Verified Commit a2930637 authored by Tharyrok's avatar Tharyrok
Browse files

Séparer les tache letsencrypt dans un role

parent 55081f3a
Pipeline #766 passed with stage
in 4 minutes and 33 seconds
---
mail_notification: letsencrypt@exemple.com
letsencrypt_mail_notification: letsencrypt@exemple.com
letsencrypt_dns_gandi_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
......
......@@ -2,7 +2,10 @@
- import_tasks: haproxy.yml
tags: ['haproxy']
- import_tasks: letsencrypt.yml
- name: Ajout des certificats
ansible.builtin.import_role:
name: letsencrypt
tags: ['letsencrypt']
- name: Installation des plugins Telegraf
......
letsencryp_mail_notification: letsencrypt@exemple.com
letsencrypt_dns_gandi_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
37623065386338343831383566336134303861396663666631656563633730613434633231343336
3132646565373162613537646538353933363161363036650a343634633932373362336134636139
34313539353938393164353034653366303664613332333038663266656466323265303130333035
3430613234383662640a313864386230646137383637343263356236633434356335383335353935
64623839396433346235383264613534383130386433363931306662663063306665
letsencrypt_dns_gandi_sharing_id: !vault |
$ANSIBLE_VAULT;1.1;AES256
38396332333438316166356332636166623231653165396138373938613734663766366231396564
6238353638383965393837356339353864323333376532610a643738376136626335653835323638
66363537646637373130376630326365336433393161303861383163383766656166396566366530
3139626262313437640a623462346133303264393234366665663838663931653062616130643639
31303535323864323031353032346664643562626563633864366237373935386438353138643337
6632383964373738663761343065306137313163303838633763
letsencrypt_staging: true
letsencrypt_deploy_hook: "/etc/letsencrypt/haproxy.py"
letsencrypt_post_hook: "systemctl restart haproxy"
letsencrypt_domains_gandi:
- name: neutrinet.be
wildcard: true
- name: restart grafana
service:
name: grafana-server
state: restarted
- name: reload prometheus
service:
name: prometheus
state: reloaded
*********************************
Vagrant driver installation guide
*********************************
Requirements
============
* Vagrant
* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
Install
=======
Please refer to the `Virtual environment`_ documentation for installation best
practices. If not using a virtual environment, please consider passing the
widely recommended `'--user' flag`_ when invoking ``pip``.
.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
.. code-block:: bash
$ pip install 'molecule_vagrant'
---
- name: Converge
hosts: all
become: true
roles:
- letsencrypt
dependency:
name: galaxy
driver:
name: vagrant
provider:
name: virtualbox
platforms:
- name: bullseye-letsencrypt-molecule
box: debian/bullseye64
cpu: 1
memory: 512
interfaces:
- network_name: private_network
type: dhcp
auto_config: true
provisioner:
name: ansible
config_options:
defaults:
interpreter_python: /usr/bin/python3
vault_password_file: "${MOLECULE_PROJECT_DIRECTORY}/../../vault.key"
ssh_connection:
pipelining: true
verifier:
name: ansible
---
- name: Prepare
hosts: all
become: true
pre_tasks:
- name: Mise à jour du cache APT
apt:
update_cache: true
---
- name: Test si le certificat {{ domain }} ecdsa existe
- name: Test si le certificat {{ domain.name }} ecdsa existe
stat:
path: /etc/letsencrypt/live/{{ domain | replace('.', '-') }}-ecdsa/cert.pem
path: /etc/letsencrypt/live/{{ domain.name | replace('.', '-') }}-ecdsa/cert.pem
register: letsencrypt_domain_ecdsa
- name: Création du certificat {{ domain }} ecdsa # noqa command-instead-of-shell
- name: Création du certificat {{ domain.name }} ecdsa # noqa command-instead-of-shell
shell:
cmd: |
/opt/letsencrypt/bin/certbot certonly \
......@@ -14,9 +14,9 @@
--authenticator dns-gandi \
--dns-gandi-credentials /etc/letsencrypt/gandi/gandi.ini \
--key-type ecdsa \
--cert-name {{ domain | replace('.', '-') }}-ecdsa \
--domain {{ domain }} \
--domain *\.{{ domain }} \
--post-hook 'systemctl restart haproxy' \
--deploy-hook /etc/letsencrypt/haproxy.py
--cert-name {{ domain.name | replace('.', '-') }}-ecdsa \
--domain {{ domain.name }} \
{% if domain.wildcard %}--domain *\.{{ domain.name }} \{% endif %}
{% if letsencrypt_deploy_hook %}--deploy-hook {{ letsencrypt_deploy_hook }} \{% endif %}
--post-hook '{{ letsencrypt_post_hook }}'
when: not letsencrypt_domain_ecdsa.stat.exists
---
- name: Test si le certificat {{ domain }} rsa existe
- name: Test si le certificat {{ domain.name }} rsa existe
stat:
path: /etc/letsencrypt/live/{{ domain | replace('.', '-') }}/cert.pem
path: /etc/letsencrypt/live/{{ domain.name | replace('.', '-') }}/cert.pem
register: letsencrypt_domain_rsa
- name: Création du certificat {{ domain }} rsa # noqa command-instead-of-shell
- name: Création du certificat {{ domain.name }} rsa # noqa command-instead-of-shell
shell:
cmd: |
/opt/letsencrypt/bin/certbot certonly \
......@@ -15,9 +15,9 @@
--dns-gandi-credentials /etc/letsencrypt/gandi/gandi.ini \
--key-type rsa \
--rsa-key-size 4096 \
--cert-name {{ domain | replace('.', '-') }} \
--domain {{ domain }} \
--domain *\.{{ domain }} \
--post-hook 'systemctl restart haproxy' \
--deploy-hook /etc/letsencrypt/haproxy.py
--cert-name {{ domain.name | replace('.', '-') }} \
--domain {{ domain.name }} \
{% if domain.wildcard %}--domain *\.{{ domain.name }} \{% endif %}
{% if letsencrypt_deploy_hook %}--deploy-hook {{ letsencrypt_deploy_hook }} \{% endif %}
--post-hook '{{ letsencrypt_post_hook }}'
when: not letsencrypt_domain_rsa.stat.exists
......@@ -50,7 +50,7 @@
/opt/letsencrypt/bin/certbot register \
--non-interactive \
{% if letsencrypt_staging %}--staging \{% endif %}
--email {{ mail_notification }} \
--email {{ letsencrypt_mail_notification }} \
--no-eff-email \
--agree-tos
when: not letsencrypt_accounts.stat.exists
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment