ansible-debops-infrastructure

Unnamed repository; edit this file 'description' to name the repository.
git clone git://git.erethon.com/ansible-debops-infrastructure
Log | Files | Refs

commit c1817425635a4ce1c75a44c3a4ef674fef695ee5
parent 1a9df28b717cb0528dcbbb7b79a36afeb949e140
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date:   Thu, 23 Aug 2018 01:15:49 +0300

cron: Add job to concat SSL certificates

Diffstat:
ansible/inventory/host_vars/spinny/cron.yml | 9+++++++++
ansible/roles/haproxy/tasks/main.yml | 12+++++++-----
ansible/roles/haproxy/templates/concat_certificates.sh.j2 | 5+++++
ansible/roles/haproxy/templates/crt-list.cfg.j2 | 2+-
4 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/ansible/inventory/host_vars/spinny/cron.yml b/ansible/inventory/host_vars/spinny/cron.yml @@ -0,0 +1,9 @@ +--- + +cron__host_jobs: + "cert_concat": + user: "root" + jobs: + - name: "Concat renewed certificates" + job: "sh /usr/bin/concat_certificates.sh" + special_time: "daily" diff --git a/ansible/roles/haproxy/tasks/main.yml b/ansible/roles/haproxy/tasks/main.yml @@ -1,9 +1,11 @@ --- -- template: - src: "{{ item }}" - dest: /etc/haproxy/ +- name: Configure HAProxy and script to renew certificates + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" notify: Reload haproxy with_items: - - haproxy.cfg.j2 - - crt-list.cfg.j2 + - { src: "haproxy.cfg.j2", dest: "/etc/haproxy/haproxy.cfg" } + - { src: "crt-list.cfg.j2", dest: "/etc/haproxy/crt-list.cfg" } + - { src: "concat_certificates.sh.j2", dest: "/usr/bin/concat_certificates.sh" } diff --git a/ansible/roles/haproxy/templates/concat_certificates.sh.j2 b/ansible/roles/haproxy/templates/concat_certificates.sh.j2 @@ -0,0 +1,5 @@ +#!/usr/bin/env sh + +{% for item in certs__names %} +cat /etc/letsencrypt/live/{{ item }}/fullchain.pem /etc/letsencrypt/live/{{ item }}/privkey.pem > /etc/ssl/private/{{ item }}.pem; +{% endfor %} diff --git a/ansible/roles/haproxy/templates/crt-list.cfg.j2 b/ansible/roles/haproxy/templates/crt-list.cfg.j2 @@ -1,3 +1,3 @@ {% for cert in certs__names %} -"/etc/ssl/private/{{ cert }}.pem" +/etc/ssl/private/{{ cert }}.pem {% endfor %}