test: fix syntax for ansible-lint
This commit is contained in:
parent
aa1958992b
commit
3a46cdbb2c
3 changed files with 32 additions and 30 deletions
|
@ -1,45 +1,45 @@
|
||||||
---
|
---
|
||||||
- name: install certbot package
|
- name: Install certbot package
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name:
|
name:
|
||||||
- certbot
|
- certbot
|
||||||
- cron
|
- cron
|
||||||
default_release: '{{ certbot_distribution|default(ansible_distribution_release) }}'
|
default_release: "{{ certbot_distribution | default(ansible_distribution_release) }}"
|
||||||
state: present
|
state: present
|
||||||
tags: certbot
|
tags: certbot
|
||||||
|
|
||||||
- name: create webroot path directory
|
- name: Create webroot path directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: '{{ certbot_path }}'
|
path: "{{ certbot_path }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0755
|
mode: 0755
|
||||||
state: directory
|
state: directory
|
||||||
tags: certbot
|
tags: certbot
|
||||||
|
|
||||||
- name: install hooks script
|
- name: Install hooks script
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
content: '{{ item.value|default("#!/bin/bash") }}'
|
content: "{{ item.value | default('#!/bin/bash') }}"
|
||||||
dest: '/etc/letsencrypt/hook-{{ item.key }}'
|
dest: "/etc/letsencrypt/hook-{{ item.key }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0700
|
mode: 0700
|
||||||
loop: '{{ certbot_domains|dict2items }}'
|
loop: "{{ certbot_domains | dict2items }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: '{{ item.key }}'
|
label: "{{ item.key }}"
|
||||||
tags: certbot
|
tags: certbot
|
||||||
|
|
||||||
- name: remove old cerbot renew cron
|
- name: Remove old cerbot renew cron
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /etc/cron.d/certbot
|
path: /etc/cron.d/certbot
|
||||||
state: absent
|
state: absent
|
||||||
tags: certbot
|
tags: certbot
|
||||||
|
|
||||||
- name: add certbot renew cron
|
- name: Add certbot renew cron
|
||||||
ansible.builtin.cron:
|
ansible.builtin.cron:
|
||||||
name: certbot-renew
|
name: certbot-renew
|
||||||
user: root
|
user: root
|
||||||
hour: '*/12'
|
hour: "*/12"
|
||||||
minute: '0'
|
minute: "0"
|
||||||
job: perl -e 'sleep int(rand(3600))' && certbot -q renew
|
job: "perl -e 'sleep int(rand(3600))' && certbot -q renew"
|
||||||
tags: certbot
|
tags: certbot
|
||||||
|
|
|
@ -1,40 +1,40 @@
|
||||||
---
|
---
|
||||||
- name: check if certificate exist
|
- name: Check if certificate exist
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: '/etc/letsencrypt/live/{{ item.key }}'
|
path: "/etc/letsencrypt/live/{{ item.key }}"
|
||||||
loop: '{{ certbot_domains|dict2items }}'
|
loop: "{{ certbot_domains | dict2items }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: '{{ item.key }}'
|
label: "{{ item.key }}"
|
||||||
register: st
|
register: st
|
||||||
tags: certbot
|
tags: certbot
|
||||||
|
|
||||||
- name: check if a webservice is started
|
- name: Check if a webservice is started
|
||||||
ansible.builtin.wait_for:
|
ansible.builtin.wait_for:
|
||||||
port: '{{ certbot_port }}'
|
port: "{{ certbot_port }}"
|
||||||
state: started
|
state: started
|
||||||
timeout: 2
|
timeout: 2
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
register: web
|
register: web
|
||||||
tags: certbot
|
tags: certbot
|
||||||
|
|
||||||
- name: create a new certificate
|
- name: Create a new certificate # noqa no-changed-when
|
||||||
ansible.builtin.command: >
|
ansible.builtin.command: >
|
||||||
certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}
|
certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}
|
||||||
--webroot --webroot-path {{ certbot_path }} --rsa-key-size {{ certbot_key_size }}
|
--webroot --webroot-path {{ certbot_path }} --rsa-key-size {{ certbot_key_size }}
|
||||||
--deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}
|
--deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}
|
||||||
loop: '{{ st.results }}'
|
loop: "{{ st.results }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: '{{ item.item.key }}'
|
label: "{{ item.item.key }}"
|
||||||
when: (certbot_role == 'master' or item.item.key == ansible_fqdn) and not item.stat.exists and not web.failed
|
when: (certbot_role == "master" or item.item.key == ansible_fqdn) and not item.stat.exists and not web.failed
|
||||||
tags: certbot
|
tags: certbot
|
||||||
|
|
||||||
- name: create a new certificate (standalone)
|
- name: Create a new certificate (standalone) # noqa no-changed-when
|
||||||
ansible.builtin.command: >
|
ansible.builtin.command: >
|
||||||
certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}
|
certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}
|
||||||
--standalone --rsa-key-size {{ certbot_key_size }} --deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}
|
--standalone --rsa-key-size {{ certbot_key_size }} --deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}
|
||||||
--http-01-port {{ certbot_port }}
|
--http-01-port {{ certbot_port }}
|
||||||
loop: '{{ st.results }}'
|
loop: "{{ st.results }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: '{{ item.item.key }}'
|
label: "{{ item.item.key }}"
|
||||||
when: (certbot_role == 'master' or item.item.key == ansible_fqdn) and not item.stat.exists and web.failed
|
when: (certbot_role == "master" or item.item.key == ansible_fqdn) and not item.stat.exists and web.failed
|
||||||
tags: certbot
|
tags: certbot
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
---
|
---
|
||||||
- import_tasks: base.yml
|
- name: Import base
|
||||||
|
ansible.builtin.import_tasks: base.yml
|
||||||
tags: certbot
|
tags: certbot
|
||||||
|
|
||||||
- import_tasks: certificates.yml
|
- name: Import certificates
|
||||||
|
ansible.builtin.import_tasks: certificates.yml
|
||||||
tags: certbot
|
tags: certbot
|
||||||
|
|
Loading…
Reference in a new issue