# Instance configuration for Baserock HAProxy instance. # # This playbook should be run after starting an instance of the Baserock # frontend image. --- - hosts: frontend-haproxy gather_facts: false become: yes vars: domain: ".baserock.org" subdomain_list: - frontend - irclogs - paste - spec - docs - download - ostree - cache full_subdomain_list: "{{ subdomain_list | product([domain]) | map('join') | list }}" full_subdomain_string: "{{ full_subdomain_list | join(',') }}" main_subdomain: "{{ full_subdomain_list[0] }}" letsencrypt_email: "admin@baserock.org" tasks: - name: Install LetsEncrypt client apt: name: - certbot - name: Install certbot hooks copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: '0755' with_items: - src: pre-haproxy.sh dest: /etc/letsencrypt/renewal-hooks/pre/haproxy.sh - src: post-haproxy.sh dest: /etc/letsencrypt/renewal-hooks/post/haproxy.sh - src: deploy-haproxy.sh dest: /etc/letsencrypt/renewal-hooks/deploy/haproxy.sh - name: check for certificate live configuration stat: path: "/etc/letsencrypt/live/{{ main_subdomain }}" get_checksum: no get_mime: no register: letsencrypt_live - name: check for certificate renewal configuration stat: path: "/etc/letsencrypt/renewal/{{ main_subdomain }}.conf" get_checksum: no get_mime: no register: letsencrypt_renewal - name: Generate certificates if not already there command: cmd: "certbot certonly -d {{ full_subdomain_string }} --standalone --pre-hook /etc/letsencrypt/renewal-hooks/pre/haproxy.sh --post-hook /etc/letsencrypt/renewal-hooks/post/haproxy.sh --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/haproxy.sh --agree-tos -m {{ letsencrypt_email }} -n -v" when: not (letsencrypt_live.stat.exists and letsencrypt_renewal.stat.exists) notify: - restart haproxy - name: HAProxy configuration copy: src: haproxy.cfg dest: /etc/haproxy/haproxy.cfg notify: - restart haproxy handlers: - name: restart haproxy service: name: haproxy enabled: true state: restarted