public_git
/
ansibleguy.infra_certs
mirror of https://github.com/ansibleguy/infra_certs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

re-organized defaults, added debugging option

This commit is contained in:
AnsibleGuy 2022-08-11 02:10:27 +02:00
parent 6be1268e32
commit 1c4a274895
5 changed files with 36 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -143,3 +143,8 @@ There are also some useful **tags** available:
* selfsigned * selfsigned
* config * config
* certs * certs
To debug errors - you can set the 'debug' variable at runtime:
```bash
ansible-playbook -K -D -i inventory/hosts.yml playbook.yml -e debug=yes
```

11
defaults/main.yml
View File

@ -1,9 +1,9 @@
--- ---
# default config => is overwritten by provided config # default config => is overwritten by provided config
default_certs: defaults_certs:
mode: 'selfsigned' # selfsigned, ca, pki, le_certbot mode: 'selfsigned' # selfsigned, ca, pki, le_certbot
path: '/etc/certs' path: '/etc/ssl/ansible'
cert: cert:
name: name:
@ -76,10 +76,11 @@ default_certs:
locality: locality:
email: email:
CERT_CONFIG: "{{ defaults_certs | combine(certs, recursive=true) }}"
CERT_CONFIG: "{{ default_certs | combine(certs, recursive=true) }}" default_le_certbot_cert:
default_le_certbot_cert_config:
domains: [] domains: []
state: 'present' state: 'present'
email: email:
debug: false

4
tasks/debian/letsencrypt/cert.yml
View File

@ -13,7 +13,7 @@
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Certbot command (FYI)" - name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Certbot command (FYI)"
ansible.builtin.debug: ansible.builtin.debug:
msg: "certbot certonly --non-interactive --agree-tos --no-redirect msg: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug %} --staging{% endif %}
--{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }} --{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
-{{ CERT_CONFIG.letsencrypt.verbosity }} -{{ CERT_CONFIG.letsencrypt.verbosity }}
--rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }} --rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }}
@ -23,7 +23,7 @@
when: le_changed when: le_changed
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Running certbot" - name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Running certbot"
ansible.builtin.command: "certbot certonly --non-interactive --agree-tos --no-redirect ansible.builtin.command: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug %} --staging{% endif %}
--{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }} --{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
-{{ CERT_CONFIG.letsencrypt.verbosity }} -{{ CERT_CONFIG.letsencrypt.verbosity }}
--rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }} --rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }}

12
tasks/debian/letsencrypt/main.yml
View File

@ -28,7 +28,7 @@
- le_cert.domains | length > 0 - le_cert.domains | length > 0
- le_cert.state == 'present' - le_cert.state == 'present'
vars: vars:
le_cert: "{{ default_le_certbot_cert_config | combine(cert_item.value, recursive=true) }}" le_cert: "{{ default_le_certbot_cert | combine(cert_item.value, recursive=true) }}"
le_name: "{{ cert_item.key | safe_key }}" le_name: "{{ cert_item.key | safe_key }}"
le_path: "{{ CERT_CONFIG.letsencrypt.path }}/live/{{ le_name }}" le_path: "{{ CERT_CONFIG.letsencrypt.path }}/live/{{ le_name }}"
le_changed: "{{ existing_certs_raw.stdout | le_domains_changed(le_name, le_cert.domains) }}" le_changed: "{{ existing_certs_raw.stdout | le_domains_changed(le_name, le_cert.domains) }}"
@ -39,24 +39,24 @@
# todo: task gets stuck # todo: task gets stuck
- name: Certificates | Debian | LetsEncrypt Certbot | Revoking certificates - name: Certificates | Debian | LetsEncrypt Certbot | Revoking certificates
ansible.builtin.command: "certbot revoke --cert-name {{ le_name }}" ansible.builtin.command: "certbot revoke --cert-name {{ le_name }}{% if debug %} --staging{% endif %}"
when: when:
- le_cert.state != 'present' - le_cert.state != 'present'
- existing_certs_raw.stdout.find(le_name) != -1 - existing_certs_raw.stdout.find(le_name) != -1
vars: vars:
le_cert: "{{ default_le_certbot_cert_config | combine(cert_item.value, recursive=true) }}" le_cert: "{{ default_le_certbot_cert | combine(cert_item.value, recursive=true) }}"
le_name: "{{ cert_item.key | safe_key }}" le_name: "{{ cert_item.key | safe_key }}"
loop_control: loop_control:
loop_var: cert_item loop_var: cert_item
with_dict: "{{ CERT_CONFIG.letsencrypt.certs }}" with_dict: "{{ CERT_CONFIG.letsencrypt.certs }}"
- name: Certificates | Debian | LetsEncrypt Certbot | Deleting certificates - name: Certificates | Debian | LetsEncrypt Certbot | Deleting certificates
ansible.builtin.command: "certbot delete --cert-name {{ le_name }}" ansible.builtin.command: "certbot delete --cert-name {{ le_name }}{% if debug %} --staging{% endif %}"
when: when:
- le_cert.state != 'present' - le_cert.state != 'present'
- existing_certs_raw.stdout.find(le_name) != -1 - existing_certs_raw.stdout.find(le_name) != -1
vars: vars:
le_cert: "{{ default_le_certbot_cert_config | combine(cert_item.value, recursive=true) }}" le_cert: "{{ default_le_certbot_cert | combine(cert_item.value, recursive=true) }}"
le_name: "{{ cert_item.key | safe_key }}" le_name: "{{ cert_item.key | safe_key }}"
loop_control: loop_control:
loop_var: cert_item loop_var: cert_item
@ -89,6 +89,6 @@
state: started state: started
- name: Certificates | Debian | LetsEncrypt Certbot | Running renewal - name: Certificates | Debian | LetsEncrypt Certbot | Running renewal
ansible.builtin.command: 'certbot renew --force-renewal' ansible.builtin.command: "certbot renew --force-renewal{% if debug %} --staging{% endif %}"
when: CERT_CONFIG.letsencrypt.renew when: CERT_CONFIG.letsencrypt.renew
ignore_errors: true ignore_errors: true

21
tasks/main.yml
View File

@ -1,10 +1,23 @@
--- ---
- name: Certificates | Checking config - name: Certificates | Checking config
ansible.builtin.fail: ansible.builtin.assert:
msg: "The required configuration was not provided! that:
Needed: 'certs'" - certs is defined
when: certs is undefined
- name: Certificates | Showing debug info - user provided config
ansible.builtin.debug:
var: certs
when:
- debug is defined
- debug
- name: Certificates | Showing debug info - running config
ansible.builtin.debug:
var: CERT_CONFIG
when:
- debug is defined
- debug
- name: Certificates | Internal signed - name: Certificates | Internal signed
ansible.builtin.include_tasks: internal/main.yml ansible.builtin.include_tasks: internal/main.yml