Merge "Fix haproxy Let's Encrypt SSL path"
This commit is contained in:
3 changed files with 14 additions and 8 deletions
@@ -75,14 +75,14 @@
--text
--rsa-key-size 4096
--email {{ haproxy_ssl_letsencrypt_email }}
--domains {{ external_lb_vip_address }}
--domains {{ haproxy_bind_external_lb_vip_address }}
{% if haproxy_ssl_letsencrypt_certbot_challenge == 'http-01' %}
--http-01-port {{ haproxy_ssl_letsencrypt_certbot_backend_port }}
--http-01-address {{ haproxy_ssl_letsencrypt_certbot_bind_address }}
{% endif %}
{{ haproxy_ssl_letsencrypt_setup_extra_params }}
args:
creates:"{{ haproxy_ssl_letsencrypt_config_path }}/{{ external_lb_vip_address }}/fullchain.pem"
creates:"{{ haproxy_ssl_letsencrypt_config_path }}/{{ haproxy_bind_external_lb_vip_address }}/fullchain.pem"
- name:Create certbot pre hook
template:
@@ -102,8 +102,10 @@
- name:Create new pem file for haproxy
assemble:
src:"{{ haproxy_ssl_letsencrypt_config_path }}/{{ external_lb_vip_address }}"
dest:"/etc/ssl/private/haproxy.pem"
src:"{{ haproxy_ssl_letsencrypt_config_path }}/{{ haproxy_bind_external_lb_vip_address }}"
dest:"{{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item ~ '.pem' }}"
regexp:'(privkey|fullchain).pem$'
with_items:
- "{{ [ haproxy_bind_external_lb_vip_address ] + extra_lb_tls_vip_addresses }}"
notify:
- Reload haproxy
@@ -5,7 +5,9 @@
--standalone \
--pre-hook "systemctl stop haproxy" \
cat /etc/letsencrypt/live/{{ external_lb_vip_address }}/{fullchain,privkey}.pem \
> /etc/ssl/private/haproxy.pem
{% for vip in [ haproxy_bind_external_lb_vip_address ] + extra_lb_tls_vip_addresses %}
cat /etc/letsencrypt/live/{{ haproxy_bind_external_lb_vip_address }}/{fullchain,privkey}.pem \
> {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ vip ~ '.pem' }}
{% endfor %}
systemctl reload haproxy
@@ -1,7 +1,9 @@
#!/bin/bash
# renew cert if required and copy to haproxy destination
cat /etc/letsencrypt/live/{{ external_lb_vip_address }}/{fullchain,privkey}.pem \
> /etc/ssl/private/haproxy.pem
{% for vip in [ haproxy_bind_external_lb_vip_address ] + extra_lb_tls_vip_addresses %}
cat /etc/letsencrypt/live/{{ haproxy_bind_external_lb_vip_address }}/{fullchain,privkey}.pem \
> {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ vip ~ '.pem' }}
{% endfor %}
systemctl reload haproxy
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.