roles/nginx: Use dynamic includes for Let's Encrypt
As of Ansible 2.4 and 2.5 the behavior for importing tasks has changed to introduce the notion of static imports and dynamic includes. If the tasks doing the import is using variable interpolation or conditionals then the task should be dynamic. This results in quicker playbook runs due to less importing of unneccessary tasks. One side effect of this is that child tasks of dynamic includes do not inherit their parents' tags so you must tag them explicitly or a block. Also, I had to move the letsencrypt tasks to the main task file so the tags were available (due to dynamic tasks not inheriting tags).
This commit is contained in:
parent
2da7f39bb4
commit
1738507ee9
GPG Key ID:
0FB860CC9C45B1B9
|
|
@ -1,41 +1,36 @@
|
|||
---
|
||||
|
||||
- name: Copy systemd service to renew Let's Encrypt certs
|
||||
template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root
|
||||
- block:
|
||||
- name: Copy systemd service to renew Let's Encrypt certs
|
||||
template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root
|
||||
|
||||
- name: Copy systemd timer to renew Let's Encrypt certs
|
||||
copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root
|
||||
|
||||
# always issues daemon-reload just in case the server/timer changed
|
||||
- name: Start and enable systemd timer to renew Let's Encrypt certs
|
||||
systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes
|
||||
|
||||
- name: Download certbot
|
||||
get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700
|
||||
|
||||
- name: Install certbot dependencies (Ubuntu 16.04)
|
||||
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==')
|
||||
apt: name={{ letsencrypt_deps_ubuntu_xenial }} state=present update_cache=yes
|
||||
tags:
|
||||
- packages
|
||||
|
||||
- name: Install certbot dependencies (Ubuntu 18.04)
|
||||
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('18.04', '==')
|
||||
apt: name={{ letsencrypt_deps_ubuntu_bionic }} state=present update_cache=yes
|
||||
tags:
|
||||
- packages
|
||||
|
||||
- name: Install certbot dependencies (Debian 9)
|
||||
when: ansible_distribution == 'Debian' and ansible_distribution_major_version is version_compare('9', '==')
|
||||
apt: name={{ letsencrypt_deps_debian_stretch }} state=present update_cache=yes
|
||||
tags:
|
||||
- packages
|
||||
tags: letsencrypt
|
||||
|
||||
- name: Copy systemd timer to renew Let's Encrypt certs
|
||||
copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root
|
||||
tags: letsencrypt
|
||||
|
||||
# always issues daemon-reload just in case the server/timer changed
|
||||
- name: Start and enable systemd timer to renew Let's Encrypt certs
|
||||
systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes
|
||||
tags: letsencrypt
|
||||
|
||||
- name: Download certbot
|
||||
get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700
|
||||
tags: letsencrypt
|
||||
|
||||
- name: Install certbot dependencies (Ubuntu 16.04)
|
||||
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==')
|
||||
apt: name={{ letsencrypt_deps_ubuntu_xenial }} state=present update_cache=yes
|
||||
tags:
|
||||
- packages
|
||||
- letsencrypt
|
||||
|
||||
- name: Install certbot dependencies (Ubuntu 18.04)
|
||||
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('18.04', '==')
|
||||
apt: name={{ letsencrypt_deps_ubuntu_bionic }} state=present update_cache=yes
|
||||
tags:
|
||||
- packages
|
||||
- letsencrypt
|
||||
|
||||
- name: Install certbot dependencies (Debian 9)
|
||||
when: ansible_distribution == 'Debian' and ansible_distribution_major_version is version_compare('9', '==')
|
||||
apt: name={{ letsencrypt_deps_debian_stretch }} state=present update_cache=yes
|
||||
tags:
|
||||
- packages
|
||||
- letsencrypt
|
||||
|
||||
# vim: set ts=2 sw=2:
|
||||
|
|
|
|||
|
|
@ -55,4 +55,8 @@
|
|||
systemd: name=nginx state=started enabled=yes
|
||||
tags: nginx
|
||||
|
||||
- include_tasks: letsencrypt.yml
|
||||
when: use_letsencrypt is defined and use_letsencrypt == True
|
||||
tags: letsencrypt
|
||||
|
||||
# vim: set ts=2 sw=2:
|
||||
|
|
|
|||
|
|
@ -32,10 +32,6 @@
|
|||
when: item.has_wordpress is defined and item.has_wordpress == True
|
||||
loop: "{{ nginx_vhosts }}"
|
||||
tags: wordpress
|
||||
|
||||
- include_tasks: letsencrypt.yml
|
||||
when: use_letsencrypt is defined and use_letsencrypt == True
|
||||
tags: letsencrypt
|
||||
tags: nginx
|
||||
|
||||
# vim: set ts=2 sw=2:
|
||||
|
|
|
|||
Loading…
Reference in New Issue