search

opendataphilly / opendataphilly-ckan

Port of OpenDataPhilly to CKAN
3 stars 2 forks source link

Add mechanism to allow LetsEncrypt task to run ad-hoc #89

Closed rbreslow closed 6 years ago

rbreslow commented 6 years ago

Overview

Add mechanism to allow LetsEncrypt task to run ad-hoc using Ansible tags.

Connects https://github.com/azavea/urban-apps/issues/164

Testing

Ensure that playbook only executes LetsEncrypt task:

> rbreslow@maiden opendataphilly-ckan (feature/jrb/add-letsencrypt-tag-mechanism) $ time ANSIBLE_HOST_KEY_CHECKING=false ansible-playbook --private-key=~/Documents/ODP/opendataphilly.pem --user=ubuntu --inventory-file=deployment/ansible/hosts/hosts.staging deployment/ansible/staging.yml --tags=letsencrypt -v
No config file found; using defaults

PLAY [staging] *******************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [staging.opendataphilly.org]

TASK [ckan-odp-configuration : stat] *********************************************************************************************************************************************************************************************************
ok: [staging.opendataphilly.org] => {"changed": false, "stat": {"atime": 1538754869.41927, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 0, "charset": "binary", "ctime": 1538754867.84327, "dev": 66305, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 658477, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": true, "isreg": false, "issock": false, "isuid": false, "lnk_source": "/etc/letsencrypt/archive/staging.opendataphilly.org/fullchain1.pem", "lnk_target": "../../archive/staging.opendataphilly.org/fullchain1.pem", "mimetype": "inode/symlink", "mode": "0777", "mtime": 1538754867.84327, "nlink": 1, "path": "/etc/letsencrypt/live/staging.opendataphilly.org/fullchain.pem", "pw_name": "root", "readable": true, "rgrp": true, "roth": true, "rusr": true, "size": 55, "uid": 0, "version": null, "wgrp": true, "woth": true, "writeable": true, "wusr": true, "xgrp": true, "xoth": true, "xusr": true}}

TASK [ckan-odp-configuration : Copy temporary Nginx Configuration for LetsEncrypt] ***********************************************************************************************************************************************************
changed: [staging.opendataphilly.org] => {"changed": true, "checksum": "4da35dff0da15ee812b708fed5dcf94c8b84b615", "dest": "/etc/nginx/sites-available/ckan", "gid": 0, "group": "root", "md5sum": "6fa8b84b8b559b3c5c2b2427351b4790", "mode": "0644", "owner": "root", "size": 1131, "src": "/home/ubuntu/.ansible/tmp/ansible-tmp-1538756897.59-15635905345677/source", "state": "file", "uid": 0}

TASK [ckan-odp-configuration : Restart Apache service] ***************************************************************************************************************************************************************************************
changed: [staging.opendataphilly.org] => {"changed": true, "name": "apache2", "state": "started"}

TASK [ckan-odp-configuration : Restart Nginx service] ****************************************************************************************************************************************************************************************
changed: [staging.opendataphilly.org] => {"changed": true, "name": "nginx", "state": "started"}

TASK [ckan-odp-configuration : Download certbot] *********************************************************************************************************************************************************************************************
ok: [staging.opendataphilly.org] => {"changed": false, "checksum_dest": "910e2ec47f04ca1a74fbdb88d4d9028d7e55d51e", "checksum_src": "910e2ec47f04ca1a74fbdb88d4d9028d7e55d51e", "dest": "/usr/local/bin/certbot-auto", "gid": 0, "group": "root", "md5sum": "8712104c44a8ec368f1ea2133fb0bd2e", "mode": "0755", "msg": "OK (62299 bytes)", "owner": "root", "size": 62299, "src": "/home/ubuntu/.ansible/tmp/ansible-tmp-1538756905.4-81471670572333/tmpH3a8t6", "state": "file", "status_code": 200, "uid": 0, "url": "https://dl.eff.org/certbot-auto"}

TASK [ckan-odp-configuration : Set up certbot] ***********************************************************************************************************************************************************************************************
ok: [staging.opendataphilly.org] => {"changed": false, "cmd": ["certbot-auto", "certonly", "--webroot", "-w", "/usr/lib/ckan/default/src/ckanext-odp-theme/ckanext/odp_theme/public", "-d", "staging.opendataphilly.org", "-n", "--agree-tos", "--email", "systems@azavea.com"], "rc": 0, "stdout": "skipped, since /etc/letsencrypt/renewal/staging.opendataphilly.org.conf exists", "stdout_lines": ["skipped, since /etc/letsencrypt/renewal/staging.opendataphilly.org.conf exists"]}

TASK [ckan-odp-configuration : cron] *********************************************************************************************************************************************************************************************************
ok: [staging.opendataphilly.org] => {"changed": false, "envs": [], "jobs": ["Send Email Notifications", "Renew Let's Encrypt Certificate"]}

TASK [ckan-odp-configuration : Copy Nginx Configuration] *************************************************************************************************************************************************************************************
changed: [staging.opendataphilly.org] => {"changed": true, "checksum": "c7b684424c90e3bdc9cffba395346a8f1dc11d30", "dest": "/etc/nginx/sites-available/ckan", "gid": 0, "group": "root", "md5sum": "29e01d7940ffa0c01f27901376482501", "mode": "0644", "owner": "root", "size": 1399, "src": "/home/ubuntu/.ansible/tmp/ansible-tmp-1538756909.84-223237802840235/source", "state": "file", "uid": 0}

RUNNING HANDLER [ckan.app : Restart Nginx] ***************************************************************************************************************************************************************************************************
changed: [staging.opendataphilly.org] => {"changed": true, "name": "nginx", "state": "started"}

PLAY RECAP ***********************************************************************************************************************************************************************************************************************************
staging.opendataphilly.org : ok=10   changed=5    unreachable=0    failed=0

real    0m23.792s
user    0m11.688s
sys 0m3.915s

> rbreslow@maiden opendataphilly-ckan (feature/jrb/add-letsencrypt-tag-mechanism) $