From bd04d892f8e86807225e118bb8018678e0bb778e Mon Sep 17 00:00:00 2001 From: Ryan Cavicchioni Date: Wed, 27 Nov 2019 16:10:19 -0600 Subject: [PATCH] Added cerbot renewal jobs --- roles/certbot/defaults/main.yaml | 18 ++++++++++ roles/certbot/handlers/main.yaml | 6 ++++ roles/certbot/tasks/main.yaml | 44 ++++++++++++++++++++++++ roles/certbot/templates/certbot.timer.j2 | 5 +++ 4 files changed, 73 insertions(+) create mode 100644 roles/certbot/handlers/main.yaml create mode 100644 roles/certbot/templates/certbot.timer.j2 diff --git a/roles/certbot/defaults/main.yaml b/roles/certbot/defaults/main.yaml index f1c788a..1b615a5 100644 --- a/roles/certbot/defaults/main.yaml +++ b/roles/certbot/defaults/main.yaml @@ -1,3 +1,21 @@ --- certbot_package_name: certbot certbot_package_state: present + +certbot_service_name: certbot.service + +certbot_timer_name: certbot.timer +certbot_timer_state: started +certbot_timer_enabled: yes + +certbot_cron_user: root +certbot_cron_file_path: /etc/cron.d/certbot +certbot_cron_env: + path: /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + shell: /bin/sh +certbot_cron_command: test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew +cerbot_cron_hour: "*/12" +cerbot_cron_minute: "0" + +certbot_system_timer_on_calender: "*-*-* 00,12:00:00" +certbot_system_timer_randomized_delay_sec: 43200 diff --git a/roles/certbot/handlers/main.yaml b/roles/certbot/handlers/main.yaml new file mode 100644 index 0000000..bda969d --- /dev/null +++ b/roles/certbot/handlers/main.yaml @@ -0,0 +1,6 @@ +--- +- name: systemd daemon-reload + systemd: + name: "{{ certbot_service_name }}" + daemon_reload: yes + state: restarted diff --git a/roles/certbot/tasks/main.yaml b/roles/certbot/tasks/main.yaml index 04f2adf..d57f078 100644 --- a/roles/certbot/tasks/main.yaml +++ b/roles/certbot/tasks/main.yaml @@ -39,3 +39,47 @@ - name: request certificates include_tasks: "issue.yaml" loop: "{{ certbot_certificates }}" + +- name: configure systemd timer + block: + - name: create systemd timer override directory + file: + path: "/etc/systemd/system/{{ certbot_timer_name }}.d" + owner: root + group: root + mode: 0755 + state: directory + + - name: configure systemd timer options + template: + src: certbot.timer.j2 + dest: "/etc/systemd/system/{{ certbot_timer_name }}.d/override.conf" + owner: root + group: root + mode: 0644 + notify: systemd daemon-reload + - name: enable the timer + systemd: + name: "{{ certbot_timer_name }}" + state: "{{ certbot_timer_state }}" + enabled: "{{ certbot_timer_enabled }}" + when: ansible_service_mgr == "systemd" + +- name: configure cron job + block: + - name: configure env + cron: + name: "{{ item.key | upper }}" + env: yes + job: "{{ item.value }}" + user: "{{ certbot_cron_user }}" + cron_file: "{{ certbot_cron_file_path }}" + loop: "{{ certbot_cron_env | dict2items }}" + - name: create job + cron: + name: certbot + user: "{{ certbot_cron_user }}" + hour: "{{ certbot_cron_hour }}" + minute: "{{ certbot_cron_minute }}" + cron_file: "{{ certbot_cron_file_path }}" + job: "{{ certbot_cron_command }}" diff --git a/roles/certbot/templates/certbot.timer.j2 b/roles/certbot/templates/certbot.timer.j2 new file mode 100644 index 0000000..31970c6 --- /dev/null +++ b/roles/certbot/templates/certbot.timer.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +[Timer] +OnCalendar={{ certbot_system_timer_on_calender }} +RandomizedDelaySec={{ certbot_system_timer_randomized_delay_sec }}