diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/docker/registry/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/x509/acmetool/cert/prepare/handlers/main.yml | 8 | ||||
-rw-r--r-- | roles/x509/acmetool/cert/prepare/tasks/main.yml | 4 | ||||
-rw-r--r-- | roles/x509/ownca/cert/prepare/handlers/main.yml | 8 | ||||
-rw-r--r-- | roles/x509/ownca/cert/prepare/tasks/main.yml | 12 | ||||
-rw-r--r-- | roles/x509/selfsigned/cert/prepare/handlers/main.yml | 8 | ||||
-rw-r--r-- | roles/x509/selfsigned/cert/prepare/tasks/main.yml | 12 | ||||
-rw-r--r-- | roles/x509/static/cert/prepare/handlers/main.yml | 8 | ||||
-rw-r--r-- | roles/x509/static/cert/prepare/tasks/main.yml | 24 | ||||
-rw-r--r-- | roles/x509/uacme/cert/prepare/handlers/main.yml | 8 | ||||
-rw-r--r-- | roles/x509/uacme/cert/prepare/tasks/main.yml | 16 | ||||
-rw-r--r-- | roles/x509/uacme/cert/prepare/templates/updated.sh.j2 | 3 |
12 files changed, 95 insertions, 18 deletions
diff --git a/roles/docker/registry/tasks/main.yml b/roles/docker/registry/tasks/main.yml index 70f0196c..d99a28d3 100644 --- a/roles/docker/registry/tasks/main.yml +++ b/roles/docker/registry/tasks/main.yml @@ -17,7 +17,7 @@ x509_certificate_name: "docker-registry" x509_certificate_hostnames: "{{ docker_registry_http_hostnames }}" x509_certificate_config: "{{ docker_registry_http_tls.certificate_config }}" - x509_certificate_reload_services: + x509_certificate_restart_services: - docker-registry include_role: name: "x509/{{ docker_registry_http_tls.certificate_provider }}/cert" diff --git a/roles/x509/acmetool/cert/prepare/handlers/main.yml b/roles/x509/acmetool/cert/prepare/handlers/main.yml index f3bb86f7..d31a956a 100644 --- a/roles/x509/acmetool/cert/prepare/handlers/main.yml +++ b/roles/x509/acmetool/cert/prepare/handlers/main.yml @@ -10,3 +10,11 @@ service: name: "{{ x509_certificate_reload_service }}" state: reloaded + +- name: restart services for x509 certificates + loop: "{{ x509_certificate_restart_services | default([]) }}" + loop_control: + loop_var: x509_certificate_restart_service + service: + name: "{{ x509_certificate_restart_service }}" + state: restarted diff --git a/roles/x509/acmetool/cert/prepare/tasks/main.yml b/roles/x509/acmetool/cert/prepare/tasks/main.yml index efba24e0..62f34d01 100644 --- a/roles/x509/acmetool/cert/prepare/tasks/main.yml +++ b/roles/x509/acmetool/cert/prepare/tasks/main.yml @@ -32,7 +32,9 @@ src: "../certs/{{ selfsigned_interim_cert_id }}" dest: "/var/lib/acme/live/{{ acme_missing_hostname }}" state: link - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: export paths to certificate files set_fact: diff --git a/roles/x509/ownca/cert/prepare/handlers/main.yml b/roles/x509/ownca/cert/prepare/handlers/main.yml index 39f28f73..589d6dde 100644 --- a/roles/x509/ownca/cert/prepare/handlers/main.yml +++ b/roles/x509/ownca/cert/prepare/handlers/main.yml @@ -6,3 +6,11 @@ service: name: "{{ x509_certificate_reload_service }}" state: reloaded + +- name: restart services for x509 certificates + loop: "{{ x509_certificate_restart_services | default([]) }}" + loop_control: + loop_var: x509_certificate_restart_service + service: + name: "{{ x509_certificate_restart_service }}" + state: restarted diff --git a/roles/x509/ownca/cert/prepare/tasks/main.yml b/roles/x509/ownca/cert/prepare/tasks/main.yml index 7f81d125..00d19c59 100644 --- a/roles/x509/ownca/cert/prepare/tasks/main.yml +++ b/roles/x509/ownca/cert/prepare/tasks/main.yml @@ -10,7 +10,9 @@ mode: "{{ ownca_cert_config.mode | default('0700') }}" owner: "{{ ownca_cert_config.owner | default(omit) }}" group: "{{ ownca_cert_config.group | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: generate key for ownca certificate openssl_privatekey: @@ -20,7 +22,9 @@ group: "{{ ownca_cert_config.key.group | default(omit) }}" type: "{{ ownca_cert_config.key.type | default(omit) }}" size: "{{ ownca_cert_config.key.size | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates register: _ownca_key_ - name: generate csr for ownca certificate @@ -75,7 +79,9 @@ ownca_not_before: "{{ ownca_cert_config.cert.not_before | default(omit) }}" ownca_not_after: "{{ ownca_cert_config.cert.not_after | default(omit) }}" force: "{{ _ownca_cert_file_.stat.exists and (not _ownca_cert_info_.valid_at.renew_margin) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates register: _ownca_cert_ - name: export paths to certificate files diff --git a/roles/x509/selfsigned/cert/prepare/handlers/main.yml b/roles/x509/selfsigned/cert/prepare/handlers/main.yml index 39f28f73..589d6dde 100644 --- a/roles/x509/selfsigned/cert/prepare/handlers/main.yml +++ b/roles/x509/selfsigned/cert/prepare/handlers/main.yml @@ -6,3 +6,11 @@ service: name: "{{ x509_certificate_reload_service }}" state: reloaded + +- name: restart services for x509 certificates + loop: "{{ x509_certificate_restart_services | default([]) }}" + loop_control: + loop_var: x509_certificate_restart_service + service: + name: "{{ x509_certificate_restart_service }}" + state: restarted diff --git a/roles/x509/selfsigned/cert/prepare/tasks/main.yml b/roles/x509/selfsigned/cert/prepare/tasks/main.yml index a5ac8159..f71acec1 100644 --- a/roles/x509/selfsigned/cert/prepare/tasks/main.yml +++ b/roles/x509/selfsigned/cert/prepare/tasks/main.yml @@ -10,7 +10,9 @@ mode: "{{ selfsigned_cert_config.mode | default('0700') }}" owner: "{{ selfsigned_cert_config.owner | default(omit) }}" group: "{{ selfsigned_cert_config.group | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: generate key for selfsigned certificate openssl_privatekey: @@ -20,7 +22,9 @@ group: "{{ selfsigned_cert_config.key.group | default(omit) }}" type: "{{ selfsigned_cert_config.key.type | default(omit) }}" size: "{{ selfsigned_cert_config.key.size | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates register: _selfsigned_key_ - name: generate csr for selfsigned certificate @@ -74,7 +78,9 @@ selfsigned_not_before: "{{ selfsigned_cert_config.cert.not_before | default(omit) }}" selfsigned_not_after: "{{ selfsigned_cert_config.cert.not_after | default(omit) }}" force: "{{ _selfsigned_cert_file_.stat.exists and (not _selfsigned_cert_info_.valid_at.renew_margin) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates register: _selfsigned_cert_ - name: export paths to certificate files diff --git a/roles/x509/static/cert/prepare/handlers/main.yml b/roles/x509/static/cert/prepare/handlers/main.yml index 39f28f73..589d6dde 100644 --- a/roles/x509/static/cert/prepare/handlers/main.yml +++ b/roles/x509/static/cert/prepare/handlers/main.yml @@ -6,3 +6,11 @@ service: name: "{{ x509_certificate_reload_service }}" state: reloaded + +- name: restart services for x509 certificates + loop: "{{ x509_certificate_restart_services | default([]) }}" + loop_control: + loop_var: x509_certificate_restart_service + service: + name: "{{ x509_certificate_restart_service }}" + state: restarted diff --git a/roles/x509/static/cert/prepare/tasks/main.yml b/roles/x509/static/cert/prepare/tasks/main.yml index 03df7542..e8848743 100644 --- a/roles/x509/static/cert/prepare/tasks/main.yml +++ b/roles/x509/static/cert/prepare/tasks/main.yml @@ -10,7 +10,9 @@ mode: "{{ static_cert_config.mode | default('0700') }}" owner: "{{ static_cert_config.owner | default(omit) }}" group: "{{ static_cert_config.group | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: install key for static certificate copy: @@ -19,7 +21,9 @@ mode: "{{ static_cert_config.key.mode | default('0600') }}" owner: "{{ static_cert_config.key.owner | default(omit) }}" group: "{{ static_cert_config.key.group | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: install static certificate copy: @@ -28,7 +32,9 @@ mode: "{{ static_cert_config.cert.mode | default('0644') }}" owner: "{{ static_cert_config.cert.owner | default(omit) }}" group: "{{ static_cert_config.cert.group | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: export paths to basic certificate files set_fact: @@ -46,7 +52,9 @@ mode: "{{ static_cert_config.chain.mode | default('0644') }}" owner: "{{ static_cert_config.chain.owner | default(omit) }}" group: "{{ static_cert_config.chain.group | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: install fullchain for static certificate copy: @@ -57,7 +65,9 @@ mode: "{{ static_cert_config.cert.mode | default('0644') }}" owner: "{{ static_cert_config.cert.owner | default(omit) }}" group: "{{ static_cert_config.cert.group | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: export paths to additional certificate files set_fact: @@ -74,7 +84,9 @@ file: path: "{{ static_cert_path }}/{{ static_cert_name }}-{{ item }}.pem" state: absent - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: make sure variable that points to the chain certificate file is unset set_fact: diff --git a/roles/x509/uacme/cert/prepare/handlers/main.yml b/roles/x509/uacme/cert/prepare/handlers/main.yml index f3bb86f7..d31a956a 100644 --- a/roles/x509/uacme/cert/prepare/handlers/main.yml +++ b/roles/x509/uacme/cert/prepare/handlers/main.yml @@ -10,3 +10,11 @@ service: name: "{{ x509_certificate_reload_service }}" state: reloaded + +- name: restart services for x509 certificates + loop: "{{ x509_certificate_restart_services | default([]) }}" + loop_control: + loop_var: x509_certificate_restart_service + service: + name: "{{ x509_certificate_restart_service }}" + state: restarted diff --git a/roles/x509/uacme/cert/prepare/tasks/main.yml b/roles/x509/uacme/cert/prepare/tasks/main.yml index c1420369..887f7355 100644 --- a/roles/x509/uacme/cert/prepare/tasks/main.yml +++ b/roles/x509/uacme/cert/prepare/tasks/main.yml @@ -12,7 +12,9 @@ group: "{{ uacme_cert_config.key.group | default(omit) }}" type: "{{ uacme_cert_config.key.type | default(omit) }}" size: "{{ uacme_cert_config.key.size | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: generate csr for uacme-controlled certificate community.crypto.openssl_csr: @@ -60,7 +62,9 @@ selfsigned_not_after: "{{ remote_datetime_now.stdout }}" return_content: yes register: uacme_cert_selfsigned - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: make sure cert-only file exists copy: @@ -69,7 +73,9 @@ mode: "{{ uacme_cert_config.cert.mode | default('0644') }}" owner: "{{ uacme_cert_config.cert.owner | default(omit) }}" group: "{{ uacme_cert_config.cert.group | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: make sure the chain file exists copy: @@ -78,7 +84,9 @@ mode: "{{ uacme_cert_config.cert.mode | default('0644') }}" owner: "{{ uacme_cert_config.cert.owner | default(omit) }}" group: "{{ uacme_cert_config.cert.group | default(omit) }}" - notify: reload services for x509 certificates + notify: + - reload services for x509 certificates + - restart services for x509 certificates - name: export paths to certificate files set_fact: diff --git a/roles/x509/uacme/cert/prepare/templates/updated.sh.j2 b/roles/x509/uacme/cert/prepare/templates/updated.sh.j2 index e981fd0f..6d58c8c4 100644 --- a/roles/x509/uacme/cert/prepare/templates/updated.sh.j2 +++ b/roles/x509/uacme/cert/prepare/templates/updated.sh.j2 @@ -27,6 +27,9 @@ mv "{{ file.dest }}.new" "{{ file.dest }}" {% for service in (x509_certificate_reload_services | default([])) %} systemctl reload "{{ service }}.service" {% endfor %} +{% for service in (x509_certificate_restart_services | default([])) %} +systemctl restart "{{ service }}.service" +{% endfor %} {% if x509_certificate_renewal is defined and 'reload' in x509_certificate_renewal %} {{ x509_certificate_renewal.reload | trim }} |