blob: 3e85fbfb44358f1ce2ba625b2a182ec510c411a2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
# Instance configuration for Baserock HAProxy instance.
#
# This playbook should be run after starting an instance of the Baserock
# frontend image.
---
- hosts: frontend-haproxy
gather_facts: false
become: yes
vars:
domain: ".baserock.org"
subdomain_list:
- frontend
- irclogs
- paste
- spec
- docs
- download
- ostree
- cache
full_subdomain_list: "{{ subdomain_list | product([domain]) | map('join') | list }}"
full_subdomain_string: "{{ full_subdomain_list | join(',') }}"
main_subdomain: "{{ full_subdomain_list[0] }}"
letsencrypt_email: "admin@baserock.org"
tasks:
- name: Install LetsEncrypt client
apt:
name:
- certbot
- name: Install certbot hooks
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: '0755'
with_items:
- src: pre-haproxy.sh
dest: /etc/letsencrypt/renewal-hooks/pre/haproxy.sh
- src: post-haproxy.sh
dest: /etc/letsencrypt/renewal-hooks/post/haproxy.sh
- src: deploy-haproxy.sh
dest: /etc/letsencrypt/renewal-hooks/deploy/haproxy.sh
- name: check for certificate live configuration
stat:
path: "/etc/letsencrypt/live/{{ main_subdomain }}"
get_checksum: no
get_mime: no
register: letsencrypt_live
- name: check for certificate renewal configuration
stat:
path: "/etc/letsencrypt/renewal/{{ main_subdomain }}.conf"
get_checksum: no
get_mime: no
register: letsencrypt_renewal
- name: Generate certificates if not already there
command:
cmd: "certbot certonly -d {{ full_subdomain_string }} --standalone --pre-hook /etc/letsencrypt/renewal-hooks/pre/haproxy.sh --post-hook /etc/letsencrypt/renewal-hooks/post/haproxy.sh --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/haproxy.sh --agree-tos -m {{ letsencrypt_email }} -n -v"
when: not (letsencrypt_live.stat.exists and letsencrypt_renewal.stat.exists)
notify:
- restart haproxy
- name: HAProxy configuration
copy:
src: haproxy.cfg
dest: /etc/haproxy/haproxy.cfg
notify:
- restart haproxy
handlers:
- name: restart haproxy
service:
name: haproxy
enabled: true
state: restarted
|