aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ansible/roles/nginx/tasks/main.yml31
1 files changed, 3 insertions, 28 deletions
diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml
index b9b0821..37cd24a 100644
--- a/ansible/roles/nginx/tasks/main.yml
+++ b/ansible/roles/nginx/tasks/main.yml
@@ -19,46 +19,21 @@
- ssl.conf
# We need to determine whether or not the tls_certs variable changed since the last time ansible was run.
-# we use a file /etc/nginx/ansible_automation_tls_certs_list to achieve this
-# first we touch the file (create an empty file if no file with that name existed)
-# then we make a copy of the file, naming the copy /etc/nginx/ansible_automation_tls_certs_list_last
-# Finally, we write the tls_certs variable to the file via a jinja2 template
-# and we compare the two, the copy of the original and the one we just wrote.
-- name: ensure /etc/nginx/ansible_automation_tls_certs_list exists
- file:
- path: /etc/nginx/ansible_automation_tls_certs_list
- state: touch
-
-- name: make a copy of the previous ansible_automation_tls_certs_list
- copy:
- remote_src: true
- src: /etc/nginx/ansible_automation_tls_certs_list
- dest: /etc/nginx/ansible_automation_tls_certs_list_last
-
-- name: write the new tls_certs variable to ansible_automation_tls_certs_list file
+- name: write the new tls_certs variable to a file
template:
src: tls_certs_list.j2
dest: /etc/nginx/ansible_automation_tls_certs_list
owner: root
group: root
mode: 0644
-
-- name: checksum the ansible_automation_tls_certs_list
- stat:
- path: /etc/nginx/ansible_automation_tls_certs_list
- register: tls_certs_file
-
-- name: checksum the ansible_automation_tls_certs_list_last
- stat:
- path: /etc/nginx/ansible_automation_tls_certs_list_last
- register: old_tls_certs_file
+ register: tls_certs_list_file
# this way invalid configs cant prevent nginx from starting, thus preventing uacme from running
- name: delete nginx custom configs if the tls_certs variable has changed
file:
path: /etc/nginx/conf.d
state: absent
- when: tls_certs_file.stat.checksum != old_tls_certs_file.stat.checksum
+ when: tls_certs_list_file.changed
- name: ensure /etc/nginx/conf.d exists
file: