Browse Source

website: transition to letsencrypt-nginx

keep-around/a0502162a67c3491a492243a563342847f142ce8
Loïc Dachary 3 years ago
parent
commit
443a470db5
Signed by: dachary GPG Key ID: 283AFA30CA7F55A4
  1. 4
      molecule/website/molecule.yml
  2. 1
      molecule/website/playbook.yml
  3. 4
      molecule/website/roles/website/tasks/website.yml
  4. 2
      molecule/website/roles/website/templates/update-website.sh.j2
  5. 8
      molecule/website/tests/test_website.py
  6. 36
      molecule/website/website-playbook.yml
  7. 1
      molecule/website/website_group_vars/all/domain.yml
  8. 1
      molecule/website/website_group_vars/all/production_domain.yml
  9. 1
      molecule/website/website_group_vars/all/with_fake_LE.yml
  10. 1
      molecule/website/website_group_vars/all/with_https.yml

4
molecule/website/molecule.yml

@ -15,10 +15,10 @@ provisioner:
lint:
name: ansible-lint
env:
ANSIBLE_ROLES_PATH: roles:../infrastructure/roles:../bind/roles:../icinga/roles:../jdauphant.nginx/roles:../certbot/roles
ANSIBLE_ROLES_PATH: roles:../infrastructure/roles:../bind/roles:../icinga/roles:../jdauphant.nginx/roles:../letsencrypt-nginx/roles
inventory:
links:
group_vars: website_group_vars
group_vars: ../../inventory/group_vars
host_vars: ../../inventory/host_vars
scenario:
name: website

1
molecule/website/playbook.yml

@ -1,5 +1,4 @@
---
- import_playbook: ../certs/certs-playbook.yml
- import_playbook: ../icinga/test-icinga-playbook.yml
- import_playbook: ../bind/bind-playbook.yml
- import_playbook: ../bind/bind-client-playbook.yml

4
molecule/website/roles/website/tasks/website.yml

@ -60,9 +60,9 @@
name: hugo
state: present
- name: /var/www/html is owned by debian
- name: /usr/share/nginx/html is owned by debian
file:
path: /var/www/html
path: /usr/share/nginx/html
state: directory
owner: debian

2
molecule/website/roles/website/templates/update-website.sh.j2

@ -13,4 +13,4 @@ git pull
git submodule sync
git submodule update --init --recursive
hugo --baseURL="https://{{ website_vhost_fqdn }}/"
rsync -av --delete public/ /var/www/html/
rsync -av --delete public/ /usr/share/nginx/html/

8
molecule/website/tests/test_website.py

@ -6,7 +6,7 @@ def test_website(host):
flock /tmp/update-website \
bash -x /srv/update-website.sh \
>> /var/log/update-website.log 2>&1
grep --quiet -i enough /var/www/html/index.html
grep --quiet -i enough /usr/share/nginx/html/index.html
""")
print(cmd.stdout)
print(cmd.stderr)
@ -23,3 +23,9 @@ def test_website(host):
print(cmd.stdout)
print(cmd.stderr)
assert 0 == cmd.rc
with host.sudo():
host.run("apt-get install -y curl")
assert host.run("curl -m 5 -I https://$(hostname -d)").rc == 0
assert host.run("curl -m 5 -I https://www.$(hostname -d)").rc == 0

36
molecule/website/website-playbook.yml

@ -1,28 +1,34 @@
---
- name: install website
hosts: website-host
become: true
roles:
- { role: website }
- role: jdauphant.nginx
vars:
nginx_sites:
default:
- |
listen 80;
server_name {{ website_vhost_fqdn }};
server_name www.{{ website_vhost_fqdn }};
root /var/www/html/;
- role: certbot
vars:
vhost_fqdn: "{{ website_vhost_fqdn }},www.{{ website_vhost_fqdn }}"
- role: monitor_http_vhost
http_vhost_name: Website
http_vhost_fqdn: "{{ website_vhost_fqdn }}"
http_vhost_uri: "/"
http_vhost_string: "Enough"
become: True
# the repetition of play is intentional to avoid a weird bug https://paste2.org/HtmME4EV
# it may be happening only with ansible 2.4
- name: install letsencrypt on {{ website_vhost_fqdn }}
hosts: website-host
become: true
roles:
- role: letsencrypt-nginx
vars:
letsencrypt_nginx_fqdn: "{{ website_vhost_fqdn }}"
- name: install letsencrypt on www.{{ website_vhost_fqdn }}
hosts: website-host
become: true
roles:
- role: letsencrypt-nginx
vars:
letsencrypt_nginx_fqdn: "www.{{ website_vhost_fqdn }}"

1
molecule/website/website_group_vars/all/domain.yml

@ -1 +0,0 @@
../../../../inventory/group_vars/all/domain.yml

1
molecule/website/website_group_vars/all/production_domain.yml

@ -1 +0,0 @@
../../../../inventory/group_vars/all/production_domain.yml

1
molecule/website/website_group_vars/all/with_fake_LE.yml

@ -1 +0,0 @@
with_fake_LE: true

1
molecule/website/website_group_vars/all/with_https.yml

@ -1 +0,0 @@
with_https: true
Loading…
Cancel
Save