reworked letsencrypt to use docker containers instead of certbot on the host.

2017-10-02 06:32:53 -04:00
parent de1e0d66c3
commit 92950ffd2d
57 changed files with 632 additions and 198 deletions
--- a/roles/certbot/tasks/install.yml
+++ b/roles/certbot/tasks/install.yml
@@ -0,0 +1,33 @@
+---
+# main task for installing Let's Encrypt's certbot tool
+# https://certbot.eff.org/#ubuntuxenial-other
+
+- name: install certbot on ubuntu 16.04
+  apt:
+    state: latest
+    package: "{{ item }}"
+    update_cache: yes
+    cache_valid_time: 3600
+  with_items:
+    - "letsencrypt"
+  when: ansible_os_family == "Debian"
+
+- name: create webroot /var/www/xai-corp.net
+  file:
+    state: directory
+    path: /var/www/xai-corp.net
+
+#- name: create first certificates
+#  command: "letsencrypt certonly --webroot -w /var/www/xai-corp.net -d {{ item }}"
+#  args:
+#    creates: /etc/letsencrypt/live/{{ item }}/cert.pem
+#  with_items: "{{certbot.domains}}"
+
+
+- name: cron job for renewing certs
+  cron:
+    name: renew let's encrypt certificates
+    state: absent
+    user: root
+    day: "*/2"
+    job: "letsencrypt renew "
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@@ -1,33 +1,10 @@
 ---
-# main task for installing Let's Encrypt's certbot tool
-# https://certbot.eff.org/#ubuntuxenial-other
-
- name: install certbot on ubuntu 16.04
-  apt:
-    state: latest
-    package: "{{ item }}"
-    update_cache: yes
-    cache_valid_time: 3600
-  with_items:
-    - "letsencrypt"
-  when: ansible_os_family == "Debian"
-
- name: create webroot /var/www/xai-corp.net
-  file:
-    state: directory
-    path: /var/www/xai-corp.net
-
- name: create first certificates
-  command: "letsencrypt certonly --webroot -w /var/www/xai-corp.net -d {{ item }}"
-  args:
-    creates: /etc/letsencrypt/live/{{ item }}/cert.pem
-  with_items: "{{certbot.domains}}"
+# main install certbot
+# deprecated. Use container instead


- name: cron job for renewing certs
-  cron:
-    name: renew let's encrypt certificates
-    state: present
-    user: root
-    day: "*/2"
-    job: "letsencrypt renew "
+- include: install.yml
+  when: certbot.uninstall != true
+
+- include: uninstall.yml
+  when: certbot.uninstall == true
--- a/roles/certbot/tasks/uninstall.yml
+++ b/roles/certbot/tasks/uninstall.yml
@@ -0,0 +1,26 @@
+---
+# uninstall certbot
+
+- name: uninstall certbot on ubuntu 16.04
+  apt:
+    state: absent
+    package: "{{ item }}"
+    update_cache: yes
+    cache_valid_time: 3600
+  with_items:
+    - "letsencrypt"
+    - "nginx"
+  when: ansible_os_family == "Debian"
+
+- name: remove webroot /var/www/xai-corp.net
+  file:
+    state: absent
+    path: /var/www/xai-corp.net
+
+- name: remove cron job for renewing certs
+  cron:
+    name: renew let's encrypt certificates
+    state: absent
+    user: root
+    day: "*/2"
+    job: "letsencrypt renew "
--- a/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
+++ b/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
@@ -56,3 +56,4 @@ sql                     IN CNAME    dkhost
 mysql                   IN CNAME    dkhost
 tripbuilder             IN CNAME    dkhost
 xaibox                  IN CNAME    dkhost
+office                  IN CNAME    dkhost