summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/docker/registry/tasks/main.yml2
-rw-r--r--roles/x509/acmetool/cert/prepare/handlers/main.yml8
-rw-r--r--roles/x509/acmetool/cert/prepare/tasks/main.yml4
-rw-r--r--roles/x509/ownca/cert/prepare/handlers/main.yml8
-rw-r--r--roles/x509/ownca/cert/prepare/tasks/main.yml12
-rw-r--r--roles/x509/selfsigned/cert/prepare/handlers/main.yml8
-rw-r--r--roles/x509/selfsigned/cert/prepare/tasks/main.yml12
-rw-r--r--roles/x509/static/cert/prepare/handlers/main.yml8
-rw-r--r--roles/x509/static/cert/prepare/tasks/main.yml24
-rw-r--r--roles/x509/uacme/cert/prepare/handlers/main.yml8
-rw-r--r--roles/x509/uacme/cert/prepare/tasks/main.yml16
-rw-r--r--roles/x509/uacme/cert/prepare/templates/updated.sh.j23
12 files changed, 95 insertions, 18 deletions
diff --git a/roles/docker/registry/tasks/main.yml b/roles/docker/registry/tasks/main.yml
index 70f0196c..d99a28d3 100644
--- a/roles/docker/registry/tasks/main.yml
+++ b/roles/docker/registry/tasks/main.yml
@@ -17,7 +17,7 @@
x509_certificate_name: "docker-registry"
x509_certificate_hostnames: "{{ docker_registry_http_hostnames }}"
x509_certificate_config: "{{ docker_registry_http_tls.certificate_config }}"
- x509_certificate_reload_services:
+ x509_certificate_restart_services:
- docker-registry
include_role:
name: "x509/{{ docker_registry_http_tls.certificate_provider }}/cert"
diff --git a/roles/x509/acmetool/cert/prepare/handlers/main.yml b/roles/x509/acmetool/cert/prepare/handlers/main.yml
index f3bb86f7..d31a956a 100644
--- a/roles/x509/acmetool/cert/prepare/handlers/main.yml
+++ b/roles/x509/acmetool/cert/prepare/handlers/main.yml
@@ -10,3 +10,11 @@
service:
name: "{{ x509_certificate_reload_service }}"
state: reloaded
+
+- name: restart services for x509 certificates
+ loop: "{{ x509_certificate_restart_services | default([]) }}"
+ loop_control:
+ loop_var: x509_certificate_restart_service
+ service:
+ name: "{{ x509_certificate_restart_service }}"
+ state: restarted
diff --git a/roles/x509/acmetool/cert/prepare/tasks/main.yml b/roles/x509/acmetool/cert/prepare/tasks/main.yml
index efba24e0..62f34d01 100644
--- a/roles/x509/acmetool/cert/prepare/tasks/main.yml
+++ b/roles/x509/acmetool/cert/prepare/tasks/main.yml
@@ -32,7 +32,9 @@
src: "../certs/{{ selfsigned_interim_cert_id }}"
dest: "/var/lib/acme/live/{{ acme_missing_hostname }}"
state: link
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
- name: export paths to certificate files
set_fact:
diff --git a/roles/x509/ownca/cert/prepare/handlers/main.yml b/roles/x509/ownca/cert/prepare/handlers/main.yml
index 39f28f73..589d6dde 100644
--- a/roles/x509/ownca/cert/prepare/handlers/main.yml
+++ b/roles/x509/ownca/cert/prepare/handlers/main.yml
@@ -6,3 +6,11 @@
service:
name: "{{ x509_certificate_reload_service }}"
state: reloaded
+
+- name: restart services for x509 certificates
+ loop: "{{ x509_certificate_restart_services | default([]) }}"
+ loop_control:
+ loop_var: x509_certificate_restart_service
+ service:
+ name: "{{ x509_certificate_restart_service }}"
+ state: restarted
diff --git a/roles/x509/ownca/cert/prepare/tasks/main.yml b/roles/x509/ownca/cert/prepare/tasks/main.yml
index 7f81d125..00d19c59 100644
--- a/roles/x509/ownca/cert/prepare/tasks/main.yml
+++ b/roles/x509/ownca/cert/prepare/tasks/main.yml
@@ -10,7 +10,9 @@
mode: "{{ ownca_cert_config.mode | default('0700') }}"
owner: "{{ ownca_cert_config.owner | default(omit) }}"
group: "{{ ownca_cert_config.group | default(omit) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
- name: generate key for ownca certificate
openssl_privatekey:
@@ -20,7 +22,9 @@
group: "{{ ownca_cert_config.key.group | default(omit) }}"
type: "{{ ownca_cert_config.key.type | default(omit) }}"
size: "{{ ownca_cert_config.key.size | default(omit) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
register: _ownca_key_
