pagure: handle stunnel bundled cert in letsencrypt renews
This commit removes the old tasks to try and create a cert/intermediate bundle file for stunnel in favor of just doing it when we renew/get the cert. It also fixes stunnel to use the correct bundled cert. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
parent
ff51231e77
commit
d44bc3991c
4 changed files with 18 additions and 25 deletions
|
|
@ -47,6 +47,7 @@
|
|||
#
|
||||
- role: letsencrypt
|
||||
site_name: "stg.pagure.io"
|
||||
certbot_bundlehost: pagure02.fedoraproject.org
|
||||
server_aliases:
|
||||
- stg.pagure.io
|
||||
- docs.stg.pagure.org
|
||||
|
|
@ -58,6 +59,7 @@
|
|||
|
||||
- role: letsencrypt
|
||||
site_name: "pagure.io"
|
||||
certbot_bundlehost: pagure-stg01.fedoraproject.org
|
||||
server_aliases:
|
||||
- docs.pagure.org
|
||||
- lists.pagure.io
|
||||
|
|
|
|||
|
|
@ -135,3 +135,17 @@
|
|||
- letsencrypt
|
||||
delegate_to: "{{ certbot_addhost }}"
|
||||
when: certbot_addhost is defined
|
||||
|
||||
- name: Install certificate bundle
|
||||
copy: >
|
||||
dest=/etc/pki/tls/certs/{{site_name}}.bundle.cert
|
||||
content="{{certbot_chain.stdout}} {{certbot_certificate.stdout}}"
|
||||
owner=root
|
||||
group=root
|
||||
mode=0644
|
||||
notify:
|
||||
- reload stunnel
|
||||
tags:
|
||||
- letsencrypt
|
||||
delegate_to: "{{ certbot_bundlehost }}"
|
||||
when: certbot_bundlehost is defined
|
||||
|
|
|
|||
|
|
@ -214,29 +214,6 @@
|
|||
- pagure
|
||||
- stunnel
|
||||
|
||||
- name: ensure old stunnel init file is gone
|
||||
file: dest=/etc/init.d/stunnel/stunnel.init state=absent
|
||||
tags:
|
||||
- pagure
|
||||
- stunnel
|
||||
- config
|
||||
|
||||
- name: make a bundle file of the cert and intermediate for stunnel
|
||||
shell: cat /etc/pki/tls/certs/pagure.io.cert /etc/pki/tls/certs/pagure.io.intermediate.cert > /etc/pki/tls/certs/pagure.io.bundle.cert creates=/etc/pki/tls/certs/pagure.io.bundle.cert
|
||||
tags:
|
||||
- pagure
|
||||
- stunnel
|
||||
- config
|
||||
when: env != 'pagure-staging'
|
||||
|
||||
- name: make a bundle file of the cert and intermediate for stunnel (stg)
|
||||
shell: cat /etc/pki/tls/certs/stg.pagure.io.cert /etc/pki/tls/certs/stg.pagure.io.intermediate.cert > /etc/pki/tls/certs/stg.pagure.io.bundle.cert creates=/etc/pki/tls/certs/stg.pagure.io.bundle.cert
|
||||
tags:
|
||||
- pagure
|
||||
- stunnel
|
||||
- config
|
||||
when: env == 'pagure-staging'
|
||||
|
||||
- name: install stunnel.conf
|
||||
template: src={{ item.file }}
|
||||
dest={{ item.dest }}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{% if env == 'pagure-staging' %}
|
||||
cert = /etc/pki/tls/certs/stg.pagure.io.cert
|
||||
cert = /etc/pki/tls/certs/stg.pagure.io.bundle.cert
|
||||
key = /etc/pki/tls/private/stg.pagure.io.key
|
||||
{% else %}
|
||||
cert = /etc/pki/tls/certs/pagure.io.cert
|
||||
cert = /etc/pki/tls/certs/pagure.io.bundle.cert
|
||||
key = /etc/pki/tls/private/pagure.io.key
|
||||
{% endif %}
|
||||
pid = /var/run/stunnel.pid
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue