add ocsp

2019-07-17 22:13:58 +02:00
parent 14f38641c5
commit 2b2601c0c5
4 changed files with 53 additions and 3 deletions
--- a/roles/haproxy/tasks/main.yaml
+++ b/roles/haproxy/tasks/main.yaml
@@ -44,9 +44,12 @@

 - name: copy scripts
  copy:
-    src: update_haproxy_certs.sh
+    src: "{{ item }}"
    dest: /usr/local/bin
    mode: 0755
+  with_items:
+    - update_haproxy_certs.sh
+    - ocsp_update.sh

 - name: create basic HAProxy configs
  template:
@@ -83,4 +86,18 @@
    name: haproxy
    enabled: yes
    state: started
-  
+
+- name: renew certificates every sunday
+  cron:
+    name: renew certificates
+    weekday: SUN
+    minute: "{{59|random(seed=inventory_hostname+'renew certificates')}}"
+    hour: "{{23|random(seed=inventory_hostname+'renew certificates')}}"
+    job: /usr/local/bin/update_haproxy_certs.sh
+
+- name: renew ocsp information
+  cron:
+    name: renew ocsp
+    minute: "{{59|random(seed=inventory_hostname+'renew ocsp')}}"
+    hour: "{{23|random(seed=inventory_hostname+'renew ocsp')}}"
+    job: /usr/local/bin/ocsp_update.sh