- name: generate csr for ownca certificate
@@ -75,7 +79,9 @@
ownca_not_before: "{{ ownca_cert_config.cert.not_before | default(omit) }}"
ownca_not_after: "{{ ownca_cert_config.cert.not_after | default(omit) }}"
force: "{{ _ownca_cert_file_.stat.exists and (not _ownca_cert_info_.valid_at.renew_margin) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
register: _ownca_cert_
- name: export paths to certificate files
diff --git a/roles/x509/selfsigned/cert/prepare/handlers/main.yml b/roles/x509/selfsigned/cert/prepare/handlers/main.yml
index 39f28f73..589d6dde 100644
--- a/roles/x509/selfsigned/cert/prepare/handlers/main.yml
+++ b/roles/x509/selfsigned/cert/prepare/handlers/main.yml
@@ -6,3 +6,11 @@
service:
name: "{{ x509_certificate_reload_service }}"
state: reloaded
+
+- name: restart services for x509 certificates
+ loop: "{{ x509_certificate_restart_services | default([]) }}"
+ loop_control:
+ loop_var: x509_certificate_restart_service
+ service:
+ name: "{{ x509_certificate_restart_service }}"
+ state: restarted
diff --git a/roles/x509/selfsigned/cert/prepare/tasks/main.yml b/roles/x509/selfsigned/cert/prepare/tasks/main.yml
index a5ac8159..f71acec1 100644
--- a/roles/x509/selfsigned/cert/prepare/tasks/main.yml
+++ b/roles/x509/selfsigned/cert/prepare/tasks/main.yml
@@ -10,7 +10,9 @@
mode: "{{ selfsigned_cert_config.mode | default('0700') }}"
owner: "{{ selfsigned_cert_config.owner | default(omit) }}"
group: "{{ selfsigned_cert_config.group | default(omit) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
- name: generate key for selfsigned certificate
openssl_privatekey:
@@ -20,7 +22,9 @@
group: "{{ selfsigned_cert_config.key.group | default(omit) }}"
type: "{{ selfsigned_cert_config.key.type | default(omit) }}"
size: "{{ selfsigned_cert_config.key.size | default(omit) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
register: _selfsigned_key_
- name: generate csr for selfsigned certificate
@@ -74,7 +78,9 @@
selfsigned_not_before: "{{ selfsigned_cert_config.cert.not_before | default(omit) }}"
selfsigned_not_after: "{{ selfsigned_cert_config.cert.not_after | default(omit) }}"
force: "{{ _selfsigned_cert_file_.stat.exists and (not _selfsigned_cert_info_.valid_at.renew_margin) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
register: _selfsigned_cert_
- name: export paths to certificate files
diff --git a/roles/x509/static/cert/prepare/handlers/main.yml b/roles/x509/static/cert/prepare/handlers/main.yml
index 39f28f73..589d6dde 100644
--- a/roles/x509/static/cert/prepare/handlers/main.yml
+++ b/roles/x509/static/cert/prepare/handlers/main.yml
@@ -6,3 +6,11 @@
service:
name: "{{ x509_certificate_reload_service }}"
state: reloaded
+
+- name: restart services for x509 certificates
+ loop: "{{ x509_certificate_restart_services | default([]) }}"
+ loop_control:
+ loop_var: x509_certificate_restart_service
+ service:
+ name: "{{ x509_certificate_restart_service }}"
+ state: restarted
diff --git a/roles/x509/static/cert/prepare/tasks/main.yml b/roles/x509/static/cert/prepare/tasks/main.yml
index 03df7542..e8848743 100644
--- a/roles/x509/static/cert/prepare/tasks/main.yml
+++ b/roles/x509/static/cert/prepare/tasks/main.yml
@@ -10,7 +10,9 @@
mode: "{{ static_cert_config.mode | default('0700') }}"
owner: "{{ static_cert_config.owner | default(omit) }}"
group: "{{ static_cert_config.group | default(omit) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
- name: install key for static certificate
copy:
@@ -19,7 +21,9 @@
mode: "{{ static_cert_config.key.mode | default('0600') }}"
owner: "{{ static_cert_config.key.owner | default(omit) }}"
group: "{{ static_cert_config.key.group | default(omit) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
- name: install static certificate
copy:
@@ -28,7 +32,9 @@
mode: "{{ static_cert_config.cert.mode | default('0644') }}"
owner: "{{ static_cert_config.cert.owner | default(omit) }}"
group: "{{ static_cert_config.cert.group | default(omit) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
- name: export paths to basic certificate files
set_fact:
@@ -46,7 +52,9 @@
mode: "{{ static_cert_config.chain.mode | default('0644') }}"
owner: "{{ static_cert_config.chain.owner | default(omit) }}"
group: "{{ static_cert_config.chain.group | default(omit) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
- name: install fullchain for static certificate
copy:
@@ -57,7 +65,9 @@
mode: "{{ static_cert_config.cert.mode | default('0644') }}"
owner: "{{ static_cert_config.cert.owner | default(omit) }}"
group: "{{ static_cert_config.cert.group | default(omit) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
- name: export paths to additional certificate files
set_fact:
@@ -74,7 +84,9 @@
file:
path: "{{ static_cert_path }}/{{ static_cert_name }}-{{ item }}.pem"
state: absent
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
- name: make sure variable that points to the chain certificate file is unset
set_fact:
diff --git a/roles/x509/uacme/cert/prepare/handlers/main.yml b/roles/x509/uacme/cert/prepare/handlers/main.yml
index f3bb86f7..d31a956a 100644
--- a/roles/x509/uacme/cert/prepare/handlers/main.yml
+++ b/roles/x509/uacme/cert/prepare/handlers/main.yml
@@ -10,3 +10,11 @@
service:
name: "{{ x509_certificate_reload_service }}"
state: reloaded
+
+- name: restart services for x509 certificates
+ loop: "{{ x509_certificate_restart_services | default([]) }}"
+ loop_control:
+ loop_var: x509_certificate_restart_service
+ service:
+ name: "{{ x509_certificate_restart_service }}"
+ state: restarted
diff --git a/roles/x509/uacme/cert/prepare/tasks/main.yml b/roles/x509/uacme/cert/prepare/tasks/main.yml
index c1420369..887f7355 100644
--- a/roles/x509/uacme/cert/prepare/tasks/main.yml
+++ b/roles/x509/uacme/cert/prepare/tasks/main.yml
@@ -12,7 +12,9 @@
group: "{{ uacme_cert_config.key.group | default(omit) }}"
type: "{{ uacme_cert_config.key.type | default(omit) }}"
size: "{{ uacme_cert_config.key.size | default(omit) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
- name: generate csr for uacme-controlled certificate
community.crypto.openssl_csr:
@@ -60,7 +62,9 @@
selfsigned_not_after: "{{ remote_datetime_now.stdout }}"
return_content: yes
register: uacme_cert_selfsigned
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
- name: make sure cert-only file exists
copy:
@@ -69,7 +73,9 @@
mode: "{{ uacme_cert_config.cert.mode | default('0644') }}"
owner: "{{ uacme_cert_config.cert.owner | default(omit) }}"
group: "{{ uacme_cert_config.cert.group | default(omit) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
- name: make sure the chain file exists
copy:
@@ -78,7 +84,9 @@
mode: "{{ uacme_cert_config.cert.mode | default('0644') }}"
owner: "{{ uacme_cert_config.cert.owner | default(omit) }}"
group: "{{ uacme_cert_config.cert.group | default(omit) }}"
- notify: reload services for x509 certificates
+ notify:
+ - reload services for x509 certificates
+ - restart services for x509 certificates
- name: export paths to certificate files
set_fact:
diff --git a/roles/x509/uacme/cert/prepare/templates/updated.sh.j2 b/roles/x509/uacme/cert/prepare/templates/updated.sh.j2
index e981fd0f..6d58c8c4 100644
--- a/roles/x509/uacme/cert/prepare/templates/updated.sh.j2
+++ b/roles/x509/uacme/cert/prepare/templates/updated.sh.j2
@@ -27,6 +27,9 @@ mv "{{ file.dest }}.new" "{{ file.dest }}"
{% for service in (x509_certificate_reload_services | default([])) %}
systemctl reload "{{ service }}.service"
{% endfor %}
+{% for service in (x509_certificate_restart_services | default([])) %}
+systemctl restart "{{ service }}.service"
+{% endfor %}
{% if x509_certificate_renewal is defined and 'reload' in x509_certificate_renewal %}
{{ x509_certificate_renewal.reload | trim }}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 06:39:15 +0000