opendev/system-config
Code Issues Proposed changes
014b3004c0
system-config/playbooks/roles/letsencrypt-install-txt-record
History
James E. Blair 2c03fb1e98 Handle offline hosts in LE role 
If a host is offline, Ansible will not have set the required txt
keys host variable for that host.  When the task to update the
dns master with new txt records runs, it will fail due to an
undefined variable:

  'ansible.vars.hostvars.HostVarsVars object' has no attribute 'acme_txt_required'

This supplies a default value so that in that case, the task may
proceed and other hosts will have their LE certs serviced.

Change-Id: I62efbe086d801d803b2f2c3223ece8f608c668a1
2020-01-08 10:21:53 -08:00
..
tasks Handle offline hosts in LE role 2020-01-08 10:21:53 -08:00
templates letsencrypt : use date call for serial number 2019-05-22 16:41:51 +10:00
README.rst letsencrypt support 2019-04-02 15:31:41 +11:00

README.rst

Install authentication records for letsencrypt

Install TXT records to the acme.opendev.org domain. This role runs only the adns server, and assumes ownership of the /var/lib/bind/zones/acme.opendev.org/zone.db file. After installation the nameserver is refreshed.

After this, letsencrypt-create-certs can run on each host to provision the certificates.

Role Variables

A global dictionary of TXT records to be installed. This is generated in a prior step on each host by the letsencrypt-request-certs role.