Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ansible-lint #218

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions handlers/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
- name: Update snap after install
ansible.builtin.shell: snap install core; snap refresh core
changed_when: true
failed_when: false
13 changes: 8 additions & 5 deletions tasks/create-cert-standalone.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
---
- name: Check if certificate already exists.
stat:
ansible.builtin.stat:
path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
register: letsencrypt_cert

- name: Ensure pre and post hook folders exist.
file:
ansible.builtin.file:
path: /etc/letsencrypt/renewal-hooks/{{ item }}
state: directory
mode: 0755
Expand All @@ -16,7 +16,7 @@
- post

- name: Create pre hook to stop services.
template:
ansible.builtin.template:
src: stop_services.j2
dest: /etc/letsencrypt/renewal-hooks/pre/stop_services
owner: root
Expand All @@ -27,7 +27,7 @@
- certbot_create_standalone_stop_services

- name: Create post hook to start services.
template:
ansible.builtin.template:
src: start_services.j2
dest: /etc/letsencrypt/renewal-hooks/post/start_services
owner: root
Expand All @@ -38,5 +38,8 @@
- certbot_create_standalone_stop_services

- name: Generate new certificate if one doesn't exist.
command: "{{ certbot_create_command }}"
ansible.builtin.command: "{{ certbot_create_command }}"
register: certbot_create_command_result
when: not letsencrypt_cert.stat.exists
changed_when:
- certbot_create_command_result.rc is defined and certbot_create_command_result.rc == 0
12 changes: 9 additions & 3 deletions tasks/create-cert-webroot.yml
Original file line number Diff line number Diff line change
@@ -1,14 +1,20 @@
---
- name: Check if certificate already exists.
stat:
ansible.builtin.stat:
path: /etc/letsencrypt/live/{{ cert_item.domains | first }}/cert.pem
register: letsencrypt_cert

- name: Create webroot directory if it doesn't exist yet
file:
ansible.builtin.file:
path: "{{ cert_item.webroot | default(certbot_webroot) }}"
state: directory
owner: root
group: root
mode: '0755'

- name: Generate new certificate if one doesn't exist.
command: "{{ certbot_create_command }}"
ansible.builtin.command: "{{ certbot_create_command }}"
register: certbot_create_command_result
when: not letsencrypt_cert.stat.exists
changed_when:
- certbot_create_command_result.rc is defined and certbot_create_command_result.rc == 0
2 changes: 1 addition & 1 deletion tasks/include-vars.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
- name: Load a variable file based on the OS type, or a default if not found.
include_vars: "{{ item }}"
ansible.builtin.include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
- "{{ ansible_distribution }}.yml"
Expand Down
6 changes: 3 additions & 3 deletions tasks/install-from-source.yml
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
---
- name: Clone Certbot into configured directory.
git:
ansible.builtin.git:
repo: "{{ certbot_repo }}"
dest: "{{ certbot_dir }}"
version: "{{ certbot_version }}"
update: "{{ certbot_keep_updated }}"
force: true

- name: Set Certbot script variable.
set_fact:
ansible.builtin.set_fact:
certbot_script: "{{ certbot_dir }}/certbot-auto"

- name: Ensure certbot-auto is executable.
file:
ansible.builtin.file:
path: "{{ certbot_script }}"
mode: 0755
6 changes: 4 additions & 2 deletions tasks/install-with-package.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
---
- name: Install Certbot.
package: "name={{ certbot_package }} state=present"
ansible.builtin.package:
name: "{{ certbot_package }}"
state: present

- name: Set Certbot script variable.
set_fact:
ansible.builtin.set_fact:
certbot_script: "{{ certbot_package }}"
21 changes: 8 additions & 13 deletions tasks/install-with-snap.yml
Original file line number Diff line number Diff line change
@@ -1,41 +1,36 @@
---
- name: Ensure snapd is installed.
package:
ansible.builtin.package:
name: snapd
state: present
register: snapd_install
notify:
- Update snap after install

