Have the https role do all the config changing
Hopefully this should cut down on erroneous changes
This commit is contained in:
parent
d41b4ebbdf
commit
e44a6126c8
@ -43,21 +43,29 @@
|
|||||||
dest: "/etc/pki/cert/crt/{{ website_url }}.crt"
|
dest: "/etc/pki/cert/crt/{{ website_url }}.crt"
|
||||||
fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
|
fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
|
||||||
register: com_challenge
|
register: com_challenge
|
||||||
- name: Fulfill challenge
|
- name: Create or renew certificate
|
||||||
block:
|
block:
|
||||||
|
- name: Back up website config
|
||||||
|
command: "/usr/bin/mv /etc/apache2/sites-enabled/{{ website_url }}.conf /etc/apache2/sites-disabled/{{ website_url }}.conf"
|
||||||
|
args:
|
||||||
|
creates: "/etc/apache2/sites-disabled/{{ website_url }}.conf"
|
||||||
|
- name: Create temporary config
|
||||||
|
template:
|
||||||
|
src: apache2-vhost.conf
|
||||||
|
dest: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||||
- name: Reload Apache
|
- name: Reload Apache
|
||||||
service:
|
service:
|
||||||
name: apache2
|
name: apache2
|
||||||
state: reloaded
|
state: reloaded
|
||||||
- name: Create well-known directory
|
- name: Create well-known directory
|
||||||
file:
|
file:
|
||||||
path: "{{ website_webroot }}/.well-known/acme-challenge"
|
path: "{{ acme_webroot }}/.well-known/acme-challenge"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
recurse: yes
|
recurse: yes
|
||||||
state: directory
|
state: directory
|
||||||
- name: Copy challenge files
|
- name: Copy challenge files
|
||||||
copy:
|
copy:
|
||||||
dest: "{{ website_webroot }}/{{ com_challenge['challenge_data'][website_url]['http-01']['resource'] }}"
|
dest: "{{ acme_webroot }}/{{ com_challenge['challenge_data'][website_url]['http-01']['resource'] }}"
|
||||||
content: "{{ com_challenge['challenge_data'][website_url]['http-01']['resource_value'] }}"
|
content: "{{ com_challenge['challenge_data'][website_url]['http-01']['resource_value'] }}"
|
||||||
- name: Create certificate
|
- name: Create certificate
|
||||||
acme_certificate:
|
acme_certificate:
|
||||||
@ -69,9 +77,21 @@
|
|||||||
fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
|
fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
|
||||||
chain_dest: "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt"
|
chain_dest: "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt"
|
||||||
data: "{{ com_challenge }}"
|
data: "{{ com_challenge }}"
|
||||||
- name: Clean up
|
- name: Remove webroot
|
||||||
file:
|
file:
|
||||||
path: "{{ website_webroot }}/.well-known"
|
path: "{{ acme_webroot }}/.well-known"
|
||||||
state: absent
|
state: absent
|
||||||
|
- name: Remove temporary config
|
||||||
|
file:
|
||||||
|
path: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||||
|
state: absent
|
||||||
|
- name: Restore original config
|
||||||
|
command: "/usr/bin/mv /etc/apache2/sites-disabled/{{ website_url }}.conf /etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||||
|
args:
|
||||||
|
creates: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||||
|
- name: Reload Apache
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
state: reloaded
|
||||||
when: com_challenge is changed
|
when: com_challenge is changed
|
||||||
become: yes
|
become: yes
|
||||||
|
14
roles/https/templates/apache2-vhost.conf
Normal file
14
roles/https/templates/apache2-vhost.conf
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
# TEMPORARY configuration for {{ website_url }}
|
||||||
|
# If this file doesn't disappear quickly, there's a HUGE PROBLEM
|
||||||
|
# vim:ft=apache:
|
||||||
|
|
||||||
|
# Website configuration
|
||||||
|
<VirtualHost *:80>
|
||||||
|
ServerName {{ website_url }}
|
||||||
|
DocumentRoot {{ acme_webroot }}
|
||||||
|
<Directory "{{ acme_webroot }}">
|
||||||
|
Require all granted
|
||||||
|
AllowOverride All
|
||||||
|
Options MultiViews FollowSymlinks
|
||||||
|
</Directory>
|
||||||
|
</VirtualHost>
|
Loading…
Reference in New Issue
Block a user