roles/nginx: Use dynamic includes for Let's Encrypt
As of Ansible 2.4 and 2.5 the behavior for importing tasks has changed to introduce the notion of static imports and dynamic includes. If the tasks doing the import is using variable interpolation or conditionals then the task should be dynamic. This results in quicker playbook runs due to less importing of unneccessary tasks. One side effect of this is that child tasks of dynamic includes do not inherit their parents' tags so you must tag them explicitly or a block. Also, I had to move the letsencrypt tasks to the main task file so the tags were available (due to dynamic tasks not inheriting tags).
This commit is contained in:
parent
2da7f39bb4
commit
1738507ee9
@ -1,41 +1,36 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
|
- block:
|
||||||
- name: Copy systemd service to renew Let's Encrypt certs
|
- name: Copy systemd service to renew Let's Encrypt certs
|
||||||
template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root
|
template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root
|
||||||
tags: letsencrypt
|
|
||||||
|
|
||||||
- name: Copy systemd timer to renew Let's Encrypt certs
|
- name: Copy systemd timer to renew Let's Encrypt certs
|
||||||
copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root
|
copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root
|
||||||
tags: letsencrypt
|
|
||||||
|
|
||||||
# always issues daemon-reload just in case the server/timer changed
|
# always issues daemon-reload just in case the server/timer changed
|
||||||
- name: Start and enable systemd timer to renew Let's Encrypt certs
|
- name: Start and enable systemd timer to renew Let's Encrypt certs
|
||||||
systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes
|
systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes
|
||||||
tags: letsencrypt
|
|
||||||
|
|
||||||
- name: Download certbot
|
- name: Download certbot
|
||||||
get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700
|
get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700
|
||||||
tags: letsencrypt
|
|
||||||
|
|
||||||
- name: Install certbot dependencies (Ubuntu 16.04)
|
- name: Install certbot dependencies (Ubuntu 16.04)
|
||||||
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==')
|
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==')
|
||||||
apt: name={{ letsencrypt_deps_ubuntu_xenial }} state=present update_cache=yes
|
apt: name={{ letsencrypt_deps_ubuntu_xenial }} state=present update_cache=yes
|
||||||
tags:
|
tags:
|
||||||
- packages
|
- packages
|
||||||
- letsencrypt
|
|
||||||
|
|
||||||
- name: Install certbot dependencies (Ubuntu 18.04)
|
- name: Install certbot dependencies (Ubuntu 18.04)
|
||||||
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('18.04', '==')
|
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('18.04', '==')
|
||||||
apt: name={{ letsencrypt_deps_ubuntu_bionic }} state=present update_cache=yes
|
apt: name={{ letsencrypt_deps_ubuntu_bionic }} state=present update_cache=yes
|
||||||
tags:
|
tags:
|
||||||
- packages
|
- packages
|
||||||
- letsencrypt
|
|
||||||
|
|
||||||
- name: Install certbot dependencies (Debian 9)
|
- name: Install certbot dependencies (Debian 9)
|
||||||
when: ansible_distribution == 'Debian' and ansible_distribution_major_version is version_compare('9', '==')
|
when: ansible_distribution == 'Debian' and ansible_distribution_major_version is version_compare('9', '==')
|
||||||
apt: name={{ letsencrypt_deps_debian_stretch }} state=present update_cache=yes
|
apt: name={{ letsencrypt_deps_debian_stretch }} state=present update_cache=yes
|
||||||
tags:
|
tags:
|
||||||
- packages
|
- packages
|
||||||
- letsencrypt
|
tags: letsencrypt
|
||||||
|
|
||||||
# vim: set ts=2 sw=2:
|
# vim: set ts=2 sw=2:
|
||||||
|
@ -55,4 +55,8 @@
|
|||||||
systemd: name=nginx state=started enabled=yes
|
systemd: name=nginx state=started enabled=yes
|
||||||
tags: nginx
|
tags: nginx
|
||||||
|
|
||||||
|
- include_tasks: letsencrypt.yml
|
||||||
|
when: use_letsencrypt is defined and use_letsencrypt == True
|
||||||
|
tags: letsencrypt
|
||||||
|
|
||||||
# vim: set ts=2 sw=2:
|
# vim: set ts=2 sw=2:
|
||||||
|
@ -32,10 +32,6 @@
|
|||||||
when: item.has_wordpress is defined and item.has_wordpress == True
|
when: item.has_wordpress is defined and item.has_wordpress == True
|
||||||
loop: "{{ nginx_vhosts }}"
|
loop: "{{ nginx_vhosts }}"
|
||||||
tags: wordpress
|
tags: wordpress
|
||||||
|
|
||||||
- include_tasks: letsencrypt.yml
|
|
||||||
when: use_letsencrypt is defined and use_letsencrypt == True
|
|
||||||
tags: letsencrypt
|
|
||||||
tags: nginx
|
tags: nginx
|
||||||
|
|
||||||
# vim: set ts=2 sw=2:
|
# vim: set ts=2 sw=2:
|
||||||
|
Loading…
Reference in New Issue
Block a user