Skip to content

Instantly share code, notes, and snippets.

@farhaven

farhaven/ansible-vvv.txt

Last active May 16, 2017 12:15
Show Gist options
  • Save farhaven/94f2b14d86e74b2c8f496d860a6a3b88 to your computer and use it in GitHub Desktop.
Save farhaven/94f2b14d86e74b2c8f496d860a6a3b88 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ansible-vvv.txt
Using /home/gbe/chaos/ansible/ansible.cfg as config file
statically included: /home/gbe/chaos/ansible/roles/letsencrypt/tasks/systemd.yml
statically included: /home/gbe/chaos/ansible/roles/letsencrypt/tasks/cronjob.yml
PLAYBOOK: playbook-broken.yml ***************************************************************************************************************************************************************************************************************************************************
1 plays in playbook-broken.yml
PLAY [oldshit] ******************************************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************************************************************
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/system/setup.py
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=gplrufswhqmaeaycczudfwzottxghhpt] password: " -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-gplrufswhqmaeaycczudfwzottxghhpt; /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<broken.c3pb.de> (0, '\n{"invocation": {"module_args": {"filter": "*", "gather_subset": ["all"], "fact_path": "/etc/ansible/facts.d", "gather_timeout": 10}}, "changed": false, "ansible_facts": {"ansible_product_serial": "NA", "ansible_form_factor": "NA", "ansible_product_version": "NA", "ansible_fips": false, "ansible_service_mgr": "upstart", "ansible_swaptotal_mb": 2047, "module_setup": true, "ansible_memtotal_mb": 1995, "ansible_architecture": "x86_64", "ansible_distribution_version": "12.04", "ansible_domain": "c3pb.de", "ansible_date_time": {"weekday_number": "2", "iso8601_basic_short": "20170516T141022", "tz": "CEST", "weeknumber": "20", "hour": "14", "year": "2017", "minute": "10", "tz_offset": "+0200", "month": "05", "epoch": "1494936622", "iso8601_micro": "2017-05-16T12:10:22.666552Z", "weekday": "Tuesday", "time": "14:10:22", "date": "2017-05-16", "iso8601": "2017-05-16T12:10:22Z", "day": "16", "iso8601_basic": "20170516T141022666415", "second": "22"}, "ansible_real_user_id": 0, "ansible_processor_cores": 1, "ansible_virtualization_role": "guest", "ansible_dns": {"nameservers": ["5.9.142.19"]}, "ansible_processor_vcpus": 1, "ansible_bios_version": "NA", "ansible_processor": ["GenuineIntel", "Intel(R) Xeon(R) CPU E3-1245 V2 @ 3.40GHz"], "ansible_virtualization_type": "xen", "ansible_lo": {"features": {}, "mtu": 16436, "device": "lo", "promisc": false, "ipv4": {"broadcast": "host", "netmask": "255.0.0.0", "network": "127.0.0.0", "address": "127.0.0.1"}, "ipv6": [{"scope": "host", "prefix": "128", "address": "::1"}], "active": true, "type": "loopback"}, "ansible_userspace_bits": "64", "ansible_ssh_host_key_ecdsa_public": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCimw0zPNEEbAFdgoXlVWh583Oieyar83W0SixXYmef3h0z9TkBHYi+FypxX9zNGWpqhmOKOsDkcTB500Yic6AE=", "ansible_default_ipv4": {"macaddress": "00:16:3e:19:70:3a", "network": "85.10.248.248", "mtu": 1500, "broadcast": "", "alias": "eth0", "netmask": "255.255.255.255", "address": "85.10.248.248", "interface": "eth0", "type": "ether", "gateway": "5.9.142.19"}, "ansible_swapfree_mb": 1942, "ansible_default_ipv6": {"macaddress": "00:16:3e:19:70:3a", "mtu": 1500, "prefix": "128", "address": "2a01:4f8:190:2105::ccc", "interface": "eth0", "scope": "global", "type": "ether", "gateway": "fe80::1"}, "ansible_distribution_release": "precise", "ansible_system_vendor": "NA", "ansible_apparmor": {"status": "enabled"}, "ansible_cmdline": {"splash": true, "root": "/dev/xvda2", "ro": true, "$vt_handoff": true, "quiet": true}, "ansible_effective_user_id": 0, "ansible_mounts": [{"uuid": "N/A", "size_total": 26422341632, "mount": "/", "size_available": 3919765504, "fstype": "ext3", "device": "/dev/xvda2", "options": "rw,noatime,nodiratime,errors=remount-ro"}], "ansible_selinux": false, "ansible_os_family": "Debian", "ansible_userspace_architecture": "x86_64", "ansible_product_uuid": "NA", "ansible_kernel": "3.2.0-77-generic", "ansible_product_name": "NA", "ansible_pkg_mgr": "apt", "ansible_memfree_mb": 39, "ansible_devices": {"xvda1": {"scheduler_mode": "cfq", "rotational": "0", "vendor": null, "sectors": "4194304", "sas_device_handle": null, "sas_address": null, "host": "", "sectorsize": "512", "removable": "0", "support_discard": "0", "model": null, "partitions": {}, "holders": [], "size": "2.00 GB"}, "xvda2": {"scheduler_mode": "cfq", "rotational": "0", "vendor": null, "sectors": "52428800", "sas_device_handle": null, "sas_address": null, "host": "", "sectorsize": "512", "removable": "0", "support_discard": "0", "model": null, "partitions": {}, "holders": [], "size": "25.00 GB"}}, "ansible_user_uid": 0, "ansible_user_id": "root", "ansible_distribution": "Ubuntu", "ansible_env": {"USERNAME": "root", "SUDO_COMMAND": "/bin/sh -c echo BECOME-SUCCESS-gplrufswhqmaeaycczudfwzottxghhpt; /usr/bin/python", "SUDO_GID": "1000", "SHELL": "/bin/mksh", "MAIL": "/var/mail/root", "SUDO_UID": "1000", "TERM": "unknown", "PWD": "/home/gbe", "LOGNAME": "root", "USER": "root", "HOME": "/root", "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "SUDO_USER": "gbe"}, "ansible_distribution_major_version": "12", "ansible_user_dir": "/root", "ansible_processor_count": 1, "ansible_hostname": "broken", "ansible_effective_group_id": 0, "ansible_real_group_id": 0, "ansible_lsb": {"release": "12.04", "major_release": "12", "codename": "precise", "id": "Ubuntu", "description": "Ubuntu 12.04.5 LTS"}, "ansible_bios_date": "NA", "ansible_all_ipv6_addresses": ["2a01:4f8:190:2105::ccc", "fe80::216:3eff:fe19:703a"], "ansible_interfaces": ["lo", "eth0"], "ansible_uptime_seconds": 63340547, "ansible_machine_id": "d66ea639a87ddfb52dac0ab30017e90c", "ansible_ssh_host_key_rsa_public": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDhmRCKNwdEf53I1TVmpi6NTb4dB/JcTGfv44CeFVeWQ6IockTWN1VAdRI/E/9NntkIH+Obgrzdf1v1jH5/YC9oKbvlbBk8rn5JL7YTMxj1kJC4R6D2rAGWxMfCLKeaVh0XEXT/XBOYxjGjO+OQzizJxTX8+p8gykK1KfCJAMOyQwczAgmDtPpKNi8wA2viNslKon+PP6IAmhBoQ09b5AtztMgw5QCzo93/bIIWkF+f7yxgLY/yZ0oOReG5Bhs3Jwd+SOvaxsi+LInueL8hd26poKgf5Ydt2n3ReLAf7y5HQyiGxWP3agkYvSs/5MM4nvPWWeFfG8wOEeAITDVnVSo/", "ansible_gather_subset": ["hardware", "network", "virtual"], "ansible_user_gecos": "root", "ansible_python": {"executable": "/usr/bin/python", "version": {"micro": 3, "major": 2, "releaselevel": "final", "serial": 0, "minor": 7}, "type": "CPython", "has_sslcontext": false, "version_info": [2, 7, 3, "final", 0]}, "ansible_memory_mb": {"real": {"total": 1995, "used": 1956, "free": 39}, "swap": {"cached": 36, "total": 2047, "free": 1942, "used": 105}, "nocache": {"used": 947, "free": 1048}}, "ansible_processor_threads_per_core": 1, "ansible_fqdn": "broken.c3pb.de", "ansible_user_gid": 0, "ansible_eth0": {"macaddress": "00:16:3e:19:70:3a", "features": {}, "pciid": "vif-0", "mtu": 1500, "device": "eth0", "promisc": false, "ipv4": {"broadcast": "", "netmask": "255.255.255.255", "network": "85.10.248.248", "address": "85.10.248.248"}, "ipv6": [{"scope": "global", "prefix": "128", "address": "2a01:4f8:190:2105::ccc"}, {"scope": "link", "prefix": "64", "address": "fe80::216:3eff:fe19:703a"}], "active": true, "type": "ether"}, "ansible_nodename": "broken.c3pb.de", "ansible_system": "Linux", "ansible_user_shell": "/bin/bash", "ansible_machine": "x86_64", "ansible_ssh_host_key_dsa_public": "AAAAB3NzaC1kc3MAAACBAJx7ooVvQsC3rD2zdS/8FwYKi2h3/eK8A1gTR1DmgZN4/QqiRug+reB+muYHxJjfjguhD5W/EODwYk9CB5bjUXXtHojhSsZsfldzoXpLiKpVbWqELBYRWI1rF50HALUWtDZcpvilrQ8sNjwbrDfB3da1eDUDHLmZUih17evKtaodAAAAFQD4+KERC5L/PIbFjKKCTDPrRSmZcQAAAIEAgqDjNvEgZ30qSHIkSZHsFGsgJPxznlAduosoWdxgZyNbtI+lkqsqW/na/mSPPtJ9ejL0YI2fEEHglzqYzx7Gb7bIUtzmKHFaCi0TnW9z32QSbIFMkxjwHEqbXcKUc6qox42alhJhGOx4tmFi1WRzbCwfd03kOGqeROoVMOZ8pL0AAACAYqspxpoecKr7MxobuoqtQpBVR/N4HFQZPDspixFEkRpEPLadmsmH+8pxqmuIy7Sliz9Sijya4A2okSbPhQVSZtBwaKy8h+PIlo23U/upg32tAnjWuVvzij2cVkvc9muPNZYGT/+P3UV+Ycx6SBLt5a13M2MzFcsg1U6jH/BY8qI=", "ansible_all_ipv4_addresses": ["85.10.248.248"], "ansible_python_version": "2.7.3"}}\n', '')
ok: [broken]
META: ran handlers
TASK [letsencrypt : Install git] ************************************************************************************************************************************************************************************************************************************************
task path: /home/gbe/chaos/ansible/roles/letsencrypt/tasks/main.yml:3
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/packaging/os/apt.py
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=hetlfbqnbgmecnkbbevtealleiylyobh] password: " -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-hetlfbqnbgmecnkbbevtealleiylyobh; /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<broken.c3pb.de> (0, '\n{"invocation": {"module_args": {"dpkg_options": "force-confdef,force-confold", "upgrade": null, "force": false, "name": "git", "package": ["git"], "purge": false, "allow_unauthenticated": false, "state": "present", "autoremove": null, "update_cache": null, "default_release": null, "only_upgrade": false, "cache_valid_time": 0, "deb": null, "install_recommends": null}}, "changed": false, "cache_update_time": 1494931661, "cache_updated": false}\n', '')
ok: [broken] => {
"cache_update_time": 1494931661,
"cache_updated": false,
"changed": false,
"invocation": {
"module_args": {
"allow_unauthenticated": false,
"autoremove": null,
"cache_valid_time": 0,
