|
138 | 138 | timer_OnCalendar: "{{ gitlab.block_removed_ldap_users_on_calendar }}" |
139 | 139 | when: gitlab.ldap.enable |
140 | 140 |
|
| 141 | +# Set up LE renewal timer and service on boot for servers that are shut down overnight. |
| 142 | + |
| 143 | +- name: Check if GitLab is installed |
| 144 | + ansible.builtin.stat: |
| 145 | + path: /opt/gitlab/bin/gitlab-ctl |
| 146 | + register: gitlab_ctl_binary |
| 147 | + |
| 148 | +- name: Configure GitLab LE boot-time renewal timer |
| 149 | + when: |
| 150 | + - gitlab.letsencrypt_timer |
| 151 | + - gitlab_ctl_binary.stat.exists |
| 152 | + block: |
| 153 | + - name: Install systemd service for LE renewal |
| 154 | + ansible.builtin.template: |
| 155 | + src: gitlab-renew-le.service.j2 |
| 156 | + dest: /etc/systemd/system/gitlab-renew-le.service |
| 157 | + owner: root |
| 158 | + group: root |
| 159 | + mode: '0644' |
| 160 | + |
| 161 | + - name: Install systemd timer for LE renewal |
| 162 | + ansible.builtin.template: |
| 163 | + src: gitlab-renew-le.timer.j2 |
| 164 | + dest: /etc/systemd/system/gitlab-renew-le.timer |
| 165 | + owner: root |
| 166 | + group: root |
| 167 | + mode: '0644' |
| 168 | + |
| 169 | + - name: Reload systemd daemon |
| 170 | + ansible.builtin.systemd_service: |
| 171 | + daemon_reload: true |
| 172 | + when: is_local is not defined or not is_local |
| 173 | + |
| 174 | + - name: Enable and start the LE renewal timer |
| 175 | + ansible.builtin.systemd: |
| 176 | + name: gitlab-renew-le.timer |
| 177 | + enabled: true |
| 178 | + state: started |
| 179 | + when: is_local is not defined or not is_local |
| 180 | + |
141 | 181 | # @TODO - this task fails in CI with GitHub Actions because PostGreSQL isn't running |
142 | 182 | - name: Run the GitLab configuration script for config that cannot be set in gitlab.rb. |
143 | 183 | ansible.builtin.command: /opt/gitlab/bin/gitlab-rails runner /etc/gitlab/gitlab-config.rb |
|
0 commit comments