Condition LETS_ENCRYPT_EMAIL, nginx restart order, add subdir

Fixes to make running in edx_sandbox conditional on both LETS_ENCRYPT_EMAIL and LETS_ENCRYPT_DOMAINS being set. Restart nginx only after the config has been copied/symlinks in place and add everything to an subdir in /opt/letsencrypt

Condition LETS_ENCRYPT_EMAIL, nginx restart order, add subdir
Fixes to make running in edx_sandbox conditional on both LETS_ENCRYPT_EMAIL and LETS_ENCRYPT_DOMAINS being set. Restart nginx only after the config has been copied/symlinks in place and add everything to an subdir in /opt/letsencrypt
f315bca7 · Martin Fitzpatrick · Fred Smith · f91438a9 · f315bca7 · f315bca7
Commit f315bca7 authored Sep 12, 2016 by Martin Fitzpatrick Committed by Fred Smith Nov 03, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 12 deletions

playbooks/edx_sandbox.yml
+1 -1

playbooks/roles/lets_encrypt/tasks/main.yml
+5 -5

playbooks/roles/lets_encrypt/templates/run_certbot.sh.j2
+7 -6

No files found.
--- a/playbooks/edx_sandbox.yml
+++ b/playbooks/edx_sandbox.yml
@@ -34,7 +34,7 @@
      - ecommerce
      when: SANDBOX_ENABLE_ECOMMERCE
    - role: lets_encrypt
-      when: LETS_ENCRYPT_DOMAINS
+      when: LETS_ENCRYPT_DOMAINS and LETS_ENCRYPT_EMAIL
    - role: edxlocal
      when: EDXAPP_MYSQL_HOST == 'localhost'
    - role: memcache

--- a/playbooks/roles/lets_encrypt/tasks/main.yml
+++ b/playbooks/roles/lets_encrypt/tasks/main.yml
@@ -68,7 +68,7 @@
 - name: install certbot
  git:
    repo: https://github.com/certbot/certbot
-    dest: /opt/certbot
+    dest: /opt/letsencrypt/certbot
  tags:
   - install

@@ -85,7 +85,7 @@
 - name: render certbot script
  template:
    src: run_certbot.sh.j2
-    dest: /opt/run_certbot.sh
+    dest: /opt/letsencrypt/run_certbot.sh
    mode: u+x
  tags:
    - install
@@ -94,13 +94,13 @@
 - name: render nginx cert configuration file
  template:
    src: ssl-certs.conf.j2
-    dest: /opt/ssl-certs.conf
+    dest: /opt/letsencrypt/ssl-certs.conf
    owner: root
  tags:
    - install

 - name: run certbot
-  command: /opt/run_certbot.sh
+  command: /opt/letsencrypt/run_certbot.sh
  tags:
    - install
    - update
@@ -122,7 +122,7 @@
        minute    : "{{ 59|random }}"
        cron_file : "lets-encrypt-renew"
        user      : "root"
-        job       : /opt/run_certbot.sh
+        job       : /opt/letsencrypt/run_certbot.sh
        state     : present
  tags:
    - install

--- a/playbooks/roles/lets_encrypt/templates/run_certbot.sh.j2
+++ b/playbooks/roles/lets_encrypt/templates/run_certbot.sh.j2
@@ -8,16 +8,13 @@ if [ $? -ne 0 ]; then
 fi

 # Start nginx up (ignore if already running)
+echo "Ensure nginx is running..."
 service nginx start || true

 echo "Request certificate via certbot... (or renew)"

 # Run certbot installation
-/opt/certbot/certbot-auto certonly --webroot --webroot-path=/usr/share/nginx/www --email {{ LETS_ENCRYPT_EMAIL }} --agree-tos --http-01-port {{ LETS_ENCRYPT_PORT }} {% for domain in LETS_ENCRYPT_DOMAINS %} -d {{ domain }} {% endfor %} --non-interactive
-
-echo "Restarting nginx service to reload config..."
-
-service nginx restart
+/opt/letsencrypt/certbot/certbot-auto certonly --webroot --webroot-path=/usr/share/nginx/www --email {{ LETS_ENCRYPT_EMAIL }} --agree-tos --http-01-port {{ LETS_ENCRYPT_PORT }} {% for domain in LETS_ENCRYPT_DOMAINS %} -d {{ domain }} {% endfor %} --non-interactive

 echo "Create symlinks to Let's Encrypt certificates..."

@@ -28,9 +25,13 @@ ln -sf /etc/letsencrypt/live/{{ LETS_ENCRYPT_DOMAINS|first }}/privkey.pem /etc/s
 echo "Writing nginx certificate configuration..."

 # Copy the configuration file (with the above certs) into place
-cp /opt/ssl-certs.conf /etc/nginx/ssl-certs.conf
+cp /opt/letsencrypt/ssl-certs.conf /etc/nginx/ssl-certs.conf

 # Stop nginx again if it wasn't running, or restart it if it was
 if [ "$nginxstate" == "stopped" ]; then
+echo "Stopping nginx..."
 service nginx stop
+else
+echo "Restarting nginx..."
+service nginx restart
 fi