ansible/xoxys.certbot
1
0
Fork 0
Code Issues Pull Requests Releases Activity

use venv to install certbot
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Robert Kaussow 2021-04-17 12:20:07 +02:00
parent 8acf3bd72c
commit d4e0a92b9d
No known key found for this signature in database
GPG Key ID: 65362AE74AF98B61
6 changed files with 67 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
defaults/main.yml
View File

@ -1,9 +1,11 @@
--- ---
# @var certbot_version:description: Set a fix version of the certbot package to install.
# @var certbot_version: $ "_unset_"
# @var certbot_packages_extra:description: Extra packages to install with pip (e.g. DNS plugins). # @var certbot_packages_extra:description: Extra packages to install with pip (e.g. DNS plugins).
certbot_packages_extra: [] certbot_packages_extra: []
certbot_user: root certbot_user: root
certbot_pip: "pip{{ ansible_python.version.major }}"
certbot_work_dir: /var/lib/letsencrypt certbot_work_dir: /var/lib/letsencrypt
certbot_config_dir: /etc/letsencrypt certbot_config_dir: /etc/letsencrypt
@ -34,11 +36,11 @@ certbot_command_arguments:
# @var certbot_cron_enabled:description: Enable scheduling via cron. # @var certbot_cron_enabled:description: Enable scheduling via cron.
certbot_cron_enabled: True certbot_cron_enabled: True
certbot_cron_minute: "30" # @var certbot_cron_file:description: >
certbot_cron_hour: "3" # Use a file under /etc/cron.d but this will only work if `certbot_user` has write permissions for this location.
# @var certbot_cron_file:description: Use a file under /etc/cron.d but this will only work if `certbot_user`
# has write permissions for this location.
# @end # @end
# @var certbot_cron_file: $ "_unset_" # @var certbot_cron_file: $ "_unset_"
# @var certbot_cron_file:example: certbot-letsencrypt # @var certbot_cron_file:example: certbot-letsencrypt
certbot_cron_minute: "30"
certbot_cron_hour: "3"

3
molecule/centos7/converge.yml
View File

@ -1,9 +1,6 @@
--- ---
- name: Converge - name: Converge
hosts: all hosts: all
vars:
certbot_pip: pip3
roles: roles:
- role: xoxys.python3 - role: xoxys.python3
- role: xoxys.certbot - role: xoxys.certbot

4
molecule/centos7/tests/test_default.py
View File

@ -10,11 +10,11 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def test_certbot_is_installed(host): def test_certbot_is_installed(host):
pkg = host.pip_package.get_packages(pip_path="pip3") pkg = host.pip_package.get_packages(pip_path="/opt/python3/certbot/bin/pip")
assert "certbot" in pkg assert "certbot" in pkg
def test_certbot_run(host): def test_certbot_run(host):
cmd = host.run("~/.local/bin/certbot --help") cmd = host.run("/usr/local/bin/certbot --help")
assert "Certbot can obtain and install HTTPS/TLS/SSL certificates." in cmd.stdout assert "Certbot can obtain and install HTTPS/TLS/SSL certificates." in cmd.stdout
assert cmd.succeeded assert cmd.succeeded

49
tasks/install.yml
View File

@ -7,22 +7,57 @@
when: not certbot_user == 'root' when: not certbot_user == 'root'
- block: - block:
- name: Upgrade python dependencies
pip:
name: "{{ item }}"
virtualenv: /opt/python3/certbot
virtualenv_command: /usr/bin/python3 -m venv
extra_args: --upgrade
loop:
- pip
- setuptools
- name: Install dependencies - name: Install dependencies
pip: pip:
name: "{{ item }}" name: "{{ item }}"
extra_args: --user virtualenv: /opt/python3/certbot
executable: "{{ certbot_pip }}" virtualenv_command: /usr/bin/python3 -m venv
state: present environment:
TMPDIR: /opt/python3/tmp
loop: "{{ certbot_packages_extra }}" loop: "{{ certbot_packages_extra }}"
- name: Install certbot with pip - name: Install certbot
pip: pip:
name: "{{ item }}" name: "{{ item }}"
extra_args: --user virtualenv: /opt/python3/certbot
executable: "{{ certbot_pip }}" virtualenv_command: /usr/bin/python3 -m venv
state: present
loop: "{{ __certbot_packages }}" loop: "{{ __certbot_packages }}"
- name: Adjust file permissions
file:
name: /opt/python3/certbot
recurse: True
mode: u+rwX,go+rX,go-w
state: directory
- name: Make certbot binaries executable
file:
name: "/opt/python3/certbot/bin/{{ item }}"
mode: 0755
loop: "{{ __certbot_binaries }}"
- name: Deploy certbot bin wrappers
template:
src: usr/local/bin/certbot-wrapper.j2
dest: "/usr/local/bin/{{ item }}"
owner: root
group: root
mode: 0755
loop: "{{ __certbot_binaries }}"
become: True
become_user: root
- block:
- name: Create certbot environment - name: Create certbot environment
file: file:
path: "{{ item.name }}" path: "{{ item.name }}"

4
templates/usr/local/bin/certbot-wrapper.j2 Normal file
View File

@ -0,0 +1,4 @@
#!/usr/bin/env sh
set -eo pipefail
exec /opt/python3/certbot/bin/{{ item }} "$@"

16
vars/main.yml
View File

@ -1,10 +1,16 @@
--- ---
__certbot_packages: __certbot_packages:
- certbot - "certbot{{ '==' + certbot_version if certbot_version is defined else '' }}"
__certbot_environment: __certbot_environment:
- { name: "{{ certbot_work_dir }}", mode: "0755" } - name: "{{ certbot_work_dir }}"
- { name: "{{ certbot_config_dir }}", mode: "0755" } mode: "0755"
- { name: "{{ certbot_log_dir }}", mode: "0700" } - name: "{{ certbot_config_dir }}"
mode: "0755"
- name: "{{ certbot_log_dir }}"
mode: "0700"
__certbot_bin: "{{ '/root/.local/bin/certbot' if certbot_user == 'root' else '/home/' + certbot_user + '/.local/bin/certbot' }}" __certbot_binaries:
- certbot
__certbot_bin: "/usr/local/bin/certbot"