Allow deploy tasks after create and renew actions

eb8bf766 · jurgenhaas · 7987a10c · eb8bf766 · eb8bf766 · eb8bf766
Commit eb8bf766 authored 6 years ago by jurgenhaas
--- a/tasks/cert_deploy.yml
+++ b/tasks/cert_deploy.yml
+---
+# file: roles/letsencrypt/tasks/cert_deploy.yml
+
+- block:
+
+  - name: "Deploy Cert"
+    shell: 'openssl {{ cert.export.type }} -export -out /tmp/{{ cert.domain }}.deploy -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:'
+    args:
+      chdir: '/etc/letsencrypt/live/{{ cert.domain }}'
+
+  - name: "Attribute deployed cert"
+    copy:
+      src: '/tmp/{{ cert.domain }}.deploy'
+      dest: '{{ cert.export.dest }}'
+      remote_src: yes
+      owner: '{{ cert.export.owner }}'
+      group: '{{ cert.export.group }}'
+
+  when: cert.export is defined
+  tags:
+    - 'ApacheConfig'
+    - 'Certs'
+    - 'renew'
--- a/tasks/cert_generate.yml
+++ b/tasks/cert_generate.yml
@@ -31,6 +31,8 @@
      jump: 'ACCEPT'
      state: 'absent'

+  - include_tasks: cert_deploy.yml
+
  - name: "Start services"
    service:
      name: '{{ item }}'

--- a/tasks/renew.yml
+++ b/tasks/renew.yml
@@ -33,6 +33,11 @@
    jump: 'ACCEPT'
    state: 'absent'

+- include_tasks: cert_deploy.yml
+  with_items: '{{ letsencrypt_certificates|default([]) }}'
+  loop_control:
+    loop_var: cert
+
 - name: "Build HaProxy Certs"
  import_tasks: '../../haproxy/tasks/buildcerts.yml'
  tags: 'always'