clutterbox · eengstrom · Feb 26, 2021 · Feb 26, 2021 · Feb 26, 2021 · Feb 26, 2021
diff --git a/README.md b/README.md
@@ -42,6 +42,7 @@ dehydrated_version | Which version to check out from github | HEAD
 dehydrated_challengetype | Challenge to use (http-01, dns-01) | http-01
 dehydrated_use_lexicon | Enable the use of lexicon | yes if dehydrated_challengetype == dns-01 else no
 dehydrated_lexicon_dns | Options for running lexicon | {}
+dehydrated_lexicon_dns_version | specific version of `dns-lexicon` to install | {} (== latest)
 dehydrated_hooks | Dict with hook-names for which to add scripts |
 dehydrated_hook_scripts | Add additional scripts to hooks-Directory | []
 dehydrated_key_algo | Keytype to generate (rsa, prime256v1, secp384r1) | rsa
@@ -74,7 +75,10 @@ When `dehydrated_challengetype` is set to `dns-01`, this role will automatically
 
 ### Platforms supporting `dns-01` challenges
 
-All platforms supported by this role will work with `dns-01` challenges, **except** for Debian 8 (codename: Jessie).  The `dns-lexicon` package requires Python version >= 3.5, which is not available by default on Debian 8.
+All platforms supported by this role will work with `dns-01` challenges wherever the latest version of `lexicon` can be installed.  `lexicon` is pretty aggressive about deprecating older versions of Python, and it (indirectly) relies upon the `cryptography` package which is similarly aggressive.  For those who need this on older distributions, it may be possible to find specific older versions of `lexicon` and `cryptography` to install that will work on the following distributions:
+
+  - Debian 8 (Jessie)
+  - Ubuntu 16.04 (Xenial)
 
 ## using systemd timers
 
@@ -246,7 +250,7 @@ If you decide, that you don't need the hook anymore, you can add `state: absent`
 
 # Testing
 
-This role is automatically tested using Travis CI. Local testing can be done using Vagrant. Both run `molecule/setup.sh` script to setup the testing environment.
+This role is automatically tested using Travis CI. Local testing can be done using Vagrant.  Both local (Vagrant) and Travis utilize the `molecule/setup.sh` script to setup the testing environment.
 
 Multiple services are started in the environment to test both http-01 and dns-01.
 
@@ -256,9 +260,9 @@ boulder (using docker) | Let's Encrypt CA for validations
 nginx | webserver for http-01
 powerdns | Used as a nameserver for dns-01. lexicon as a plugin to manipulate records.
 
-## Vagrant testing example
+## Local Vagrant testing example
 
-Assuming you have Vagrant already configured, run a complete test via Vagrant:
+Assuming you have Vagrant already configured, run a complete test via:
 
     vagrant up
     vagrant ssh

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -9,6 +9,7 @@ dehydrated_update: yes
 dehydrated_version: HEAD
 dehydrated_challengetype: http-01
 dehydrated_lexicon_dns: {}
+# dehydrated_lexicon_dns_version: undefined # == latest
 dehydrated_key_algo: rsa
 dehydrated_keysize: 4096
 dehydrated_ca: "https://acme-v02.api.letsencrypt.org/directory"

diff --git a/meta/main.yml b/meta/main.yml
@@ -1,6 +1,7 @@
 ---
 galaxy_info:
   author: Alexander Zielke
+  role_name: dehydrated
   description: Install, confgure and run dehydrated to get Let's Encrypt SSL certificates
 
   license: MIT

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -32,9 +32,9 @@ platforms:
   - name: ubuntu1804-dns01
     image: ubuntu:18.04
     groups: [dns01]
-  - name: ubuntu1604-dns01
-    image: ubuntu:16.04
-    groups: [dns01]
+  # - name: ubuntu1604-dns01
+  #   image: ubuntu:16.04
+  #   groups: [dns01]
   # - name: debian8-dns01
   #   image: debian:8
   #   groups: [dns01]

diff --git a/molecule/setup.sh b/molecule/setup.sh
@@ -13,7 +13,7 @@ if [ -d /vagrant ]; then
 fi
 
 # Install molecule
-pip install "molecule>=3.0.3" testinfra docker
+pip install "molecule[ansible,docker,lint]" testinfra docker
 
 # Install linting tools
 pip install yamllint ansible-lint flake8

diff --git a/tasks/dns-01-lexicon.yml b/tasks/dns-01-lexicon.yml
@@ -7,6 +7,8 @@
 - name: Install dns-lexicon
   pip:
     name: dns-lexicon
+    version: "{{ dehydrated_lexicon_dns_version | d(omit) }}"
+    state: "{{ 'latest' if dehydrated_lexicon_dns_version is not defined else omit }}"
     executable: "{{ dehydrated_pip_executable|default(omit) }}"
 
 - name: Copy hook script

diff --git a/tasks/systemd.yml b/tasks/systemd.yml
@@ -4,6 +4,7 @@
   template:
     src: "{{ item }}.j2"
     dest: /etc/systemd/system/{{ item }}
+    mode: 0644
   loop:
     - dehydrated.service
     - dehydrated.timer