Playbook #5

/home/zuul/src/opendev.org/opendev/system-config/playbooks/letsencrypt.yaml

Report Status CLI Date Duration Controller User Versions Hosts Plays Tasks Results Files Records
18 Jul 2025 20:47:32 +0000 00:00:24.78 bridge99.opendev.org root Ansible 2.15.13 ara 1.7.2 (client), 1.7.2 (server) Python 3.10.12 2 5 47 47 33 0
check:False tags:all

File: /home/zuul/src/opendev.org/opendev/system-config/playbooks/roles/letsencrypt-request-certs/tasks/main.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
- set_fact:
    acme_txt_required: []

# Handle multiple certs for a single host; like
#
# letsencrypt_certs:
#    main:
#      hostname.opendev.org
#    secondary:
#      foo.opendev.org:8000
#      baz.opendev.org
#
# All required TXT keys are put into acme_txt_required

- name: Generate certificate creation/renewal requests
  include_tasks: acme.yaml
  loop: "{{ query('dict', letsencrypt_certs) }}"
  loop_control:
    loop_var: cert

# For each generated certificate get the first entry as the domain to
# run the certificate validation tests against.  If it specifies a
# port explicitly (with <host>:<port>), make it "<host> <port>", if it
# doesn't explicitly set a port make it "<host> 443" (i.e. the second
# regex is "if this doesn't have a space in it, then add " 443").
#
# For example above, we'd get
#  [ 'hostname.opendev.org 443', 'foo.opendev.org 8000' ]
#
# Later in ssl-check role, the final certificate validation list is
# generated by walking the letsencrypt_certcheck_domains variable
# for each host in the letsencrypt group.
#
- name: Create ssl check domain list
  set_fact:
    letsencrypt_certcheck_domains: '{{ letsencrypt_certcheck_domains|default([]) + [item.value|first|regex_replace(":", " ")|regex_replace("^([^\s]*)$", "\1 443")] }}'
  loop: '{{ letsencrypt_certs | dict2items }}'