Change DH file if length updated

pull/38/head
Emilien Mantel 2019-02-12 18:04:57 +01:00
parent c12113921c
commit a021888728
1 changed files with 19 additions and 15 deletions

View File

@ -1,13 +1,25 @@
--- ---
- name: COMMAND | Generate DH file - block:
command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
args: - name: STAT | Get info ajout DH file
creates: "{{ nginx_dh_path }}" stat:
path: "{{ nginx_dh_path }}"
get_checksum: no
register: stat_dh_file
- name: SHELL | Get info about DH file
shell: openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }'
changed_when: false
register: dh_info
when: stat_dh_file.stat.exists
- name: COMMAND | Generate DH file
command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
when: not stat_dh_file.stat.exists or (dh_info.stdout | int != nginx_dh_length | int)
notify: restart nginx
when: nginx_dh is not string when: nginx_dh is not string
notify: restart nginx
async: 1000
register: dh
- name: COPY | Deploy DH file from vars - name: COPY | Deploy DH file from vars
copy: copy:
@ -53,11 +65,3 @@
when: item.self_signed is defined when: item.self_signed is defined
notify: restart nginx notify: restart nginx
no_log: not nginx_debug_role no_log: not nginx_debug_role
- name: Check DH command status
async_status:
jid: "{{ dh.ansible_job_id }}"
register: job_result
until: job_result.finished
retries: 30
when: not ansible_check_mode and nginx_dh is not string