roles/nginx: Use dynamic include_tasks for Let's Encrypt

Use dynamic includes instead of static imports when you are running tasks conditionally or using variable interpolation. The down side is that you need to then tag the parent task as well as all child tasks, as tags only apply to children of statically imported tasks.
2018-04-25 20:03:32 +03:00 · 2018-04-25 20:03:32 +03:00 · e50f413f5e
parent ebda406de3
commit e50f413f5e
2 changed files with 5 additions and 1 deletions
--- a/roles/nginx/tasks/letsencrypt.yml
+++ b/roles/nginx/tasks/letsencrypt.yml
@ -2,16 +2,20 @@

 - name: Copy systemd service to renew Let's Encrypt certs
  template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root
+  tags: letsencrypt

 - name: Copy systemd timer to renew Let's Encrypt certs
  copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root
+  tags: letsencrypt

 # always issues daemon-reload just in case the server/timer changed
 - name: Start and enable systemd timer to renew Let's Encrypt certs
  systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes
+  tags: letsencrypt

 - name: Download certbot
  get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700
+  tags: letsencrypt

 - name: Install certbot dependencies (Ubuntu 16.04)
  when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==')
--- a/roles/nginx/tasks/vhosts.yml
+++ b/roles/nginx/tasks/vhosts.yml
@ -32,7 +32,7 @@
  loop: "{{ nginx_vhosts }}"
  tags: wordpress

- import_tasks: letsencrypt.yml
+- include_tasks: letsencrypt.yml
  when: use_letsencrypt is defined and use_letsencrypt == True
  tags: letsencrypt