]> git.apps.os.sepia.ceph.com Git - ceph-cm-ansible.git/commitdiff
projects / ceph-cm-ansible.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8425752)
public_facing: Changes to download.ceph.com crontab 321/head
authorDavid Galloway <dgallowa@redhat.com>
Mon, 19 Jun 2017 19:27:12 +0000 (15:27 -0400)
committerDavid Galloway <dgallowa@redhat.com>
Mon, 19 Jun 2017 19:37:29 +0000 (15:37 -0400)
Signed-off-by: David Galloway <dgallowa@redhat.com>
roles/public_facing/tasks/download.ceph.com.yml patch | blob | history

diff --git a/roles/public_facing/tasks/download.ceph.com.yml b/roles/public_facing/tasks/download.ceph.com.yml
index 0d2568fc3e937064564355600c7dfbfb80de76cc..632b31cc37bece03112ffe634cd269f36989156d 100644 (file)
--- a/roles/public_facing/tasks/download.ceph.com.yml
+++ b/roles/public_facing/tasks/download.ceph.com.yml
@@ -67,3 +67,31 @@
     name: "Update download.ceph.com/timestamp"
     minute: "0"
     job: "/usr/libexec/make_timestamp"
+
+- name: Cron entry for letsencrypt cert renewal
+  cron:
+    name: "Renew letsencrypt certificate"
+    minute: "0"
+    hour: "0"
+    day: "1,15"
+    job: "/usr/bin/letsencrypt renew >> /var/log/letsencrypt.log && service nginx reload"
+
+# Get letsencrypt authority server IPv4 address
+- local_action: shell dig -4 +short acme-v01.api.letsencrypt.org | tail -n 1
+  register: letsencrypt_ipv4_address
+
+# This task really only needs to be run the first time download.ceph.com is set up.
+# An entry matching *letsencrypt* in /etc/hosts is required for the cronjob in the next task however.
+- name: Create entry for letsencrypt authority server in /etc/hosts
+  lineinfile:
+    path: /etc/hosts
+    regexp: '(.*)letsencrypt(.*)'
+    line: '{{ letsencrypt_ipv4_address.stdout }}    acme-v01.api.letsencrypt.org'
+    state: present
+
+# 'letsencrypt renew' fails because it can't reach the letsencrypt authority server using IPv6
+- name: Create cron entry to force IPv4 connectivity to letsencrypt authority server
+  cron:
+    name: "Forces letsencrypt to use IPv4 when accessing acme-v01.api.letsencrypt.org"
+    hour: "0"
+    job: "IP=$(dig -4 +short acme-v01.api.letsencrypt.org | tail -n 1) && sed -i \"s/.*letsencrypt.*/$IP\tacme-v01.api.letsencrypt.org/g\" /etc/hosts"
Unnamed repository; edit this file 'description' to name the repository.