summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/certreload/tasks/main.yml')
-rw-r--r--ansible/roles/certreload/tasks/main.yml21
1 files changed, 21 insertions, 0 deletions
diff --git a/ansible/roles/certreload/tasks/main.yml b/ansible/roles/certreload/tasks/main.yml
new file mode 100644
index 0000000..0e4fcc7
--- /dev/null
+++ b/ansible/roles/certreload/tasks/main.yml
@@ -0,0 +1,21 @@
1---
2# This is a hack because ansible can't trigger handlers if they don't
3# exist, so we can't have our 'certs' role unconditionally fire things
4# like "reload nginx" and "reload postfix" because those don't exist
5# in every deployment.
6# As a hack, just check if /etc/ssl was recently modified then reload
7- name: check certificate update recency
8 stat:
9 path: /etc/ssl
10 register: statSSL
11
12# Have to mock a command resulting in some "changed" status so ansible
13# allows itself to trigger handlers.
14# The actual restriction on this handler is the 'when' clause, not
15# the command itself.
16- name: reload because certs are newish
17 command: /bin/true
18 when: ((ansible_date_time.epoch |int) - (statSSL.stat.mtime |int)) < 300
19 notify:
20 - "{{ item }}"
21 loop: "{{ certreload.notifiers }}"
Powered by cgit v1.2.3 (git 2.41.0)