Stop using Ansible's cron module

This is mainly to address SSL renewal not working for us due to:
- https://github.com/ansible/ansible/issues/71213
- https://github.com/ansible/ansible/pull/71207

Using the cron module was hacky anyway. We shouldn't need an extra
level of buggy abstraction to manage a cronjob file.
This commit is contained in:
Slavi Pantaleev 2020-09-06 10:49:19 +03:00
parent 4ef873ceb0
commit 2a1ec38e3a
4 changed files with 19 additions and 57 deletions

View File

@ -91,15 +91,10 @@
# We optimize for the common use-case though (short-lived Let's Encrypt certificates). # We optimize for the common use-case though (short-lived Let's Encrypt certificates).
# Reloading doesn't hurt anyway, so there's no need to make this more flexible. # Reloading doesn't hurt anyway, so there's no need to make this more flexible.
- name: Ensure periodic reloading of matrix-coturn is configured for SSL renewal (matrix-coturn-reload) - name: Ensure periodic reloading of matrix-coturn is configured for SSL renewal (matrix-coturn-reload)
cron: template:
user: root src: "{{ role_path }}/templates/cron.d/matrix-coturn-ssl-reload.j2"
cron_file: matrix-coturn-ssl-reload dest: /etc/cron.d/matrix-coturn-ssl-reload
name: matrix-coturn-ssl-reload mode: 0644
state: present
hour: "4"
minute: "20"
day: "*/5"
job: "{{ matrix_host_command_systemctl }} reload matrix-coturn.service"
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool" when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
@ -108,9 +103,8 @@
# #
- name: Ensure matrix-coturn-ssl-reload cronjob removed - name: Ensure matrix-coturn-ssl-reload cronjob removed
cron: file:
user: root path: /etc/cron.d/matrix-coturn-ssl-reload
cron_file: matrix-coturn-ssl-reload
state: absent state: absent
when: "not matrix_coturn_enabled|bool or not matrix_coturn_tls_enabled|bool" when: "not matrix_coturn_enabled|bool or not matrix_coturn_tls_enabled|bool"

View File

@ -0,0 +1 @@
20 4 */5 * * root {{ matrix_host_command_systemctl }} reload matrix-coturn.service

View File

@ -55,37 +55,11 @@
mode: 0750 mode: 0750
when: "matrix_ssl_retrieval_method == 'lets-encrypt'" when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
- block: - name: Ensure periodic SSL renewal cronjob configured
- name: Ensure periodic SSL renewal cronjob configured (MAILTO) template:
cron: src: "{{ role_path }}/templates/cron.d/matrix-ssl-lets-encrypt.j2"
user: root dest: /etc/cron.d/matrix-ssl-lets-encrypt
cron_file: matrix-ssl-lets-encrypt mode: 0644
env: yes
name: MAILTO
value: "{{ matrix_ssl_lets_encrypt_support_email }}"
- name: Ensure periodic SSL renewal cronjob configured (matrix-ssl-lets-encrypt-certificates-renew)
cron:
user: root
cron_file: matrix-ssl-lets-encrypt
name: matrix-ssl-lets-encrypt-certificates-renew
state: present
hour: "4"
minute: "15"
day: "*"
job: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
- name: Ensure periodic reloading of matrix-nginx-proxy is configured for SSL renewal (matrix-nginx-proxy-reload)
cron:
user: root
cron_file: matrix-ssl-lets-encrypt
name: matrix-nginx-proxy-reload
state: present
hour: "5"
minute: "20"
day: "*"
job: "{{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service"
when: matrix_nginx_proxy_enabled|bool
when: "matrix_ssl_retrieval_method == 'lets-encrypt'" when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
@ -93,21 +67,9 @@
# Tasks related to getting rid of Let's Encrypt's management of certificates # Tasks related to getting rid of Let's Encrypt's management of certificates
# #
# When nginx-proxy is disabled, make sure its reloading cronjob is gone.
# Other cronjobs can potentially remain there (see below).
- name: Ensure matrix-nginx-proxy-reload cronjob removed
cron:
user: root
cron_file: matrix-ssl-lets-encrypt
name: matrix-nginx-proxy-reload
state: absent
when: "not matrix_nginx_proxy_enabled|bool"
- name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed - name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed
cron: file:
user: root path: /etc/cron.d/matrix-ssl-lets-encrypt
cron_file: matrix-ssl-lets-encrypt
name: matrix-ssl-lets-encrypt-certificates-renew
state: absent state: absent
when: "matrix_ssl_retrieval_method != 'lets-encrypt'" when: "matrix_ssl_retrieval_method != 'lets-encrypt'"

View File

@ -0,0 +1,5 @@
MAILTO="{{ matrix_ssl_lets_encrypt_support_email }}"
15 4 * * * root {{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew
{% if matrix_nginx_proxy_enabled %}
20 5 * * * root {{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service
{% endif %}