Skip to content
Snippets Groups Projects
Commit 0a938de1 authored by jurgenhaas's avatar jurgenhaas
Browse files

Renew letsencrypt certs only on active proxy and rsync them to the inactive ones

parent 622c3484
No related branches found
No related tags found
No related merge requests found
......@@ -27,5 +27,29 @@
- name: "Build HaCerts"
include: 'buildcerts.yml'
- name: "Set directory permissions to current user"
file:
path: '/etc/letsencrypt'
owner: '{{ ansible_env.SUDO_USER }}'
recurse: yes
tags: Certs
when: proxy_active
tags: Certs
when: 'proxy_active and "letsencrypt" not in excluded_roles'
- block:
- name: "Pull Certs from active Proxy"
include: 'pullcerts.yml'
tags: Certs
when: 'not proxy_active and "letsencrypt" not in excluded_roles'
- name: "Set directory permissions to root"
file:
path: '/etc/letsencrypt'
owner: 'root'
recurse: yes
tags: Certs
when: '"letsencrypt" not in excluded_roles'
when: 'false and proxy_active and "letsencrypt" not in excluded_roles'
---
# file: roles/haproxy/tasks/pullcerts.yml
- name: "Find out active proxy"
set_fact: proxy_active_host={{ item }}
with_items: '{{ groups.proxyserver }}'
when: hostvars[item].proxy_active
- name: "Set directory permissions to current user"
file:
path: '{{ item }}'
owner: '{{ ansible_env.SUDO_USER }}'
recurse: yes
with_items:
- '/etc/letsencrypt'
- '/etc/haproxy/certs'
- name: "Sync files"
shell: rsync -r '{{ proxy_active_host }}:{{ item }}/' '{{ item }}'
delegate_to: "{{ inventory_hostname }}"
become: no
with_items:
- '/etc/letsencrypt'
- '/etc/haproxy/certs'
- name: "Set directory permissions to root"
file:
path: '{{ item }}'
owner: 'root'
recurse: yes
with_items:
- '/etc/letsencrypt'
- '/etc/haproxy/certs'
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment