parent: 64d685ba | patch | commit | ignore whitespace
Guillaume Coré
2018-06-28 130d51855abe9e7b993765627433f383f22515b7 
lets encrypt: add playbook to deploy LE certs after renewal
1 files added
1 files modified
32 ■■■■■ changed files
ansible/roles/install-lets-encrypt-certs/files/deploy_LE_certs.yml 25 ●●●●● patch | view | raw | blame | history
ansible/roles/install-lets-encrypt-certs/tasks/main.yml 7 ●●●● patch | view | raw | blame | history 
 ansible/roles/install-lets-encrypt-certs/files/deploy_LE_certs.yml


New file


@@ -0,0 +1,25 @@


---


# This playbook redeploys Lets Encrypt certificates for master API and apps (router)


# It does not renew the certs, which is done by the acme.sh cronjob.


#


# Please ensure CA and key have not changed.




- hosts: masters


  gather_facts: no


  become: yes


  any_errors_fatal: yes


  handlers:


    - name: restart master API


      service:


        name: atomic-openshift-master-api


        state: restarted


  tasks:


    - name: Copy certs and CA to master


      copy:


        src: "/root/.acme.sh/{{openshift_master_cluster_hostname}}/{{openshift_master_cluster_hostname}}.cer"


        dest: "/etc/origin/master/named_certificates/{{openshift_master_cluster_hostname}}.cer"


        backup: yes


      notify: restart master API




- import_playbook: /usr/share/ansible/openshift-ansible/playbooks/openshift-hosted/redeploy-router-certificates.yml






 ansible/roles/install-lets-encrypt-certs/tasks/main.yml


@@ -75,4 +75,9 @@


  cron:


    name: LETS_ENCRYPT_RENEW


    special_time: hourly


    job: "/root/acme.sh/acme.sh {{ acme_args|d('') }} --cron --home /root/.acme.sh > /dev/null"


    job: "/root/acme.sh/acme.sh {{ acme_args|d('') }} --cron --home /root/.acme.sh > /dev/null"




- name: Install deploy_LE_certs.yml playbook


  copy:


    src: deploy_LE_certs.yml


    dest: /root/deploy_LE_certs.yml