roles/nginx: Use dynamic include_tasks for Let's Encrypt

Use dynamic includes instead of static imports when you are running
tasks conditionally or using variable interpolation. The down side
is that you need to then tag the parent task as well as all child
tasks, as tags only apply to children of statically imported tasks.
This commit is contained in:
Alan Orth 2018-04-25 20:03:32 +03:00
parent ebda406de3
commit e50f413f5e
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
2 changed files with 5 additions and 1 deletions

View File

@ -2,16 +2,20 @@
- name: Copy systemd service to renew Let's Encrypt certs
template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root
tags: letsencrypt
- name: Copy systemd timer to renew Let's Encrypt certs
copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root
tags: letsencrypt
# always issues daemon-reload just in case the server/timer changed
- name: Start and enable systemd timer to renew Let's Encrypt certs
systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes
tags: letsencrypt
- name: Download certbot
get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700
tags: letsencrypt
- name: Install certbot dependencies (Ubuntu 16.04)
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==')

View File

@ -32,7 +32,7 @@
loop: "{{ nginx_vhosts }}"
tags: wordpress
- import_tasks: letsencrypt.yml
- include_tasks: letsencrypt.yml
when: use_letsencrypt is defined and use_letsencrypt == True
tags: letsencrypt