Skip to content

C
configuration
Commit c024c39c by Ned Batchelder
Options

Convert the 'restart certs' handler into a normal task

parent 0e1d60c6
Showing with 7 additions and 40 deletions
playbooks/roles/certs/handlers/main.yml deleted 100644 → 0
---
#
# edX Configuration
#
# github: https://github.com/edx/configuration
# wiki: https://github.com/edx/configuration/wiki
# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
# license: https://github.com/edx/configuration/blob/master/LICENSE.TXT
#
#
#
# Handlers for role certs
#
# Overview:
#
- name: restart certs
supervisorctl: >
name=certs
supervisorctl_path={{ supervisor_ctl }}
config={{ supervisor_cfg }}
state=restarted
when: certs_installed is defined and not disable_edx_services
playbooks/roles/certs/tasks/deploy.yml
...@@ -5,14 +5,12 @@ ...@@ -5,14 +5,12 @@
src=certs.env.json.j2 src=certs.env.json.j2
dest={{ certs_app_dir }}/env.json dest={{ certs_app_dir }}/env.json
sudo_user: "{{ certs_user }}" sudo_user: "{{ certs_user }}"
notify: restart certs
- name: create certificate auth file - name: create certificate auth file
template: > template: >
src=certs.auth.json.j2 src=certs.auth.json.j2
dest={{ certs_app_dir }}/auth.json dest={{ certs_app_dir }}/auth.json
sudo_user: "{{ certs_user }}" sudo_user: "{{ certs_user }}"
notify: restart certs
- name: writing supervisor script for certificates - name: writing supervisor script for certificates
template: > template: >
...@@ -27,14 +25,12 @@ ...@@ -27,14 +25,12 @@
state=link state=link
force=yes force=yes
mode=0644 mode=0644
notify: restart certs
when: not disable_edx_services when: not disable_edx_services
- name: create ssh script for git - name: create ssh script for git
template: > template: >
src={{ certs_git_ssh|basename }}.j2 dest={{ certs_git_ssh }} src={{ certs_git_ssh|basename }}.j2 dest={{ certs_git_ssh }}
owner={{ certs_user }} mode=750 owner={{ certs_user }} mode=750
notify: restart certs
# This key is only needed if you are pulling down a private # This key is only needed if you are pulling down a private
# certificates repo # certificates repo
...@@ -43,7 +39,6 @@ ...@@ -43,7 +39,6 @@
content="{{ CERTS_GIT_IDENTITY }}" dest={{ certs_git_identity }} content="{{ CERTS_GIT_IDENTITY }}" dest={{ certs_git_identity }}
force=yes owner={{ certs_user }} mode=0600 force=yes owner={{ certs_user }} mode=0600
when: CERTS_GIT_IDENTITY != "none" when: CERTS_GIT_IDENTITY != "none"
notify: restart certs
- name: checkout certificates repo into {{ certs_code_dir }} - name: checkout certificates repo into {{ certs_code_dir }}
git: > git: >
...@@ -54,7 +49,6 @@ ...@@ -54,7 +49,6 @@
GIT_SSH: "{{ certs_git_ssh }}" GIT_SSH: "{{ certs_git_ssh }}"
register: certs_checkout register: certs_checkout
when: CERTS_GIT_IDENTITY != "none" when: CERTS_GIT_IDENTITY != "none"
notify: restart certs
- name: checkout certificates repo into {{ certs_code_dir }} - name: checkout certificates repo into {{ certs_code_dir }}
git: > git: >
...@@ -63,19 +57,16 @@ ...@@ -63,19 +57,16 @@
sudo_user: "{{ certs_user }}" sudo_user: "{{ certs_user }}"
register: certs_checkout register: certs_checkout
when: CERTS_GIT_IDENTITY == "none" when: CERTS_GIT_IDENTITY == "none"
notify: restart certs
- name: remove read-only ssh key for the certs repo - name: remove read-only ssh key for the certs repo
file: path={{ certs_git_identity }} state=absent file: path={{ certs_git_identity }} state=absent
when: CERTS_GIT_IDENTITY != "none" when: CERTS_GIT_IDENTITY != "none"
notify: restart certs
- name : install python requirements - name : install python requirements
