From a78ea0b52dd3bf693c8701b0fb21b2040bc090be Mon Sep 17 00:00:00 2001 From: Eric Engstrom Date: Fri, 26 Feb 2021 07:26:43 -0600 Subject: [PATCH 1/6] Fix molecule install to comply with ever changing package structure. --- molecule/setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/setup.sh b/molecule/setup.sh index 76980a0..5c1d07f 100755 --- a/molecule/setup.sh +++ b/molecule/setup.sh @@ -13,7 +13,7 @@ if [ -d /vagrant ]; then fi # Install molecule -pip install "molecule>=3.0.3" testinfra docker +pip install "molecule[ansible,docker,lint]" testinfra docker # Install linting tools pip install yamllint ansible-lint flake8 From f49fbaab9e605825dbe75327fbb22c86c8cb72a4 Mon Sep 17 00:00:00 2001 From: Eric Engstrom Date: Fri, 26 Feb 2021 07:27:15 -0600 Subject: [PATCH 2/6] Make lint happy and specify mode on installed `systemd` timer/service --- tasks/systemd.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/systemd.yml b/tasks/systemd.yml index d4208be..cb4a056 100644 --- a/tasks/systemd.yml +++ b/tasks/systemd.yml @@ -4,6 +4,7 @@ template: src: "{{ item }}.j2" dest: /etc/systemd/system/{{ item }} + mode: 0644 loop: - dehydrated.service - dehydrated.timer From 9b1609e48f5a37fdbb60ab4bac1262b317ad0b5f Mon Sep 17 00:00:00 2001 From: Eric Engstrom Date: Fri, 26 Feb 2021 07:35:08 -0600 Subject: [PATCH 3/6] Disable `dns-01` testing on Ubuntu 16.04/Xenial. The latest `dns-lexicon` won't install on that platform. --- README.md | 11 +++++++---- molecule/default/molecule.yml | 6 +++--- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 2ddac80..022f3c2 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,10 @@ When `dehydrated_challengetype` is set to `dns-01`, this role will automatically ### Platforms supporting `dns-01` challenges -All platforms supported by this role will work with `dns-01` challenges, **except** for Debian 8 (codename: Jessie). The `dns-lexicon` package requires Python version >= 3.5, which is not available by default on Debian 8. +All platforms supported by this role will work with `dns-01` challenges wherever the latest version of `lexicon` can be installed. `lexicon` is pretty aggressive about deprecating older versions of Python, and it (indirectly) relies upon the `cryptography` package which is similarly aggressive. For those who need this on older distributions, it may be possible to find specific older versions of `lexicon` and `cryptography` to install that will work on the following distributions: + + - Debian 8 (Jessie) + - Ubuntu 16.04 (Xenial) ## using systemd timers @@ -246,7 +249,7 @@ If you decide, that you don't need the hook anymore, you can add `state: absent` # Testing -This role is automatically tested using Travis CI. Local testing can be done using Vagrant. Both run `molecule/setup.sh` script to setup the testing environment. +This role is automatically tested using Travis CI. Local testing can be done using Vagrant. Both local (Vagrant) and Travis utilize the `molecule/setup.sh` script to setup the testing environment. Multiple services are started in the environment to test both http-01 and dns-01. @@ -256,9 +259,9 @@ boulder (using docker) | Let's Encrypt CA for validations nginx | webserver for http-01 powerdns | Used as a nameserver for dns-01. lexicon as a plugin to manipulate records. -## Vagrant testing example +## Local Vagrant testing example -Assuming you have Vagrant already configured, run a complete test via Vagrant: +Assuming you have Vagrant already configured, run a complete test via: vagrant up vagrant ssh diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index fc8449f..3545958 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -32,9 +32,9 @@ platforms: - name: ubuntu1804-dns01 image: ubuntu:18.04 groups: [dns01] - - name: ubuntu1604-dns01 - image: ubuntu:16.04 - groups: [dns01] + # - name: ubuntu1604-dns01 + # image: ubuntu:16.04 + # groups: [dns01] # - name: debian8-dns01 # image: debian:8 # groups: [dns01] From e1c9e850d91ce9e302fb2ce704010c3fd13c43e3 Mon Sep 17 00:00:00 2001 From: Eric Engstrom Date: Fri, 26 Feb 2021 09:05:24 -0600 Subject: [PATCH 4/6] make `ansible-lint` happy by specifying role_name in meta/main.yml --- meta/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/main.yml b/meta/main.yml index 5c89137..ac3aa73 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,6 +1,7 @@ --- galaxy_info: author: Alexander Zielke + role_name: dehydrated description: Install, confgure and run dehydrated to get Let's Encrypt SSL certificates license: MIT From 76ab84d03994a1cedba2c450a3b90b4dc96e55a8 Mon Sep 17 00:00:00 2001 From: Eric Engstrom Date: Tue, 2 Jun 2020 17:33:16 -0500 Subject: [PATCH 5/6] Permit specification of lexicon DNS package version. fixes #18 --- README.md | 1 + defaults/main.yml | 1 + tasks/dns-01-lexicon.yml | 2 ++ 3 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 022f3c2..25f5e19 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ dehydrated_version | Which version to check out from github | HEAD dehydrated_challengetype | Challenge to use (http-01, dns-01) | http-01 dehydrated_use_lexicon | Enable the use of lexicon | yes if dehydrated_challengetype == dns-01 else no dehydrated_lexicon_dns | Options for running lexicon | {} +dehydrated_lexicon_dns_version | specific version of `dns-lexicon` to install | {} (== latest) dehydrated_hooks | Dict with hook-names for which to add scripts | dehydrated_hook_scripts | Add additional scripts to hooks-Directory | [] dehydrated_key_algo | Keytype to generate (rsa, prime256v1, secp384r1) | rsa diff --git a/defaults/main.yml b/defaults/main.yml index 93f0efc..b74436c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,6 +9,7 @@ dehydrated_update: yes dehydrated_version: HEAD dehydrated_challengetype: http-01 dehydrated_lexicon_dns: {} +#dehydrated_lexicon_dns_version: undefined # == latest dehydrated_key_algo: rsa dehydrated_keysize: 4096 dehydrated_ca: "https://acme-v02.api.letsencrypt.org/directory" diff --git a/tasks/dns-01-lexicon.yml b/tasks/dns-01-lexicon.yml index d78a8ef..ce79816 100644 --- a/tasks/dns-01-lexicon.yml +++ b/tasks/dns-01-lexicon.yml @@ -7,6 +7,8 @@ - name: Install dns-lexicon pip: name: dns-lexicon + version: "{{ dehydrated_lexicon_dns_version | d(omit) }}" + state: "{{ 'latest' if dehydrated_lexicon_dns_version is not defined else omit }}" executable: "{{ dehydrated_pip_executable|default(omit) }}" - name: Copy hook script From ef52bf520f175990dc21a4ae60db21b8e391aa52 Mon Sep 17 00:00:00 2001 From: Eric Engstrom Date: Fri, 26 Feb 2021 09:10:08 -0600 Subject: [PATCH 6/6] Make ansible-lint happy w/ space after comment char --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index b74436c..27fa0aa 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,7 +9,7 @@ dehydrated_update: yes dehydrated_version: HEAD dehydrated_challengetype: http-01 dehydrated_lexicon_dns: {} -#dehydrated_lexicon_dns_version: undefined # == latest +# dehydrated_lexicon_dns_version: undefined # == latest dehydrated_key_algo: rsa dehydrated_keysize: 4096 dehydrated_ca: "https://acme-v02.api.letsencrypt.org/directory"