radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Change DH file if length updated

pull/38/head
Emilien Mantel 2019-02-12 18:04:57 +01:00
parent c12113921c
commit a021888728
1 changed files with 19 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
tasks/ssl/standard.yml
View File

@ -1,13 +1,25 @@
--- ---
- block:
- name: STAT | Get info ajout DH file
stat:
path: "{{ nginx_dh_path }}"
get_checksum: no
register: stat_dh_file
- name: SHELL | Get info about DH file
shell: openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }'
changed_when: false
register: dh_info
when: stat_dh_file.stat.exists
- name: COMMAND | Generate DH file - name: COMMAND | Generate DH file
command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }} command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
args: when: not stat_dh_file.stat.exists or (dh_info.stdout | int != nginx_dh_length | int)
creates: "{{ nginx_dh_path }}"
when: nginx_dh is not string
notify: restart nginx notify: restart nginx
async: 1000
register: dh when: nginx_dh is not string
- name: COPY | Deploy DH file from vars - name: COPY | Deploy DH file from vars
copy: copy:
@ -53,11 +65,3 @@
when: item.self_signed is defined when: item.self_signed is defined
notify: restart nginx notify: restart nginx
no_log: not nginx_debug_role no_log: not nginx_debug_role
- name: Check DH command status
async_status:
jid: "{{ dh.ansible_job_id }}"
register: job_result
until: job_result.finished
retries: 30
when: not ansible_check_mode and nginx_dh is not string