ff99f21404
This provisions the cert but doesn't switch apache to it. When we are happy with the new cert we can land the child change which will flip apache over to the new cert. Change-Id: I9cffd26a51317ea569b078b89cc30dc34c7e7747
265 lines
11 KiB
YAML
265 lines
11 KiB
YAML
# Handlers for "letsencrypt update {{ key }}" events
|
|
#
|
|
# Note that because Ansible requires every called handler to have a
|
|
# listener, every host will need to provide a handler somehow.
|
|
#
|
|
# NOTE(ianw): as at 04/2019 it seems that something like
|
|
# listen: letsencrypt updated letsencrypt01-main-service
|
|
# doesn't actually register the handler.
|
|
#
|
|
# NOTE: import_tasks or include can not be used in handlers
|
|
# ("include_tasks" is okay).
|
|
# https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html#imports-as-handlers
|
|
|
|
- name: letsencrypt updated graphite02-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_graphite.yaml
|
|
|
|
- name: letsencrypt updated tarballs-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated zuul-ci-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated zuul-ci-git
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated zuul02-opendev-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated logs-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated insecure-ci-registry01-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_zuul_registry.yaml
|
|
|
|
- name: letsencrypt updated meetpad01-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_jitsi_meet.yaml
|
|
|
|
# Static
|
|
- name: letsencrypt updated static01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-docs-airshipit-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-ci-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-cinder-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-developer-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-devstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-docs-opendev-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-docs-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-docs-starlingx-io
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-glance-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-git-airshipit-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-git-starlingx-io
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-git-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-git-zuul-ci-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-governance-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-horizon-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-keystone-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-nova-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-planet-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-service-types-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-specs-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-security-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-summit-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-swift-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-releases-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-tarballs-opendev-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-tarballs-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static01-zuul-ci-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# Grafana
|
|
|
|
- name: letsencrypt updated grafana01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# Codesearch (hound)
|
|
|
|
- name: letsencrypt updated codesearch01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# nodepool
|
|
|
|
- name: letsencrypt updated nb01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated nb02-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated nb03-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# review
|
|
|
|
- name: letsencrypt updated review01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated review02-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# review-test
|
|
|
|
- name: letsencrypt updated review-test-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# refstack
|
|
|
|
- name: letsencrypt updated refstack01-openstack-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# Mirrors
|
|
|
|
- name: letsencrypt updated mirror01-dfw-rax-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-iad-rax-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-ord-rax-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-bhs1-ovh-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror02-gra1-ovh-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror02-regionone-linaro-us-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror02-mtl01-inap-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-kna1-airship-citycloud-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-sjc1-vexxhost-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yam
|
|
|
|
- name: letsencrypt updated mirror01-ca-ymq-1-vexxhost-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-regionone-limestone-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-regionone-osuosl-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror02-iad3-inmotion-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# Gate testing hosts:
|
|
- name: letsencrypt updated letsencrypt01-main-service
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
|
|
vars:
|
|
touch_file: '/tmp/letsencrypt01-main-service.stamp'
|
|
|
|
- name: letsencrypt updated letsencrypt01-other-service
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
|
|
vars:
|
|
touch_file: '/tmp/letsencrypt01-other-service.stamp'
|
|
|
|
- name: letsencrypt updated letsencrypt02-main-service
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
|
|
vars:
|
|
touch_file: '/tmp/letsencrypt02-main-service.stamp'
|
|
|
|
- name: letsencrypt updated mirror01-openafs-provider-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror02-openafs-provider-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated gitea99-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated nb01-test-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated etherpad01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated ethercalc02-openstack-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated storyboard01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# We split out handlers for each gitea host as handlers should be run in order
|
|
# This allows us to do a rolling restart of the gitea backends.
|
|
- name: letsencrypt updated gitea01-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea02-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea03-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea04-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea05-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea06-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea07-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea08-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|