From 67b2ebf001b20c6a31ab346ad998223085c96104 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 27 Aug 2025 20:56:29 +0200 Subject: [PATCH] Encapsulated code to pass performance tests --- roles/srv-tls-core/tasks/flavors/_san.yml | 38 +++++++++++++++++++++ roles/srv-tls-core/tasks/flavors/san.yml | 40 ++--------------------- 2 files changed, 40 insertions(+), 38 deletions(-) create mode 100644 roles/srv-tls-core/tasks/flavors/_san.yml diff --git a/roles/srv-tls-core/tasks/flavors/_san.yml b/roles/srv-tls-core/tasks/flavors/_san.yml new file mode 100644 index 00000000..ca796dbf --- /dev/null +++ b/roles/srv-tls-core/tasks/flavors/_san.yml @@ -0,0 +1,38 @@ +# Necessary to have this seperat file to pass performance tests +- name: Install certbundle + include_role: + name: pkgmgr-install + vars: + package_name: certbundle + +- name: Generate SAN certificate with certbundle + command: >- + certbundle + --domains "{{ current_play_domains_all | join(',') }}" + --certbot-email "{{ users.administrator.email }}" + --certbot-acme-challenge-method "{{ CERTBOT_ACME_CHALLENGE_METHOD }}" + --chunk-size 100 + {% if CERTBOT_ACME_CHALLENGE_METHOD != 'webroot' %} + --certbot-credentials-file "{{ CERTBOT_CREDENTIALS_FILE }}" + --certbot-dns-propagation-seconds "{{ CERTBOT_DNS_PROPAGATION_WAIT_SECONDS }}" + {% else %} + --letsencrypt-webroot-path "{{ LETSENCRYPT_WEBROOT_PATH }}" + {% endif %} + {{ '--mode-test' if MODE_TEST | bool else '' }} + register: certbundle_result + changed_when: "'Certificate not yet due for renewal' not in certbundle_result.stdout" + failed_when: > + certbundle_result.rc != 0 + and 'too many certificates' not in (certbundle_result.stderr | lower | default('')) + and 'the service is down for maintenance or had an internal error' not in (certbundle_result.stderr | lower | default('')) + +- name: Warn if LetsEncrypt was down + when: "'the service is down for maintenance or had an internal error' in (certbundle_result.stderr | lower | default(''))" + debug: + msg: > + WARNING: Let's Encrypt responded with "service down for maintenance / internal error". + Certificate request skipped; please retry later. + +- name: run the san tasks once + set_fact: + run_once_san_certs: true \ No newline at end of file diff --git a/roles/srv-tls-core/tasks/flavors/san.yml b/roles/srv-tls-core/tasks/flavors/san.yml index 918db855..8e55552b 100644 --- a/roles/srv-tls-core/tasks/flavors/san.yml +++ b/roles/srv-tls-core/tasks/flavors/san.yml @@ -1,39 +1,3 @@ -- block: - - name: Install certbundle - include_role: - name: pkgmgr-install - vars: - package_name: certbundle - - - name: Generate SAN certificate with certbundle - command: >- - certbundle - --domains "{{ current_play_domains_all | join(',') }}" - --certbot-email "{{ users.administrator.email }}" - --certbot-acme-challenge-method "{{ CERTBOT_ACME_CHALLENGE_METHOD }}" - --chunk-size 100 - {% if CERTBOT_ACME_CHALLENGE_METHOD != 'webroot' %} - --certbot-credentials-file "{{ CERTBOT_CREDENTIALS_FILE }}" - --certbot-dns-propagation-seconds "{{ CERTBOT_DNS_PROPAGATION_WAIT_SECONDS }}" - {% else %} - --letsencrypt-webroot-path "{{ LETSENCRYPT_WEBROOT_PATH }}" - {% endif %} - {{ '--mode-test' if MODE_TEST | bool else '' }} - register: certbundle_result - changed_when: "'Certificate not yet due for renewal' not in certbundle_result.stdout" - failed_when: > - certbundle_result.rc != 0 - and 'too many certificates' not in (certbundle_result.stderr | lower | default('')) - and 'the service is down for maintenance or had an internal error' not in (certbundle_result.stderr | lower | default('')) - - - name: Warn if LetsEncrypt was down - when: "'the service is down for maintenance or had an internal error' in (certbundle_result.stderr | lower | default(''))" - debug: - msg: > - WARNING: Let's Encrypt responded with "service down for maintenance / internal error". - Certificate request skipped; please retry later. - - - name: run the san tasks once - set_fact: - run_once_san_certs: true +# Neccessary encapsulation to pass performance tests +- include_tasks: "_san.yml" when: run_once_san_certs is not defined \ No newline at end of file