acme.sh fixes
- fix acme.sh home directory - Clean crash when acme.sh fails (EXPERIMENTAL)pull/41/head
parent
e89a154bb5
commit
4f94fc2211
|
@ -52,7 +52,7 @@
|
||||||
update: no
|
update: no
|
||||||
|
|
||||||
- name: SHELL | Install acme.sh
|
- name: SHELL | Install acme.sh
|
||||||
shell: ./acme.sh --install --home {{ nginx_acmesh_dir }} --cert-home {{ nginx_acmesh_dir }}
|
shell: ./acme.sh --install --home "{{ nginx_acmesh_dir }}"
|
||||||
args:
|
args:
|
||||||
chdir: "{{ nginx_acmesh_git_dir }}"
|
chdir: "{{ nginx_acmesh_git_dir }}"
|
||||||
creates: "{{ nginx_acmesh_dir }}"
|
creates: "{{ nginx_acmesh_dir }}"
|
||||||
|
|
|
@ -17,56 +17,77 @@
|
||||||
loop: "{{ acme_installed_certs.results }}"
|
loop: "{{ acme_installed_certs.results }}"
|
||||||
when: item.skipped is not defined and not item.stat.exists
|
when: item.skipped is not defined and not item.stat.exists
|
||||||
|
|
||||||
- name: TEMPLATE | Create fake site
|
- name: BLOCK | Start acme
|
||||||
|
block:
|
||||||
|
|
||||||
|
- name: TEMPLATE | Create fake site
|
||||||
template:
|
template:
|
||||||
src: "etc/nginx/conf.d/FAKESITE.conf.j2"
|
src: "etc/nginx/conf.d/FAKESITE.conf.j2"
|
||||||
dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
|
dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
|
||||||
loop: "{{ acme_create }}"
|
loop: "{{ acme_create }}"
|
||||||
register: fake_site
|
register: fake_site
|
||||||
|
|
||||||
- name: FILE | Delete current site if needed
|
- name: FILE | Delete current site if needed
|
||||||
file:
|
file:
|
||||||
path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}"
|
path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}"
|
||||||
state: absent
|
state: absent
|
||||||
loop: "{{ acme_create }}"
|
loop: "{{ acme_create }}"
|
||||||
when: fake_site.changed
|
when: fake_site.changed
|
||||||
|
|
||||||
- name: SERVICE | Restart nginx
|
- name: SERVICE | Restart nginx
|
||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: restarted
|
state: restarted
|
||||||
when: fake_site.changed and ansible_virtualization_type != 'docker'
|
when: fake_site.changed and ansible_virtualization_type != 'docker'
|
||||||
|
|
||||||
- name: COMMAND | Restart nginx
|
- name: COMMAND | Restart nginx
|
||||||
command: service nginx restart
|
command: service nginx restart
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
when: fake_site.changed and ansible_virtualization_type == 'docker'
|
when: fake_site.changed and ansible_virtualization_type == 'docker'
|
||||||
|
|
||||||
- name: SHELL | Get certificates
|
- name: SHELL | Get certificates
|
||||||
shell: '{{ nginx_acmesh_bin }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}'
|
shell: '{{ nginx_acmesh_bin }} --home {{ nginx_acmesh_dir }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}'
|
||||||
args:
|
args:
|
||||||
creates: "/root/.acme.sh/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
|
creates: "{{ nginx_acmesh_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
|
||||||
loop: "{{ acme_create }}"
|
loop: "{{ acme_create }}"
|
||||||
register: acme_get
|
register: acme_get
|
||||||
failed_when: acme_get.rc != 0 and acme_get.rc != 2
|
failed_when: acme_get.rc != 0 and acme_get.rc != 2
|
||||||
no_log: not nginx_debug_role
|
no_log: not nginx_debug_role
|
||||||
|
|
||||||
- name: FILE | Create SSL dir per site
|
- name: FILE | Create SSL dir per site
|
||||||
file:
|
file:
|
||||||
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
|
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
|
||||||
loop: "{{ acme_create }}"
|
loop: "{{ acme_create }}"
|
||||||
|
|
||||||
- name: SHELL | Install certificates
|
- name: SHELL | Install certificates
|
||||||
shell: '{{ nginx_acmesh_bin }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key --reloadcmd "service nginx restart"'
|
shell: '{{ nginx_acmesh_bin }} --home {{ nginx_acmesh_dir }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key --reloadcmd "service nginx restart"'
|
||||||
args:
|
args:
|
||||||
creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
|
creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
|
||||||
loop: "{{ nginx_ssl_pairs }}"
|
loop: "{{ nginx_ssl_pairs }}"
|
||||||
when: item.acme is defined and item.acme
|
when: item.acme is defined and item.acme
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: FILE | Delete fake sites
|
rescue:
|
||||||
|
|
||||||
|
- name: FILE | Delete acme.sh files
|
||||||
|
file:
|
||||||
|
path: "{{ nginx_acmesh_dir }}/{{ item | nginx_site_name }}/"
|
||||||
|
state: absent
|
||||||
|
loop: "{{ nginx_ssl_pairs }}"
|
||||||
|
|
||||||
|
- name: FAIL | Explicit
|
||||||
|
fail:
|
||||||
|
msg: "Something is bad... Auto crash!"
|
||||||
|
|
||||||
|
always:
|
||||||
|
|
||||||
|
- name: FILE | Delete fake sites
|
||||||
file:
|
file:
|
||||||
path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
|
path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
|
||||||
state: absent
|
state: absent
|
||||||
loop: "{{ acme_create }}"
|
loop: "{{ acme_create }}"
|
||||||
|
notify: restart nginx
|
||||||
|
|
||||||
|
- name: META | Flush handlers
|
||||||
|
meta: flush_handlers
|
||||||
|
|
Loading…
Reference in New Issue