re-organized defaults, added debugging option

2022-08-11 02:10:27 +02:00 · 2022-08-11 02:10:27 +02:00 · 1c4a274895
parent 6be1268e32
commit 1c4a274895
5 changed files with 36 additions and 17 deletions
--- a/README.md
+++ b/README.md
@ -143,3 +143,8 @@ There are also some useful **tags** available:
 * selfsigned
 * config
 * certs
+
+To debug errors - you can set the 'debug' variable at runtime:
+```bash
+ansible-playbook -K -D -i inventory/hosts.yml playbook.yml -e debug=yes
+```
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,9 +1,9 @@
 ---

 # default config => is overwritten by provided config
-default_certs:
+defaults_certs:
  mode: 'selfsigned'  # selfsigned, ca, pki, le_certbot
-  path: '/etc/certs'
+  path: '/etc/ssl/ansible'

  cert:
    name:
@ -76,10 +76,11 @@ default_certs:
    locality:
    email:

+CERT_CONFIG: "{{ defaults_certs | combine(certs, recursive=true) }}"

-CERT_CONFIG: "{{ default_certs | combine(certs, recursive=true) }}"
-
-default_le_certbot_cert_config:
+default_le_certbot_cert:
  domains: []
  state: 'present'
  email:
+
+debug: false
--- a/tasks/debian/letsencrypt/cert.yml
+++ b/tasks/debian/letsencrypt/cert.yml
@ -13,7 +13,7 @@

 - name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Certbot command (FYI)"
  ansible.builtin.debug:
-    msg: "certbot certonly --non-interactive --agree-tos --no-redirect
+    msg: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug %} --staging{% endif %}
    --{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
    -{{ CERT_CONFIG.letsencrypt.verbosity }}
    --rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }}
@ -23,7 +23,7 @@
  when: le_changed

 - name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Running certbot"
-  ansible.builtin.command: "certbot certonly --non-interactive --agree-tos --no-redirect
+  ansible.builtin.command: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug %} --staging{% endif %}
    --{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
    -{{ CERT_CONFIG.letsencrypt.verbosity }}
    --rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }}
--- a/tasks/debian/letsencrypt/main.yml
+++ b/tasks/debian/letsencrypt/main.yml
@ -28,7 +28,7 @@
    - le_cert.domains | length > 0
    - le_cert.state == 'present'
  vars:
-    le_cert: "{{ default_le_certbot_cert_config | combine(cert_item.value, recursive=true) }}"
+    le_cert: "{{ default_le_certbot_cert | combine(cert_item.value, recursive=true) }}"
    le_name: "{{ cert_item.key | safe_key }}"
    le_path: "{{ CERT_CONFIG.letsencrypt.path }}/live/{{ le_name }}"
    le_changed: "{{ existing_certs_raw.stdout | le_domains_changed(le_name, le_cert.domains) }}"
@ -39,24 +39,24 @@

 # todo: task gets stuck
 - name: Certificates | Debian | LetsEncrypt Certbot | Revoking certificates
-  ansible.builtin.command: "certbot revoke --cert-name {{ le_name }}"
+  ansible.builtin.command: "certbot revoke --cert-name {{ le_name }}{% if debug %} --staging{% endif %}"
  when:
    - le_cert.state != 'present'
    - existing_certs_raw.stdout.find(le_name) != -1
  vars:
-    le_cert: "{{ default_le_certbot_cert_config | combine(cert_item.value, recursive=true) }}"
+    le_cert: "{{ default_le_certbot_cert | combine(cert_item.value, recursive=true) }}"
    le_name: "{{ cert_item.key | safe_key }}"
  loop_control:
    loop_var: cert_item
  with_dict: "{{ CERT_CONFIG.letsencrypt.certs }}"

 - name: Certificates | Debian | LetsEncrypt Certbot | Deleting certificates
-  ansible.builtin.command: "certbot delete --cert-name {{ le_name }}"
+  ansible.builtin.command: "certbot delete --cert-name {{ le_name }}{% if debug %} --staging{% endif %}"
  when:
    - le_cert.state != 'present'
    - existing_certs_raw.stdout.find(le_name) != -1
  vars:
-    le_cert: "{{ default_le_certbot_cert_config | combine(cert_item.value, recursive=true) }}"
+    le_cert: "{{ default_le_certbot_cert | combine(cert_item.value, recursive=true) }}"
    le_name: "{{ cert_item.key | safe_key }}"
  loop_control:
    loop_var: cert_item
@ -89,6 +89,6 @@
    state: started

 - name: Certificates | Debian | LetsEncrypt Certbot | Running renewal
-  ansible.builtin.command: 'certbot renew --force-renewal'
+  ansible.builtin.command: "certbot renew --force-renewal{% if debug %} --staging{% endif %}"
  when: CERT_CONFIG.letsencrypt.renew
  ignore_errors: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,10 +1,23 @@
 ---

 - name: Certificates | Checking config
-  ansible.builtin.fail:
-    msg: "The required configuration was not provided!
-    Needed: 'certs'"
-  when: certs is undefined
+  ansible.builtin.assert:
+    that:
+      - certs is defined
+
+- name: Certificates | Showing debug info - user provided config
+  ansible.builtin.debug:
+    var: certs
+  when:
+    - debug is defined
+    - debug
+
+- name: Certificates | Showing debug info - running config
+  ansible.builtin.debug:
+    var: CERT_CONFIG
+  when:
+    - debug is defined
+    - debug

 - name: Certificates | Internal signed
  ansible.builtin.include_tasks: internal/main.yml