26 lines
983 B
YAML
26 lines
983 B
YAML
# NOTE(ianw): this var set for the host by the
|
|
# letsencrypt-request-certs role; running this when empty would be a
|
|
# no-op but we might as well skip it if we know this host hasn't
|
|
# requested anything to actually create/renew.
|
|
- name: Check for prerun state
|
|
fail:
|
|
msg: "acme_txt_required is not defined; was letsencrypt-request-certs run?"
|
|
when: acme_txt_required is not defined
|
|
|
|
# acme_txt_keys is a list of tuples
|
|
#
|
|
# (key from letsencrypt_certs, required TXT record)
|
|
#
|
|
# So in words, we walk acme_txt_required and keep a list of the unique
|
|
# 0-values of each entry. This is then the keys from
|
|
# letsencrypt_certs that actually had updates; these are the only ones
|
|
# we need to do a renewal for.
|
|
- name: Generate list of changed certificates
|
|
set_fact:
|
|
acme_txt_changed: '{{ acme_txt_required|map("first")|list|unique }}'
|
|
|
|
- name: Include ACME renewal
|
|
include_tasks: acme.yaml
|
|
loop: "{{ query('dict', letsencrypt_certs) }}"
|
|
when: item.key in acme_txt_changed
|