cleanup files more safely
drzraf opened this issue · comments
issue-certs-cleanup.yml
cleanups {server_location}
without any guards (in case of role misuse)
If server_location
is not set it will remove *
file in the current directory or worst if set to /var/www/
server_location
should be given a sane default value (/tmp/www-challenges) and use the |default()
construct for maximal safety.
If server_location
is not set, it should complain that server_location
is not defined and bail out instead of executing this. (And so far ansible always died when I tried to use an undefined variable.)
Anyway, taking a default for server_location
does make no sense at all since that path MUST be integrated in your (web) server configuration, otherwise the whole process won't work.
Anyway, using file: dest="{{ server_location }}" state=absent
might be a better example for this role. This will also complain in case server_location
would be set to an empty string.
The last point is also fixed in cc9b8be; see felixfontein/letsencrypt-ansible@cc9b8be#diff-aa472a0dedf2e48564fde08217292f3cL7.