"deb": null,
"default_release": null,
"dpkg_options": "force-confdef,force-confold",
"force": false,
"install_recommends": null,
"name": "git",
"only_upgrade": false,
"package": [
"git"
],
"purge": false,
"state": "present",
"update_cache": null,
"upgrade": null
}
}
}
TASK [letsencrypt : Add group ssl-cert] *****************************************************************************************************************************************************************************************************************************************
task path: /home/gbe/chaos/ansible/roles/letsencrypt/tasks/main.yml:6
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/system/group.py
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=dosckaerboybloottfapixejbmlrpvdc] password: " -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-dosckaerboybloottfapixejbmlrpvdc; /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<broken.c3pb.de> (0, '\n{"name": "ssl-cert", "changed": false, "system": true, "state": "present", "gid": 107, "invocation": {"module_args": {"state": "present", "gid": null, "system": true, "name": "ssl-cert"}}}\n', '')
ok: [broken] => {
"changed": false,
"gid": 107,
"invocation": {
"module_args": {
"gid": null,
"name": "ssl-cert",
"state": "present",
"system": true
}
},
"name": "ssl-cert",
"state": "present",
"system": true
}
TASK [letsencrypt : Add user letsencrypt] ***************************************************************************************************************************************************************************************************************************************
task path: /home/gbe/chaos/ansible/roles/letsencrypt/tasks/main.yml:9
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/system/user.py
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=puyshbvpasprgaralavyjhddgyivcbtl] password: " -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-puyshbvpasprgaralavyjhddgyivcbtl; /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<broken.c3pb.de> (0, '\n{"comment": "", "shell": "/bin/bash", "group": 107, "name": "letsencrypt", "changed": false, "state": "present", "invocation": {"module_args": {"comment": null, "ssh_key_bits": 0, "update_password": "always", "non_unique": false, "force": false, "ssh_key_type": "rsa", "ssh_key_passphrase": null, "createhome": true, "uid": null, "home": "/opt/letsencrypt/", "append": false, "skeleton": null, "ssh_key_comment": "ansible-generated on broken.c3pb.de", "group": "ssl-cert", "system": true, "state": "present", "shell": "/bin/bash", "expires": null, "ssh_key_file": null, "groups": null, "move_home": false, "password": null, "name": "letsencrypt", "seuser": null, "remove": false, "login_class": null, "generate_ssh_key": null}}, "home": "/opt/letsencrypt/", "move_home": false, "append": false, "uid": 999}\n', '')
ok: [broken] => {
"append": false,
"changed": false,
"comment": "",
"group": 107,
"home": "/opt/letsencrypt/",
"invocation": {
"module_args": {
"append": false,
"comment": null,
"createhome": true,
"expires": null,
"force": false,
"generate_ssh_key": null,
"group": "ssl-cert",
"groups": null,
"home": "/opt/letsencrypt/",
"login_class": null,
"move_home": false,
"name": "letsencrypt",
"non_unique": false,
"password": null,
"remove": false,
"seuser": null,
"shell": "/bin/bash",
"skeleton": null,
"ssh_key_bits": 0,
"ssh_key_comment": "ansible-generated on broken.c3pb.de",
"ssh_key_file": null,
"ssh_key_passphrase": null,
"ssh_key_type": "rsa",
"state": "present",
"system": true,
"uid": null,
"update_password": "always"
}
},
"move_home": false,
"name": "letsencrypt",
"shell": "/bin/bash",
"state": "present",
"uid": 999
}
TASK [letsencrypt : Let letsencrypt user reload apache2 (systemctl)] ************************************************************************************************************************************************************************************************************
task path: /home/gbe/chaos/ansible/roles/letsencrypt/tasks/main.yml:12
skipping: [broken] => {
"changed": false,
"skip_reason": "Conditional result was False",
"skipped": true
}
TASK [letsencrypt : Let letsencrypt user reload apache2 (SysV init)] ************************************************************************************************************************************************************************************************************
task path: /home/gbe/chaos/ansible/roles/letsencrypt/tasks/main.yml:16
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/files/lineinfile.py
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=vbcbrclxfhorylwhcqimcjoiqpbxxsww] password: " -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-vbcbrclxfhorylwhcqimcjoiqpbxxsww; /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<broken.c3pb.de> (0, '\n{"msg": "", "diff": [{"after": "", "before_header": "/etc/sudoers (content)", "after_header": "/etc/sudoers (content)", "before": ""}, {"before_header": "/etc/sudoers (file attributes)", "after_header": "/etc/sudoers (file attributes)"}], "changed": false, "backup": "", "invocation": {"module_args": {"directory_mode": null, "force": null, "remote_src": null, "backrefs": false, "insertafter": null, "path": "/etc/sudoers", "owner": null, "follow": false, "line": "letsencrypt ALL = NOPASSWD: /etc/init.d/apache2 reload", "group": null, "insertbefore": null, "unsafe_writes": null, "create": false, "setype": null, "content": null, "serole": null, "state": "present", "dest": "/etc/sudoers", "selevel": null, "regexp": null, "validate": null, "src": null, "seuser": null, "delimiter": null, "mode": null, "attributes": null, "backup": false}}}\n', '')
ok: [broken] => {
"backup": "",
"changed": false,
"diff": [
{
"after": "",
"after_header": "/etc/sudoers (content)",
"before": "",
"before_header": "/etc/sudoers (content)"
},
{
"after_header": "/etc/sudoers (file attributes)",
"before_header": "/etc/sudoers (file attributes)"
}
],
"invocation": {
"module_args": {
"attributes": null,
"backrefs": false,
"backup": false,
"content": null,
"create": false,
"delimiter": null,
"dest": "/etc/sudoers",
"directory_mode": null,
"follow": false,
"force": null,
"group": null,
"insertafter": null,
"insertbefore": null,
"line": "letsencrypt ALL = NOPASSWD: /etc/init.d/apache2 reload",
"mode": null,
"owner": null,
"path": "/etc/sudoers",
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": "present",
"unsafe_writes": null,
"validate": null
}
},
"msg": ""
}
TASK [letsencrypt : Manage cert and acme webroot directory] *********************************************************************************************************************************************************************************************************************
task path: /home/gbe/chaos/ansible/roles/letsencrypt/tasks/main.yml:20
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/files/file.py
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=eidjwpbwgqslecthbcfaghvmfuzsmbmb] password: " -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-eidjwpbwgqslecthbcfaghvmfuzsmbmb; /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<broken.c3pb.de> (0, '\n{"group": "ssl-cert", "uid": 999, "changed": false, "owner": "letsencrypt", "state": "directory", "gid": 107, "mode": "0755", "path": "/etc/ssl/letsencrypt/", "invocation": {"module_args": {"directory_mode": null, "force": false, "remote_src": null, "path": "/etc/ssl/letsencrypt/", "owner": "letsencrypt", "follow": false, "group": "ssl-cert", "unsafe_writes": null, "state": "directory", "content": null, "serole": null, "diff_peek": null, "setype": null, "selevel": null, "original_basename": null, "regexp": null, "validate": null, "src": null, "seuser": null, "recurse": false, "delimiter": null, "mode": "755", "attributes": null, "backup": null}}, "diff": {"after": {"path": "/etc/ssl/letsencrypt/"}, "before": {"path": "/etc/ssl/letsencrypt/"}}, "size": 4096}\n', '')
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/files/file.py
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=jlwrtorvqfhbmjsmntaswzbfkifkgyie] password: " -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-jlwrtorvqfhbmjsmntaswzbfkifkgyie; /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"''
ok: [broken] => (item=/etc/ssl/letsencrypt/) => {
"changed": false,
"diff": {
"after": {
"path": "/etc/ssl/letsencrypt/"
},
"before": {
"path": "/etc/ssl/letsencrypt/"
}
},
"gid": 107,
"group": "ssl-cert",
"invocation": {
"module_args": {
"attributes": null,
"backup": null,
"content": null,
"delimiter": null,
"diff_peek": null,
"directory_mode": null,
"follow": false,
"force": false,
"group": "ssl-cert",
"mode": "755",
"original_basename": null,
"owner": "letsencrypt",
"path": "/etc/ssl/letsencrypt/",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": "directory",
"unsafe_writes": null,
"validate": null
}
},
"item": "/etc/ssl/letsencrypt/",
"mode": "0755",
"owner": "letsencrypt",
"path": "/etc/ssl/letsencrypt/",
"size": 4096,
"state": "directory",
"uid": 999
}
<broken.c3pb.de> (0, '\n{"group": "ssl-cert", "uid": 999, "changed": false, "owner": "letsencrypt", "state": "directory", "gid": 107, "mode": "0755", "path": "/var/www/acme-challenges/", "invocation": {"module_args": {"directory_mode": null, "force": false, "remote_src": null, "path": "/var/www/acme-challenges/", "owner": "letsencrypt", "follow": false, "group": "ssl-cert", "unsafe_writes": null, "state": "directory", "content": null, "serole": null, "diff_peek": null, "setype": null, "selevel": null, "original_basename": null, "regexp": null, "validate": null, "src": null, "seuser": null, "recurse": false, "delimiter": null, "mode": "755", "attributes": null, "backup": null}}, "diff": {"after": {"path": "/var/www/acme-challenges/"}, "before": {"path": "/var/www/acme-challenges/"}}, "size": 4096}\n', '')
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/files/file.py
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=ofezplwayimcarzixnjdkpnbsgyqcfxi] password: " -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-ofezplwayimcarzixnjdkpnbsgyqcfxi; /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"''
ok: [broken] => (item=/var/www/acme-challenges/) => {
"changed": false,
"diff": {
"after": {
"path": "/var/www/acme-challenges/"
},
"before": {
"path": "/var/www/acme-challenges/"
}
},
"gid": 107,
"group": "ssl-cert",
"invocation": {
"module_args": {
"attributes": null,
"backup": null,
"content": null,
"delimiter": null,
"diff_peek": null,
"directory_mode": null,
"follow": false,
"force": false,
"group": "ssl-cert",
"mode": "755",
"original_basename": null,
"owner": "letsencrypt",
"path": "/var/www/acme-challenges/",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": "directory",
"unsafe_writes": null,
"validate": null
}
},
"item": "/var/www/acme-challenges/",
"mode": "0755",
"owner": "letsencrypt",
"path": "/var/www/acme-challenges/",
"size": 4096,
"state": "directory",
"uid": 999
}
<broken.c3pb.de> (0, '\n{"group": "ssl-cert", "uid": 999, "changed": false, "owner": "letsencrypt", "state": "directory", "gid": 107, "mode": "0755", "path": "/opt/letsencrypt/", "invocation": {"module_args": {"directory_mode": null, "force": false, "remote_src": null, "path": "/opt/letsencrypt/", "owner": "letsencrypt", "follow": false, "group": "ssl-cert", "unsafe_writes": null, "state": "directory", "content": null, "serole": null, "diff_peek": null, "setype": null, "selevel": null, "original_basename": null, "regexp": null, "validate": null, "src": null, "seuser": null, "recurse": false, "delimiter": null, "mode": "755", "attributes": null, "backup": null}}, "diff": {"after": {"path": "/opt/letsencrypt/"}, "before": {"path": "/opt/letsencrypt/"}}, "size": 4096}\n', '')
ok: [broken] => (item=/opt/letsencrypt/) => {
"changed": false,
"diff": {
"after": {
"path": "/opt/letsencrypt/"
},
"before": {
"path": "/opt/letsencrypt/"
}
},
"gid": 107,
"group": "ssl-cert",
"invocation": {
"module_args": {
"attributes": null,
"backup": null,
"content": null,
"delimiter": null,
"diff_peek": null,
"directory_mode": null,
"follow": false,
"force": false,
"group": "ssl-cert",
"mode": "755",
"original_basename": null,
"owner": "letsencrypt",
"path": "/opt/letsencrypt/",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": "directory",
"unsafe_writes": null,
"validate": null
}
},
"item": "/opt/letsencrypt/",
"mode": "0755",
"owner": "letsencrypt",
"path": "/opt/letsencrypt/",
"size": 4096,
"state": "directory",
"uid": 999
}
TASK [letsencrypt : Get letsencrypt intermediate certificate] *******************************************************************************************************************************************************************************************************************
task path: /home/gbe/chaos/ansible/roles/letsencrypt/tasks/main.yml:27
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/network/basics/get_url.py
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=orfguhhsyxteirjqftrxeobsdjfhkoag] password: " -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-orfguhhsyxteirjqftrxeobsdjfhkoag; /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<broken.c3pb.de> (0, '\n{"group": "ssl-cert", "uid": 999, "dest": "/etc/ssl/letsencrypt/intermediate.pem", "changed": false, "url": "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem", "state": "file", "gid": 107, "mode": "0640", "invocation": {"module_args": {"directory_mode": null, "force": false, "backup": false, "remote_src": null, "owner": "letsencrypt", "follow": false, "group": "ssl-cert", "use_proxy": true, "unsafe_writes": null, "setype": null, "content": null, "serole": null, "timeout": 10, "src": null, "dest": "/etc/ssl/letsencrypt/intermediate.pem", "selevel": null, "force_basic_auth": false, "sha256sum": "", "http_agent": "ansible-httpget", "regexp": null, "url_password": null, "url": "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem", "checksum": "sha256:e446c5e9dbef9d09ac9f7027c034602492437a05ff6c40011d7235fca639c79a", "seuser": null, "headers": null, "delimiter": null, "mode": 416, "url_username": null, "attributes": null, "validate_certs": true, "tmp_dest": ""}}, "owner": "letsencrypt", "size": 1647, "msg": "file already exists"}\n', '')
ok: [broken] => {
"changed": false,
"dest": "/etc/ssl/letsencrypt/intermediate.pem",
"gid": 107,
"group": "ssl-cert",
"invocation": {
"module_args": {
"attributes": null,
"backup": false,
"checksum": "sha256:e446c5e9dbef9d09ac9f7027c034602492437a05ff6c40011d7235fca639c79a",
