From 0d1a2071debc88ac79c604073df7e25fc7074fed Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 6 Aug 2017 18:40:16 +0300 Subject: [PATCH] Ensure playbook works if running at SSL-renewal time matrix-nginx-proxy will be occupying port 80 soon, so that we can be more user-friendly and have http->https forwarding for the Riot hostname. During the playbook run, acmetool also expects to use port 80 for domain verification. During an initial playbook run, this wouldn't cause trouble because matrix-nginx-proxy is not installed yet. However, on subsequent playbook runs, it would cause trouble. This ensures that if matrix-nginx-proxy is available and running, it would be stopped before running acmetool and started right after. --- roles/matrix-server/tasks/setup_ssl.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/matrix-server/tasks/setup_ssl.yml b/roles/matrix-server/tasks/setup_ssl.yml index 6b6db343f..3cffbfddb 100644 --- a/roles/matrix-server/tasks/setup_ssl.yml +++ b/roles/matrix-server/tasks/setup_ssl.yml @@ -22,6 +22,14 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" +- name: Check matrix-nginx-proxy state + service: name=matrix-nginx-proxy + register: matrix_nginx_proxy_state + +- name: Ensure matrix-nginx-proxy is stopped (if previously installed & started) + service: name=matrix-nginx-proxy state=stopped + when: "matrix_nginx_proxy_state.status.ActiveState == 'active'" + - name: Ensure SSL certificates are marked as wanted in acmetool shell: >- /usr/bin/docker run --rm --name acmetool-host-grab -p 80:80 @@ -30,6 +38,10 @@ willwill/acme-docker acmetool want {{ hostname_matrix }} {{ hostname_riot }} --xlog.severity=debug +- name: Ensure matrix-nginx-proxy is started (if previously installed & started) + service: name=matrix-nginx-proxy state=started + when: "matrix_nginx_proxy_state.status.ActiveState == 'active'" + - name: Ensure periodic SSL renewal cronjob configured template: src: "{{ role_path }}/templates/cron.d/ssl-certificate-renewal.j2"