Upstream
/
ansible-acme-sh
mirror of https://github.com/nickjj/ansible-acme-sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge 5d70cad220 into f784b8b8e9

This commit is contained in:
Sander Klein 2020-03-27 15:47:07 +00:00 committed by GitHub
parent f784b8b8e9 5d70cad220
commit 5b933e42d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 225 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tasks/custom_command.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Run custom acme.sh command
command: ./acme.sh {{ item.custom_command }}
args:
chdir: "~/.acme.sh"
environment: "{{ item.dns_provider_api_keys | default(acme_sh_default_dns_provider_api_keys) }}"
loop: "{{ acme_sh_domains }}"
become_user: "{{ acme_sh_become_user }}"

14
tasks/force_renew_cert.yml Normal file
View File

@ -0,0 +1,14 @@
---
- name: Force renew acme.sh certificate(s)
command: >-
./acme.sh --renew -d {{ item.domains | first }} --force
{{ "--debug" if item.debug | default(acme_sh_default_debug) else "" }}
{{ item.extra_flags_renew | default(acme_sh_default_extra_flags_renew) }}
args:
chdir: "~/.acme.sh"
loop: "{{ acme_sh_domains }}"
become_user: "{{ acme_sh_become_user }}"
register: renew_result
failed_when: renew_result.rc != 0 and "Reload error for" not in renew_result.stderr

48
tasks/install.yml Normal file
View File

@ -0,0 +1,48 @@
---
- name: Install dependencies
apt:
name: "{{ item }}"
update_cache: True
cache_valid_time: "{{ acme_sh_apt_cache_time }}"
loop: ["cron", "git", "wget"]
- name: Create git clone path
file:
path: "{{ acme_sh_git_clone_dest | dirname }}"
state: "directory"
owner: "{{ acme_sh_become_user }}"
group: "{{ acme_sh_become_user }}"
mode: "0755"
- name: Git clone https://github.com/Neilpang/acme.sh
git:
repo: "{{ acme_sh_git_url }}"
version: "{{ acme_sh_git_version }}"
dest: "{{ acme_sh_git_clone_dest }}"
update: "{{ acme_sh_git_update }}"
become_user: "{{ acme_sh_become_user }}"
- name: Install acme.sh
command: >-
./acme.sh --install --log
--days {{ acme_sh_renew_time_in_days }}
{{ "--accountemail " + acme_sh_account_email if acme_sh_account_email else "" }}
args:
chdir: "{{ acme_sh_git_clone_dest }}"
creates: "~/.acme.sh/acme.sh"
become_user: "{{ acme_sh_become_user }}"
- name: Create certificate path
file:
path: "{{ acme_sh_copy_certs_to_path }}"
state: "directory"
owner: "{{ acme_sh_become_user }}"
group: "{{ acme_sh_become_user }}"
mode: "0755"
- name: Determine if acme.sh is installed (post-install)
stat:
path: "~/.acme.sh/acme.sh"
register: is_acme_sh_installed
become_user: "{{ acme_sh_become_user }}"

27
tasks/install_cert.yml Normal file
View File

@ -0,0 +1,27 @@
---
- name: Ensure installed certificates have correct user / group ownership
file:
path: "{{ acme_sh_copy_certs_to_path }}/{{ item.domains | first }}*"
group: "{{ acme_sh_become_user }}"
owner: "{{ acme_sh_become_user }}"
loop:
- "{{ acme_sh_domains }}"
- name: Install acme.sh certificate(s)
command: >-
./acme.sh --install-cert -d {{ item.domains | first }}
--key-file {{ acme_sh_copy_certs_to_path }}/{{ item.domains | first }}.key
--fullchain-file {{ acme_sh_copy_certs_to_path }}/{{ item.domains | first }}.pem
--reloadcmd "{{ item.install_cert_reloadcmd | default(acme_sh_default_install_cert_reloadcmd) }}"
{{ "--debug" if item.debug | default(acme_sh_default_debug) else "" }}
{{ item.extra_flags_install_cert | default(acme_sh_default_extra_flags_install_cert) }}
args:
chdir: "~/.acme.sh"
loop: "{{ acme_sh_domains }}"
loop_control:
index_var: domains_index
become_user: "{{ acme_sh_become_user }}"
register: install_cert_result
changed_when: issue_result.results[domains_index].changed or renew_result.results[domains_index].changed
failed_when: install_cert_result.rc != 0 and "Reload error for" not in install_cert_result.stderr

