cron: Add job to concat SSL certificates - ansible-debops-infrastructure - Unnamed repository; edit this file 'description' to name the repository.

commit c1817425635a4ce1c75a44c3a4ef674fef695ee5
parent 1a9df28b717cb0528dcbbb7b79a36afeb949e140
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date:   Thu, 23 Aug 2018 01:15:49 +0300

cron: Add job to concat SSL certificates

Diffstat:
ansible/inventory/host_vars/spinny/cron.yml  | 9 +++++++++
ansible/roles/haproxy/tasks/main.yml  | 12 +++++++-----
ansible/roles/haproxy/templates/concat_certificates.sh.j2  | 5 +++++
ansible/roles/haproxy/templates/crt-list.cfg.j2  | 2 +-

4 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/ansible/inventory/host_vars/spinny/cron.yml b/ansible/inventory/host_vars/spinny/cron.yml
@@ -0,0 +1,9 @@
+---
+
+cron__host_jobs:
+  "cert_concat":
+    user: "root"
+    jobs:
+      - name: "Concat renewed certificates"
+        job: "sh /usr/bin/concat_certificates.sh"
+    special_time: "daily"
diff --git a/ansible/roles/haproxy/tasks/main.yml b/ansible/roles/haproxy/tasks/main.yml
@@ -1,9 +1,11 @@
 ---
 
-- template:
-    src: "{{ item }}"
-    dest: /etc/haproxy/
+- name: Configure HAProxy and script to renew certificates
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
   notify: Reload haproxy
   with_items:
-    - haproxy.cfg.j2
-    - crt-list.cfg.j2
+    - { src: "haproxy.cfg.j2", dest: "/etc/haproxy/haproxy.cfg" }
+    - { src: "crt-list.cfg.j2", dest: "/etc/haproxy/crt-list.cfg" }
+    - { src: "concat_certificates.sh.j2", dest: "/usr/bin/concat_certificates.sh" }
diff --git a/ansible/roles/haproxy/templates/concat_certificates.sh.j2 b/ansible/roles/haproxy/templates/concat_certificates.sh.j2
@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+
+{% for item in certs__names %}
+cat /etc/letsencrypt/live/{{ item }}/fullchain.pem /etc/letsencrypt/live/{{ item }}/privkey.pem > /etc/ssl/private/{{ item }}.pem;
+{% endfor %}
diff --git a/ansible/roles/haproxy/templates/crt-list.cfg.j2 b/ansible/roles/haproxy/templates/crt-list.cfg.j2
@@ -1,3 +1,3 @@
 {% for cert in certs__names %}
-"/etc/ssl/private/{{ cert }}.pem"
+/etc/ssl/private/{{ cert }}.pem
 {% endfor %}

	ansible-debops-infrastructure Unnamed repository; edit this file 'description' to name the repository.
	git clone git://git.erethon.com/ansible-debops-infrastructure
	Log \| Files \| Refs

ansible/inventory/host_vars/spinny/cron.yml	\|	9	+++++++++
ansible/roles/haproxy/tasks/main.yml	\|	12	+++++++-----
ansible/roles/haproxy/templates/concat_certificates.sh.j2	\|	5	+++++
ansible/roles/haproxy/templates/crt-list.cfg.j2	\|	2	+-