acme.sh fixes

- fix acme.sh home directory
- Clean crash when acme.sh fails (EXPERIMENTAL)
pull/41/head
Emilien Mantel 2019-04-25 13:59:19 +02:00
parent e89a154bb5
commit 4f94fc2211
2 changed files with 68 additions and 47 deletions

View File

@ -52,7 +52,7 @@
update: no update: no
- name: SHELL | Install acme.sh - name: SHELL | Install acme.sh
shell: ./acme.sh --install --home {{ nginx_acmesh_dir }} --cert-home {{ nginx_acmesh_dir }} shell: ./acme.sh --install --home "{{ nginx_acmesh_dir }}"
args: args:
chdir: "{{ nginx_acmesh_git_dir }}" chdir: "{{ nginx_acmesh_git_dir }}"
creates: "{{ nginx_acmesh_dir }}" creates: "{{ nginx_acmesh_dir }}"

View File

@ -17,56 +17,77 @@
loop: "{{ acme_installed_certs.results }}" loop: "{{ acme_installed_certs.results }}"
when: item.skipped is not defined and not item.stat.exists when: item.skipped is not defined and not item.stat.exists
- name: TEMPLATE | Create fake site - name: BLOCK | Start acme
block:
- name: TEMPLATE | Create fake site
template: template:
src: "etc/nginx/conf.d/FAKESITE.conf.j2" src: "etc/nginx/conf.d/FAKESITE.conf.j2"
dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf" dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
loop: "{{ acme_create }}" loop: "{{ acme_create }}"
register: fake_site register: fake_site
- name: FILE | Delete current site if needed - name: FILE | Delete current site if needed
file: file:
path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}" path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}"
state: absent state: absent
loop: "{{ acme_create }}" loop: "{{ acme_create }}"
when: fake_site.changed when: fake_site.changed
- name: SERVICE | Restart nginx - name: SERVICE | Restart nginx
service: service:
name: nginx name: nginx
state: restarted state: restarted
when: fake_site.changed and ansible_virtualization_type != 'docker' when: fake_site.changed and ansible_virtualization_type != 'docker'
- name: COMMAND | Restart nginx - name: COMMAND | Restart nginx
command: service nginx restart command: service nginx restart
args: args:
warn: false warn: false
when: fake_site.changed and ansible_virtualization_type == 'docker' when: fake_site.changed and ansible_virtualization_type == 'docker'
- name: SHELL | Get certificates - name: SHELL | Get certificates
shell: '{{ nginx_acmesh_bin }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}' shell: '{{ nginx_acmesh_bin }} --home {{ nginx_acmesh_dir }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}'
args: args:
creates: "/root/.acme.sh/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key" creates: "{{ nginx_acmesh_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
loop: "{{ acme_create }}" loop: "{{ acme_create }}"
register: acme_get register: acme_get
failed_when: acme_get.rc != 0 and acme_get.rc != 2 failed_when: acme_get.rc != 0 and acme_get.rc != 2
no_log: not nginx_debug_role no_log: not nginx_debug_role
- name: FILE | Create SSL dir per site - name: FILE | Create SSL dir per site
file: file:
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}" path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
loop: "{{ acme_create }}" loop: "{{ acme_create }}"
- name: SHELL | Install certificates - name: SHELL | Install certificates
shell: '{{ nginx_acmesh_bin }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key --reloadcmd "service nginx restart"' shell: '{{ nginx_acmesh_bin }} --home {{ nginx_acmesh_dir }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key --reloadcmd "service nginx restart"'
args: args:
creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key" creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
loop: "{{ nginx_ssl_pairs }}" loop: "{{ nginx_ssl_pairs }}"
when: item.acme is defined and item.acme when: item.acme is defined and item.acme
notify: restart nginx notify: restart nginx
- name: FILE | Delete fake sites rescue:
- name: FILE | Delete acme.sh files
file:
path: "{{ nginx_acmesh_dir }}/{{ item | nginx_site_name }}/"
state: absent
loop: "{{ nginx_ssl_pairs }}"
- name: FAIL | Explicit
fail:
msg: "Something is bad... Auto crash!"
always:
- name: FILE | Delete fake sites
file: file:
path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf" path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
state: absent state: absent
loop: "{{ acme_create }}" loop: "{{ acme_create }}"
notify: restart nginx
- name: META | Flush handlers
meta: flush_handlers