Playbook #5

/home/zuul/src/opendev.org/opendev/system-config/playbooks/letsencrypt.yaml

Report Status CLI Date Duration Controller User Versions Hosts Plays Tasks Results Files Records
18 Jul 2025 20:47:32 +0000 00:00:24.78 bridge99.opendev.org root Ansible 2.15.13 ara 1.7.2 (client), 1.7.2 (server) Python 3.10.12 2 5 47 47 33 0
check:False tags:all

File: /home/zuul/src/opendev.org/opendev/system-config/playbooks/roles/letsencrypt-install-txt-record/tasks/main.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
- name: Make key list
  set_fact:
    acme_txt_keys: []

- name: Build key list
  set_fact:
    acme_txt_keys: '{{ acme_txt_keys + hostvars[item]["acme_txt_required"]|default([]) }}'
  with_inventory_hostnames:
    - letsencrypt:!disabled

# NOTE(ianw): Most of the time, we won't have anything to actually do
# as we don't have new keys or renewals due.
- name: Deploy TXT records
  block:
    - name: Deploy new zone.db
      template:
        src: zone.db.j2
        dest: /var/lib/bind/zones/acme.opendev.org/zone.db

    - name: Ensure domain is valid
      shell: named-checkzone acme.opendev.org /var/lib/bind/zones/acme.opendev.org/zone.db

    - name: Reload domain
      shell: rndc reload acme.opendev.org

    - name: Pause to allow nameserver propagation
      pause:
        minutes: 1

  when: acme_txt_keys | length > 0