Merge pull request #142 from geerlingguy/134-snap-install-method

Issue #134: Snap install method.
pull/50/merge 4.0.0
Jeff Geerling 4 years ago committed by GitHub
commit fdba1c4352
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 3
      .ansible-lint
  2. 13
      .github/workflows/ci.yml
  3. 2
      .gitignore
  4. 17
      README.md
  5. 7
      defaults/main.yml
  6. 26
      molecule/default/playbook-snap-install.yml
  7. 2
      molecule/default/playbook-source-install.yml
  8. 38
      tasks/install-with-snap.yml
  9. 7
      tasks/main.yml

@ -1,2 +1,3 @@
skip_list: skip_list:
- '106' - 'yaml'
- 'role-name'

@ -29,12 +29,11 @@ jobs:
python-version: '3.x' python-version: '3.x'
- name: Install test dependencies. - name: Install test dependencies.
run: pip3 install yamllint ansible-lint run: pip3 install yamllint
- name: Lint code. - name: Lint code.
run: | run: |
yamllint . yamllint .
ansible-lint
molecule: molecule:
name: Molecule name: Molecule
@ -44,14 +43,23 @@ jobs:
include: include:
- distro: centos8 - distro: centos8
playbook: converge.yml playbook: converge.yml
experimental: false
- distro: centos7 - distro: centos7
playbook: converge.yml playbook: converge.yml
experimental: false
- distro: ubuntu1804 - distro: ubuntu1804
playbook: converge.yml playbook: converge.yml
experimental: false
- distro: debian10 - distro: debian10
playbook: converge.yml playbook: converge.yml
experimental: false
- distro: centos7 - distro: centos7
playbook: playbook-source-install.yml playbook: playbook-source-install.yml
experimental: false
- distro: centos7
playbook: playbook-snap-install.yml
experimental: true
steps: steps:
- name: Check out the codebase. - name: Check out the codebase.
@ -69,6 +77,7 @@ jobs:
- name: Run Molecule tests. - name: Run Molecule tests.
run: molecule test run: molecule test
continue-on-error: ${{ matrix.experimental }}
env: env:
PY_COLORS: '1' PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1' ANSIBLE_FORCE_COLOR: '1'

2
.gitignore vendored

@ -1,3 +1,5 @@
*.retry *.retry
*/__pycache__ */__pycache__
*.pyc *.pyc
.cache

@ -12,7 +12,9 @@ Generally, installing from source (see section `Source Installation from Git`) l
## Role Variables ## Role Variables
The variable `certbot_install_from_source` controls whether to install Certbot from Git or package management. The latter is the default, so the variable defaults to `no`. certbot_install_method: package
Controls how Certbot is installed. Available options are 'package', 'snap', and 'source'.
certbot_auto_renew: true certbot_auto_renew: true
certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
@ -60,16 +62,23 @@ Services that should be stopped while `certbot` runs it's own standalone server
These services will only be stopped the first time a new cert is generated. These services will only be stopped the first time a new cert is generated.
### Snap Installation
Beginning in December 2020, the Certbot maintainers decided to recommend installing Certbot from Snap rather than maintain scripts like `certbot-auto`.
Setting `certbot_install_method: snap` configures this role to install Certbot via Snap.
This install method is currently experimental and may or may not work across all Linux distributions.
### Source Installation from Git ### Source Installation from Git
You can install Certbot from it's Git source repository if desired. This might be useful in several cases, but especially when older distributions don't have Certbot packages available (e.g. CentOS < 7, Ubuntu < 16.10 and Debian < 8). You can install Certbot from it's Git source repository if desired with `certbot_install_method: source`. This might be useful in several cases, but especially when older distributions don't have Certbot packages available (e.g. CentOS < 7, Ubuntu < 16.10 and Debian < 8).
certbot_install_from_source: false
certbot_repo: https://github.com/certbot/certbot.git certbot_repo: https://github.com/certbot/certbot.git
certbot_version: master certbot_version: master
certbot_keep_updated: true certbot_keep_updated: true
Certbot Git repository options. To install from source, set `certbot_install_from_source` to `yes`. This clones the configured `certbot_repo`, respecting the `certbot_version` setting. If `certbot_keep_updated` is set to `yes`, the repository is updated every time this role runs. Certbot Git repository options. If installing from source, the configured `certbot_repo` is cloned, respecting the `certbot_version` setting. If `certbot_keep_updated` is set to `yes`, the repository is updated every time this role runs.
certbot_dir: /opt/certbot certbot_dir: /opt/certbot

@ -27,9 +27,10 @@ certbot_create_standalone_stop_services:
# - apache # - apache
# - varnish # - varnish
# To install from source (on older OSes or if you need a specific or newer # Available options: 'package', 'snap', 'source'.
# version of Certbot), set this variable to `yes` and configure other options. certbot_install_method: 'package'
certbot_install_from_source: false
# Source install configuration.
certbot_repo: https://github.com/certbot/certbot.git certbot_repo: https://github.com/certbot/certbot.git
certbot_version: master certbot_version: master
certbot_keep_updated: true certbot_keep_updated: true

@ -0,0 +1,26 @@
---
- name: Converge
hosts: all
become: true
vars:
certbot_install_method: 'snap'
certbot_auto_renew_user: root
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
- name: Install cron (RedHat).
yum: name=cronie state=present
when: ansible_os_family == 'RedHat'
- name: Install cron (Debian).
apt: name=cron state=present
when: ansible_os_family == 'Debian'
roles:
- geerlingguy.git
- geerlingguy.certbot

@ -4,7 +4,7 @@
become: true become: true
vars: vars:
certbot_install_from_source: true certbot_install_method: 'source'
certbot_auto_renew_user: root certbot_auto_renew_user: root
pre_tasks: pre_tasks:

@ -0,0 +1,38 @@
---
- name: Ensure snapd is installed.
package:
name: snapd
state: present
register: snapd_install
- name: Ensure snapd is enabled.
systemd:
name: snapd.socket
enabled: true
- name: Enable classic snap support.
file:
src: /var/lib/snapd/snap
dest: /snap
state: link
- name: Update snap after install.
shell: snap install core; snap refresh core
changed_when: true
failed_when: false
when: snapd_install is changed
- name: Install certbot via snap.
snap:
name: certbot
classic: true
- name: Symlink certbot into place.
file:
src: /snap/bin/certbot
dest: /usr/bin/certbot
state: link
- name: Set Certbot script variable.
set_fact:
certbot_script: /usr/bin/certbot

@ -5,10 +5,13 @@
when: ansible_os_family == 'RedHat' when: ansible_os_family == 'RedHat'
- import_tasks: install-with-package.yml - import_tasks: install-with-package.yml
when: not certbot_install_from_source when: certbot_install_method == 'package'
- import_tasks: install-with-snap.yml
when: certbot_install_method == 'snap'
- import_tasks: install-from-source.yml - import_tasks: install-from-source.yml
when: certbot_install_from_source when: certbot_install_method == 'source'
- include_tasks: create-cert-standalone.yml - include_tasks: create-cert-standalone.yml
with_items: "{{ certbot_certs }}" with_items: "{{ certbot_certs }}"

Loading…
Cancel
Save