June
f16f8697c2
Because of how Ansible local relative search paths work, the global "files" and "templates" directories need to be next to the playbooks. However its not intuitive to look into the "playbooks" directory to find the files and templates for a host. Therefore move them out of the "playbooks" directory into the root directory and add symlinks so everything still works. Similarly for local roles, they also need to be next to the playbooks. So for a nicer structure, move the "roles" directory out into the root directory as well and add a symlink so everything still works. Also see: https://docs.ansible.com/ansible/latest/playbook_guide/playbook_pathing.html#resolving-local-relative-paths https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html#storing-and-finding-roles
24 lines
1.1 KiB
YAML
24 lines
1.1 KiB
YAML
- name: get expiry date before
|
|
ansible.builtin.command: /usr/bin/openssl x509 -enddate -noout -in /etc/letsencrypt/live/{{ item }}/fullchain.pem
|
|
ignore_errors: true
|
|
become: true
|
|
changed_when: false
|
|
register: certbot__cert_expiry_before
|
|
|
|
- name: obtain the certificate using certbot
|
|
ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --standalone --http-01-port "{{ certbot__http_01_port }}" -d "{{ item }}"
|
|
become: true
|
|
changed_when: false
|
|
|
|
- name: get expiry date after
|
|
ansible.builtin.command: /usr/bin/openssl x509 -enddate -noout -in /etc/letsencrypt/live/{{ item }}/fullchain.pem
|
|
become: true
|
|
changed_when: false
|
|
register: certbot__cert_expiry_after
|
|
|
|
# Doesn't work anymore. Dunno why.
|
|
# TODO: Fix
|
|
# - name: potentially report changed
|
|
# ansible.builtin.debug:
|
|
# msg: "If this reports changed, then the certificate expiry date and therefore the certificate changed."
|
|
# changed_when: certbot__cert_expiry_before.stdout != certbot__cert_expiry_after.stdout
|