diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2023-10-24 23:43:20 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2023-10-24 23:43:20 +0200 |
| commit | 792ececf6b450ad9588c45d0f4b8652e42145f3d (patch) | |
| tree | 121e22f50e91a552a0067640024997d313c8c16a /roles/x509/uacme | |
| parent | add new role docker/registry (WIP) (diff) | |
x509: some daemons can't be reloaded and need to be restarted...
Diffstat (limited to 'roles/x509/uacme')
| -rw-r--r-- | roles/x509/uacme/cert/prepare/handlers/main.yml | 8 | ||||
| -rw-r--r-- | roles/x509/uacme/cert/prepare/tasks/main.yml | 16 | ||||
| -rw-r--r-- | roles/x509/uacme/cert/prepare/templates/updated.sh.j2 | 3 |
3 files changed, 23 insertions, 4 deletions
diff --git a/roles/x509/uacme/cert/prepare/handlers/main.yml b/roles/x509/uacme/cert/prepare/handlers/main.yml index f3bb86f7..d31a956a 100644 --- a/roles/x509/uacme/cert/prepare/handlers/main.yml +++ b/roles/x509/uacme/cert/prepare/handlers/main.yml @@ -10,3 +10,11 @@ service: name: "{{ x509_certificate_reload_service }}" state: reloaded + +- name: restart services for x509 certificates + loop: "{{ x509_certificate_restart_services | default([]) }}" + loop_control: + loop_var: x509_certificate_restart_service + service: + name: "{{ x509_certificate_restart_service }}" + state: restarted diff --git a/roles/x509/uacme/cert/prepare/tasks/main.yml b/roles/x509/uacme/cert/prepare/tasks/main.yml index c1420369..887f7355 100644 --- a/roles/x509/uacme/cert/prepare/tasks/main.yml +++ b/roles/x509/uacme/cert/prepare/tasks/main.yml @@ -12,7 +12,9 @@ group: "{{ uacme_cert_config.key.group | default(omit) }}" type: "{{ uacme_cert_config.key.type | default(omit) }}" size: "{{ uacme_cert_config.key.size | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: generate csr for uacme-controlled certificate community.crypto.openssl_csr: @@ -60,7 +62,9 @@ selfsigned_not_after: "{{ remote_datetime_now.stdout }}" return_content: yes register: uacme_cert_selfsigned - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: make sure cert-only file exists copy: @@ -69,7 +73,9 @@ mode: "{{ uacme_cert_config.cert.mode | default('0644') }}" owner: "{{ uacme_cert_config.cert.owner | default(omit) }}" group: "{{ uacme_cert_config.cert.group | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: make sure the chain file exists copy: @@ -78,7 +84,9 @@ mode: "{{ uacme_cert_config.cert.mode | default('0644') }}" owner: "{{ uacme_cert_config.cert.owner | default(omit) }}" group: "{{ uacme_cert_config.cert.group | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: export paths to certificate files set_fact: diff --git a/roles/x509/uacme/cert/prepare/templates/updated.sh.j2 b/roles/x509/uacme/cert/prepare/templates/updated.sh.j2 index e981fd0f..6d58c8c4 100644 --- a/roles/x509/uacme/cert/prepare/templates/updated.sh.j2 +++ b/roles/x509/uacme/cert/prepare/templates/updated.sh.j2 @@ -27,6 +27,9 @@ mv "{{ file.dest }}.new" "{{ file.dest }}" {% for service in (x509_certificate_reload_services | default([])) %} systemctl reload "{{ service }}.service" {% endfor %} +{% for service in (x509_certificate_restart_services | default([])) %} +systemctl restart "{{ service }}.service" +{% endfor %} {% if x509_certificate_renewal is defined and 'reload' in x509_certificate_renewal %} {{ x509_certificate_renewal.reload | trim }} |