copr/certbot: restore certs from a batcave dir
https://pagure.io/fedora-infrastructure/issue/10512
This commit is contained in:
Pavel Raiskup
parent
ffaaf2e74c
commit
a6585dc6ed
1 changed files with 52 additions and 0 deletions
|
|
@ -1,4 +1,11 @@
|
||||||
---
|
---
|
||||||
|
- set_fact:
|
||||||
|
le_source_path: /etc/letsencrypt
|
||||||
|
# https://pagure.io/fedora-infrastructure/issue/10524
|
||||||
|
le_backup_path: /srv/certbot-certs
|
||||||
|
tags:
|
||||||
|
- certbot
|
||||||
|
|
||||||
- name: install certbot package
|
- name: install certbot package
|
||||||
package: name=certbot state=present
|
package: name=certbot state=present
|
||||||
tags:
|
tags:
|
||||||
|
|
@ -25,6 +32,26 @@
|
||||||
tags:
|
tags:
|
||||||
- certbot
|
- certbot
|
||||||
|
|
||||||
|
- name: check if we already have the backup
|
||||||
|
delegate_to: localhost
|
||||||
|
stat:
|
||||||
|
path: "{{ le_backup_path }}/{{ letsencrypt.certificates|dictsort[0][0] }}"
|
||||||
|
register: le_stat_backup_dir
|
||||||
|
tags:
|
||||||
|
- certbot
|
||||||
|
|
||||||
|
- name: restore the certificates from backup (backed up on batcave)
|
||||||
|
synchronize:
|
||||||
|
src: "{{ le_backup_path }}/{{ letsencrypt.certificates|dictsort[0][0] }}"
|
||||||
|
dest: "{{ le_source_path }}"
|
||||||
|
mode: push
|
||||||
|
tags:
|
||||||
|
- certbot
|
||||||
|
when:
|
||||||
|
- not le_stat_checks.results[0].stat.exists
|
||||||
|
- le_stat_backup_dir.stat.exists
|
||||||
|
register: some_cert_restored
|
||||||
|
|
||||||
- name: initialize certbot configuration
|
- name: initialize certbot configuration
|
||||||
shell: |
|
shell: |
|
||||||
certbot certonly --standalone \
|
certbot certonly --standalone \
|
||||||
|
|
@ -36,6 +63,7 @@
|
||||||
-n >> /tmp/call
|
-n >> /tmp/call
|
||||||
when:
|
when:
|
||||||
- not item.stat.exists
|
- not item.stat.exists
|
||||||
|
- not some_cert_restored.changed
|
||||||
with_items: "{{ le_stat_checks.results }}"
|
with_items: "{{ le_stat_checks.results }}"
|
||||||
tags:
|
tags:
|
||||||
- certbot
|
- certbot
|
||||||
|
|
@ -99,3 +127,27 @@
|
||||||
- letsencrypt.predefined_deploy_script == 'lighttpd'
|
- letsencrypt.predefined_deploy_script == 'lighttpd'
|
||||||
tags:
|
tags:
|
||||||
- certbot
|
- certbot
|
||||||
|
|
||||||
|
- name: prepare the certbot backup directory on batcave
|
||||||
|
delegate_to: localhost
|
||||||
|
file:
|
||||||
|
path: "{{ le_backup_path }}"
|
||||||
|
# nobody, except for root, can step into this directory (on batcave)
|
||||||
|
mode: 0700
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
state: directory
|
||||||
|
tags:
|
||||||
|
certbot
|
||||||
|
|
||||||
|
- name: backup the letsencrypt data files to backup host
|
||||||
|
synchronize:
|
||||||
|
src: "{{ le_source_path }}"
|
||||||
|
dest: "{{ le_backup_path }}/{{ item.key }}"
|
||||||
|
mode: pull
|
||||||
|
delegate_to: "{{ letsencrypt.backup_to }}"
|
||||||
|
with_dict: "{{ letsencrypt.certificates }}"
|
||||||
|
when:
|
||||||
|
- letsencrypt.backup_to is defined
|
||||||
|
tags:
|
||||||
|
- certbot
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue