commit c1817425635a4ce1c75a44c3a4ef674fef695ee5
parent 1a9df28b717cb0528dcbbb7b79a36afeb949e140
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date: Thu, 23 Aug 2018 01:15:49 +0300
cron: Add job to concat SSL certificates
Diffstat:
4 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/ansible/inventory/host_vars/spinny/cron.yml b/ansible/inventory/host_vars/spinny/cron.yml
@@ -0,0 +1,9 @@
+---
+
+cron__host_jobs:
+ "cert_concat":
+ user: "root"
+ jobs:
+ - name: "Concat renewed certificates"
+ job: "sh /usr/bin/concat_certificates.sh"
+ special_time: "daily"
diff --git a/ansible/roles/haproxy/tasks/main.yml b/ansible/roles/haproxy/tasks/main.yml
@@ -1,9 +1,11 @@
---
-- template:
- src: "{{ item }}"
- dest: /etc/haproxy/
+- name: Configure HAProxy and script to renew certificates
+ template:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
notify: Reload haproxy
with_items:
- - haproxy.cfg.j2
- - crt-list.cfg.j2
+ - { src: "haproxy.cfg.j2", dest: "/etc/haproxy/haproxy.cfg" }
+ - { src: "crt-list.cfg.j2", dest: "/etc/haproxy/crt-list.cfg" }
+ - { src: "concat_certificates.sh.j2", dest: "/usr/bin/concat_certificates.sh" }
diff --git a/ansible/roles/haproxy/templates/concat_certificates.sh.j2 b/ansible/roles/haproxy/templates/concat_certificates.sh.j2
@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+
+{% for item in certs__names %}
+cat /etc/letsencrypt/live/{{ item }}/fullchain.pem /etc/letsencrypt/live/{{ item }}/privkey.pem > /etc/ssl/private/{{ item }}.pem;
+{% endfor %}
diff --git a/ansible/roles/haproxy/templates/crt-list.cfg.j2 b/ansible/roles/haproxy/templates/crt-list.cfg.j2
@@ -1,3 +1,3 @@
{% for cert in certs__names %}
-"/etc/ssl/private/{{ cert }}.pem"
+/etc/ssl/private/{{ cert }}.pem
{% endfor %}