From 0a938de18831cda81d2b6adb3c63c942d675e415 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Mon, 12 Dec 2016 12:16:41 +0100
Subject: [PATCH] Renew letsencrypt certs only on active proxy and rsync them
 to the inactive ones

---
 tasks/main.yml      | 26 +++++++++++++++++++++++++-
 tasks/pullcerts.yml | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 tasks/pullcerts.yml

diff --git a/tasks/main.yml b/tasks/main.yml
index 41b46dd..6210d15 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -27,5 +27,29 @@
   - name: "Build HaCerts"
     include: 'buildcerts.yml'
 
+  - name: "Set directory permissions to current user"
+    file:
+      path: '/etc/letsencrypt'
+      owner: '{{ ansible_env.SUDO_USER }}'
+      recurse: yes
+    tags: Certs
+    when: proxy_active
+
+  tags: Certs
+  when: 'proxy_active and "letsencrypt" not in excluded_roles'
+
+- block:
+
+  - name: "Pull Certs from active Proxy"
+    include: 'pullcerts.yml'
+
+  tags: Certs
+  when: 'not proxy_active and "letsencrypt" not in excluded_roles'
+
+- name: "Set directory permissions to root"
+  file:
+    path: '/etc/letsencrypt'
+    owner: 'root'
+    recurse: yes
   tags: Certs
-  when: '"letsencrypt" not in excluded_roles'
+  when: 'false and proxy_active and "letsencrypt" not in excluded_roles'
diff --git a/tasks/pullcerts.yml b/tasks/pullcerts.yml
new file mode 100644
index 0000000..baee9a4
--- /dev/null
+++ b/tasks/pullcerts.yml
@@ -0,0 +1,33 @@
+---
+# file: roles/haproxy/tasks/pullcerts.yml
+
+- name: "Find out active proxy"
+  set_fact: proxy_active_host={{ item }}
+  with_items: '{{ groups.proxyserver }}'
+  when: hostvars[item].proxy_active
+
+- name: "Set directory permissions to current user"
+  file:
+    path: '{{ item }}'
+    owner: '{{ ansible_env.SUDO_USER }}'
+    recurse: yes
+  with_items:
+    - '/etc/letsencrypt'
+    - '/etc/haproxy/certs'
+
+- name: "Sync files"
+  shell: rsync -r '{{ proxy_active_host }}:{{ item }}/' '{{ item }}'
+  delegate_to: "{{ inventory_hostname }}"
+  become: no
+  with_items:
+    - '/etc/letsencrypt'
+    - '/etc/haproxy/certs'
+
+- name: "Set directory permissions to root"
+  file:
+    path: '{{ item }}'
+    owner: 'root'
+    recurse: yes
+  with_items:
+    - '/etc/letsencrypt'
+    - '/etc/haproxy/certs'
-- 
GitLab