22
tasks/issue_cert.yml Normal file
View File

@ -0,0 +1,22 @@
---
- name: Issue acme.sh certificate(s) (this will sleep for dns_sleep seconds)
command: >-
./acme.sh --issue -d {{ item.domains | join(" -d ") }}
--dns {{ item.dns_provider | default(acme_sh_default_dns_provider) }}
--dnssleep {{ item.dns_sleep | default(acme_sh_default_dns_sleep) }}
{{ "--force" if item.force_issue | default(acme_sh_default_force_issue) else "" }}
{{ "--staging" if item.staging | default(acme_sh_default_staging) else "" }}
{{ "--debug" if item.debug | default(acme_sh_default_debug) else "" }}
{{ "--pre-hook " + '"' + item.issue_pre_hook | default(acme_sh_default_issue_pre_hook) + '"' if item.issue_pre_hook | default(acme_sh_default_issue_pre_hook) else "" }}
{{ "--post-hook " + '"' + item.issue_post_hook | default(acme_sh_default_issue_post_hook) + '"' if item.issue_post_hook | default(acme_sh_default_issue_post_hook) else "" }}
{{ "--renew-hook " + '"' + item.issue_renew_hook | default(acme_sh_default_issue_renew_hook) + '"' if item.issue_renew_hook | default(acme_sh_default_issue_renew_hook) else "" }}
{{ item.extra_flags_issue | default(acme_sh_default_extra_flags_issue) }}
args:
chdir: "~/.acme.sh"
environment: "{{ item.dns_provider_api_keys | default(acme_sh_default_dns_provider_api_keys) }}"
loop: "{{ acme_sh_domains }}"
become_user: "{{ acme_sh_become_user }}"
register: issue_result
changed_when: issue_result.rc == 0 and "Cert success" in issue_result.stdout
failed_when: issue_result.rc != 0 and "Domains not changed" not in issue_result.stdout

14
tasks/list_cert.yml Normal file
View File

@ -0,0 +1,14 @@
---
- name: Register acme.sh certificate information
command: ./acme.sh --list
args:
chdir: "~/.acme.sh"
changed_when: False
register: list_domains
become_user: "{{ acme_sh_become_user }}"
- name: List acme.sh certificate information
debug:
msg: "{{ list_domains.stdout_lines }}"
when: acme_sh_list_domains and not acme_sh_uninstall

