acme.sh role
This commit is contained in:
parent
b3d3888518
commit
9dcdbdf983
4
host_vars/nabia.binary.kitchen
Normal file
4
host_vars/nabia.binary.kitchen
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
acme_san_domains:
|
||||||
|
- "librenms.binary.kitchen"
|
||||||
|
- "racktables.binary.kitchen"
|
10
roles/acme/defaults/main.yml
Normal file
10
roles/acme/defaults/main.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
acme_home: "/opt/acme"
|
||||||
|
acme_staging: False
|
||||||
|
|
||||||
|
acme_nsupdate_key: "/opt/acme/nsupdate.key"
|
||||||
|
acme_nsupdate_keyalgo: "hmac-sha512"
|
||||||
|
acme_nsupdate_server: "neon.binary-kitchen.net"
|
||||||
|
|
||||||
|
acme_sh_url: "https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh"
|
||||||
|
acme_dns_nsupdate_url: "https://raw.githubusercontent.com/Neilpang/acme.sh/master/dnsapi/dns_nsupdate.sh"
|
0
roles/acme/files/reload.sh
Executable file
0
roles/acme/files/reload.sh
Executable file
79
roles/acme/tasks/main.yml
Normal file
79
roles/acme/tasks/main.yml
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
---
|
||||||
|
- name: Create acme home directory
|
||||||
|
file:
|
||||||
|
path: "{{ acme_home }}"
|
||||||
|
state: "directory"
|
||||||
|
|
||||||
|
- name: Get nsupdate.key
|
||||||
|
shell: "pdnsutil list-tsig-keys | grep '^acme-{{ inventory_hostname }}. {{ acme_nsupdate_keyalgo }}'"
|
||||||
|
register: "pdns_nsupdate_key"
|
||||||
|
failed_when: "False"
|
||||||
|
changed_when: "False"
|
||||||
|
delegate_to: "{{ acme_nsupdate_server }}"
|
||||||
|
|
||||||
|
- name: Generate nsupdate.key
|
||||||
|
shell: "pdnsutil generate-tsig-key 'acme-{{ inventory_hostname }}.' '{{ acme_nsupdate_keyalgo }}'"
|
||||||
|
register: "pdns_nsupdate_genkey"
|
||||||
|
when: "pdns_nsupdate_key is defined and pdns_nsupdate_key.rc != 0"
|
||||||
|
delegate_to: "{{ acme_nsupdate_server }}"
|
||||||
|
|
||||||
|
- name: Get nsupdate.key again
|
||||||
|
shell: "pdnsutil list-tsig-keys | grep '^acme-{{ inventory_hostname }}. {{ acme_nsupdate_keyalgo }}'"
|
||||||
|
register: "pdns_nsupdate_key"
|
||||||
|
when: "pdns_nsupdate_genkey is defined"
|
||||||
|
changed_when: "False"
|
||||||
|
delegate_to: "{{ acme_nsupdate_server }}"
|
||||||
|
|
||||||
|
- name: Write nsupdate.key to file
|
||||||
|
template:
|
||||||
|
src: "nsupdate.key.j2"
|
||||||
|
dest: "{{ acme_nsupdate_key }}"
|
||||||
|
when: "pdns_nsupdate_key is defined"
|
||||||
|
|
||||||
|
- name: Check acme.sh exists
|
||||||
|
stat:
|
||||||
|
path: "{{ acme_home }}/acme.sh"
|
||||||
|
register: "stat_acme_sh"
|
||||||
|
|
||||||
|
- name: Fetch acme.sh
|
||||||
|
get_url:
|
||||||
|
url: "{{ acme_sh_url }}"
|
||||||
|
dest: "/tmp/acme.sh"
|
||||||
|
mode: "0755"
|
||||||
|
register: "fetch_acme_sh"
|
||||||
|
when: "not stat_acme_sh.stat.exists"
|
||||||
|
|
||||||
|
- name: Install acme.sh
|
||||||
|
shell: "./acme.sh --home '{{ acme_home }}' --install"
|
||||||
|
args:
|
||||||
|
chdir: "/tmp"
|
||||||
|
creates: "{{ acme_home }}/acme.sh"
|
||||||
|
when: "fetch_acme_sh is defined"
|
||||||
|
|
||||||
|
- name: Create acme dnsapi directory
|
||||||
|
file:
|
||||||
|
path: "{{ acme_home }}/dnsapi"
|
||||||
|
state: "directory"
|
||||||
|
|
||||||
|
- name: Fetch acme.sh dns_nsupdate
|
||||||
|
get_url:
|
||||||
|
url: "{{ acme_dns_nsupdate_url }}"
|
||||||
|
dest: "{{ acme_home }}/dnsapi/"
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Create acme certificate directory
|
||||||
|
file:
|
||||||
|
path: "{{ acme_home }}/{{ inventory_hostname }}"
|
||||||
|
state: "directory"
|
||||||
|
|
||||||
|
- name: Copy reload.sh
|
||||||
|
copy:
|
||||||
|
src: "reload.sh"
|
||||||
|
dest: "{{ acme_home }}/{{ inventory_hostname }}/reload.sh"
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Issue certificate
|
||||||
|
shell: "{{ lookup('template','acme.sh.request.j2').replace('\n',' ') }}"
|
||||||
|
args:
|
||||||
|
chdir: "{{ acme_home }}"
|
||||||
|
creates: "{{ acme_home }}/{{ inventory_hostname }}/{{ inventory_hostname }}.key"
|
19
roles/acme/templates/acme.sh.request.j2
Normal file
19
roles/acme/templates/acme.sh.request.j2
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
NSUPDATE_KEY="{{ acme_nsupdate_key }}"
|
||||||
|
NSUPDATE_SERVER="{{ acme_nsupdate_server }}"
|
||||||
|
"{{ acme_home }}/acme.sh"
|
||||||
|
--home "{{ acme_home }}"
|
||||||
|
--reloadCmd "{{ acme_home }}/{{ inventory_hostname }}/reload.sh"
|
||||||
|
--log
|
||||||
|
--issue
|
||||||
|
-k 4096
|
||||||
|
-d "{{ inventory_hostname }}"
|
||||||
|
--dns dns_nsupdate
|
||||||
|
{% if acme_san_domains is defined %}
|
||||||
|
{% for domain in acme_san_domains %}
|
||||||
|
-d "{{ domain }}"
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% if acme_staging is defined and acme_staging %}
|
||||||
|
--staging
|
||||||
|
{% endif %}
|
||||||
|
;
|
4
roles/acme/templates/nsupdate.key.j2
Normal file
4
roles/acme/templates/nsupdate.key.j2
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
key acme-{{ inventory_hostname }}. {
|
||||||
|
algorithm {{ acme_nsupdate_keyalgo }};
|
||||||
|
secret "{{ pdns_nsupdate_key.stdout.split(' ')[2] }}";
|
||||||
|
};
|
4
simulatepb.sh
Executable file → Normal file
4
simulatepb.sh
Executable file → Normal file
@ -1,4 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
export ANSIBLE_NOCOWS=1
|
|
||||||
test -e ./ansible.log && rm ./ansible.log
|
|
||||||
ansible-playbook site.yml --check --diff
|
|
Loading…
Reference in New Issue
Block a user