ansible-nginx/tasks/ssl.yml

54 lines
1.5 KiB
YAML
Raw Normal View History

2016-01-12 00:20:42 +07:00
---
2016-01-12 17:16:41 +07:00
- name: COMMAND | Generate DH file
2016-01-12 00:20:42 +07:00
command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
args:
creates: "{{ nginx_dh_path }}"
2016-01-12 17:16:41 +07:00
when: nginx_dh is not string
2017-11-03 16:30:24 +07:00
notify: restart nginx
2016-12-07 13:48:32 +07:00
async: 1000
register: dh
2016-01-12 17:16:41 +07:00
- name: COPY | Deploy DH file from vars
2017-07-27 17:21:10 +07:00
copy:
content: "{{ nginx_dh }}"
dest: "{{ nginx_dh_path }}"
2016-01-12 17:16:41 +07:00
when: nginx_dh is string
2017-11-03 16:30:24 +07:00
notify: restart nginx
2016-01-12 00:20:42 +07:00
- name: FILE | Create SSL directories
2017-07-27 17:21:10 +07:00
file:
path: "{{ nginx_ssl_dir + '/' + item.name }}"
state: directory
2016-03-05 17:37:37 +07:00
with_items: "{{ nginx_ssl_pairs }}"
2016-01-12 23:26:30 +07:00
when: item.dest_key is not defined or item.dest_cert is not defined
2016-12-08 15:19:12 +07:00
no_log: true
2016-01-12 00:20:42 +07:00
- name: COPY | Deploy SSL keys
2017-07-27 17:21:10 +07:00
copy:
content: "{{ item.key }}"
dest: "{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.key' if item.dest_key is not defined else item.dest_key }}"
mode: 0640
2016-03-05 17:37:37 +07:00
with_items: "{{ nginx_ssl_pairs }}"
2016-01-12 23:26:30 +07:00
when: item.key is defined
2017-11-03 16:30:24 +07:00
notify: restart nginx
2016-11-02 20:48:49 +07:00
no_log: true
2016-01-12 00:20:42 +07:00
- name: COPY | Deploy SSL certs
2017-07-27 17:21:10 +07:00
copy:
content: "{{ item.cert }}"
dest: "{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.crt' if item.dest_cert is not defined else item.dest_cert }}"
mode: 0644
2016-03-05 17:37:37 +07:00
with_items: "{{ nginx_ssl_pairs }}"
2016-01-12 23:26:30 +07:00
when: item.cert is defined
2017-11-03 16:30:24 +07:00
notify: restart nginx
2016-11-29 15:35:53 +07:00
no_log: true
2016-01-12 00:20:42 +07:00
2016-12-07 13:48:32 +07:00
- name: Check DH command status
2017-07-27 17:21:10 +07:00
async_status:
jid: "{{ dh.ansible_job_id }}"
2016-12-07 13:48:32 +07:00
register: job_result
until: job_result.finished
retries: 30
2017-06-01 16:38:22 +07:00
when: not ansible_check_mode and nginx_dh is not string