Ensure playbook works if running at SSL-renewal time
matrix-nginx-proxy will be occupying port 80 soon, so that we can be more user-friendly and have http->https forwarding for the Riot hostname. During the playbook run, acmetool also expects to use port 80 for domain verification. During an initial playbook run, this wouldn't cause trouble because matrix-nginx-proxy is not installed yet. However, on subsequent playbook runs, it would cause trouble. This ensures that if matrix-nginx-proxy is available and running, it would be stopped before running acmetool and started right after.
This commit is contained in:
parent
13eaee2463
commit
0d1a2071de
@ -22,6 +22,14 @@
|
|||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_username }}"
|
group: "{{ matrix_user_username }}"
|
||||||
|
|
||||||
|
- name: Check matrix-nginx-proxy state
|
||||||
|
service: name=matrix-nginx-proxy
|
||||||
|
register: matrix_nginx_proxy_state
|
||||||
|
|
||||||
|
- name: Ensure matrix-nginx-proxy is stopped (if previously installed & started)
|
||||||
|
service: name=matrix-nginx-proxy state=stopped
|
||||||
|
when: "matrix_nginx_proxy_state.status.ActiveState == 'active'"
|
||||||
|
|
||||||
- name: Ensure SSL certificates are marked as wanted in acmetool
|
- name: Ensure SSL certificates are marked as wanted in acmetool
|
||||||
shell: >-
|
shell: >-
|
||||||
/usr/bin/docker run --rm --name acmetool-host-grab -p 80:80
|
/usr/bin/docker run --rm --name acmetool-host-grab -p 80:80
|
||||||
@ -30,6 +38,10 @@
|
|||||||
willwill/acme-docker
|
willwill/acme-docker
|
||||||
acmetool want {{ hostname_matrix }} {{ hostname_riot }} --xlog.severity=debug
|
acmetool want {{ hostname_matrix }} {{ hostname_riot }} --xlog.severity=debug
|
||||||
|
|
||||||
|
- name: Ensure matrix-nginx-proxy is started (if previously installed & started)
|
||||||
|
service: name=matrix-nginx-proxy state=started
|
||||||
|
when: "matrix_nginx_proxy_state.status.ActiveState == 'active'"
|
||||||
|
|
||||||
- name: Ensure periodic SSL renewal cronjob configured
|
- name: Ensure periodic SSL renewal cronjob configured
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/cron.d/ssl-certificate-renewal.j2"
|
src: "{{ role_path }}/templates/cron.d/ssl-certificate-renewal.j2"
|
||||||
|
Loading…
Reference in New Issue
Block a user