"content": null,
"delimiter": null,
"dest": "/etc/ssl/letsencrypt/intermediate.pem",
"directory_mode": null,
"follow": false,
"force": false,
"force_basic_auth": false,
"group": "ssl-cert",
"headers": null,
"http_agent": "ansible-httpget",
"mode": 416,
"owner": "letsencrypt",
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"sha256sum": "",
"src": null,
"timeout": 10,
"tmp_dest": "",
"unsafe_writes": null,
"url": "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem",
"url_password": null,
"url_username": null,
"use_proxy": true,
"validate_certs": true
}
},
"mode": "0640",
"msg": "file already exists",
"owner": "letsencrypt",
"size": 1647,
"state": "file",
"uid": 999,
"url": "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem"
}
TASK [letsencrypt : Get acme-tiny] **********************************************************************************************************************************************************************************************************************************************
task path: /home/gbe/chaos/ansible/roles/letsencrypt/tasks/main.yml:36
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/source_control/git.py
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=bphdbnjsszcdkclvsmawctbhvqfygqur] password: " -u letsencrypt /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-bphdbnjsszcdkclvsmawctbhvqfygqur; /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<broken.c3pb.de> (0, '\n{"after": "9a9fcf75b1b070bee020aded66893ba7ae4ecf7c", "warnings": [], "changed": false, "remote_url_changed": false, "invocation": {"module_args": {"executable": null, "refspec": null, "force": false, "track_submodules": false, "reference": null, "dest": "/opt/letsencrypt/acme-tiny/", "verify_commit": false, "clone": true, "umask": null, "update": true, "accept_hostkey": false, "ssh_opts": null, "repo": "https://github.com/frezbo/acme-tiny", "depth": null, "version": "HEAD", "bare": false, "remote": "origin", "key_file": null, "recursive": true}}, "before": "9a9fcf75b1b070bee020aded66893ba7ae4ecf7c"}\n', '')
ok: [broken] => {
"after": "9a9fcf75b1b070bee020aded66893ba7ae4ecf7c",
"before": "9a9fcf75b1b070bee020aded66893ba7ae4ecf7c",
"changed": false,
"invocation": {
"module_args": {
"accept_hostkey": false,
"bare": false,
"clone": true,
"depth": null,
"dest": "/opt/letsencrypt/acme-tiny/",
"executable": null,
"force": false,
"key_file": null,
"recursive": true,
"reference": null,
"refspec": null,
"remote": "origin",
"repo": "https://github.com/frezbo/acme-tiny",
"ssh_opts": null,
"track_submodules": false,
"umask": null,
"update": true,
"verify_commit": false,
"version": "HEAD"
}
},
"remote_url_changed": false
}
TASK [letsencrypt : Generate letsencrypt account key] ***************************************************************************************************************************************************************************************************************************
task path: /home/gbe/chaos/ansible/roles/letsencrypt/tasks/main.yml:41
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/commands/command.py
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=duphaajxdkwpbhipzhpjsqgnqywagpwc] password: " -u letsencrypt /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-duphaajxdkwpbhipzhpjsqgnqywagpwc; /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<broken.c3pb.de> (0, '\n{"invocation": {"module_args": {"creates": "/etc/ssl/letsencrypt/account.key", "executable": null, "_uses_shell": true, "_raw_params": "umask 137; openssl genrsa -out /etc/ssl/letsencrypt/account.key 4096", "removes": null, "warn": true, "chdir": null}}, "cmd": "umask 137; openssl genrsa -out /etc/ssl/letsencrypt/account.key 4096", "stdout": "skipped, since /etc/ssl/letsencrypt/account.key exists", "rc": 0, "changed": false}\n', '')
ok: [broken] => {
"changed": false,
"cmd": "umask 137; openssl genrsa -out /etc/ssl/letsencrypt/account.key 4096",
"invocation": {
"module_args": {
"_raw_params": "umask 137; openssl genrsa -out /etc/ssl/letsencrypt/account.key 4096",
"_uses_shell": true,
"chdir": null,
"creates": "/etc/ssl/letsencrypt/account.key",
"executable": null,
"removes": null,
"warn": true
}
},
"rc": 0,
"stdout": "skipped, since /etc/ssl/letsencrypt/account.key exists",
"stdout_lines": [
"skipped, since /etc/ssl/letsencrypt/account.key exists"
]
}
TASK [letsencrypt : Generate domain keys] ***************************************************************************************************************************************************************************************************************************************
task path: /home/gbe/chaos/ansible/roles/letsencrypt/tasks/main.yml:48
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/commands/command.py
