Renew letsencrypt certs only on active proxy and rsync them to the inactive ones

0a938de1 · jurgenhaas · 622c3484 · 0a938de1 · 0a938de1
Commit 0a938de1 authored 8 years ago by jurgenhaas
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -27,5 +27,29 @@
  - name: "Build HaCerts"
    include: 'buildcerts.yml'

+  - name: "Set directory permissions to current user"
+    file:
+      path: '/etc/letsencrypt'
+      owner: '{{ ansible_env.SUDO_USER }}'
+      recurse: yes
+    tags: Certs
+    when: proxy_active
+
+  tags: Certs
+  when: 'proxy_active and "letsencrypt" not in excluded_roles'
+
+- block:
+
+  - name: "Pull Certs from active Proxy"
+    include: 'pullcerts.yml'
+
+  tags: Certs
+  when: 'not proxy_active and "letsencrypt" not in excluded_roles'
+
+- name: "Set directory permissions to root"
+  file:
+    path: '/etc/letsencrypt'
+    owner: 'root'
+    recurse: yes
  tags: Certs
-  when: '"letsencrypt" not in excluded_roles'
+  when: 'false and proxy_active and "letsencrypt" not in excluded_roles'
--- a/tasks/pullcerts.yml
+++ b/tasks/pullcerts.yml
+---
+# file: roles/haproxy/tasks/pullcerts.yml
+
+- name: "Find out active proxy"
+  set_fact: proxy_active_host={{ item }}
+  with_items: '{{ groups.proxyserver }}'
+  when: hostvars[item].proxy_active
+
+- name: "Set directory permissions to current user"
+  file:
+    path: '{{ item }}'
+    owner: '{{ ansible_env.SUDO_USER }}'
+    recurse: yes
+  with_items:
+    - '/etc/letsencrypt'
+    - '/etc/haproxy/certs'
+
+- name: "Sync files"
+  shell: rsync -r '{{ proxy_active_host }}:{{ item }}/' '{{ item }}'
+  delegate_to: "{{ inventory_hostname }}"
+  become: no
+  with_items:
+    - '/etc/letsencrypt'
+    - '/etc/haproxy/certs'
+
+- name: "Set directory permissions to root"
+  file:
+    path: '{{ item }}'
+    owner: 'root'
+    recurse: yes
+  with_items:
+    - '/etc/letsencrypt'
+    - '/etc/haproxy/certs'