From 792ececf6b450ad9588c45d0f4b8652e42145f3d Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 24 Oct 2023 23:43:20 +0200
Subject: x509: some daemons can't be reloaded and need to be restarted...

---
 roles/x509/selfsigned/cert/prepare/handlers/main.yml |  8 ++++++++
 roles/x509/selfsigned/cert/prepare/tasks/main.yml    | 12 +++++++++---
 2 files changed, 17 insertions(+), 3 deletions(-)

(limited to 'roles/x509/selfsigned')

diff --git a/roles/x509/selfsigned/cert/prepare/handlers/main.yml b/roles/x509/selfsigned/cert/prepare/handlers/main.yml
index 39f28f73..589d6dde 100644
--- a/roles/x509/selfsigned/cert/prepare/handlers/main.yml
+++ b/roles/x509/selfsigned/cert/prepare/handlers/main.yml
@@ -6,3 +6,11 @@
   service:
     name: "{{ x509_certificate_reload_service }}"
     state: reloaded
+
+- name: restart services for x509 certificates
+  loop: "{{ x509_certificate_restart_services | default([]) }}"
+  loop_control:
+    loop_var: x509_certificate_restart_service
+  service:
+    name: "{{ x509_certificate_restart_service }}"
+    state: restarted
diff --git a/roles/x509/selfsigned/cert/prepare/tasks/main.yml b/roles/x509/selfsigned/cert/prepare/tasks/main.yml
index a5ac8159..f71acec1 100644
--- a/roles/x509/selfsigned/cert/prepare/tasks/main.yml
+++ b/roles/x509/selfsigned/cert/prepare/tasks/main.yml
@@ -10,7 +10,9 @@
     mode: "{{ selfsigned_cert_config.mode | default('0700') }}"
     owner: "{{ selfsigned_cert_config.owner | default(omit) }}"
     group: "{{ selfsigned_cert_config.group | default(omit) }}"
-  notify: reload services for x509 certificates
+  notify:
+  - reload services for x509 certificates
+  - restart services for x509 certificates
 
 - name: generate key for selfsigned certificate
   openssl_privatekey:
@@ -20,7 +22,9 @@
     group: "{{ selfsigned_cert_config.key.group | default(omit) }}"
     type: "{{ selfsigned_cert_config.key.type | default(omit) }}"
     size: "{{ selfsigned_cert_config.key.size | default(omit) }}"
-  notify: reload services for x509 certificates
+  notify:
+  - reload services for x509 certificates
+  - restart services for x509 certificates
   register: _selfsigned_key_
 
 - name: generate csr for selfsigned certificate
@@ -74,7 +78,9 @@
     selfsigned_not_before: "{{ selfsigned_cert_config.cert.not_before | default(omit) }}"
     selfsigned_not_after: "{{ selfsigned_cert_config.cert.not_after | default(omit) }}"
     force: "{{ _selfsigned_cert_file_.stat.exists and (not _selfsigned_cert_info_.valid_at.renew_margin) }}"
-  notify: reload services for x509 certificates
+  notify:
+  - reload services for x509 certificates
+  - restart services for x509 certificates
   register: _selfsigned_cert_
 
 - name: export paths to certificate files
-- 
cgit v1.2.3