Added pre- and post-hooks to PKI role

[muelli]

This makes it easier to customise the behaviour of the role. In my case, I intend to configure the necessary directories (think challenge-web-root) before the pki role runs. Other roles use the same pattern (well, dovecot at least), so I thought it would be appropriate for the PKI role to do the same.

[drybjed]

First of all, nice comments in the files! I like it.

If you mean for this to manage the ACME challenge... Current implementation of ACME support in DebOps relies on the http-01 challenge which requires a webserver. The debops.nginx role should create that directory if ACME support is enabled, does that not happen in your case?

The custom lookup plugins make roles harder to use, so I try to avoid them if possible. I just wonder if your issue could be solved differently.

[muelli]

The debops.nginx role should create that directory if ACME support is enabled, does that not happen in your case?

no, because I'm not using nginx.

The custom lookup plugins make roles harder to use, so I try to avoid them if possible. I just wonder if your issue could be solved differently.

Currently, I have the creation of the the acme directory as well as setting up apache in a pre-main.yml.

It's certainly solvable by using more debops. I could make it work reasonably well by copy and pasting some other roles together rather than reading and learning more about debops. Reg. "harder to use" I believe that debops can't fulfil each and every wish its users will have. So some way to massage the roles' behaviour will make some people happier. The lookup stuff seemed nice, easy to use, and relatively common for debops roles. You know better of course. No hard feelings if you don't want to spread these further. I will probably keep them for myself in any case, because (for now) I think it's cheap to maintain for the value that I get from them.