Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Запрашиваем сертификат
- - name: Requesting ACME challenge
- acme_certificate:
- account_key_src: >-
- {{ keys_path + account_key.dir |
- default(account_key.name) + '/' + account_key.name + '.key' }}
- account_uri: "{{ acme_account.account_uri }}"
- acme_directory: "{{ item.acme_directory | default(acme_directory) }}"
- acme_version: 2
- chain_dest: >-
- {{ keys_path + item.dir | default(item.name | regex_replace('\*', '_'))
- + '/' + item.name | regex_replace('\*', '_') + '-chain.pem' }}
- challenge: "{{ item.challenge | default(challenge) }}"
- csr: >-
- {{ keys_path + item.dir | default(item.name | regex_replace('\*', '_'))
- + '/' + item.name | regex_replace('\*', '_') + '.csr' }}
- dest: >-
- {{ keys_path + item.dir | default(item.name | regex_replace('\*', '_'))
- + '/' + item.name | regex_replace('\*', '_') + '.pem' }}
- fullchain_dest: >-
- {{ keys_path + item.dir | default(item.name | regex_replace('\*', '_'))
- + '/' + item.name | regex_replace('\*', '_') + '-fullchain.pem' }}
- modify_account: no
- remaining_days: "{{ item.remaining_days | default(remaining_days) }}"
- terms_agreed: yes
- validate_certs: "{{ item.remaining_days | default(validate_certs) }}"
- loop: "{{ domains_certs }}"
- register: pending_challenges
- when: (item.state is undefined) or (item.state == 'present')
- # Вносим необходимыые изменения в ДНС
- - name: Creating challenge DNS entries for domains {{ ', '.join(domains) }} via Route53
- route53:
- state: present
- zone: >-
- {{ item.zone|default(((pending_challenges | json_query(query_filter)) |
- map(attribute='challenge_data_dns') | list | first | dict2items) |
- map(attribute='key') | join ('') |
- regex_replace('^(?:.*\\.|)([^.]+\\.[^.]+)$', '\\1')) }}
- record: >-
- {{ ((pending_challenges | json_query(query_filter)) |
- map(attribute='challenge_data_dns') | list | first | dict2items) |
- map(attribute='key') | join('') }}
- type: TXT
- ttl: 5
- value: >-
- {{ ((pending_challenges | json_query(query_filter)) |
- map(attribute='challenge_data_dns') | list | first | dict2items) |
- map(attribute='value') | list | first }}
- overwrite: true
- wait: true
- loop: "{{ domains_certs }}"
- vars:
- query_filter: 'results[?item.name==`{{ item.name }}`]'
- when: >-
- (item.state is undefined or item.state == 'present') and
- ((item.challenge is undefined and challenge == 'dns-01') or
- (item.challenge == 'dns-01'))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement