Add dehydrated_renew_command variable.

eengstrom · eengstrom · commit 440b15219e3b · 2021-02-28T18:05:22.000-06:00
Defaults to `"{{ dehydrated_install_root }}/dehydrated --cron"`

There were subtle variations on the call to this scattered through the
code, and this way one may change the command, or embed into a pipe to
redirect output as needed.  For example:

- Don't give up on first failure:

```
dehydrated_renew_command: "{{ dehydrated_install_root }}/dehydrated 
--cron --keep-going"
```

- More complicated example to redirect output to `syslog`:

```
dehydrated_renew_command: "bash -c '({{ dehydrated_install_root 
}}/dehydrated -c -g | logger -t dehydrated -p local7.info) 2&gt;&amp;1 | logger 
-t dehydrated -p local7.error -s'"
```

... although the latter is somewhat contrived and one would probably be 
better served by using a `systemd` timer rather than a cron job, which 
would then do effectively the same thing.
diff --git a/.gitignore b/.gitignore
@@ -2,3 +2,4 @@
 *.code-workspace
 .vagrant/
 *.log
+.cache
diff --git a/README.md b/README.md
@@ -43,6 +43,7 @@ dehydrated_challengetype | Challenge to use (http-01, dns-01) | http-01
 dehydrated_use_lexicon | Enable the use of lexicon | yes if dehydrated_challengetype == dns-01 else no
 dehydrated_lexicon_dns | Options for running lexicon | {}
 dehydrated_lexicon_dns_version | specific version of `dns-lexicon` to install | {} (== latest)
+dehydrated_renew_command | command to run to renew certificates  | `{{ dehydrated_install_root }}/dehydrated --cron`
 dehydrated_hooks | Dict with hook-names for which to add scripts |
 dehydrated_hook_scripts | Add additional scripts to hooks-Directory | []
 dehydrated_key_algo | Keytype to generate (rsa, prime256v1, secp384r1) | rsa
@@ -200,7 +201,7 @@ TIMESTAMP | Timestamp when the  certificate was created.
     - clutterbox.dehydrated
 ```
 
-## Additinal hook scripts
+## Additional hook scripts
 
 This role offers two different ways to deploy additional hooks:
  * Using shell fragments
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -5,6 +5,7 @@ dehydrated_dependencies:
   - curl
 dehydrated_repo_url: https://github.com/dehydrated-io/dehydrated.git
 dehydrated_install_root: /opt/dehydrated
+dehydrated_renew_command: "{{ dehydrated_install_root }}/dehydrated --cron"
 dehydrated_update: yes
 dehydrated_version: HEAD
 dehydrated_challengetype: http-01
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -6,7 +6,7 @@
   command: "{{ dehydrated_install_root }}/dehydrated --account"
 
 - name: run dehydrated
-  command: "{{ dehydrated_install_root }}/dehydrated -c"
+  command: "{{ dehydrated_renew_command }}"
   when: dehydrated_run_on_changes
 
 - name: Reload systemd
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -47,13 +47,13 @@
   when:
     - dehydrated_use_lexicon
 
-- name: Install cronjob
+- name: Configure crontab
   cron:
     name: dehydrated-renew
     minute: "{{ 59|random(seed=inventory_hostname) }}"
     hour: "{{ 4|random(seed=inventory_hostname) }}"
     user: root
-    job: "{{ dehydrated_install_root }}/dehydrated -c"
+    job: "{{ dehydrated_renew_command }}"
     cron_file: dehydrated
     state: "{{ 'present' if dehydrated_cronjob else 'absent' }}"
 
diff --git a/templates/dehydrated.service.j2 b/templates/dehydrated.service.j2
@@ -7,5 +7,5 @@ OnFailure={{ dehydrated_systemd_timer_onfailure }}
 
 [Service]
 User=root
-ExecStart={{ dehydrated_install_root }}/dehydrated --cron
+ExecStart={{ dehydrated_renew_command }}
 Type=oneshot
