ara | File #101: ...playbooks/roles/letsencrypt-create-certs/handlers/restart

Playbook #5

/home/zuul/src/opendev.org/opendev/system-config/playbooks/letsencrypt.yaml

Report

Status

CLI

Date

Duration

Controller

User

Versions

Hosts

Plays

Tasks

Results

Files

Records

Date
18 Jul 2025 20:47:32 +0000
Path
/home/zuul/src/opendev.org/opendev/system-config/playbooks/letsencrypt.yaml

Argument	Value
version	None
verbosity	1
private_key_file	None
remote_user	None
connection	smart
timeout	10
ssh_common_args	None
sftp_extra_args	None
scp_extra_args	None
ssh_extra_args	None
ask_pass	False
connection_password_file	None
force_handlers	False
flush_cache	False
become	False
become_method	sudo
become_user	None
become_ask_pass	False
become_password_file	None
tags	['all']
skip_tags	[]
check	False
diff	False
inventory	['/home/zuul/src/opendev.org/opendev/system-config/inventory/base/gate-hosts.yaml', '/home/zuul/src/opendev.org/opendev/system-config/inventory/service/groups.yaml', '/etc/ansible/hosts/gate-groups.yaml']
listhosts	False
subset	None
extra_vars	Not saved by ARA as configured by 'ignored_arguments'
vault_ids	[]
ask_vault_pass	False
vault_password_files	[]
forks	50
module_path	None
syntax	False
listtasks	False
listtags	False
step	False
start_at_task	None
args	['/home/zuul/src/opendev.org/opendev/system-config/playbooks/letsencrypt.yaml']

18 Jul 2025 20:47:32 +0000

00:00:24.78

bridge99.opendev.org

root

Ansible 2.15.13

ara 1.7.2 (client), 1.7.2 (server)

Python 3.10.12

check:False tags:all

File: /home/zuul/src/opendev.org/opendev/system-config/playbooks/roles/letsencrypt-create-certs/handlers/restart_gitea.yaml

- name: Ensure gitea cert directy exists
  file:
    state: directory
    path: "/var/gitea/certs"
    owner: 1000
    group: 1000

- name: Put key in place
  copy:
    remote_src: yes
    src: /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
    dest: /var/gitea/certs/key.pem
    owner: root
    group: root
    mode: '0644'

- name: Put cert in place
  copy:
    remote_src: yes
    # Gitea doesn't seem to accept separate ca chain and cert files.
    # I believe it wants a single combined file as per fullchain.cer.
    src: /etc/letsencrypt-certs/{{ inventory_hostname }}/fullchain.cer
    dest: /var/gitea/certs/cert.pem
    owner: root
    group: root
    mode: '0644'

- name: Check for running gitea
  command: pgrep -f gitea
  ignore_errors: yes
  register: gitea_pids

- name: Restart gitea if running
  when: gitea_pids.rc == 0
  block:
    - name: Restart gitea web
      shell:
        cmd: docker-compose restart gitea-web
        chdir: /etc/gitea-docker/

    - name: Wait for service to start and have valid users
      uri:
        url: "https://localhost:3000/api/v1/users/root"
        validate_certs: false
        status_code: 200, 404
      register: root_user_check
      delay: 1
      retries: 300
      until: root_user_check and root_user_check.status in (200, 404)