From 2a3a7c65ce98af780fa201886db36d35b42c470b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Kadl=C4=8D=C3=ADk?= Date: Sat, 1 Jun 2019 14:42:02 +0200 Subject: [PATCH] Move letsencrypt tasks to separate file --- .../copr/frontend-cloud/tasks/letsencrypt.yml | 29 +++++++++++++++++++ roles/copr/frontend-cloud/tasks/main.yml | 28 ++---------------- 2 files changed, 31 insertions(+), 26 deletions(-) create mode 100644 roles/copr/frontend-cloud/tasks/letsencrypt.yml diff --git a/roles/copr/frontend-cloud/tasks/letsencrypt.yml b/roles/copr/frontend-cloud/tasks/letsencrypt.yml new file mode 100644 index 0000000000..b8e6c886c0 --- /dev/null +++ b/roles/copr/frontend-cloud/tasks/letsencrypt.yml @@ -0,0 +1,29 @@ +- name: letsencrypt cert + include_role: name=certbot + when: devel + tags: + - config + +- name: Check that cert file exists + stat: + path: "/etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/cert.pem" + register: stat_cert + +- name: Should admin run certbot? + fail: + msg: Please see roles/certbot/README step (2) and manually run certbot + when: + - stat_cert.stat.exists == False + - devel + +- name: install copr-frontend ssl vhost + template: src="httpd/coprs_ssl.conf.j2" dest="/etc/httpd/conf.d/coprs_ssl.conf" + tags: + - config + +- name: Set SELinux context for certs generation + sefcontext: + target: "/srv/web/acme-challenge/.well-known" + setype: httpd_sys_content_t + state: present + when: devel diff --git a/roles/copr/frontend-cloud/tasks/main.yml b/roles/copr/frontend-cloud/tasks/main.yml index 28af4d5d83..077a2ee9e4 100644 --- a/roles/copr/frontend-cloud/tasks/main.yml +++ b/roles/copr/frontend-cloud/tasks/main.yml @@ -104,36 +104,12 @@ tags: - config -- name: letsencrypt cert - include_role: name=certbot +- name: install letsencrypt ssl certificates for dev + import_tasks: "letsencrypt.yml" when: devel tags: - config -- name: Check that cert file exists - stat: - path: "/etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/cert.pem" - register: stat_cert - -- name: Should admin run certbot? - fail: - msg: Please see roles/certbot/README step (2) and manually run certbot - when: - - stat_cert.stat.exists == False - - devel - -- name: install copr-frontend ssl vhost - template: src="httpd/coprs_ssl.conf.j2" dest="/etc/httpd/conf.d/coprs_ssl.conf" - tags: - - config - -- name: Set SELinux context for certs generation - sefcontext: - target: "/srv/web/acme-challenge/.well-known" - setype: httpd_sys_content_t - state: present - when: devel - - name: enable services service: state=started enabled=yes name={{ item }} with_items: