copr/backend: restore letsencrypt cert from backup
This commit is contained in:
Pavel Raiskup
parent
cf15e43af2
commit
4adada983a
2 changed files with 60 additions and 4 deletions
|
|
@ -121,9 +121,6 @@
|
||||||
include_role: name=copr/certbot
|
include_role: name=copr/certbot
|
||||||
when:
|
when:
|
||||||
- devel|bool
|
- devel|bool
|
||||||
# When we have birthday for backend, we use a temporary copr-be-dev-temp
|
|
||||||
# hostname for it and we don't want to generate a certificate for that.
|
|
||||||
- birthday is not defined
|
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
- certbot
|
- certbot
|
||||||
|
|
|
||||||
|
|
@ -37,6 +37,64 @@
|
||||||
tags:
|
tags:
|
||||||
- certbot
|
- certbot
|
||||||
|
|
||||||
|
- name: load the backed up certificates
|
||||||
|
delegate_to: "{{ letsencrypt.backup_to }}"
|
||||||
|
slurp:
|
||||||
|
src: "{{ le_backup_path }}/{{ item.0.item.key }}/{{ item.1 }}"
|
||||||
|
register: backed_up_certificates
|
||||||
|
loop: "{{ le_stat_checks.results|product(le_backup_certbot_files)|list }}"
|
||||||
|
ignore_errors: true
|
||||||
|
tags:
|
||||||
|
- certbot
|
||||||
|
when:
|
||||||
|
- letsencrypt.backup_to is defined
|
||||||
|
- not item.0.stat.exists
|
||||||
|
|
||||||
|
- name: create the host directory
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: "{{ le_source_path }}/{{ item.item.0.item.key }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
# this is readable by anyone, per certbot defaults
|
||||||
|
mode: 0755
|
||||||
|
loop: "{{ backed_up_certificates.results }}"
|
||||||
|
tags:
|
||||||
|
- certbot
|
||||||
|
when:
|
||||||
|
- letsencrypt.backup_to is defined
|
||||||
|
- item.content is defined
|
||||||
|
|
||||||
|
- name: create the host live directory
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: "{{ le_source_path }}/{{ item.item.0.item.key }}/live"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
# this is readable by anyone, per certbot defaults
|
||||||
|
mode: 0755
|
||||||
|
loop: "{{ backed_up_certificates.results }}"
|
||||||
|
tags:
|
||||||
|
- certbot
|
||||||
|
when:
|
||||||
|
- letsencrypt.backup_to is defined
|
||||||
|
- item.content is defined
|
||||||
|
|
||||||
|
- name: restore the backed up certificates
|
||||||
|
copy:
|
||||||
|
content: "{{ item.content | b64decode }}"
|
||||||
|
dest: "{{ le_source_path }}/{{ item.item.0.item.key }}/live/{{ item.item.1 }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
loop: "{{ backed_up_certificates.results }}"
|
||||||
|
tags:
|
||||||
|
- certbot
|
||||||
|
when:
|
||||||
|
- letsencrypt.backup_to is defined
|
||||||
|
- item.content is defined
|
||||||
|
register: some_cert_restored
|
||||||
|
|
||||||
- name: initialize certbot configuration
|
- name: initialize certbot configuration
|
||||||
shell: |
|
shell: |
|
||||||
certbot certonly --standalone \
|
certbot certonly --standalone \
|
||||||
|
|
@ -48,6 +106,7 @@
|
||||||
-n >> /tmp/call
|
-n >> /tmp/call
|
||||||
when:
|
when:
|
||||||
- not item.stat.exists
|
- not item.stat.exists
|
||||||
|
- not some_cert_restored.changed
|
||||||
with_items: "{{ le_stat_checks.results }}"
|
with_items: "{{ le_stat_checks.results }}"
|
||||||
tags:
|
tags:
|
||||||
- certbot
|
- certbot
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue