Skip to content

2.0.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 19 Apr 13:29
2.0.0
7d27f65
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Release notes

With this release we tackle one of the big debts we had piled up during the development of the collection/role.

We consolidated all variables to be more readable, less cluttered and are merging better into the collection/role name.
Some of the variables were removed as we optimized the detection of the used providers and were no longer needed. Elements of lists were not changed.

To avoid any trademark issues with the Internet Security Research Group we further renamed the collection to acme.
As the role also could be used to issue certificates from other authorities, who implement the ACME protocol, we also renamed it to acme

It is a breaking change but should be the last one for quite some time. We promise!

Migrating to the new version

To support you in moving from the previous version to the current we prepared some tips to ease this task.

You no longer have to provide a type for the challenge provider. The name of the provider is now sufficient enough.
The name of this variable also got changed to: acme_challenge_provider
Also letsencrypt_use_acme_live_directory got renamed to acme_use_live_directory.

So if you have a playbook which looks like this:

- name: create the certificate for *.example.com
  hosts: localhost
  roles:
    - letsencrypt
  vars:
    domain:
      certificate_name: "wildcard.example.com"
      zone: "example.com"
      email_address: "ssl-admin@example.com"
      subject_alt_name:
        - "*.example.com"
    letsencrypt_do_http_challenge: false
    letsencrypt_do_dns_challenge: true
    letsencrypt_dns_provider: autodns
    letsencrypt_use_acme_live_directory: false
    account_email: "ssl-admin@example.com"
    dns_user: "example_dns"
    dns_password: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              ...
  • Rename the called role to acme
  • You have to rename letsencrypt_dns_provider to acme_challenge_provider.
  • All other main variables need their prefix changed to acme (drop letsencrypt prefix if present).

This should result in something like this:

- name: create the certificate for *.example.com
  hosts: localhost
  collections:
    - t_systems_mms.acme
  roles:
    - acme
  vars:
    acme_domain:
      certificate_name: "wildcard.example.com"
      zone: "example.com"
      email_address: "ssl-admin@example.com"
      subject_alt_name:
        - "*.example.com"
    acme_challenge_provider: autodns
    acme_use_live_directory: false
    acme_account_email: "ssl-admin@example.com"
    acme_dns_user: "example_dns"
    acme_dns_password: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              ...

Please note that you do not have to add the collections: part in your playbook if you use namespaces to hand over the variables to the role.

That should be all there is to do.

Happy issueing! :)

Changelog

2.0.0 (2021-03-26)

Full Changelog

Breaking changes:

  • Unify variables #44
  • Rename collection | simplify provider selection | unify variables #46 (avalor1)

Closed issues:

  • Rename collection to avoid LE trademark #43
  • Simplify challenge provider selection #42

Merged pull requests:

  • Adjust collection name for galaxy #49 (avalor1)
  • add possibility to define owner/group for local validation path and local challenge files #48 (beechesII)
Assets 2
Loading