copr/certbot: support certificate backup

2022-01-30 18:50:28 +01:00 · 2022-01-30 18:50:28 +01:00 · 9ce266360f
commit 9ce266360f
parent 23adf9ca69
2 changed files with 58 additions and 0 deletions
--- a/inventory/group_vars/copr_back_dev_aws
+++ b/inventory/group_vars/copr_back_dev_aws
@ -32,6 +32,8 @@ letsencrypt:
      domains:
        - copr-be-dev.cloud.fedoraproject.org
      mail: copr-devel@lists.fedorahosted.org
  backup_to: copr-be.aws.fedoraproject.org
  predefined_deploy_script: lighttpd
 # consumed by roles/messaging/base
 messaging:
--- a/roles/copr/certbot/tasks/letsencrypt.yml
+++ b/roles/copr/certbot/tasks/letsencrypt.yml
@ -1,3 +1,14 @@
 ---
 - set_fact:
    le_backup_certbot_files:
      - cert.pem
      - chain.pem
      - combined.pem
      - fullchain.pem
      - privkey.pem
    le_source_path: /etc/letsencrypt/live
    le_backup_path: /root/letsencrypt-cert-backup
 - name: install certbot package
  package: name=certbot state=present
@ -79,3 +90,48 @@
  when:
    - letsencrypt.predefined_deploy_script is defined
    - letsencrypt.predefined_deploy_script == 'lighttpd'
 - name: load certificate files into variables
  slurp:
    src: "{{ le_source_path }}/{{ item.0.0 }}/{{ item.1 }}"
  register: certbot_backup_files
  ignore_errors: true
  loop: "{{letsencrypt.certificates|dictsort|product(le_backup_certbot_files)|list}}"
  when:
    - letsencrypt.backup_to is defined
 - name: create the restore directory
  delegate_to: "{{ letsencrypt.backup_to }}"
  file:
    path: "{{ le_backup_path }}"
    owner: root
    group: root
    mode: 0700
    state: directory
  when:
    - letsencrypt.backup_to is defined
 - name: create the host restore directories
  delegate_to: "{{ letsencrypt.backup_to }}"
  file:
    owner: root
    group: root
    mode: 0700
    path: "{{ le_backup_path }}/{{ item.0 }}"
    state: directory
  loop: "{{ letsencrypt.certificates|dictsort }}"
  when:
    - letsencrypt.backup_to is defined
 - name: store files
  delegate_to: "{{ letsencrypt.backup_to }}"
  copy:
    dest: "{{ le_backup_path }}/{{ item.item.0.0 }}/{{ item.item.1 }}"
    owner: root
    group: root
    mode: 0600
    content: "{{ item.content | b64decode }}"
  when:
    - item.content is defined
  loop: "{{ certbot_backup_files.results }}"
  no_log: true