Clark Boylan 5392f8a27c Manage opendev.org cert with LE
This is the first step in managing the opendev.org cert with LE. We
modify gitea01.opendev.org only to request the cert so that if this
breaks the other 7 giteas can continue to serve opendev.org. When we are
happy with the results we can merge the followup change to update the
other 7 giteas.

Depends-On: https://review.opendev.org/694182
Change-Id: I9587b8c2896975aa0148cc3d9b37f325a0be8970
2019-11-18 12:07:10 -08:00

50 lines
1.3 KiB
YAML

- name: Ensure gitea cert directy exists
file:
state: directory
path: "/var/gitea/certs"
owner: 1000
group: 1000
- name: Put key in place
copy:
remote_src: yes
src: /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
dest: /var/gitea/certs/key.pem
owner: root
group: root
mode: '0644'
- name: Put cert in place
copy:
remote_src: yes
# Gitea doesn't seem to accept separate ca chain and cert files.
# I believe it wants a single combined file as per fullchain.cer.
src: /etc/letsencrypt-certs/{{ inventory_hostname }}/fullchain.cer
dest: /var/gitea/certs/cert.pem
owner: root
group: root
mode: '0644'
- name: Check for running gitea
command: pgrep -f gitea
ignore_errors: yes
register: gitea_pids
- name: Restart gitea if running
when: gitea_pids.rc == 0
block:
- name: Restart gitea web
shell:
cmd: docker-compose restart gitea-web
chdir: /etc/gitea-docker/
- name: Wait for service to start and have valid users
uri:
url: "https://localhost:3000/api/v1/users/root"
validate_certs: false
status_code: 200, 404
register: root_user_check
delay: 1
retries: 300
until: root_user_check and root_user_check.status in (200, 404)