変数を整理し型を変更

wate · Sep 15, 2024 · 2d8eda4 · 2d8eda4
1 parent ca8c7b0
commit 2d8eda4
Show file tree

Hide file tree

Showing 7 changed files with 100 additions and 33 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -22,13 +22,12 @@ dehydrated_lexicon_packages:
 ## -----------------
 ## dehydratedで管理するドメインの設定
 ## -----------------
-dehydrated_domains: []
-# - name: example.com
-#   domains:
-#     - example.com
-#     - *.example.com
-# - name: example.net
-#   domains: example.net
+dehydrated_domains: {}
+  # example.com:
+  # example.net: example.net
+  # example.org:
+  #   - example.org
+  #   - *.example.org
 
 ## -----------------
 ## dehydratedインストール時に実行するか否か

diff --git a/molecule/default/group_vars/all.yml b/molecule/default/group_vars/all.yml
@@ -2,4 +2,12 @@
 dehydrated_cfg:
   CA: https://acme-staging-v02.api.letsencrypt.org/directory
   CHALLENGETYPE: dns-01
+
 dehydrated_with_lexicon: true
+
+dehydrated_domains:
+  example.com:
+  example.net: example.net
+  star.service.example.org:
+    - service.example.org
+    - "*.service.example.org"
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -2,19 +2,80 @@
 - name: Verify
   hosts: all
   gather_facts: true
-  check_mode: true
+  become: true
   tasks:
-    - name: test dehydrated package
-      ansible.builtin.apt:
-        name: dehydrated
-      register: result
-    - name: assert package
+    - name: Gather package facts
+      ansible.builtin.package_facts:
+        manager: auto
+    - name: Assert package
       ansible.builtin.assert:
-        that: result is not changed
-    - name: test lexicon package
-      ansible.builtin.apt:
-        name: lexicon
-      register: result
-    - name: assert package
-      ansible.builtin.assert:
-        that: result is not changed
+        that:
+          - ansible_facts.packages['dehydrated']
+          - ansible_facts.packages['lexicon']
+    - name: Test domains.txt
+      block:
+        - name: Get local.sh CA content
+          ansible.builtin.command:
+            cmd: grep "CA=" /etc/dehydrated/conf.d/local.sh
+          changed_when: false
+          failed_when: local_sh_content.rc > 1
+          register: local_sh_content
+        - name: Test local.sh
+          block:
+            - name: Assert
+              ansible.builtin.assert:
+                that:
+                  - local_sh_content.rc == 0
+                  - local_sh_content.stdout == 'CA="https://acme-staging-v02.api.letsencrypt.org/directory"'
+            - name: Get local.sh CHALLENGETYPE content
+              ansible.builtin.command:
+                cmd: grep "CHALLENGETYPE=" /etc/dehydrated/conf.d/local.sh
+              changed_when: false
+              failed_when: local_sh_content.rc > 1
+              register: local_sh_content
+            - name: Assert local.sh
+              ansible.builtin.assert:
+                that:
+                  - local_sh_content.rc == 0
+                  - local_sh_content.stdout == 'CHALLENGETYPE="dns-01"'
+    - name: Test domains.txt
+      block:
+        - name: Test value is none
+          block:
+            - name: Get domains.txt content(value is none)
+              ansible.builtin.command:
+                cmd: grep "example.com" /etc/dehydrated/domains.txt
+              failed_when: domains_txt_content.rc > 1
+              changed_when: false
+              register: domains_txt_content
+            - name: Assert domains.txt
+              ansible.builtin.assert:
+                that:
+                  - domains_txt_content.rc == 0
+                  - domains_txt_content.stdout == 'example.com'
+        - name: Test value is string
+          block:
+            - name: Get domains.txt content(value is string)
+              ansible.builtin.command:
+                cmd: grep "example.net" /etc/dehydrated/domains.txt
+              failed_when: domains_txt_content.rc > 1
+              changed_when: false
+              register: domains_txt_content
+            - name: Assert domains.txt
+              ansible.builtin.assert:
+                that:
+                  - domains_txt_content.rc == 0
+                  - domains_txt_content.stdout == 'example.net > example.net'
+        - name: Test value is list
+          block:
+            - name: Get domains.txt content(value is list)
+              ansible.builtin.command:
+                cmd: grep "star.service.example.org" /etc/dehydrated/domains.txt
+              failed_when: domains_txt_content.rc > 1
+              changed_when: false
+              register: domains_txt_content
+            - name: Assert domains.txt
+              ansible.builtin.assert:
+                that:
+                  - domains_txt_content.rc == 0
+                  - domains_txt_content.stdout == 'service.example.org *.service.example.org > star.service.example.org'
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -11,22 +11,22 @@
 - name: Create addtitional config file
   ansible.builtin.template:
     src: local.sh.j2
-    dest: "{{ dehydrated_config_dir }}/local.sh"
+    dest: /etc/dehydrated/conf.d/local.sh
     mode: "0644"
 - name: Create domain file
   ansible.builtin.template:
     src: domains.txt.j2
-    dest: "{{ dehydrated_domains_txt }}"
+    dest: /etc/dehydrated/domains.txt
     mode: "0644"
 - name: Create hook file
   ansible.builtin.template:
     src: hook.sh.j2
-    dest: "{{ dehydrated_config_base_dir }}/hook.sh"
+    dest: /etc/dehydrated/hook.sh
     mode: "0750"
 - name: Register account key
   ansible.builtin.command:
     cmd: dehydrated --register --accept-terms
-    creates: "{{ dehydrated_base_dir }}/accounts"
+    creates: /var/lib/dehydrated/accounts
 - name: Create auth file directory
   ansible.builtin.file:
     path: /var/www/dehydrated

diff --git a/templates/domains.txt.j2 b/templates/domains.txt.j2
@@ -1,3 +1,7 @@
-{% for domain in dehydrated_domains -%}
-{{ domain.domains if domain.domains is string else domain.domains | join(' ') }} > {{ domain.name }}
+{% for domain in dehydrated_domains | dict2items -%}
+{% if domain.value -%}
+{{ domain.value is string | ternary(domain.value, domain.value | join(' ')) }} > {{ domain.key }}
+{% else -%}
+{{ domain.key }}
+{% endif %}
 {% endfor %}
diff --git a/templates/local.sh.j2 b/templates/local.sh.j2
@@ -2,4 +2,4 @@
 {% for cfg_name, cfg_value in dehydrated_cfg.items() -%}
 {{ cfg_name }}="{{ cfg_value }}"
 {% endfor %}
-HOOK="{{ dehydrated_config_base_dir }}/hook.sh"
+HOOK="/etc/dehydrated/hook.sh"
diff --git a/vars/main.yml b/vars/main.yml
@@ -1,6 +1 @@
 ---
-dehydrated_config_base_dir: /etc/dehydrated
-dehydrated_config_dir: /etc/dehydrated/conf.d
-dehydrated_base_dir: /var/lib/dehydrated
-dehydrated_wellknown_dir: "{{ dehydrated_base_dir }}/acme-challenges"
-dehydrated_domains_txt: /etc/dehydrated/domains.txt