- name: Ensure snapd is enabled.
systemd:
ansible.builtin.systemd:
name: snapd.socket
enabled: true
state: started

- name: Enable classic snap support.
file:
ansible.builtin.file:
src: /var/lib/snapd/snap
dest: /snap
state: link
when: ansible_os_family != "Debian"

- name: Update snap after install.
tonve marked this conversation as resolved.
Show resolved Hide resolved
shell: snap install core; snap refresh core
changed_when: true
failed_when: false
when: snapd_install is changed

- name: Install certbot via snap.
snap:
community.general.snap:
name: certbot
classic: true

- name: Symlink certbot into place.
file:
ansible.builtin.file:
src: /snap/bin/certbot
dest: /usr/bin/certbot
state: link
ignore_errors: "{{ ansible_check_mode }}"

- name: Set Certbot script variable.
set_fact:
ansible.builtin.set_fact:
certbot_script: /usr/bin/certbot
24 changes: 16 additions & 8 deletions tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,33 +1,41 @@
---
- import_tasks: include-vars.yml
- name: Include vars
ansible.builtin.import_tasks: include-vars.yml

- import_tasks: setup-RedHat.yml
- name: Import Redhat task
ansible.builtin.import_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'

- import_tasks: install-with-package.yml
- name: Standalone install method choosed
ansible.builtin.import_tasks: install-with-package.yml
when: certbot_install_method == 'package'

- import_tasks: install-with-snap.yml
- name: Snap install method choosed
ansible.builtin.import_tasks: install-with-snap.yml
when: certbot_install_method == 'snap'

- import_tasks: install-from-source.yml
- name: Source install method choosed
ansible.builtin.import_tasks: install-from-source.yml
when: certbot_install_method == 'source'

- include_tasks: create-cert-standalone.yml
- name: Create certs for standalone install
ansible.builtin.include_tasks: create-cert-standalone.yml
with_items: "{{ certbot_certs }}"
when:
- certbot_create_if_missing
- certbot_create_method == 'standalone'
loop_control:
loop_var: cert_item

- include_tasks: create-cert-webroot.yml
- name: Create certs for webroot install
ansible.builtin.include_tasks: create-cert-webroot.yml
with_items: "{{ certbot_certs }}"
when:
- certbot_create_if_missing
- certbot_create_method == 'webroot'
loop_control:
loop_var: cert_item

- import_tasks: renew-cron.yml
- name: Check cron jobs
ansible.builtin.import_tasks: renew-cron.yml
when: certbot_auto_renew
2 changes: 1 addition & 1 deletion tasks/renew-cron.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
- name: Add cron job for certbot renewal (if configured).
cron:
ansible.builtin.cron:
name: Certbot automatic renewal.
job: "{{ certbot_script }} renew {{ certbot_auto_renew_options }}"
minute: "{{ certbot_auto_renew_minute }}"
Expand Down
26 changes: 26 additions & 0 deletions tasks/setup-RedHat.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,31 @@
---
# See: https://github.com/geerlingguy/ansible-role-certbot/issues/107
- name: Check dnf modules for Redhat family
when:
- ansible_distribution == 'CentOS'
- ansible_distribution_major_version | int >= 8
block:
- name: Ensure dnf-plugins are installed on CentOS 8+.
ansible.builtin.yum:
name: dnf-plugins-core
state: present

when: ansible_facts['distribution_version'] is version('8.2', '<=')
- name: Check dnf modules for Centos
block:
- name: Enable DNF module for CentOS 8.3+.
ansible.builtin.shell: |
dnf config-manager --set-enabled powertools
register: dnf_module_enable
changed_when: false
when: ansible_facts['distribution_version'] is version('8.3', '>=')

- name: Enable DNF module for CentOS 8.0–8.2.
ansible.builtin.shell: |
dnf config-manager --set-enabled PowerTools
register: dnf_module_enable
changed_when: false

- name: Ensure dnf-plugins are installed on Rocky/AlmaLinux.
yum:
name: dnf-plugins-core
Expand Down
Loading