radityo/ansible-nginx
1
0
Fork 0
mirror of https://github.com/HanXHX/ansible-nginx.git synced 2026-04-09 12:42:10 +07:00
Code Issues Projects Releases Wiki Activity

Fix lints warnings (#40)

Browse Source 
* Add new filter plugins related to SSL
* Ignore lint on few tasks
This commit is contained in:
Emilien M
2019-04-26 13:29:06 +02:00
committed by GitHub
parent 247f849b86
commit 39d3f5f06a
9 changed files with 79 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
tasks/ssl/acme.yml
View File

@@ -46,8 +46,13 @@
warn: false
when: fake_site.changed and ansible_virtualization_type == 'docker'
- name: SHELL | Get certificates
shell: '{{ nginx_acmesh_bin }} --home {{ nginx_acmesh_dir }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}'
- name: COMMAND | Get certificates
command: |
{{ nginx_acmesh_bin }}
--home {{ nginx_acmesh_dir }}
--issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %}
--nginx
{% if nginx_acmesh_test %}--test{% endif %}
args:
creates: "{{ nginx_acmesh_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
loop: "{{ acme_create }}"
@@ -60,8 +65,14 @@
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
loop: "{{ acme_create }}"
- name: SHELL | Install certificates
shell: '{{ nginx_acmesh_bin }} --home {{ nginx_acmesh_dir }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key --reloadcmd "service nginx restart"'
- name: COMMAND | Install certificates
command: |
{{ nginx_acmesh_bin }}
--home {{ nginx_acmesh_dir }}
--install-cert -d {{ item | nginx_site_name }}
--fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt
--key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key
--reloadcmd "service nginx restart"
args:
creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
loop: "{{ nginx_ssl_pairs }}"

17
tasks/ssl/standard.yml
View File

@@ -30,7 +30,7 @@
- name: FILE | Create SSL directories
file:
path: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
path: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}"
state: directory
loop: "{{ nginx_ssl_pairs }}"
when: item.dest_key is not defined or item.dest_cert is not defined
@@ -39,7 +39,7 @@
- name: COPY | Deploy SSL keys
copy:
content: "{{ item.key }}"
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.key' if item.dest_key is not defined else item.dest_key }}"
dest: "{{ item | nginx_key_path(nginx_ssl_dir) }}"
mode: 0640
loop: "{{ nginx_ssl_pairs }}"
when: item.key is defined
@@ -49,7 +49,7 @@
- name: COPY | Deploy SSL certs
copy:
content: "{{ item.cert }}"
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' if item.dest_cert is not defined else item.dest_cert }}"
dest: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
mode: 0644
loop: "{{ nginx_ssl_pairs }}"
when: item.cert is defined
@@ -57,10 +57,15 @@
no_log: not nginx_debug_role
- name: COMMAND | Create self-signed certificates
command: "openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -subj '/CN={{ item | nginx_site_name }}' -keyout {{ item | nginx_site_name + '.key' }} -out {{ item | nginx_site_name + '.crt' }}"
command: |
openssl req
-new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509
-subj '/CN={{ item | nginx_site_name }}'
-keyout {{ item | nginx_key_path(nginx_ssl_dir) }}
-out {{ item | nginx_cert_path(nginx_ssl_dir) }}
args:
chdir: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
creates: "{% if item.force is defined and item.force %}/tmp/dummy{% else %}{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' }}{% endif %}"
chdir: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}"
creates: "{{ '/tmp/dummy' if item.force is defined and item.force else item | nginx_cert_path(nginx_ssl_dir) }}"
loop: "{{ nginx_ssl_pairs }}"
when: item.self_signed is defined
notify: restart nginx