33 lines
1.2 KiB
YAML
33 lines
1.2 KiB
YAML
---
|
|
# Create DNS challenges for DNS provider Amazon Route53
|
|
- name: Creating challenge DNS entries for domains {{ ', '.join(domains) }} via DNSMadeEasy
|
|
connection: local
|
|
community.general.dnsmadeeasy:
|
|
account_key: "{{ dme_account_key }}"
|
|
account_secret: "{{ dme_account_secret }}"
|
|
# This is fragile, and will only work for 2-level domain (eg: corp.com, NOT corp.co.uk )
|
|
domain: "{{ item.key | regex_replace('^(?:.*\\.|)([^.]+\\.[^.]+)$', '\\1') }}"
|
|
record_ttl: 60
|
|
record_type: TXT
|
|
record_name: "{{ item.key |regex_replace('^(.*)(\\.[^.]+\\.[^.]+)$', '\\1') }}"
|
|
record_value: "{{ item.value|first }}"
|
|
state: present
|
|
# Need dnsmadeeasy module fixed (https://github.com/ansible/ansible/issues/58305)
|
|
run_once: True
|
|
with_dict: "{{ acme_certificate_INTERNAL_challenge.challenge_data_dns }}"
|
|
tags:
|
|
- issue-tls-certs-newkey
|
|
- issue-tls-certs
|
|
|
|
- name: Wait for DNS entries to become available
|
|
shell: "dig txt {{ item.key }} +short @8.8.8.8"
|
|
register: dig_result
|
|
until: "item.value|first in dig_result.stdout"
|
|
retries: 60
|
|
delay: 5
|
|
with_dict: "{{ acme_certificate_INTERNAL_challenge.challenge_data_dns }}"
|
|
|
|
- name: Pause for 60s for more propagation
|
|
pause:
|
|
minutes: 1
|