salt/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Only attempt to fulfill the challenge if we have to

Browse Source
This commit is contained in:
Salt 2020-02-20 05:25:46 -06:00
parent e5a5f5efcd
commit 85b0b2e139
1 changed files with 49 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
roles/https/tasks/main.yml
View File

@ -45,28 +45,31 @@
register: com_challenge register: com_challenge
- name: Create or renew certificate - name: Create or renew certificate
block: block:
- name: Back up website config - name: Fulfill challenge
command: "mv /etc/apache2/sites-enabled/{{ website_url }}.conf /etc/apache2/sites-available/{{ website_url }}.conf" block:
args: - name: Back up website config
creates: "/etc/apache2/sites-available/{{ website_url }}.conf" command: "mv /etc/apache2/sites-enabled/{{ website_url }}.conf /etc/apache2/sites-available/{{ website_url }}.conf"
- name: Create temporary config args:
template: creates: "/etc/apache2/sites-available/{{ website_url }}.conf"
src: apache2-vhost.conf - name: Create temporary config
dest: "/etc/apache2/sites-enabled/{{ website_url }}.conf" template:
- name: Reload Apache src: apache2-vhost.conf
service: dest: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
name: apache2 - name: Reload Apache
state: reloaded service:
- name: Create well-known directory name: apache2
file: state: reloaded
path: "{{ acme_webroot }}/.well-known/acme-challenge" - name: Create well-known directory
mode: "0755" file:
recurse: yes path: "{{ acme_webroot }}/.well-known/acme-challenge"
state: directory mode: "0755"
- name: Copy challenge files recurse: yes
copy: state: directory
dest: "{{ acme_webroot }}/{{ com_challenge['challenge_data'][website_url]['http-01']['resource'] }}" - name: Copy challenge files
content: "{{ com_challenge['challenge_data'][website_url]['http-01']['resource_value'] }}" copy:
dest: "{{ acme_webroot }}/{{ com_challenge['challenge_data'][website_url]['http-01']['resource'] }}"
content: "{{ com_challenge['challenge_data'][website_url]['http-01']['resource_value'] }}"
when: com_challenge['challenge_data']|length > 0
- name: Create certificate - name: Create certificate
acme_certificate: acme_certificate:
acme_directory: "{{ acme_directory }}" acme_directory: "{{ acme_directory }}"
@ -77,18 +80,31 @@
fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt" fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
chain_dest: "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt" chain_dest: "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt"
data: "{{ com_challenge }}" data: "{{ com_challenge }}"
- name: Remove webroot - name: Assign appropriate permissions to certificate
file: file:
path: "{{ acme_webroot }}/.well-known" path: "{{ item }}"
state: absent owner: root
- name: Remove temporary config group: www-data
file: mode: "0640"
path: "/etc/apache2/sites-enabled/{{ website_url }}.conf" loop:
state: absent - "/etc/pki/cert/crt/{{ website_url }}.crt"
- name: Restore original config - "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
command: "/usr/bin/mv /etc/apache2/sites-available/{{ website_url }}.conf /etc/apache2/sites-enabled/{{ website_url }}.conf" - "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt"
args: - name: Clean up fulfillment
creates: "/etc/apache2/sites-enabled/{{ website_url }}.conf" block:
- name: Remove webroot
file:
path: "{{ acme_webroot }}/.well-known"
state: absent
- name: Remove temporary config
file:
path: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
state: absent
- name: Restore original config
command: "/usr/bin/mv /etc/apache2/sites-available/{{ website_url }}.conf /etc/apache2/sites-enabled/{{ website_url }}.conf"
args:
creates: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
when: com_challenge['challenge_data']|length > 0
- name: Reload Apache - name: Reload Apache
service: service:
name: apache2 name: apache2