From 3a2196ddd9cfc7980807e1d196c5fba5bd891f49 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Thu, 22 Apr 2021 19:13:31 +0300
Subject: [PATCH] Fixes to the renew-cert tasks file.
- Always run the fact gathring and file stat tasks. Needed for other
tasks and doesn't hurt anything.
- Handle cases when the key files aren't there.
---
tasks/renew-cert.yaml | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/tasks/renew-cert.yaml b/tasks/renew-cert.yaml
index ce6692e..bb703ea 100644
--- a/tasks/renew-cert.yaml
+++ b/tasks/renew-cert.yaml
@@ -9,17 +9,21 @@
ansible.builtin.setup:
gather_subset:
- date_time
+ tags:
+ - always
- name: Get account key file stat
ansible.builtin.stat:
path: &account_key_src account.key
register: account_key_stat
+ tags:
+ - always
- name: Generate account key
community.crypto.openssl_privatekey:
# yamllint disable rule:line-length
force: |-
- {{ (ansible_date_time.epoch|int - account_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
+ {{ account_key_stat.stat.exists and (ansible_date_time.epoch|int - account_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
# yamllint enable rule:line-length
mode: 0o0600
path: *account_key_src
@@ -57,7 +61,7 @@
community.crypto.openssl_privatekey:
# yamllint disable rule:line-length
force: |-
- {{ (ansible_date_time.epoch|int - host_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
+ {{ host_key_stat.stat.exists and (ansible_date_time.epoch|int - host_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
# yamllint enable rule:line-length
mode: &mode 0o0600
path: *key_src
@@ -175,7 +179,7 @@
community.crypto.openssl_dhparam:
# yamllint disable rule:line-length
force: |-
- {{ (ansible_date_time.epoch|int - dhparams_stat.stat.mtime|int)/(60*60*24*7) >= 4 }}
+ {{ dhparams_stat.stat.exists and (ansible_date_time.epoch|int - dhparams_stat.stat.mtime|int)/(60*60*24*7) >= 4 }}
# yamllint enable rule:line-length
mode: 0o0644
path: *dhparams
--
GitLab