From 1d0ac8ba9d0b47a4754c8f2205233f662354e089 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Mon, 4 Feb 2019 19:13:45 +0100 Subject: [PATCH] restart mosquitto after tls renewal --- .drone.yml | 24 ++++++++++++++++++++++-- defaults/main.yml | 7 ------- tasks/tls.yml | 16 ++-------------- 3 files changed, 24 insertions(+), 23 deletions(-) diff --git a/.drone.yml b/.drone.yml index 289d224..53d816a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -10,7 +10,8 @@ steps: - pip install ansible ansible-later -q - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy - git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini - depends_on: [ clone ] + depends_on: + - clone - name: ansible-master image: python:2.7 @@ -19,4 +20,23 @@ steps: - pip install ansible ansible-later -q - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy - git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini - depends_on: [ clone ] + depends_on: + - clone + + - name: notify + image: plugins/matrix + settings: + homeserver: https://matrix.rknet.org + roomid: MtidqQXWWAtQcByBhH:rknet.org + template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}" + username: + from_secret: matrix_username + password: + from_secret: matrix_password + depends_on: + - ansible-latest + - ansible-master + when: + status: + - success + - failure diff --git a/defaults/main.yml b/defaults/main.yml index 56f4e7c..c49a335 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -46,13 +46,6 @@ mosquitto_tls_ciphers: - "!SSLv2" - "@STRENGTH" mosquitto_ca_path: /etc/pki/tls/certs/ -# You can deploy your certificates from a file or from content. -# If you enable mosquitto_tls_source_use_content you have to put the content of your cert files into -# mosquitto_tls_cert_path and mosquitto_tls_cert_path. -mosquitto_tls_source_use_content: False -# If you enable mosquitto_tls_source_use_files theses variables have to contain the path to your -# certificate files located on the ansible "master" host -mosquitto_tls_source_use_files: True mosquitto_tls_cert_source: mycert.pem mosquitto_tls_key_source: mykey.pem mosquitto_tls_cert_path: "{{ mosquitto_base_dir }}/tls/certs/mycert.pem" diff --git a/tasks/tls.yml b/tasks/tls.yml index 5aff4c5..dfd1cfb 100644 --- a/tasks/tls.yml +++ b/tasks/tls.yml @@ -11,7 +11,7 @@ - "{{ mosquitto_tls_cert_path | dirname }}" - "{{ mosquitto_tls_key_path | dirname }}" - - name: Copy certs and private key (file) + - name: Copy certs and private key copy: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -21,18 +21,6 @@ - { src: "{{ mosquitto_tls_cert_source }}", dest: '{{ mosquitto_tls_cert_path }}', mode: '0750' } loop_control: label: "{{ item.dest }}" - when: mosquitto_tls_source_use_files - - - name: Copy certs and private key (content) - copy: - content: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: "{{ mosquitto_tls_key_source }}", dest: '{{ mosquitto_tls_key_path }}', mode: '0600' } - - { src: "{{ mosquitto_tls_cert_source }}", dest: '{{ mosquitto_tls_cert_path }}', mode: '0750' } - loop_control: - label: "{{ item.dest }}" - when: mosquitto_tls_source_use_content + notify: __mosquitto_restart become: True become_user: root