ISTI-ansible-roles
/
ansible-role-mysql
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ansible-role-mysql/tasks/mysql-letsencrypt.yml

62 lines
2.3 KiB
YAML
Raw Blame History

---
- name: mysql-letsencrypt | Manage the letsencrypt configuration
when: mysql_letsencrypt_certificates
tags: ['mysql', 'mariadb', 'letsencrypt', 'mysql_letsencrypt']
block:
- name: mysql-letsencrypt | Check if the letsencrypt certificates are in place
ansible.builtin.stat:
path: "{{ letsencrypt_acme_certs_dir }}/privkey"
register: letsencrypt_keyfile
- name: mysql-letsencrypt | Copy the letsencrypt certificate key into the right place
ansible.builtin.copy:
src: "{{ letsencrypt_acme_certs_dir }}/privkey"
dest: /var/lib/mysql/client-key.pem
owner: mysql
group: mysql
mode: "0400"
remote_src: true
force: true
when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool
notify: Restart mysql
- name: mysql-letsencrypt | Copy the letsencrypt public certificate into the right place
ansible.builtin.copy:
src: "{{ letsencrypt_acme_certs_dir }}/cert"
dest: "/var/lib/mysql/client-cert.pem"
owner: mysql
group: mysql
mode: "0444"
remote_src: true
force: true
when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool
notify: Restart mysql
- name: mysql-letsencrypt | Copy the letsencrypt CA certificate into the right place
ansible.builtin.copy:
src: "{{ letsencrypt_acme_certs_dir }}/fullchain"
dest: /var/lib/mysql/ca.pem
owner: mysql
group: mysql
mode: "0444"
remote_src: true
force: true
when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool
notify: Restart mysql
- name: mysql-letsencrypt | Create the acme hooks directory if it does not yet exist
ansible.builtin.file:
dest: "{{ letsencrypt_acme_sh_services_scripts_dir }}"
state: directory
owner: root
group: root
mode: "0750"
- name: mysql-letsencrypt | Install a script that fix the letsencrypt certificate for mysql and then reloads the service
ansible.builtin.copy:
src: letsencrypt-mysql-hook.sh
dest: "{{ letsencrypt_acme_sh_services_scripts_dir }}/mysql"
owner: root
group: root
mode: "4555"
View Git Blame Copy Permalink