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=zztnfopjbapdtmjhubkwpwtdrbyrhhap] password: " -u letsencrypt /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-zztnfopjbapdtmjhubkwpwtdrbyrhhap; /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<broken.c3pb.de> (0, '\n{"invocation": {"module_args": {"creates": "/etc/ssl/letsencrypt/domain.c3pb.key", "executable": null, "_uses_shell": true, "_raw_params": "umask 137; openssl ecparam -name secp384r1 -genkey -out /etc/ssl/letsencrypt/domain.c3pb.key", "removes": null, "warn": true, "chdir": null}}, "cmd": "umask 137; openssl ecparam -name secp384r1 -genkey -out /etc/ssl/letsencrypt/domain.c3pb.key", "stdout": "skipped, since /etc/ssl/letsencrypt/domain.c3pb.key exists", "rc": 0, "changed": false}\n', '')
ok: [broken] => (item={'key': u'c3pb', 'value': [u'c3pb.de']}) => {
"changed": false,
"cmd": "umask 137; openssl ecparam -name secp384r1 -genkey -out /etc/ssl/letsencrypt/domain.c3pb.key",
"invocation": {
"module_args": {
"_raw_params": "umask 137; openssl ecparam -name secp384r1 -genkey -out /etc/ssl/letsencrypt/domain.c3pb.key",
"_uses_shell": true,
"chdir": null,
"creates": "/etc/ssl/letsencrypt/domain.c3pb.key",
"executable": null,
"removes": null,
"warn": true
}
},
"item": {
"key": "c3pb",
"value": [
"c3pb.de"
]
},
"rc": 0,
"stdout": "skipped, since /etc/ssl/letsencrypt/domain.c3pb.key exists",
"stdout_lines": [
"skipped, since /etc/ssl/letsencrypt/domain.c3pb.key exists"
]
}
TASK [letsencrypt : Generate openssl.conf files for each CSR] *******************************************************************************************************************************************************************************************************************
task path: /home/gbe/chaos/ansible/roles/letsencrypt/tasks/main.yml:59
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /tmp/ansible-tmp-1494936627.39-21731988302727 `" && echo ansible-tmp-1494936627.39-21731988302727="` echo /tmp/ansible-tmp-1494936627.39-21731988302727 `" ) && sleep 0'"'"''
<broken.c3pb.de> (0, 'ansible-tmp-1494936627.39-21731988302727=/tmp/ansible-tmp-1494936627.39-21731988302727\n', '')
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/files/stat.py
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=aqvbvcnukqppcivtmfvkciwndszcmkbx] password: " -u letsencrypt /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-aqvbvcnukqppcivtmfvkciwndszcmkbx; /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<broken.c3pb.de> (0, '\n{"invocation": {"module_args": {"checksum_algorithm": "sha1", "get_checksum": true, "path": "/etc/ssl/letsencrypt/domain.c3pb.openssl.conf", "checksum_algo": "sha1", "follow": false, "get_md5": false, "get_mime": true, "get_attributes": true}}, "stat": {"exists": false}, "changed": false}\n', '')
<broken.c3pb.de> PUT /tmp/tmpdZGL9P TO /tmp/ansible-tmp-1494936627.39-21731988302727/source
<broken.c3pb.de> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 '[broken.c3pb.de]'
<broken.c3pb.de> (0, 'sftp> put /tmp/tmpdZGL9P /tmp/ansible-tmp-1494936627.39-21731988302727/source\n', '')
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'setfacl -m u:letsencrypt:r-x /tmp/ansible-tmp-1494936627.39-21731988302727/ /tmp/ansible-tmp-1494936627.39-21731988302727/source && sleep 0'"'"''
<broken.c3pb.de> (127, '', '/bin/sh: 1: setfacl: not found\n')
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'chmod u+x /tmp/ansible-tmp-1494936627.39-21731988302727/ /tmp/ansible-tmp-1494936627.39-21731988302727/source && sleep 0'"'"''
<broken.c3pb.de> (0, '', '')
<broken.c3pb.de> ESTABLISH SSH CONNECTION FOR USER: gbe
<broken.c3pb.de> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gbe -o ConnectTimeout=10 -o ControlPath=/home/gbe/.ansible/cp/4a7616b402 broken.c3pb.de '/bin/sh -c '"'"'chown letsencrypt /tmp/ansible-tmp-1494936627.39-21731988302727/ /tmp/ansible-tmp-1494936627.39-21731988302727/source && sleep 0'"'"''
<broken.c3pb.de> (1, '', "chown: changing ownership of `/tmp/ansible-tmp-1494936627.39-21731988302727/': Operation not permitted\nchown: changing ownership of `/tmp/ansible-tmp-1494936627.39-21731988302727/source': Operation not permitted\n")
fatal: [broken]: FAILED! => {
"failed": true,
"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of `/tmp/ansible-tmp-1494936627.39-21731988302727/': Operation not permitted\nchown: changing ownership of `/tmp/ansible-tmp-1494936627.39-21731988302727/source': Operation not permitted\n). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"
}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************************************************
broken : ok=10 changed=0 unreachable=0 failed=1
Raw
ansible.cfg
[defaults]
retry_files_enabled = false
hash_behaviour = merge
force_handlers = true
gathering = smart
transport = ssh
remote_user = deploy
ansible_managed = This file is managed by Ansible. DO NOT CHANGE IT MANUALLY!
