and Let's Encrypt, especially if you're using an older OS release. Generally, installing from source (see section `Source Installation from Git`) leads to a better experience using Certbot and Let's Encrypt, especially if you're using an older OS release.
@ -29,9 +29,9 @@ Currently there is one built-in method for generating new certificates using thi
**For a complete example**: see the fully functional test playbook in [molecule/default/playbook-standalone-nginx-aws.yml](molecule/default/playbook-standalone-nginx-aws.yml). **For a complete example**: see the fully functional test playbook in [molecule/default/playbook-standalone-nginx-aws.yml](molecule/default/playbook-standalone-nginx-aws.yml).
certbot_create_if_missing: false certbot_create_if_missing: false
certbot_create_method: standalone certbot_create_method: certonly
Set `certbot_create_if_missing` to `yes` or `True` to let this role generate certs. Set the method used for generating certs with the `certbot_create_method` variable—current allowed values include: `standalone`. Set `certbot_create_if_missing` to `yes` or `True` to let this role generate certs. Set the method used for generating certs with the `certbot_create_method` variable—current allowed values include: `certonly`.
certbot_admin_email: email@example.com certbot_admin_email: email@example.com
@ -77,7 +77,7 @@ The directory inside which Certbot will be cloned.
### Wildcard Certificates ### Wildcard Certificates
Let's Encrypt supports [generating wildcard certificates](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579), but the process for generating and using them is slightly more involved. See comments in [this pull request](https://github.com/geerlingguy/ansible-role-certbot/pull/60#issuecomment-423919284) for an example of how to use this role to maintain wildcard certs. Let's Encrypt supports [generating wildcard certificates](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579), but the process for generating and using them is slightly more involved. See comments in [this pull request](https://github.com/thiagoalmeidasa/ansible-role-certbot/pull/60#issuecomment-423919284) for an example of how to use this role to maintain wildcard certs.
Michael Porter also has a walkthrough of [Creating A Lets Encrypt Wildcard Cert With Ansible](https://www.michaelpporter.com/2018/09/creating-a-wildcard-cert-with-ansible/), specifically with Cloudflare. Michael Porter also has a walkthrough of [Creating A Lets Encrypt Wildcard Cert With Ansible](https://www.michaelpporter.com/2018/09/creating-a-wildcard-cert-with-ansible/), specifically with Cloudflare.
@ -95,7 +95,7 @@ None.
certbot_auto_renew_hour: "5" certbot_auto_renew_hour: "5"
roles: roles:
- geerlingguy.certbot - thiagoalmeidasa.certbot
See other examples in the `tests/` directory. See other examples in the `tests/` directory.

2
defaults/main.yml
View File

@ -10,7 +10,7 @@ certbot_auto_renew_options: >-
# Parameters used when creating new Certbot certs. # Parameters used when creating new Certbot certs.
certbot_create_if_missing: false certbot_create_if_missing: false
certbot_create_method: standalone certbot_create_method: certonly
certbot_admin_email: email@example.com certbot_admin_email: email@example.com
certbot_certs: [] certbot_certs: []
# - email: janedoe@example.com # - email: janedoe@example.com

6
meta/main.yml
View File

@ -17,7 +17,6 @@ galaxy_info:
platforms: platforms:
- name: EL - name: EL
versions: versions:
- 6
- 7 - 7
- 8 - 8
- name: Fedora - name: Fedora
@ -25,10 +24,11 @@ galaxy_info:
- all - all
- name: Ubuntu - name: Ubuntu
versions: versions:
- all - bionic
- focal
- name: Debian - name: Debian
versions: versions:
- all - buster
galaxy_tags: galaxy_tags:
- networking - networking
- system - system

2
molecule/default/converge.yml
View File

@ -38,4 +38,4 @@
when: ansible_os_family == 'Debian' when: ansible_os_family == 'Debian'
roles: roles:
- geerlingguy.certbot-route53 - thiagoalmeidasa.certbot-route53

2
molecule/default/molecule.yml
View File

@ -17,7 +17,5 @@ platforms:
pre_build_image: true pre_build_image: true
provisioner: provisioner:
name: ansible name: ansible
ansible_args:
- -vvvv
playbooks: playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml} converge: ${MOLECULE_PLAYBOOK:-converge.yml}

24
molecule/default/playbook-source-install.yml
View File

@ -9,18 +9,32 @@
pre_tasks: pre_tasks:
- name: Update apt cache. - name: Update apt cache.
apt: update_cache=yes cache_valid_time=600 apt:
name:
- python3-apt
update_cache: true
cache_valid_time: 600
when: ansible_os_family == 'Debian' when: ansible_os_family == 'Debian'
changed_when: false changed_when: false
- name: Install cron (RedHat). - name: Install cron (RedHat).
yum: name=cronie state=present yum:
name: cronie
state: present
when: ansible_os_family == 'RedHat' when: ansible_os_family == 'RedHat'
- name: Install cron (Debian). - name: Install dependencies (Debian).
apt: name=cron state=present apt:
name:
- cron
- python-setuptools
- python3
- python3-apt
- python3-pip
- python3-setuptools
state: present
when: ansible_os_family == 'Debian' when: ansible_os_family == 'Debian'
roles: roles:
- geerlingguy.git - geerlingguy.git
- geerlingguy.certbot-route53 - thiagoalmeidasa.certbot-route53

2
molecule/default/playbook-standalone-nginx-aws.yml
View File

@ -125,7 +125,7 @@
when: ansible_os_family == 'Debian' when: ansible_os_family == 'Debian'
roles: roles:
- geerlingguy.certbot-route53 - thiagoalmeidasa.certbot-route53
- geerlingguy.nginx - geerlingguy.nginx
tasks: tasks:

1
tasks/include-vars.yml
View File

@ -3,6 +3,7 @@
include_vars: "{{ item }}" include_vars: "{{ item }}"
with_first_found: with_first_found:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_distribution }}.yml" - "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}.yml" - "{{ ansible_os_family }}.yml"
- "default.yml" - "default.yml"

11
tasks/install-from-source.yml
View File

@ -7,12 +7,6 @@
update: "{{ certbot_keep_updated }}" update: "{{ certbot_keep_updated }}"
force: true force: true
- name: Install Certbot route53 plugin.
package:
name:
- python3-certbot-dns-route53
state: present
- name: Set Certbot script variable. - name: Set Certbot script variable.
set_fact: set_fact:
certbot_script: "{{ certbot_dir }}/certbot-auto" certbot_script: "{{ certbot_dir }}/certbot-auto"
@ -21,3 +15,8 @@
file: file:
path: "{{ certbot_script }}" path: "{{ certbot_script }}"
mode: 0755 mode: 0755
- name: Install Certbot route53 plugin.
package:
name: "{{ certbot_route53_package }}"
state: present

3
tasks/install-with-package.yml
View File

@ -6,8 +6,7 @@
- name: Install Certbot route53 plugin. - name: Install Certbot route53 plugin.
package: package:
name: name: "{{ certbot_route53_package }}"
- python3-certbot-dns-route53
state: present state: present
- name: Set Certbot script variable. - name: Set Certbot script variable.

2
tasks/main.yml
View File

@ -14,7 +14,7 @@
with_items: "{{ certbot_certs }}" with_items: "{{ certbot_certs }}"
when: when:
- certbot_create_if_missing - certbot_create_if_missing
- certbot_create_method == 'standalone' - certbot_create_method == 'certonly'
loop_control: loop_control:
loop_var: cert_item loop_var: cert_item

3
vars/CentOS-7.yml Normal file
View File

@ -0,0 +1,3 @@
---
certbot_package: certbot
certbot_route53_package: python2-certbot-dns-route53

1
vars/default.yml
View File

@ -1,2 +1,3 @@
--- ---
certbot_package: certbot certbot_package: certbot
certbot_route53_package: python3-certbot-dns-route53