restart mosquitto after tls renewal
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Robert Kaussow 2019-02-04 19:13:45 +01:00
parent fb51a02eef
commit 1d0ac8ba9d
3 changed files with 24 additions and 23 deletions

View File

@ -10,7 +10,8 @@ steps:
- pip install ansible ansible-later -q - pip install ansible ansible-later -q
- git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
- git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini - git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini
depends_on: [ clone ] depends_on:
- clone
- name: ansible-master - name: ansible-master
image: python:2.7 image: python:2.7
@ -19,4 +20,23 @@ steps:
- pip install ansible ansible-later -q - pip install ansible ansible-later -q
- git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
- git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini - git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini
depends_on: [ clone ] depends_on:
- clone
- name: notify
image: plugins/matrix
settings:
homeserver: https://matrix.rknet.org
roomid: MtidqQXWWAtQcByBhH:rknet.org
template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
username:
from_secret: matrix_username
password:
from_secret: matrix_password
depends_on:
- ansible-latest
- ansible-master
when:
status:
- success
- failure

View File

@ -46,13 +46,6 @@ mosquitto_tls_ciphers:
- "!SSLv2" - "!SSLv2"
- "@STRENGTH" - "@STRENGTH"
mosquitto_ca_path: /etc/pki/tls/certs/ mosquitto_ca_path: /etc/pki/tls/certs/
# You can deploy your certificates from a file or from content.
# If you enable mosquitto_tls_source_use_content you have to put the content of your cert files into
# mosquitto_tls_cert_path and mosquitto_tls_cert_path.
mosquitto_tls_source_use_content: False
# If you enable mosquitto_tls_source_use_files theses variables have to contain the path to your
# certificate files located on the ansible "master" host
mosquitto_tls_source_use_files: True
mosquitto_tls_cert_source: mycert.pem mosquitto_tls_cert_source: mycert.pem
mosquitto_tls_key_source: mykey.pem mosquitto_tls_key_source: mykey.pem
mosquitto_tls_cert_path: "{{ mosquitto_base_dir }}/tls/certs/mycert.pem" mosquitto_tls_cert_path: "{{ mosquitto_base_dir }}/tls/certs/mycert.pem"

View File

@ -11,7 +11,7 @@
- "{{ mosquitto_tls_cert_path | dirname }}" - "{{ mosquitto_tls_cert_path | dirname }}"
- "{{ mosquitto_tls_key_path | dirname }}" - "{{ mosquitto_tls_key_path | dirname }}"
- name: Copy certs and private key (file) - name: Copy certs and private key
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
@ -21,18 +21,6 @@
- { src: "{{ mosquitto_tls_cert_source }}", dest: '{{ mosquitto_tls_cert_path }}', mode: '0750' } - { src: "{{ mosquitto_tls_cert_source }}", dest: '{{ mosquitto_tls_cert_path }}', mode: '0750' }
loop_control: loop_control:
label: "{{ item.dest }}" label: "{{ item.dest }}"
when: mosquitto_tls_source_use_files notify: __mosquitto_restart
- name: Copy certs and private key (content)
copy:
content: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: "{{ mosquitto_tls_key_source }}", dest: '{{ mosquitto_tls_key_path }}', mode: '0600' }
- { src: "{{ mosquitto_tls_cert_source }}", dest: '{{ mosquitto_tls_cert_path }}', mode: '0750' }
loop_control:
label: "{{ item.dest }}"
when: mosquitto_tls_source_use_content
become: True become: True
become_user: root become_user: root