yaml syntax fixes, simplified letsencrypt cert-change check
This commit is contained in:
AnsibleGuy
parent
13568254e4
commit
e9bdd2fd0b
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
# These are supported funding model platforms
|
# These are supported funding model platforms
|
||||||
|
|
||||||
patreon: ansibleguy
|
patreon: ansibleguy
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
extends: default
|
||||||
|
|
||||||
|
rules:
|
||||||
|
truthy:
|
||||||
|
allowed-values: ['true', 'false', 'yes', 'no']
|
||||||
|
line-length:
|
||||||
|
max: 150
|
||||||
|
|
@ -27,14 +27,14 @@ default_certs:
|
||||||
key_usage: 'serverAuth' # serverAuth, clientAuth, codeSigning, emailProtection, timeStamping, ocspSigning
|
key_usage: 'serverAuth' # serverAuth, clientAuth, codeSigning, emailProtection, timeStamping, ocspSigning
|
||||||
ocsp_staple: false
|
ocsp_staple: false
|
||||||
crl_distribution: []
|
crl_distribution: []
|
||||||
# - full_name:
|
# - full_name:
|
||||||
# - "URI:https://ca.example.com/revocations.crl"
|
# - "URI:https://ca.example.com/revocations.crl"
|
||||||
# crl_issuer:
|
# crl_issuer:
|
||||||
# - "URI:https://ca.example.com/"
|
# - "URI:https://ca.example.com/"
|
||||||
# reasons:
|
# reasons:
|
||||||
# - key_compromise
|
# - key_compromise
|
||||||
# - ca_compromise
|
# - ca_compromise
|
||||||
# - cessation_of_operation
|
# - cessation_of_operation
|
||||||
valid_days: 730
|
valid_days: 730
|
||||||
|
|
||||||
mode_key: '0640'
|
mode_key: '0640'
|
||||||
|
|
|
||||||
|
|
@ -55,12 +55,9 @@ class FilterModule(object):
|
||||||
block_started = False
|
block_started = False
|
||||||
for line in running_config.split('\n'):
|
for line in running_config.split('\n'):
|
||||||
if block_started:
|
if block_started:
|
||||||
if line.find('Certificate Name:') != -1:
|
if line.find('Domains:') != -1:
|
||||||
# block ended
|
|
||||||
break
|
|
||||||
|
|
||||||
elif line.find('Domains:') != -1:
|
|
||||||
run_domains = line.split(': ')[1].split(' ')
|
run_domains = line.split(': ')[1].split(' ')
|
||||||
|
break
|
||||||
|
|
||||||
elif line.find(f"Certificate Name: {cert_key}") != -1:
|
elif line.find(f"Certificate Name: {cert_key}") != -1:
|
||||||
block_started = True
|
block_started = True
|
||||||
|
|
|
||||||
|
|
@ -15,4 +15,4 @@ galaxy_info:
|
||||||
- bullseye
|
- bullseye
|
||||||
galaxy_tags: []
|
galaxy_tags: []
|
||||||
|
|
||||||
collections: []
|
collections: []
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
# external roles and collections to download
|
# external roles and collections to download
|
||||||
# install: ansible-galaxy install -r requirements.yml
|
# install: ansible-galaxy install -r requirements.yml
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
|
|
||||||
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Certbot command (FYI)"
|
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Certbot command (FYI)"
|
||||||
ansible.builtin.debug:
|
ansible.builtin.debug:
|
||||||
msg: "certbot certonly --non-interactive --agree-tos --no-redirect
|
msg: "certbot certonly --non-interactive --agree-tos --no-redirect
|
||||||
--{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
|
--{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
|
||||||
-{{ CERT_CONFIG.letsencrypt.verbosity }}
|
-{{ CERT_CONFIG.letsencrypt.verbosity }}
|
||||||
--rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }}
|
--rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue