Added cerbot renewal jobs
This commit is contained in:
parent
f292c531db
commit
bd04d892f8
GPG Key ID:
877EEDAF9245103D
@ -1,3 +1,21 @@
|
|||||||
---
|
---
|
||||||
certbot_package_name: certbot
|
certbot_package_name: certbot
|
||||||
certbot_package_state: present
|
certbot_package_state: present
|
||||||
|
|
||||||
|
certbot_service_name: certbot.service
|
||||||
|
|
||||||
|
certbot_timer_name: certbot.timer
|
||||||
|
certbot_timer_state: started
|
||||||
|
certbot_timer_enabled: yes
|
||||||
|
|
||||||
|
certbot_cron_user: root
|
||||||
|
certbot_cron_file_path: /etc/cron.d/certbot
|
||||||
|
certbot_cron_env:
|
||||||
|
path: /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
shell: /bin/sh
|
||||||
|
certbot_cron_command: test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
|
||||||
|
cerbot_cron_hour: "*/12"
|
||||||
|
cerbot_cron_minute: "0"
|
||||||
|
|
||||||
|
certbot_system_timer_on_calender: "*-*-* 00,12:00:00"
|
||||||
|
certbot_system_timer_randomized_delay_sec: 43200
|
||||||
|
|||||||
6
roles/certbot/handlers/main.yaml
Normal file
6
roles/certbot/handlers/main.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- name: systemd daemon-reload
|
||||||
|
systemd:
|
||||||
|
name: "{{ certbot_service_name }}"
|
||||||
|
daemon_reload: yes
|
||||||
|
state: restarted
|
||||||
@ -39,3 +39,47 @@
|
|||||||
- name: request certificates
|
- name: request certificates
|
||||||
include_tasks: "issue.yaml"
|
include_tasks: "issue.yaml"
|
||||||
loop: "{{ certbot_certificates }}"
|
loop: "{{ certbot_certificates }}"
|
||||||
|
|
||||||
|
- name: configure systemd timer
|
||||||
|
block:
|
||||||
|
- name: create systemd timer override directory
|
||||||
|
file:
|
||||||
|
path: "/etc/systemd/system/{{ certbot_timer_name }}.d"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0755
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: configure systemd timer options
|
||||||
|
template:
|
||||||
|
src: certbot.timer.j2
|
||||||
|
dest: "/etc/systemd/system/{{ certbot_timer_name }}.d/override.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: systemd daemon-reload
|
||||||
|
- name: enable the timer
|
||||||
|
systemd:
|
||||||
|
name: "{{ certbot_timer_name }}"
|
||||||
|
state: "{{ certbot_timer_state }}"
|
||||||
|
enabled: "{{ certbot_timer_enabled }}"
|
||||||
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
|
- name: configure cron job
|
||||||
|
block:
|
||||||
|
- name: configure env
|
||||||
|
cron:
|
||||||
|
name: "{{ item.key | upper }}"
|
||||||
|
env: yes
|
||||||
|
job: "{{ item.value }}"
|
||||||
|
user: "{{ certbot_cron_user }}"
|
||||||
|
cron_file: "{{ certbot_cron_file_path }}"
|
||||||
|
loop: "{{ certbot_cron_env | dict2items }}"
|
||||||
|
- name: create job
|
||||||
|
cron:
|
||||||
|
name: certbot
|
||||||
|
user: "{{ certbot_cron_user }}"
|
||||||
|
hour: "{{ certbot_cron_hour }}"
|
||||||
|
minute: "{{ certbot_cron_minute }}"
|
||||||
|
cron_file: "{{ certbot_cron_file_path }}"
|
||||||
|
job: "{{ certbot_cron_command }}"
|
||||||
|
|||||||
5
roles/certbot/templates/certbot.timer.j2
Normal file
5
roles/certbot/templates/certbot.timer.j2
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar={{ certbot_system_timer_on_calender }}
|
||||||
|
RandomizedDelaySec={{ certbot_system_timer_randomized_delay_sec }}
|
||||||
Loading…
Reference in New Issue
Block a user