Encapsulated code to pass performance tests

2025-08-30 07:18:09 +02:00 · 2025-08-27 20:56:29 +02:00
parent ebb6660473
commit 67b2ebf001
2 changed files with 40 additions and 38 deletions
--- a/roles/srv-tls-core/tasks/flavors/_san.yml
+++ b/roles/srv-tls-core/tasks/flavors/_san.yml
@@ -0,0 +1,38 @@
+# Necessary to have this seperat file to pass performance tests
+- name: Install certbundle
+  include_role:
+    name: pkgmgr-install
+  vars:
+    package_name: certbundle
+
+- name: Generate SAN certificate with certbundle
+  command: >-
+    certbundle
+    --domains "{{ current_play_domains_all | join(',') }}"
+    --certbot-email "{{ users.administrator.email }}"
+    --certbot-acme-challenge-method "{{ CERTBOT_ACME_CHALLENGE_METHOD }}"
+    --chunk-size 100
+    {% if CERTBOT_ACME_CHALLENGE_METHOD != 'webroot' %}
+    --certbot-credentials-file "{{ CERTBOT_CREDENTIALS_FILE }}"
+    --certbot-dns-propagation-seconds "{{ CERTBOT_DNS_PROPAGATION_WAIT_SECONDS }}"
+    {% else %}
+    --letsencrypt-webroot-path "{{ LETSENCRYPT_WEBROOT_PATH }}"
+    {% endif %}
+    {{ '--mode-test' if MODE_TEST | bool else '' }}
+  register: certbundle_result
+  changed_when: "'Certificate not yet due for renewal' not in certbundle_result.stdout"
+  failed_when: >
+    certbundle_result.rc != 0
+    and 'too many certificates' not in (certbundle_result.stderr | lower | default(''))
+    and 'the service is down for maintenance or had an internal error' not in (certbundle_result.stderr | lower | default(''))
+
+- name: Warn if LetsEncrypt was down
+  when: "'the service is down for maintenance or had an internal error' in (certbundle_result.stderr | lower | default(''))"
+  debug:
+    msg: >
+      WARNING: Let's Encrypt responded with "service down for maintenance / internal error".
+      Certificate request skipped; please retry later.
+
+- name: run the san tasks once
+  set_fact:
+    run_once_san_certs: true
--- a/roles/srv-tls-core/tasks/flavors/san.yml
+++ b/roles/srv-tls-core/tasks/flavors/san.yml
@@ -1,39 +1,3 @@
- block:
-    - name: Install certbundle
-      include_role:
-        name: pkgmgr-install
-      vars:
-        package_name: certbundle
-
-    - name: Generate SAN certificate with certbundle
-      command: >-
-        certbundle
-        --domains "{{ current_play_domains_all | join(',') }}"
-        --certbot-email "{{ users.administrator.email }}"
-        --certbot-acme-challenge-method "{{ CERTBOT_ACME_CHALLENGE_METHOD }}"
-        --chunk-size 100
-        {% if CERTBOT_ACME_CHALLENGE_METHOD != 'webroot' %}
-        --certbot-credentials-file "{{ CERTBOT_CREDENTIALS_FILE }}"
-        --certbot-dns-propagation-seconds "{{ CERTBOT_DNS_PROPAGATION_WAIT_SECONDS }}"
-        {% else %}
-        --letsencrypt-webroot-path "{{ LETSENCRYPT_WEBROOT_PATH }}"
-        {% endif %}
-        {{ '--mode-test' if MODE_TEST | bool else '' }}
-      register: certbundle_result
-      changed_when: "'Certificate not yet due for renewal' not in certbundle_result.stdout"
-      failed_when: >
-        certbundle_result.rc != 0
-        and 'too many certificates' not in (certbundle_result.stderr | lower | default(''))
-        and 'the service is down for maintenance or had an internal error' not in (certbundle_result.stderr | lower | default(''))
-
-    - name: Warn if LetsEncrypt was down
-      when: "'the service is down for maintenance or had an internal error' in (certbundle_result.stderr | lower | default(''))"
-      debug:
-        msg: >
-          WARNING: Let's Encrypt responded with "service down for maintenance / internal error".
-          Certificate request skipped; please retry later.
-
-    - name: run the san tasks once
-      set_fact:
-        run_once_san_certs: true
+# Neccessary encapsulation to pass performance tests
+- include_tasks: "_san.yml"
  when: run_once_san_certs is not defined