Michael Schiemer
a96bd41326
- Change when clause from list to string format to fix YAML parsing error - Use 'and' operators instead of list items for better readability
102 lines
3.5 KiB
YAML
102 lines
3.5 KiB
YAML
---
|
|
# Setup Let's Encrypt SSL Certificates via Traefik
|
|
|
|
- name: Check if acme.json exists and is a file
|
|
ansible.builtin.stat:
|
|
path: "{{ traefik_stack_path }}/acme.json"
|
|
register: acme_stat
|
|
|
|
- name: Remove acme.json if it's a directory
|
|
ansible.builtin.file:
|
|
path: "{{ traefik_stack_path }}/acme.json"
|
|
state: absent
|
|
become: yes
|
|
when: acme_stat.stat.exists and acme_stat.stat.isdir
|
|
|
|
- name: Ensure Traefik acme.json exists and has correct permissions
|
|
ansible.builtin.file:
|
|
path: "{{ traefik_stack_path }}/acme.json"
|
|
state: touch
|
|
mode: '0600'
|
|
owner: "{{ ansible_user }}"
|
|
group: "{{ ansible_user }}"
|
|
become: yes
|
|
when: not acme_stat.stat.exists or (acme_stat.stat.exists and acme_stat.stat.isdir)
|
|
|
|
- name: Verify Traefik is running
|
|
ansible.builtin.command: |
|
|
cd {{ traefik_stack_path }}
|
|
docker compose ps {{ traefik_container_name }}
|
|
register: traefik_status
|
|
changed_when: false
|
|
|
|
- name: Fail if Traefik is not running
|
|
ansible.builtin.fail:
|
|
msg: "Traefik is not running. Please start it first."
|
|
when: traefik_status.rc != 0 or "Up" not in traefik_status.stdout
|
|
|
|
- name: Force Traefik to reload configuration (only if explicitly requested or acme.json was created)
|
|
ansible.builtin.command: |
|
|
cd {{ traefik_stack_path }}
|
|
docker compose restart {{ traefik_container_name }}
|
|
changed_when: true
|
|
when: >
|
|
((traefik_ssl_restart | default(false) | bool) or (acme_stat.changed | default(false) | bool))
|
|
and traefik_status.rc == 0
|
|
and "Up" in traefik_status.stdout
|
|
|
|
- name: Wait for Traefik to be ready (after restart)
|
|
ansible.builtin.wait_for:
|
|
timeout: "{{ traefik_ssl_wait_timeout | default(10) }}"
|
|
changed_when: false
|
|
when: >
|
|
((traefik_ssl_restart | default(false) | bool) or (acme_stat.changed | default(false) | bool))
|
|
and traefik_status.rc == 0
|
|
and "Up" in traefik_status.stdout
|
|
|
|
- name: Trigger certificate request by accessing each domain
|
|
ansible.builtin.uri:
|
|
url: "https://{{ item }}"
|
|
method: GET
|
|
validate_certs: no
|
|
timeout: "{{ traefik_ssl_trigger_timeout | default(5) }}"
|
|
status_code: [200, 301, 302, 303, 404, 502, 503]
|
|
loop: "{{ traefik_ssl_domains | default([]) }}"
|
|
register: certificate_trigger
|
|
changed_when: false
|
|
ignore_errors: yes
|
|
when: traefik_ssl_domains is defined and traefik_ssl_domains | length > 0
|
|
|
|
- name: Wait for ACME certificate generation
|
|
ansible.builtin.wait_for:
|
|
timeout: "{{ traefik_ssl_cert_wait_timeout | default(30) }}"
|
|
changed_when: false
|
|
when: traefik_ssl_domains is defined and traefik_ssl_domains | length > 0
|
|
|
|
- name: Check if acme.json contains certificates
|
|
ansible.builtin.stat:
|
|
path: "{{ traefik_stack_path }}/acme.json"
|
|
register: acme_file
|
|
|
|
- name: Display certificate status
|
|
ansible.builtin.debug:
|
|
msg: |
|
|
========================================
|
|
SSL Certificate Setup
|
|
========================================
|
|
{% if traefik_ssl_domains is defined and traefik_ssl_domains | length > 0 %}
|
|
Certificate setup triggered for domains:
|
|
{{ traefik_ssl_domains | join(', ') }}
|
|
{% else %}
|
|
No domains specified for certificate setup.
|
|
{% endif %}
|
|
ACME Email: {{ traefik_acme_email | default('Not specified') }}
|
|
|
|
Check Traefik logs to see certificate generation progress:
|
|
docker compose -f {{ traefik_stack_path }}/docker-compose.yml logs {{ traefik_container_name }} | grep -i acme
|
|
|
|
Certificates should be ready within 1-2 minutes.
|
|
========================================
|
|
when: traefik_show_status | default(true) | bool
|
|
|