From 792ececf6b450ad9588c45d0f4b8652e42145f3d Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 24 Oct 2023 23:43:20 +0200
Subject: x509: some daemons can't be reloaded and need to be restarted...

---
 roles/x509/uacme/cert/prepare/handlers/main.yml       |  8 ++++++++
 roles/x509/uacme/cert/prepare/tasks/main.yml          | 16 ++++++++++++----
 roles/x509/uacme/cert/prepare/templates/updated.sh.j2 |  3 +++
 3 files changed, 23 insertions(+), 4 deletions(-)

(limited to 'roles/x509/uacme/cert')

diff --git a/roles/x509/uacme/cert/prepare/handlers/main.yml b/roles/x509/uacme/cert/prepare/handlers/main.yml
index f3bb86f7..d31a956a 100644
--- a/roles/x509/uacme/cert/prepare/handlers/main.yml
+++ b/roles/x509/uacme/cert/prepare/handlers/main.yml
@@ -10,3 +10,11 @@
   service:
     name: "{{ x509_certificate_reload_service }}"
     state: reloaded
+
+- name: restart services for x509 certificates
+  loop: "{{ x509_certificate_restart_services | default([]) }}"
+  loop_control:
+    loop_var: x509_certificate_restart_service
+  service:
+    name: "{{ x509_certificate_restart_service }}"
+    state: restarted
diff --git a/roles/x509/uacme/cert/prepare/tasks/main.yml b/roles/x509/uacme/cert/prepare/tasks/main.yml
index c1420369..887f7355 100644
--- a/roles/x509/uacme/cert/prepare/tasks/main.yml
+++ b/roles/x509/uacme/cert/prepare/tasks/main.yml
@@ -12,7 +12,9 @@
     group: "{{ uacme_cert_config.key.group | default(omit) }}"
     type: "{{ uacme_cert_config.key.type | default(omit) }}"
     size: "{{ uacme_cert_config.key.size | default(omit) }}"
-  notify: reload services for x509 certificates
+  notify:
+  - reload services for x509 certificates
+  - restart services for x509 certificates
 
 - name: generate csr for uacme-controlled certificate
   community.crypto.openssl_csr:
@@ -60,7 +62,9 @@
       selfsigned_not_after: "{{ remote_datetime_now.stdout }}"
       return_content: yes
     register: uacme_cert_selfsigned
-    notify: reload services for x509 certificates
+    notify:
+    - reload services for x509 certificates
+    - restart services for x509 certificates
 
   - name: make sure cert-only file exists
     copy:
@@ -69,7 +73,9 @@
       mode: "{{ uacme_cert_config.cert.mode | default('0644') }}"
       owner: "{{ uacme_cert_config.cert.owner | default(omit) }}"
       group: "{{ uacme_cert_config.cert.group | default(omit) }}"
-    notify: reload services for x509 certificates
+    notify:
+    - reload services for x509 certificates
+    - restart services for x509 certificates
 
   - name: make sure the chain file exists
     copy:
@@ -78,7 +84,9 @@
       mode: "{{ uacme_cert_config.cert.mode | default('0644') }}"
       owner: "{{ uacme_cert_config.cert.owner | default(omit) }}"
       group: "{{ uacme_cert_config.cert.group | default(omit) }}"
-    notify: reload services for x509 certificates
+    notify:
+    - reload services for x509 certificates
+    - restart services for x509 certificates
 
 - name: export paths to certificate files
   set_fact:
diff --git a/roles/x509/uacme/cert/prepare/templates/updated.sh.j2 b/roles/x509/uacme/cert/prepare/templates/updated.sh.j2
index e981fd0f..6d58c8c4 100644
--- a/roles/x509/uacme/cert/prepare/templates/updated.sh.j2
+++ b/roles/x509/uacme/cert/prepare/templates/updated.sh.j2
@@ -27,6 +27,9 @@ mv "{{ file.dest }}.new" "{{ file.dest }}"
 {% for service in (x509_certificate_reload_services | default([])) %}
 systemctl reload "{{ service }}.service"
 {% endfor %}
+{% for service in (x509_certificate_restart_services | default([])) %}
+systemctl restart "{{ service }}.service"
+{% endfor %}
 {% if x509_certificate_renewal is defined and 'reload' in x509_certificate_renewal %}
 
 {{ x509_certificate_renewal.reload | trim }}
-- 
cgit v1.2.3