222
tasks/main.yml
View File

@ -1,131 +1,49 @@
---
- name: Install dependencies
apt:
name: "{{ item }}"
update_cache: True
cache_valid_time: "{{ acme_sh_apt_cache_time }}"
loop: ["cron", "git", "wget"]
when: not acme_sh_uninstall
- name: Create git clone path
file:
path: "{{ acme_sh_git_clone_dest | dirname }}"
state: "directory"
owner: "{{ acme_sh_become_user }}"
group: "{{ acme_sh_become_user }}"
mode: "0755"
when: not acme_sh_uninstall
- name: Git clone https://github.com/Neilpang/acme.sh
git:
repo: "{{ acme_sh_git_url }}"
version: "{{ acme_sh_git_version }}"
dest: "{{ acme_sh_git_clone_dest }}"
update: "{{ acme_sh_git_update }}"
when: not acme_sh_uninstall
become_user: "{{ acme_sh_become_user }}"
- name: Install acme.sh
command: >-
./acme.sh --install --log
--days {{ acme_sh_renew_time_in_days }}
{{ "--accountemail " + acme_sh_account_email if acme_sh_account_email else "" }}
args:
chdir: "{{ acme_sh_git_clone_dest }}"
creates: "~/.acme.sh/acme.sh"
when: not acme_sh_uninstall
become_user: "{{ acme_sh_become_user }}"
- name: Determine if acme.sh is installed
stat:
path: "~/.acme.sh/acme.sh"
register: is_acme_sh_installed
become_user: "{{ acme_sh_become_user }}"
- name: Upgrade acme.sh
command: ./acme.sh --upgrade
args:
chdir: "~/.acme.sh"
- import_tasks: install.yml
tags:
- acme_sh
- acme_sh.install
when:
- acme_sh_upgrade
- is_acme_sh_installed.stat.exists
- not acme_sh_uninstall
register: upgrade_result
changed_when: upgrade_result.rc == 0 and "Upgrade success" in upgrade_result.stdout
become_user: "{{ acme_sh_become_user }}"
- not is_acme_sh_installed.stat.exists
- name: Create certificate path
file:
path: "{{ acme_sh_copy_certs_to_path }}"
state: "directory"
owner: "{{ acme_sh_become_user }}"
group: "{{ acme_sh_become_user }}"
mode: "0755"
when: not acme_sh_uninstall
- import_tasks: upgrade.yml
tags:
- acme_sh
- acme_sh.upgrade
when:
- is_acme_sh_installed.stat.exists is defined and is_acme_sh_installed.stat.exists
- acme_sh_upgrade == False
- not acme_sh_uninstall
- name: Uninstall acme.sh and disable all certificate renewals
command: ./acme.sh --uninstall
args:
chdir: "~/.acme.sh"
- import_tasks: uninstall.yml
tags:
- acme_sh
- acme_sh.uninstall
when:
- acme_sh_uninstall
- is_acme_sh_installed.stat.exists
become_user: "{{ acme_sh_become_user }}"
- name: Remove acme.sh certificate(s) renewals from cron job
command: >-
./acme.sh --remove -d {{ item.domains | first }}
{{ "--debug" if item.debug | default(acme_sh_default_debug) else "" }}
args:
chdir: "~/.acme.sh"
removes: "~/.acme.sh/{{ item.domains | first }}"
loop: "{{ acme_sh_domains }}"
when:
- acme_sh_domains and item.domains is defined and item.domains
- item.remove is defined and item.remove
- not acme_sh_uninstall
become_user: "{{ acme_sh_become_user }}"
register: remove_result
- name: Remove acme.sh internal certificate files
file:
path: "~/.acme.sh/{{ item.domains | first }}"
state: "absent"
when:
- acme_sh_domains and item.domains is defined and item.domains
- item.remove is defined and item.remove
- not acme_sh_uninstall
loop: "{{ acme_sh_domains }}"
become_user: "{{ acme_sh_become_user }}"
- name: Remove acme.sh installed certificate files
file:
path: "{{ acme_sh_copy_certs_to_path }}/{{ item.domains | first }}*"
state: "absent"
loop: "{{ acme_sh_domains }}"
- import_tasks: remove_cert.yml
tags:
- acme_sh
- acme_sh.remove_cert
when:
- acme_sh_domains and item.domains is defined and item.domains
- item.remove is defined and item.remove
- not acme_sh_uninstall
- name: Remove acme.sh's cloned source code, installation path and log files
file:
path: "{{ item }}"
state: "absent"
loop:
- "{{ acme_sh_git_clone_dest }}"
- "~/.acme.sh"
when:
- acme_sh_uninstall
become_user: "{{ acme_sh_become_user }}"
- name: Run custom acme.sh command
command: ./acme.sh {{ item.custom_command }}
args:
chdir: "~/.acme.sh"
environment: "{{ item.dns_provider_api_keys | default(acme_sh_default_dns_provider_api_keys) }}"
loop: "{{ acme_sh_domains }}"
- import_tasks: custom_command.yml
tags:
- acme_sh
- acme_sh.custom-command
when:
- acme_sh_domains and item.domains is defined and item.domains
- item.dns_provider | default(acme_sh_default_dns_provider)
@ -133,24 +51,11 @@
- item.custom_command is defined and item.custom_command
- item.remove is undefined or not item.remove
- not acme_sh_uninstall
become_user: "{{ acme_sh_become_user }}"
- name: Issue acme.sh certificate(s) (this will sleep for dns_sleep seconds)
command: >-
./acme.sh --issue -d {{ item.domains | join(" -d ") }}
--dns {{ item.dns_provider | default(acme_sh_default_dns_provider) }}
--dnssleep {{ item.dns_sleep | default(acme_sh_default_dns_sleep) }}
{{ "--force" if item.force_issue | default(acme_sh_default_force_issue) else "" }}
{{ "--staging" if item.staging | default(acme_sh_default_staging) else "" }}
{{ "--debug" if item.debug | default(acme_sh_default_debug) else "" }}
{{ "--pre-hook " + '"' + item.issue_pre_hook | default(acme_sh_default_issue_pre_hook) + '"' if item.issue_pre_hook | default(acme_sh_default_issue_pre_hook) else "" }}
{{ "--post-hook " + '"' + item.issue_post_hook | default(acme_sh_default_issue_post_hook) + '"' if item.issue_post_hook | default(acme_sh_default_issue_post_hook) else "" }}
{{ "--renew-hook " + '"' + item.issue_renew_hook | default(acme_sh_default_issue_renew_hook) + '"' if item.issue_renew_hook | default(acme_sh_default_issue_renew_hook) else "" }}
{{ item.extra_flags_issue | default(acme_sh_default_extra_flags_issue) }}
args:
chdir: "~/.acme.sh"
environment: "{{ item.dns_provider_api_keys | default(acme_sh_default_dns_provider_api_keys) }}"
loop: "{{ acme_sh_domains }}"
- import_tasks: issue_cert.yml
tags:
- acme_sh
- acme_sh.issue_cert
when:
- acme_sh_domains and item.domains is defined and item.domains
- item.dns_provider | default(acme_sh_default_dns_provider)
@ -159,75 +64,30 @@
- item.custom_command is undefined or not item.custom_command
- item.remove is undefined or not item.remove
- not acme_sh_uninstall
become_user: "{{ acme_sh_become_user }}"
register: issue_result
changed_when: issue_result.rc == 0 and "Cert success" in issue_result.stdout
failed_when: issue_result.rc != 0 and "Domains not changed" not in issue_result.stdout
- name: Force renew acme.sh certificate(s)
command: >-
./acme.sh --renew -d {{ item.domains | first }} --force
{{ "--debug" if item.debug | default(acme_sh_default_debug) else "" }}
{{ item.extra_flags_renew | default(acme_sh_default_extra_flags_renew) }}
args:
chdir: "~/.acme.sh"
loop: "{{ acme_sh_domains }}"
- import_tasks: force_renew_cert.yml
tags:
- acme_sh
- acme_sh.force_renew_cert
when:
- acme_sh_domains and item.domains is defined and item.domains
- item.force_issue is undefined or not item.force_issue
- item.force_renew is defined and item.force_renew
- item.remove is undefined or not item.remove
- not acme_sh_uninstall
become_user: "{{ acme_sh_become_user }}"
register: renew_result
failed_when: renew_result.rc != 0 and "Reload error for" not in renew_result.stderr
- name: Ensure installed certificates have correct user / group ownership
file:
path: "{{ acme_sh_copy_certs_to_path }}/{{ item.domains | first }}*"
group: "{{ acme_sh_become_user }}"
owner: "{{ acme_sh_become_user }}"
loop:
- "{{ acme_sh_domains }}"
- import_tasks: install_cert.yml
tags:
- acme_sh
- acme_sh.install_cert
when:
- acme_sh_domains and item.domains is defined and item.domains
- item.custom_command is undefined or not item.custom_command
- item.remove is undefined or not item.remove
- not acme_sh_uninstall
- name: Install acme.sh certificate(s)
command: >-
./acme.sh --install-cert -d {{ item.domains | first }}
--key-file {{ acme_sh_copy_certs_to_path }}/{{ item.domains | first }}.key
--fullchain-file {{ acme_sh_copy_certs_to_path }}/{{ item.domains | first }}.pem
--reloadcmd "{{ item.install_cert_reloadcmd | default(acme_sh_default_install_cert_reloadcmd) }}"
{{ "--debug" if item.debug | default(acme_sh_default_debug) else "" }}
{{ item.extra_flags_install_cert | default(acme_sh_default_extra_flags_install_cert) }}
args:
chdir: "~/.acme.sh"
loop: "{{ acme_sh_domains }}"
loop_control:
index_var: domains_index
when:
- acme_sh_domains and item.domains is defined and item.domains
- item.custom_command is undefined or not item.custom_command
- item.remove is undefined or not item.remove
- not acme_sh_uninstall
become_user: "{{ acme_sh_become_user }}"
register: install_cert_result
changed_when: issue_result.results[domains_index].changed or renew_result.results[domains_index].changed
failed_when: install_cert_result.rc != 0 and "Reload error for" not in install_cert_result.stderr
- name: Register acme.sh certificate information
command: ./acme.sh --list
args:
chdir: "~/.acme.sh"
when: acme_sh_list_domains and not acme_sh_uninstall
changed_when: False
register: list_domains
become_user: "{{ acme_sh_become_user }}"
- name: List acme.sh certificate information
debug:
msg: "{{ list_domains.stdout_lines }}"
- import_tasks: list_cert.yml
tags:
- acme_sh
- acme_sh.list
when: acme_sh_list_domains and not acme_sh_uninstall

25
tasks/remove_cert.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: Remove acme.sh certificate(s) renewals from cron job
command: >-
./acme.sh --remove -d {{ item.domains | first }}
{{ "--debug" if item.debug | default(acme_sh_default_debug) else "" }}
args:
chdir: "~/.acme.sh"
removes: "~/.acme.sh/{{ item.domains | first }}"
loop: "{{ acme_sh_domains }}"
become_user: "{{ acme_sh_become_user }}"
register: remove_result
- name: Remove acme.sh internal certificate files
file:
path: "~/.acme.sh/{{ item.domains | first }}"
state: "absent"
loop: "{{ acme_sh_domains }}"
become_user: "{{ acme_sh_become_user }}"
- name: Remove acme.sh installed certificate files
file:
path: "{{ acme_sh_copy_certs_to_path }}/{{ item.domains | first }}*"
state: "absent"
loop: "{{ acme_sh_domains }}"

16
tasks/uninstall.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Uninstall acme.sh and disable all certificate renewals
command: ./acme.sh --uninstall
args:
chdir: "~/.acme.sh"
become_user: "{{ acme_sh_become_user }}"
- name: Remove acme.sh's cloned source code, installation path and log files
file:
path: "{{ item }}"
state: "absent"
loop:
- "{{ acme_sh_git_clone_dest }}"
- "~/.acme.sh"
become_user: "{{ acme_sh_become_user }}"

9
tasks/upgrade.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Upgrade acme.sh
command: ./acme.sh --upgrade
args:
chdir: "~/.acme.sh"
register: upgrade_result
changed_when: upgrade_result.rc == 0 and "Upgrade success" in upgrade_result.stdout
become_user: "{{ acme_sh_become_user }}"