mirror of
https://github.com/roles-ansible/ansible_role_acmetool.git
synced 2024-08-16 12:29:49 +02:00
Improve services restart hook
This commit is contained in:
parent
2534a099b3
commit
6287ddcb13
9 changed files with 142 additions and 4 deletions
14
README.md
14
README.md
|
@ -5,6 +5,8 @@
|
|||
|
||||
Install and configure the `acmetool` LE client.
|
||||
|
||||
Currently this role is designed to work with the [do1jlr.nginx](https://github.com/do1jlr/ansible_role_nginx.git) ansible role. Maybe there will be a standalone version of this role someday...
|
||||
|
||||
|
||||
Variables
|
||||
-----------
|
||||
|
@ -12,6 +14,13 @@ Install and configure the `acmetool` LE client.
|
|||
* ``acme_notification_email:`` (Default: ``root@example.org``):
|
||||
LE account email. The default needs to be changed!
|
||||
|
||||
* ``acme_reload_services:`` (Default: ``[]``):
|
||||
Services that need a reload by certificat change
|
||||
*(There are some services pre-defined in the [files/reload](files/reload) file)*
|
||||
|
||||
* ``acme_restart_services:`` (Default: ``[]``):
|
||||
Services that need a restart by certificat change
|
||||
|
||||
* ``submodules_versioncheck:`` (Default: ``false``):
|
||||
Enable basic versionscheck. *(``true`` is recomended)*
|
||||
|
||||
|
@ -30,6 +39,11 @@ Install and configure the `acmetool` LE client.
|
|||
- "files/{{ inventory_hostname }}"
|
||||
- 'templates'
|
||||
```
|
||||
This file is configuring the acmetool behaviour like certificate type, challange methode, acme notification email and so on. Change the values by providing your own ``response-file.yml.j2``.
|
||||
|
||||
* We search the ``reload`` and ``restart`` hook using the [first_found_loopup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the config defined in ``vars/main.yml``.
|
||||
|
||||
* We deploy the ``acme-reload`` and ``acme-restart`` configuration based on the ``acme_reload_services:`` and ``acme_restart_services:`` variables
|
||||
|
||||
References
|
||||
------------
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
---
|
||||
acme_notification_email: 'root@example.org'
|
||||
|
||||
# services that need reload or restart
|
||||
acme_reload_services: []
|
||||
acme_restart_services: []
|
||||
|
||||
# should we do a version check? (recomended)
|
||||
submodules_versioncheck: false
|
||||
|
|
47
files/reload
Normal file
47
files/reload
Normal file
|
@ -0,0 +1,47 @@
|
|||
#!/bin/sh
|
||||
## this file is managed by https://github.com/roles-ansible/ansible_role_acmetool.git
|
||||
#
|
||||
# This file reloads services when the preferred certificate for a hostname
|
||||
# changes. A list of commonly used daemons is preconfigured. You can override
|
||||
# this list by setting $SERVICES in /etc/{default,conf.d}/acme-reload.
|
||||
#
|
||||
# Configuration options:
|
||||
# /etc/{default,conf.d}/acme-reload
|
||||
# Sourced if they exist. Specify variables here.
|
||||
# Please note that most of the time, you don't need to specify anything.
|
||||
#
|
||||
# $SERVICES
|
||||
# Space-separated list of daemons to reload.
|
||||
# Append with SERVICES="$SERVICES mydaemon".
|
||||
|
||||
###############################################################################
|
||||
set -e
|
||||
EVENT_NAME="$1"
|
||||
[ "$EVENT_NAME" = "live-updated" ] || exit 42
|
||||
|
||||
SERVICES="httpd apache2 apache nginx tengine lighttpd postfix dovecot exim exim4 haproxy hitch quassel quasselcore opensmtpd freeswitch"
|
||||
[ -e "/etc/default/acme-reload" ] && . /etc/default/acme-reload
|
||||
[ -e "/etc/conf.d/acme-reload" ] && . /etc/conf.d/acme-reload
|
||||
[ -z "$ACME_STATE_DIR" ] && ACME_STATE_DIR="/var/lib/acme"
|
||||
|
||||
# Restart services.
|
||||
if which service >/dev/null 2>/dev/null; then
|
||||
for x in $SERVICES; do
|
||||
service "$x" reload >/dev/null 2>/dev/null || true
|
||||
done
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if which systemctl >/dev/null 2>/dev/null; then
|
||||
for x in $SERVICES; do
|
||||
[ -e "/lib/systemd/system/$x.service" -o -e "/etc/systemd/system/$x.service" ] && systemctl reload "$x.service" >/dev/null 2>/dev/null || true
|
||||
done
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -e "/etc/init.d" ]; then
|
||||
for x in $SERVICES; do
|
||||
/etc/init.d/$x reload >/dev/null 2>/dev/null || true
|
||||
done
|
||||
exit 0
|
||||
fi
|
|
@ -1,4 +1,6 @@
|
|||
#!/bin/sh
|
||||
## this file is managed by https://github.com/roles-ansible/ansible_role_acmetool.git
|
||||
#
|
||||
## This script is similar to the default 'reload' script by acmetool but
|
||||
## for services that need a full restart.
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
galaxy_info:
|
||||
role_name: acmetool
|
||||
author: do1jlr
|
||||
description: Install acmetool and get it working together with the do1jlr.nginx role.
|
||||
description: Install acmetool, an easy-to-use command line tool for automatically acquiring certificates from ACME servers (eg. Let's Encrypt)
|
||||
license: "MIT"
|
||||
min_ansible_version: 2.11
|
||||
github_branch: main
|
||||
|
|
|
@ -1,9 +1,38 @@
|
|||
---
|
||||
- name: Copy hook to enable acmetool to restart services
|
||||
- name: Copy hook to enable acmetool to reload services
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: 'files/restart'
|
||||
src: "{{ lookup('first_found', acmetool__reload_hook ) }}"
|
||||
dest: '/etc/acme/hooks/'
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u=rx,g=rx,o=rx'
|
||||
|
||||
- name: create hook configuration to reload services via ansible
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: 'templates/acmetool_reload.j2'
|
||||
dest: '/etc/default/acme-reload'
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u=rx,g=rx,o=rx'
|
||||
|
||||
- name: Copy hook to enable acmetool to restart services
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: "{{ lookup('first_found', acmetool__restart_hook ) }}"
|
||||
dest: '/etc/acme/hooks/'
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u=rx,g=rx,o=rx'
|
||||
|
||||
- name: create hook configuration to restart services via ansible
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: 'templates/acmetool_restart.j2'
|
||||
dest: '/etc/default/acme-restart'
|
||||
owner: root
|
||||
group: root
|
||||
mode: 'u=rx,g=rx,o=rx'
|
||||
|
||||
- name: Copy hook to enable acmetool to restart services
|
||||
|
|
10
templates/acmetool_reload.j2
Normal file
10
templates/acmetool_reload.j2
Normal file
|
@ -0,0 +1,10 @@
|
|||
# {{ ansible_managed }}
|
||||
# https://github.com/roles-ansible/ansible_role_acmetool.git
|
||||
#
|
||||
# reload hook configuration file
|
||||
# adding the service to the list of services to be reloaded by acmetool.
|
||||
SERVICES="$SERVICES
|
||||
{%- for service in acme_reload_services -%}
|
||||
{{- ' ' -}}
|
||||
{{- service -}}
|
||||
{%- endfor -%}"
|
10
templates/acmetool_restart.j2
Normal file
10
templates/acmetool_restart.j2
Normal file
|
@ -0,0 +1,10 @@
|
|||
# {{ ansible_managed }}
|
||||
# https://github.com/roles-ansible/ansible_role_acmetool.git
|
||||
#
|
||||
# restart hook configuration file
|
||||
# adding the service to the list of services to be restarted.
|
||||
SERVICES="$SERVICES
|
||||
{%- for service in acme_restart_services -%}
|
||||
{{- ' ' -}}
|
||||
{{- service -}}
|
||||
{%- endfor -%}"
|
|
@ -10,6 +10,28 @@ acmetool__response_file:
|
|||
- "files/{{ inventory_hostname }}"
|
||||
- 'templates'
|
||||
|
||||
acmetool__reload_hook:
|
||||
files:
|
||||
- "{{ inventory_hostname }}.restart"
|
||||
- 'restart'
|
||||
paths:
|
||||
- 'files/acmetool'
|
||||
- "files/{{ inventory_hostname }}"
|
||||
- 'templates/acmetool'
|
||||
- "templates/{{ inventory_hostname }}"
|
||||
- 'files'
|
||||
|
||||
acmetool__restart_hook:
|
||||
files:
|
||||
- "{{ inventory_hostname }}.restart"
|
||||
- 'restart'
|
||||
paths:
|
||||
- 'files/acmetool'
|
||||
- "files/{{ inventory_hostname }}"
|
||||
- 'templates/acmetool'
|
||||
- "templates/{{ inventory_hostname }}"
|
||||
- 'files'
|
||||
|
||||
# versionscheck
|
||||
playbook_version_number: 26 # should be a integer
|
||||
playbook_version_number: 27 # should be a integer
|
||||
playbook_version_path: 'do1jlr.role-acmetool.version'
|
||||
|
|
Loading…
Reference in a new issue