Blame - tasks/main.yml - ansible/role/acme

blob: 6a57595c041400ec95068a73bcf4e0df984edb1a [file] [log] [blame]

Zack Williams	845c7ca	2020-07-06 17:19:27 -0700	[diff] [blame]	1	---
				2	# acme tasks/main.yml
				3	#
				4	# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
				5	# SPDX-License-Identifier: Apache-2.0
				6
				7	- name: include OS-specific vars
				8	include_vars: "{{ ansible_os_family }}.yml"
				9
				10	- name: include OS-specific tasks
				11	include_tasks: "{{ ansible_os_family }}.yml"
				12
				13	- name: Create group for acme.sh
				14	group:
				15	name: "{{ acmesh_groupname }}"
				16
				17	- name: Create user for acme.sh
				18	user:
				19	name: "{{ acmesh_username }}"
				20	group: "{{ acmesh_groupname }}"
				21	comment: "{{ acmesh_comment }}"
				22	shell: "{{ acmesh_shell }}"
				23	home: "{{ acmesh_base_dir }}/home"
				24	create_home: no # yamllint disable-line rule:truthy
				25	password_lock: true
				26
				27	- name: Allow acme.sh user to restart the webserver
				28	template:
				29	src: "acme_sudoers.j2"
				30	dest: "/etc/sudoers.d/acme_sudoers"
				31	owner: "root"
				32	group: "root"
Zack Williams	b13432c	2020-10-30 13:13:17 -0700	[diff] [blame]	33	mode: 0440
Zack Williams	845c7ca	2020-07-06 17:19:27 -0700	[diff] [blame]	34	validate: "visudo -c -s -f %s"
				35
				36	- name: Create certificate dir
				37	file:
				38	path: "{{ certificate_dir }}"
				39	state: directory
				40	owner: "{{ acmesh_username }}"
				41	group: "{{ webserver_groupname }}"
				42	mode: "0750"
				43
				44	- name: Create per-domain sub-dirs
				45	file:
				46	path: "{{ certificate_dir }}/{{ item.cert_names \| first }}"
				47	state: directory
				48	owner: "{{ acmesh_username }}"
				49	group: "{{ webserver_groupname }}"
				50	mode: "0750"
				51	with_items: "{{ acme_certs }}"
				52
				53	- name: Create base dir for acme.sh
				54	file:
				55	path: "{{ acmesh_base_dir }}"
				56	state: directory
				57	owner: "{{ acmesh_username }}"
				58	group: "{{ acmesh_groupname }}"
				59	mode: "0755"
				60
				61	- name: Create subdirs for home/dist of acme.sh
				62	file:
				63	path: "{{ item }}"
				64	state: directory
				65	owner: "{{ acmesh_username }}"
				66	group: "{{ webserver_groupname }}"
				67	mode: "0700"
				68	with_items:
				69	- "{{ acmesh_base_dir }}/dist"
				70	- "{{ acmesh_base_dir }}/home"
				71
				72	- name: Create log dir for acme.sh
				73	file:
				74	path: "{{ acmesh_log_dir }}"
				75	state: directory
				76	owner: "{{ acmesh_username }}"
				77	group: "{{ acmesh_groupname }}"
				78	mode: "0755"
				79
				80	- name: Create acme-challenge webroot directory
				81	file:
				82	path: "{{ acme_challenge_dir }}"
				83	state: directory
				84	owner: "{{ acmesh_username }}"
				85	group: "{{ webserver_groupname }}"
				86	mode: "0755"
				87
				88	- name: Checkout acme.sh into dist directory
				89	become: true
				90	become_user: "{{ acmesh_username }}"
				91	git:
				92	repo: "https://github.com/acmesh-official/acme.sh.git"
				93	dest: "{{ acmesh_base_dir }}/dist"
				94	version: "{{ acmesh_version }}"
				95	register: acmesh_git
				96
				97	- name: Install acme.sh
				98	become: true
				99	become_user: "{{ acmesh_username }}"
				100	command:
				101	chdir: "{{ acmesh_base_dir }}/dist"
				102	cmd: >
				103	./acme.sh install
				104	--log "{{ acmesh_log_dir }}/acmesh.log"
				105	--config-home "{{ acmesh_base_dir }}/home"
				106	--account_email "{{ acmesh_email }}"
				107	creates: "{{ acmesh_base_dir }}/home/.acme.sh"
				108
				109	- name: Issue certificates (HTTP challenge)
				110	become: true
				111	become_user: "{{ acmesh_username }}"
				112	command:
				113	chdir: "{{ acmesh_base_dir }}/home/.acme.sh"
				114	cmd: >
				115	./acme.sh
				116	--issue
				117	-d {{ item.cert_names \| join (" -d ") }}
				118	--webroot {{ acme_challenge_dir }}
				119	creates: \|
				120	{{ acmesh_base_dir }}/home/.acme.sh/{{ item.cert_names \| first }}
				121	with_items: "{{ acme_certs }}"
				122	when: item.method is defined and item.method == "http"
				123	notify:
				124	install-certs
				125
				126	- name: Issue certificates (DNS challenge)
				127	become: true
				128	become_user: "{{ acmesh_username }}"
				129	environment: "{{ acmesh_dns_env_vars }}"
				130	command:
				131	chdir: "{{ acmesh_base_dir }}/home/.acme.sh"
				132	cmd: >
				133	./acme.sh
				134	--issue
				135	-d {{ item.cert_names \| join (" -d ") }}
				136	--dns {{ acmesh_dns_provider }}
				137	creates: \|
				138	{{ acmesh_base_dir }}/home/.acme.sh/{{ item.cert_names \| first }}
				139	with_items: "{{ acme_certs }}"
				140	when: item.method is defined and item.method == "dns"
				141	notify:
				142	install-certs
				143
				144	- name: Flush handlers to reconfigure before dependent roles run (nginx, etc.)
				145	meta: flush_handlers