pip: > pip: >
requirements="{{ certs_requirements_file }}" virtualenv="{{ certs_venv_dir }}" state=present requirements="{{ certs_requirements_file }}" virtualenv="{{ certs_venv_dir }}" state=present
extra_args="-i {{ COMMON_PYPI_MIRROR_URL }}" extra_args="-i {{ COMMON_PYPI_MIRROR_URL }}"
sudo_user: "{{ certs_user }}" sudo_user: "{{ certs_user }}"
notify: restart certs
# call supervisorctl update. this reloads # call supervisorctl update. this reloads
# the supervisorctl config and restarts # the supervisorctl config and restarts
...@@ -110,4 +101,10 @@ ...@@ -110,4 +101,10 @@
- include: tag_ec2.yml tags=deploy - include: tag_ec2.yml tags=deploy
when: COMMON_TAG_EC2_INSTANCE when: COMMON_TAG_EC2_INSTANCE
- set_fact: certs_installed=true - name: restart certs
supervisorctl: >
name=certs
supervisorctl_path={{ supervisor_ctl }}
config={{ supervisor_cfg }}
state=restarted
when: not disable_edx_services
playbooks/roles/certs/tasks/main.yml
...@@ -37,7 +37,6 @@ ...@@ -37,7 +37,6 @@
home="{{ certs_app_dir }}" home="{{ certs_app_dir }}"
createhome=no createhome=no
shell=/bin/false shell=/bin/false
notify: restart certs
- name: create certs app dirs - name: create certs app dirs
file: > file: >
...@@ -45,7 +44,6 @@ ...@@ -45,7 +44,6 @@
state=directory state=directory
owner="{{ certs_user }}" owner="{{ certs_user }}"
group="{{ common_web_group }}" group="{{ common_web_group }}"
notify: restart certs
with_items: with_items:
- "{{ certs_app_dir }}" - "{{ certs_app_dir }}"
# needed for the ansible 1.5 git module # needed for the ansible 1.5 git module
...@@ -68,14 +66,12 @@ ...@@ -68,14 +66,12 @@
path="{{ certs_gpg_dir }}" state=directory path="{{ certs_gpg_dir }}" state=directory
owner="{{ common_web_user }}" owner="{{ common_web_user }}"
mode=0700 mode=0700
notify: restart certs
- name: copy the private gpg signing key - name: copy the private gpg signing key
copy: > copy: >
src={{ CERTS_LOCAL_PRIVATE_KEY }} src={{ CERTS_LOCAL_PRIVATE_KEY }}
dest={{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }} dest={{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }}
owner={{ common_web_user }} mode=0600 owner={{ common_web_user }} mode=0600
notify: restart certs
register: certs_gpg_key register: certs_gpg_key
- name: copy the pgp trust export - name: copy the pgp trust export
...@@ -83,20 +79,17 @@ ...@@ -83,20 +79,17 @@
content="{{ CERTS_OWNER_TRUST }}" content="{{ CERTS_OWNER_TRUST }}"
dest={{ certs_app_dir }}/trust.export dest={{ certs_app_dir }}/trust.export
owner={{ common_web_user }} mode=0600 owner={{ common_web_user }} mode=0600
notify: restart certs
- name: load the gpg key - name: load the gpg key
shell: > shell: >
/usr/bin/gpg --homedir {{ certs_gpg_dir }} --import {{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }} /usr/bin/gpg --homedir {{ certs_gpg_dir }} --import {{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }}
sudo_user: "{{ common_web_user }}" sudo_user: "{{ common_web_user }}"
when: certs_gpg_key.changed when: certs_gpg_key.changed
notify: restart certs
- name: import the trust export - name: import the trust export
shell: > shell: >
/usr/bin/gpg --homedir {{ certs_gpg_dir }} --import-ownertrust {{ certs_app_dir }}/trust.export /usr/bin/gpg --homedir {{ certs_gpg_dir }} --import-ownertrust {{ certs_app_dir }}/trust.export
sudo_user: "{{ common_web_user }}" sudo_user: "{{ common_web_user }}"
when: certs_gpg_key.changed when: certs_gpg_key.changed
notify: restart certs
- include: deploy.yml tags=deploy - include: deploy.yml tags=deploy
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment