Stop using Ansible's cron module
This is mainly to address SSL renewal not working for us due to: - https://github.com/ansible/ansible/issues/71213 - https://github.com/ansible/ansible/pull/71207 Using the cron module was hacky anyway. We shouldn't need an extra level of buggy abstraction to manage a cronjob file.
This commit is contained in:
parent
4ef873ceb0
commit
2a1ec38e3a
|
@ -91,15 +91,10 @@
|
|||
# We optimize for the common use-case though (short-lived Let's Encrypt certificates).
|
||||
# Reloading doesn't hurt anyway, so there's no need to make this more flexible.
|
||||
- name: Ensure periodic reloading of matrix-coturn is configured for SSL renewal (matrix-coturn-reload)
|
||||
cron:
|
||||
user: root
|
||||
cron_file: matrix-coturn-ssl-reload
|
||||
name: matrix-coturn-ssl-reload
|
||||
state: present
|
||||
hour: "4"
|
||||
minute: "20"
|
||||
day: "*/5"
|
||||
job: "{{ matrix_host_command_systemctl }} reload matrix-coturn.service"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/cron.d/matrix-coturn-ssl-reload.j2"
|
||||
dest: /etc/cron.d/matrix-coturn-ssl-reload
|
||||
mode: 0644
|
||||
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
|
||||
|
||||
|
||||
|
@ -108,9 +103,8 @@
|
|||
#
|
||||
|
||||
- name: Ensure matrix-coturn-ssl-reload cronjob removed
|
||||
cron:
|
||||
user: root
|
||||
cron_file: matrix-coturn-ssl-reload
|
||||
file:
|
||||
path: /etc/cron.d/matrix-coturn-ssl-reload
|
||||
state: absent
|
||||
when: "not matrix_coturn_enabled|bool or not matrix_coturn_tls_enabled|bool"
|
||||
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
20 4 */5 * * root {{ matrix_host_command_systemctl }} reload matrix-coturn.service
|
|
@ -55,37 +55,11 @@
|
|||
mode: 0750
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
- block:
|
||||
- name: Ensure periodic SSL renewal cronjob configured (MAILTO)
|
||||
cron:
|
||||
user: root
|
||||
cron_file: matrix-ssl-lets-encrypt
|
||||
env: yes
|
||||
name: MAILTO
|
||||
value: "{{ matrix_ssl_lets_encrypt_support_email }}"
|
||||
|
||||
- name: Ensure periodic SSL renewal cronjob configured (matrix-ssl-lets-encrypt-certificates-renew)
|
||||
cron:
|
||||
user: root
|
||||
cron_file: matrix-ssl-lets-encrypt
|
||||
name: matrix-ssl-lets-encrypt-certificates-renew
|
||||
state: present
|
||||
hour: "4"
|
||||
minute: "15"
|
||||
day: "*"
|
||||
job: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
|
||||
|
||||
- name: Ensure periodic reloading of matrix-nginx-proxy is configured for SSL renewal (matrix-nginx-proxy-reload)
|
||||
cron:
|
||||
user: root
|
||||
cron_file: matrix-ssl-lets-encrypt
|
||||
name: matrix-nginx-proxy-reload
|
||||
state: present
|
||||
hour: "5"
|
||||
minute: "20"
|
||||
day: "*"
|
||||
job: "{{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service"
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
- name: Ensure periodic SSL renewal cronjob configured
|
||||
template:
|
||||
src: "{{ role_path }}/templates/cron.d/matrix-ssl-lets-encrypt.j2"
|
||||
dest: /etc/cron.d/matrix-ssl-lets-encrypt
|
||||
mode: 0644
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
|
||||
|
@ -93,21 +67,9 @@
|
|||
# Tasks related to getting rid of Let's Encrypt's management of certificates
|
||||
#
|
||||
|
||||
# When nginx-proxy is disabled, make sure its reloading cronjob is gone.
|
||||
# Other cronjobs can potentially remain there (see below).
|
||||
- name: Ensure matrix-nginx-proxy-reload cronjob removed
|
||||
cron:
|
||||
user: root
|
||||
cron_file: matrix-ssl-lets-encrypt
|
||||
name: matrix-nginx-proxy-reload
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_enabled|bool"
|
||||
|
||||
- name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed
|
||||
cron:
|
||||
user: root
|
||||
cron_file: matrix-ssl-lets-encrypt
|
||||
name: matrix-ssl-lets-encrypt-certificates-renew
|
||||
file:
|
||||
path: /etc/cron.d/matrix-ssl-lets-encrypt
|
||||
state: absent
|
||||
when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
|
||||
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
MAILTO="{{ matrix_ssl_lets_encrypt_support_email }}"
|
||||
15 4 * * * root {{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
20 5 * * * root {{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service
|
||||
{% endif %}
|
Loading…
Reference in a new issue