diff options
Diffstat (limited to 'ansible/roles/certreload/tasks')
-rw-r--r-- | ansible/roles/certreload/tasks/main.yml | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/ansible/roles/certreload/tasks/main.yml b/ansible/roles/certreload/tasks/main.yml new file mode 100644 index 0000000..0e4fcc7 --- /dev/null +++ b/ansible/roles/certreload/tasks/main.yml | |||
@@ -0,0 +1,21 @@ | |||
1 | --- | ||
2 | # This is a hack because ansible can't trigger handlers if they don't | ||
3 | # exist, so we can't have our 'certs' role unconditionally fire things | ||
4 | # like "reload nginx" and "reload postfix" because those don't exist | ||
5 | # in every deployment. | ||
6 | # As a hack, just check if /etc/ssl was recently modified then reload | ||
7 | - name: check certificate update recency | ||
8 | stat: | ||
9 | path: /etc/ssl | ||
10 | register: statSSL | ||
11 | |||
12 | # Have to mock a command resulting in some "changed" status so ansible | ||
13 | # allows itself to trigger handlers. | ||
14 | # The actual restriction on this handler is the 'when' clause, not | ||
15 | # the command itself. | ||
16 | - name: reload because certs are newish | ||
17 | command: /bin/true | ||
18 | when: ((ansible_date_time.epoch |int) - (statSSL.stat.mtime |int)) < 300 | ||
19 | notify: | ||
20 | - "{{ item }}" | ||
21 | loop: "{{ certreload.notifiers }}" | ||