From 2da7f39bb4e72444bfa442c4c0214482d03c60aa Mon Sep 17 00:00:00 2001 From: Alan Orth Date: Thu, 26 Apr 2018 10:45:01 +0300 Subject: [PATCH] roles/nginx: Use dynamic includes for tasks As of Ansible 2.4 and 2.5 the behavior for importing tasks has changed to introduce the notion of static imports and dynamic includes. If the tasks doing the import is using variable interpolation or conditionals then the task should be dynamic. This results in quicker playbook runs due to less importing of unneccessary tasks. One side effect of this is that child tasks of dynamic includes do not inherit their parents' tags so you must tag them explicitly or a block. --- roles/nginx/tasks/main.yml | 2 +- roles/nginx/tasks/vhosts.yml | 60 +++++++++++++++++++----------------- 2 files changed, 32 insertions(+), 30 deletions(-) diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 210236f..e3c6078 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -35,7 +35,7 @@ tags: nginx - name: Configure nginx virtual hosts - import_tasks: vhosts.yml + include_tasks: vhosts.yml when: nginx_vhosts is defined tags: nginx diff --git a/roles/nginx/tasks/vhosts.yml b/roles/nginx/tasks/vhosts.yml index 4ca136d..7e8c652 100644 --- a/roles/nginx/tasks/vhosts.yml +++ b/roles/nginx/tasks/vhosts.yml @@ -1,39 +1,41 @@ --- -- name: Configure https vhosts - template: src=vhost.conf.j2 dest={{ nginx_confd_path }}/{{ item.domain_name }}.conf mode=0644 owner=root group=root - loop: "{{ nginx_vhosts }}" - notify: - - reload nginx +- block: + - name: Configure https vhosts + template: src=vhost.conf.j2 dest={{ nginx_confd_path }}/{{ item.domain_name }}.conf mode=0644 owner=root group=root + loop: "{{ nginx_vhosts }}" + notify: + - reload nginx -- name: Generate self-signed TLS cert - command: openssl req -x509 -nodes -sha256 -days 365 -subj "/C=SO/ST=SO/L=snakeoil/O=snakeoil/CN=snakeoil" -newkey rsa:2048 -keyout /etc/ssl/private/nginx-snakeoil.key -out /etc/ssl/certs/nginx-snakeoil.crt -extensions v3_ca creates=/etc/ssl/certs/nginx-snakeoil.crt - notify: - - reload nginx + - name: Generate self-signed TLS cert + command: openssl req -x509 -nodes -sha256 -days 365 -subj "/C=SO/ST=SO/L=snakeoil/O=snakeoil/CN=snakeoil" -newkey rsa:2048 -keyout /etc/ssl/private/nginx-snakeoil.key -out /etc/ssl/certs/nginx-snakeoil.crt -extensions v3_ca creates=/etc/ssl/certs/nginx-snakeoil.crt + notify: + - reload nginx -- name: Generate 2048-bit dhparam - command: openssl dhparam -out dhparam.pem 2048 chdir=/etc/ssl/certs creates=dhparam.pem - notify: - - reload nginx + - name: Generate 2048-bit dhparam + command: openssl dhparam -out dhparam.pem 2048 chdir=/etc/ssl/certs creates=dhparam.pem + notify: + - reload nginx -- name: Create vhost document roots - file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory mode=0755 owner=nginx group=nginx - loop: "{{ nginx_vhosts }}" + - name: Create vhost document roots + file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory mode=0755 owner=nginx group=nginx + loop: "{{ nginx_vhosts }}" -- name: Install WordPress - git: repo=https://github.com/WordPress/WordPress.git dest={{ nginx_root_prefix }}/{{ item.domain_name }}/wordpress version={{ item.wordpress_version }} depth=1 force=yes - when: item.has_wordpress is defined and item.has_wordpress == True - loop: "{{ nginx_vhosts }}" - tags: wordpress + - name: Install WordPress + git: repo=https://github.com/WordPress/WordPress.git dest={{ nginx_root_prefix }}/{{ item.domain_name }}/wordpress version={{ item.wordpress_version }} depth=1 force=yes + when: item.has_wordpress is defined and item.has_wordpress == True + loop: "{{ nginx_vhosts }}" + tags: wordpress -- name: Fix WordPress directory permissions - file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory owner=nginx group=nginx recurse=yes - when: item.has_wordpress is defined and item.has_wordpress == True - loop: "{{ nginx_vhosts }}" - tags: wordpress + - name: Fix WordPress directory permissions + file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory owner=nginx group=nginx recurse=yes + when: item.has_wordpress is defined and item.has_wordpress == True + loop: "{{ nginx_vhosts }}" + tags: wordpress -- include_tasks: letsencrypt.yml - when: use_letsencrypt is defined and use_letsencrypt == True - tags: letsencrypt + - include_tasks: letsencrypt.yml + when: use_letsencrypt is defined and use_letsencrypt == True + tags: letsencrypt + tags: nginx # vim: set ts=2 sw=2: