use venv to install certbot
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Robert Kaussow 2021-04-17 12:20:07 +02:00
parent 8acf3bd72c
commit d4e0a92b9d
No known key found for this signature in database
GPG Key ID: 65362AE74AF98B61
6 changed files with 67 additions and 23 deletions

View File

@ -1,9 +1,11 @@
---
# @var certbot_version:description: Set a fix version of the certbot package to install.
# @var certbot_version: $ "_unset_"
# @var certbot_packages_extra:description: Extra packages to install with pip (e.g. DNS plugins).
certbot_packages_extra: []
certbot_user: root
certbot_pip: "pip{{ ansible_python.version.major }}"
certbot_work_dir: /var/lib/letsencrypt
certbot_config_dir: /etc/letsencrypt
@ -34,11 +36,11 @@ certbot_command_arguments:
# @var certbot_cron_enabled:description: Enable scheduling via cron.
certbot_cron_enabled: True
certbot_cron_minute: "30"
certbot_cron_hour: "3"
# @var certbot_cron_file:description: Use a file under /etc/cron.d but this will only work if `certbot_user`
# has write permissions for this location.
# @var certbot_cron_file:description: >
# Use a file under /etc/cron.d but this will only work if `certbot_user` has write permissions for this location.
# @end
# @var certbot_cron_file: $ "_unset_"
# @var certbot_cron_file:example: certbot-letsencrypt
certbot_cron_minute: "30"
certbot_cron_hour: "3"

View File

@ -1,9 +1,6 @@
---
- name: Converge
hosts: all
vars:
certbot_pip: pip3
roles:
- role: xoxys.python3
- role: xoxys.certbot

View File

@ -10,11 +10,11 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def test_certbot_is_installed(host):
pkg = host.pip_package.get_packages(pip_path="pip3")
pkg = host.pip_package.get_packages(pip_path="/opt/python3/certbot/bin/pip")
assert "certbot" in pkg
def test_certbot_run(host):
cmd = host.run("~/.local/bin/certbot --help")
cmd = host.run("/usr/local/bin/certbot --help")
assert "Certbot can obtain and install HTTPS/TLS/SSL certificates." in cmd.stdout
assert cmd.succeeded

View File

@ -7,22 +7,57 @@
when: not certbot_user == 'root'
- block:
- name: Upgrade python dependencies
pip:
name: "{{ item }}"
virtualenv: /opt/python3/certbot
virtualenv_command: /usr/bin/python3 -m venv
extra_args: --upgrade
loop:
- pip
- setuptools
- name: Install dependencies
pip:
name: "{{ item }}"
extra_args: --user
executable: "{{ certbot_pip }}"
state: present
virtualenv: /opt/python3/certbot
virtualenv_command: /usr/bin/python3 -m venv
environment:
TMPDIR: /opt/python3/tmp
loop: "{{ certbot_packages_extra }}"
- name: Install certbot with pip
- name: Install certbot
pip:
name: "{{ item }}"
extra_args: --user
executable: "{{ certbot_pip }}"
state: present
virtualenv: /opt/python3/certbot
virtualenv_command: /usr/bin/python3 -m venv
loop: "{{ __certbot_packages }}"
- name: Adjust file permissions
file:
name: /opt/python3/certbot
recurse: True
mode: u+rwX,go+rX,go-w
state: directory
- name: Make certbot binaries executable
file:
name: "/opt/python3/certbot/bin/{{ item }}"
mode: 0755
loop: "{{ __certbot_binaries }}"
- name: Deploy certbot bin wrappers
template:
src: usr/local/bin/certbot-wrapper.j2
dest: "/usr/local/bin/{{ item }}"
owner: root
group: root
mode: 0755
loop: "{{ __certbot_binaries }}"
become: True
become_user: root
- block:
- name: Create certbot environment
file:
path: "{{ item.name }}"

View File

@ -0,0 +1,4 @@
#!/usr/bin/env sh
set -eo pipefail
exec /opt/python3/certbot/bin/{{ item }} "$@"

View File

@ -1,10 +1,16 @@
---
__certbot_packages:
- certbot
- "certbot{{ '==' + certbot_version if certbot_version is defined else '' }}"
__certbot_environment:
- { name: "{{ certbot_work_dir }}", mode: "0755" }
- { name: "{{ certbot_config_dir }}", mode: "0755" }
- { name: "{{ certbot_log_dir }}", mode: "0700" }
- name: "{{ certbot_work_dir }}"
mode: "0755"
- name: "{{ certbot_config_dir }}"
mode: "0755"
- name: "{{ certbot_log_dir }}"
mode: "0700"
__certbot_bin: "{{ '/root/.local/bin/certbot' if certbot_user == 'root' else '/home/' + certbot_user + '/.local/bin/certbot' }}"
__certbot_binaries:
- certbot
__certbot_bin: "/usr/local/bin/certbot"