5392f8a27c
This is the first step in managing the opendev.org cert with LE. We modify gitea01.opendev.org only to request the cert so that if this breaks the other 7 giteas can continue to serve opendev.org. When we are happy with the results we can merge the followup change to update the other 7 giteas. Depends-On: https://review.opendev.org/694182 Change-Id: I9587b8c2896975aa0148cc3d9b37f325a0be8970
50 lines
1.3 KiB
YAML
50 lines
1.3 KiB
YAML
- name: Ensure gitea cert directy exists
|
|
file:
|
|
state: directory
|
|
path: "/var/gitea/certs"
|
|
owner: 1000
|
|
group: 1000
|
|
|
|
- name: Put key in place
|
|
copy:
|
|
remote_src: yes
|
|
src: /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
|
|
dest: /var/gitea/certs/key.pem
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Put cert in place
|
|
copy:
|
|
remote_src: yes
|
|
# Gitea doesn't seem to accept separate ca chain and cert files.
|
|
# I believe it wants a single combined file as per fullchain.cer.
|
|
src: /etc/letsencrypt-certs/{{ inventory_hostname }}/fullchain.cer
|
|
dest: /var/gitea/certs/cert.pem
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Check for running gitea
|
|
command: pgrep -f gitea
|
|
ignore_errors: yes
|
|
register: gitea_pids
|
|
|
|
- name: Restart gitea if running
|
|
when: gitea_pids.rc == 0
|
|
block:
|
|
- name: Restart gitea web
|
|
shell:
|
|
cmd: docker-compose restart gitea-web
|
|
chdir: /etc/gitea-docker/
|
|
|
|
- name: Wait for service to start and have valid users
|
|
uri:
|
|
url: "https://localhost:3000/api/v1/users/root"
|
|
validate_certs: false
|
|
status_code: 200, 404
|
|
register: root_user_check
|
|
delay: 1
|
|
retries: 300
|
|
until: root_user_check and root_user_check.status in (200, 404)
|