[privilege_escalation]
become=True
become_method=sudo
become_user=root
[ssh_connection]
pipelining=True
Raw
inventory
# [...] Other hosts ommitted [...]
[oldshit] # A group that contains only broken
broken ansible_host=broken.c3pb.de ansible_user=gbe
[all:vars]
ansible_connection=ssh
Raw
letsencrypt-tasks.yml
---
# Create Keys, CSRs, signing script and systemd service/timer which keep SSL Certs updated.
- name: Install git
package: name=git state=present
- name: Add group ssl-cert
group: name=ssl-cert system=yes state=present
- name: Add user letsencrypt
user: name=letsencrypt system=yes group=ssl-cert state=present home={{ letsencrypt_install_dir }} shell=/bin/bash
- name: "Let letsencrypt user reload {{ letsencrypt_web_server }} (systemctl) "
lineinfile: dest=/etc/sudoers line="letsencrypt ALL = NOPASSWD{{':'}} /bin/systemctl reload {{ letsencrypt_web_server | default('nginx') }}"
when: ansible_service_mgr == "systemd"
- name: "Let letsencrypt user reload {{ letsencrypt_web_server }} (SysV init)"
lineinfile: dest=/etc/sudoers line="letsencrypt ALL = NOPASSWD{{':'}} /etc/init.d/{{ letsencrypt_web_server | default('nginx') }} reload"
when: ansible_service_mgr != "systemd"
- name: Manage cert and acme webroot directory
file: path={{ item }} state=directory owner=letsencrypt group=ssl-cert mode=755
with_items:
- "{{ letsencrypt_cert_dir }}"
- "{{ letsencrypt_webroot_dir }}"
- "{{ letsencrypt_install_dir }}"
- name: Get letsencrypt intermediate certificate
get_url:
url: https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem
dest: "{{ letsencrypt_cert_dir }}intermediate.pem"
checksum: sha256:e446c5e9dbef9d09ac9f7027c034602492437a05ff6c40011d7235fca639c79a
owner: letsencrypt
group: ssl-cert
mode: 0640
- name: Get acme-tiny
become: yes
become_user: letsencrypt
git: repo=https://github.com/frezbo/acme-tiny dest={{ letsencrypt_install_dir }}acme-tiny/
- name: Generate letsencrypt account key
become: yes
become_user: letsencrypt
shell: "umask 137; openssl genrsa -out {{ letsencrypt_cert_dir }}account.key 4096"
args:
creates: "{{ letsencrypt_cert_dir }}account.key"
- name: Generate domain keys
become: yes
become_user: letsencrypt
shell: "umask 137; openssl ecparam -name secp384r1 -genkey -out {{ letsencrypt_cert_dir }}domain.{{ item.key }}.key"
args:
creates: "{{ letsencrypt_cert_dir }}domain.{{ item.key }}.key"
with_dict: "{{ letsencrypt_cert_domains }}"
# x509v3 and therefore letsencrypt doesn't support subjectAltNames in the subject line.
# We need to generate the openssl.conf, since there is no openssl req command line switch
# for the new x509v3 style SAN list.
# XXX
# --- This is the task that fails ---
# XXX
- name: Generate openssl.conf files for each CSR
become: yes
become_user: letsencrypt
template:
src: openssl.conf.j2
dest: "{{ letsencrypt_cert_dir }}domain.{{ item.key }}.openssl.conf"
owner: letsencrypt
group: ssl-cert
mode: 0640
with_dict: "{{ letsencrypt_cert_domains }}"
register: osslconf_tmpl
# They need to be removed, so the renew_cert.sh recreates them using the new CSRs.
- name: Remove obsolete SSL Keys.
shell: >
rm -f {{ letsencrypt_cert_dir }}domain.{{ item.item.key }}.csr;
rm -f {{ letsencrypt_cert_dir }}domain.{{ item.item.key }}.pem;
rm -f {{ letsencrypt_cert_dir }}domain.{{ item.item.key }}.chained.pem;
changed_when: True
when: item.changed
with_items: "{{ osslconf_tmpl.results }}"
# TODO: just ls -l and remove using the file module
- name: Generate CSRs
become: yes
become_user: letsencrypt
command: "openssl req -batch -subj '/' -config {{ letsencrypt_cert_dir }}domain.{{ item.item.key }}.openssl.conf -new -key {{ letsencrypt_cert_dir }}domain.{{ item.item.key }}.key -out {{ letsencrypt_cert_dir }}domain.{{ item.item.key }}.csr"
args:
creates: "{{ letsencrypt_cert_dir }}domain.{{ item.item.key }}.csr"
when: item.changed
with_items: "{{ osslconf_tmpl.results }}"
- name: Manage renew_cert.sh
template: src=renew_cert.sh.j2 dest={{ letsencrypt_install_dir }}renew_cert.sh owner=letsencrypt group=ssl-cert mode=750
- include: systemd.yml
when: ansible_service_mgr == "systemd"
- include: cronjob.yml
when: ansible_service_mgr != "systemd"
Raw
playbook.yml
# This is a playbook that applies to broken only
---
- hosts: oldshit
vars:
letsencrypt_cert_domains:
c3pb:
- c3pb.de
letsencrypt_web_server: apache2
tasks:
# XXX: Apache configuration is done manually
- name: Set up letsencrypt
include_role:
name: letsencrypt
tasks_from: main
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment