Merge branch 'master' of ssh://git-ssh.notandy.de:2222/ansible/roles/certificates into HEAD

2020-09-27 16:00:52 +02:00 · 2020-09-27 16:00:52 +02:00 · 20b2f78de6
commit 20b2f78de6
parent 7e83b18385 27ca36819f
5 changed files with 122 additions and 20 deletions
--- a/tasks/letsencrypt_cert.yml
+++ b/tasks/letsencrypt_cert.yml
@ -36,23 +36,26 @@
      src: "/etc/letsencrypt/cert_{{ certname }}.token"
    register: tokenfile
  - name: add renew ssh key to backend server
-    delegate_to: "{{ item }}"
+    delegate_to: "{{ challengeserver }}"
    loop: "{{ cert_backend.challengeserver }}"
+    loop_control:
+      loop_var: challengeserver
    authorized_key:
      user: letsencrypt
      key: "{{ letsencrypt_renewkey.public_key }}"
  - name: add server token to record whitelist on backend server
    when:
    - challenge is changed
-    delegate_to: "{{ item.0 }}"
+    delegate_to: "{{ serverchallengepair.0 }}"
    loop: "{{ cert_backend.challengeserver|product(challenge.challenge_data.keys()|list)|list }}"
+    loop_control:
+      loop_var: serverchallengepair
    command:
      argv:
      - "/usr/local/bin/pdns.py"
      - "add_token"
-      - "--"
      - "{{ tokenfile.content | b64decode }}"
-      - "{{ challenge.challenge_data[item.1]['dns-01'].record }}"
+      - "{{ challenge.challenge_data[serverchallengepair.1]['dns-01'].record }}"
  - name: create cert renew config
    template:
      src: letsencrypt_renew_config.j2
@ -71,23 +74,27 @@
  when:
  - challenge is changed
  - cert_backend.challenge == "dns-01"
-  delegate_to: "{{ item.0 }}"
+  delegate_to: "{{ serverchallengepair.0 }}"
  loop: "{{ cert_backend.challengeserver|product(challenge.challenge_data.keys()|list)|list }}"
+  loop_control:
+    loop_var: serverchallengepair
  command:
    argv:
    - "/usr/local/bin/pdns.py"
    - "add_challenge"
    - "--"
-    - "{{ challenge.challenge_data[item.1]['dns-01'].record }}"
-    - "{{ challenge.challenge_data[item.1]['dns-01'].resource_value }}"
+    - "{{ challenge.challenge_data[serverchallengepair.1]['dns-01'].record }}"
+    - "{{ challenge.challenge_data[serverchallengepair.1]['dns-01'].resource_value }}"

 - name: "setup challenge server for {{ certname }} (manual dns challenge)"
  when:
  - challenge is changed
  - cert_backend.challenge == "dns-01-manual"
  loop: "{{ challenge.challenge_data_dns|d({})|dict2items }}"
+  loop_control:
+    loop_var: challengedata
  debug:
-    msg: "add the following dns record: '{{ item.key }}.': { TXT: {{ item.value }} }"
+    msg: "add the following dns record: '{{ challengedata.key }}.': { TXT: {{ challengedata.value }} }"

 - name: wait for challenges in dns (manual dns challenge)
  pause:
@ -100,11 +107,14 @@
  when:
  - challenge is changed
  - cert_backend.challenge == "http-01"
-  delegate_to: "{{ item.0 }}"
+  delegate_to: "{{ serverchallengepair.0 }}"
  loop: "{{ cert_backend.challengeserver|product(challenge.challenge_data.keys()|list)|list }}"
+  loop_control:
+    loop_var: serverchallengepair
  copy:
-    dest: "/var/www/letsencrypt/{{ challenge.challenge_data[item.1]['http-01'].resource | basename }}"
-    content: "{{ challenge.challenge_data[item.1]['http-01'].resource_value }}"
+    dest: "/var/www/letsencrypt/{{ challenge.challenge_data[serverchallengepair.1]['http-01'].resource | basename }}"
+    content: "{{ challenge.challenge_data[serverchallengepair.1]['http-01'].resource_value }}"
+    mode: 0666

 - name: "get certificate {{ certname }}"
  acme_certificate:
--- a/tasks/letsencrypt_setup.yml
+++ b/tasks/letsencrypt_setup.yml
@ -48,9 +48,9 @@
    mode: 0755

 - name: copy acme primitives
-  get_url:
+  copy:
+    src: acme-primitives.py
    dest: /usr/local/bin/acme-primitives.py
    owner: root
    group: root
    mode: 0755
-    url: "https://git.notandy.de/ansible/acme-primitives/-/raw/master/acme-primitives.py"