From bdbf04dfd5a5c8151d28df4832aca0d022732855 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Thu, 26 May 2016 12:43:37 +0200
Subject: [PATCH] Optimize LetsEncrypt and use their role also for HaProxy and
 Drupal tasks

---
 tasks/buildcerts.yml      |  9 +++++++++
 tasks/letsencrypt.yml     | 26 --------------------------
 tasks/main.yml            | 11 +++++------
 templates/letsencrypt.ini |  1 +
 4 files changed, 15 insertions(+), 32 deletions(-)
 create mode 100644 tasks/buildcerts.yml
 delete mode 100644 tasks/letsencrypt.yml
 create mode 120000 templates/letsencrypt.ini

diff --git a/tasks/buildcerts.yml b/tasks/buildcerts.yml
new file mode 100644
index 0000000..d2e6450
--- /dev/null
+++ b/tasks/buildcerts.yml
@@ -0,0 +1,9 @@
+---
+# file: roles/haproxy/tasks/buildcerts.yml
+
+- name: "Create PEM file for HaProxy"
+  assemble:
+    src='/etc/letsencrypt/live/{{ item.domain }}'
+    dest='/etc/haproxy/certs/{{ item.domain }}.pem'
+    regexp='(fullchain)|(privkey)\.pem'
+  with_items: '{{ proxy_certificates_letsencrypt|default([]) }}'
diff --git a/tasks/letsencrypt.yml b/tasks/letsencrypt.yml
deleted file mode 100644
index cb04e59..0000000
--- a/tasks/letsencrypt.yml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-# file: roles/haproxy/tasks/letsencrypt.yml
-
-- set_fact: filename='/etc/letsencrypt/live/{{ item.domain }}/cert.pem'
-
-- name: "Check LetsEncrypt Requirement"
-  shell: ls {{ filename }}
-  register: cert_available
-  failed_when: false
-
-- block:
-
-  - name: "Stop HAProxy"
-    service:
-      name='haproxy'
-      state='stopped'
-
-  - name: "Install New Cert"
-    shell: /opt/letsencrypt/letsencrypt-auto certonly -d {{ item.domain }} -d www.{{ item.domain }} --standalone --text --email {{ apache_server_admin|default('admin@paragon-es.de') }} --agree-tos --redirect
-
-  - name: "Start HAProxy"
-    service:
-      name='haproxy'
-      state='started'
-
-  when: cert_available is defined and cert_available.stdout != filename
diff --git a/tasks/main.yml b/tasks/main.yml
index 5c9280e..5da7495 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,18 +2,17 @@
 # file: roles/haproxy/tasks/main.yml
 
 - block:
-  - name: "LetsEncrypt Certificates"
-    include: letsencrypt.yml
+  - name: "Install Certs"
+    include: '../../letsencrypt/tasks/cert.yml'
     with_items: '{{ proxy_certificates_letsencrypt|default([]) }}'
 
   - name: "Renew Existing Cert"
     include: '../../letsencrypt/tasks/renew.yml'
 
-  - name: "Create PEM file for HaProxy"
-    shell: cat /etc/letsencrypt/live/{{ item.domain }}/fullchain.pem /etc/letsencrypt/live/{{ item.domain }}/privkey.pem > /etc/haproxy/certs/{{ item.domain }}.pem
-    with_items: '{{ proxy_certificates_letsencrypt|default([]) }}'
-    notify: "Proxy | Restart HAProxy"
+  - name: "Build HaCerts"
+    include: 'buildcerts.yml'
 
+  tags: Certs
   when: '"letsencrypt" not in excluded_roles'
 
 - block:
diff --git a/templates/letsencrypt.ini b/templates/letsencrypt.ini
new file mode 120000
index 0000000..fc27efd
--- /dev/null
+++ b/templates/letsencrypt.ini
@@ -0,0 +1 @@
+../../letsencrypt/templates/letsencrypt.ini
\ No newline at end of file
-- 
GitLab