Browse Source

[WIP] certbot: add support for install from sources on Debian 8

log2mail-beats
Jérémy Lecour 1 year ago
committed by Jérémy Lecour
parent
commit
69c98bf562
  1. 11
      certbot/files/cron_jessie
  2. 4
      certbot/handlers/main.yml
  3. 6
      certbot/tasks/install-package.yml
  4. 34
      certbot/tasks/install-sources.yml
  5. 17
      certbot/tasks/main.yml

11
certbot/files/cron_jessie

@ -0,0 +1,11 @@
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc. Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/local/bin/certbot && perl -e 'sleep int(rand(3600))' && /usr/local/bin/certbot --no-self-update -q renew

4
certbot/handlers/main.yml

@ -14,3 +14,7 @@
service:
name: haproxy
state: reloaded
- name: systemd daemon-reload
systemd:
daemon_reload: yes

6
certbot/tasks/install-package.yml

@ -0,0 +1,6 @@
---
- name: certbot package is installed
apt:
name: certbot
state: latest

34
certbot/tasks/install-sources.yml

@ -0,0 +1,34 @@
---
- name: certbot package is removed
apt:
name: certbot
state: absent
- include_role:
name: evolix/remount-usr
- name: Certbot script is downloaded
get_url:
url: https://dl.eff.org/certbot-auto
dest: /usr/local/bin/certbot
mode: '0755'
owner: root
group: root
force: no
- name: systemd artefacts are absent
file:
dest: "{{ item }}"
state: absent
loop:
- /etc/systemd/system/certbot.service
- /etc/systemd/system/certbot.service.d
- /etc/systemd/system/certbot.timer
notify: systemd daemon-reload
- name: custom crontab is present
copy:
src: cron_jessie
dest: /etc/cron.d/certbot
force: yes

17
certbot/tasks/main.yml

@ -4,13 +4,20 @@
assert:
that:
- ansible_distribution == "Debian"
- ansible_distribution_major_version is version('9', '>=')
- ansible_distribution_major_version is version('8', '>=')
msg: only compatible with Debian 9+
- name: certbot package is installed
apt:
name: certbot
state: latest
- name: Install from sources on Debian 8
include: install-sources.yml
when:
- ansible_distribution == "Debian"
- ansible_distribution_major_version is version('8', '=')
- name: Install package on Debian 9+
include: install-package.yml
when:
- ansible_distribution == "Debian"
- ansible_distribution_major_version is version('9', '>=')
- include: acme-challenge.yml

Loading…
Cancel
Save