Skip to content

Commit 7ba789a

Browse files
committed
modify timeout
1 parent 1c30fa7 commit 7ba789a

File tree

4 files changed

+34
-30
lines changed

4 files changed

+34
-30
lines changed

defaults/main.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,9 @@ app_protect_delete_license: true
2929
# Default is true.
3030
nginx_start: true
3131

32+
# Increase NGINX service timeout to accomdate ruleset loading from default 90s
33+
nginx_timeout: 180
34+
3235
# Choose where to fetch the NGINX App Protect signing key from.
3336
# Default is the official NGINX App Protect signing key host.
3437
# app_protect_signing_key: https://cs.nginx.com/static/keys/app-protect.key

tasks/install-app-protect.yml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,5 +21,21 @@
2121
success_msg: "'nginx_plus_version' is {{ (nginx_plus_version is defined) | ternary(nginx_plus_version, 'NONE') }}"
2222
quiet: true
2323

24+
- name: "(Install: Linux) Create override for NGINX Plus service"
25+
file:
26+
path: /etc/systemd/system/nginx.service.d
27+
state: directory
28+
mode: '0755'
29+
when: nginx_timeout is defined
30+
31+
- name: "(Install: Linux) Increase timeout for NGINX Plus Service"
32+
template:
33+
src: nginx.service.override.conf.j2
34+
dest: /etc/systemd/system/nginx.service.d/override.conf
35+
owner: root
36+
group: root
37+
mode: '0644'
38+
when: nginx_timeout is defined
39+
2440
- name: "(Install: Linux) Install NGINX Plus"
2541
import_tasks: install-app-protect-linux.yml

tasks/prerequisites/setup-selinux.yml

Lines changed: 12 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -94,63 +94,45 @@
9494
- name: "(Install: SELinux: Module) Create NGINX Plus App Protect Module"
9595
template:
9696
src: nginx-plus-module-appprotect.te.j2
97-
dest: /tmp/nginx-plus-module-appprotect.te
97+
dest: /opt/app_protect/tmp/nginx-plus-module-appprotect.te
9898

9999
- name: "(Install: SELinux: Module) Check NGINX Plus App Protect Module"
100-
command: checkmodule -M -m -o /tmp/nginx-plus-module-appprotect.mod /tmp/nginx-plus-module-appprotect.te
100+
command: checkmodule -M -m -o /opt/app_protect/tmp/nginx-plus-module-appprotect.mod /opt/app_protect/tmp/nginx-plus-module-appprotect.te
101101
args:
102-
creates: /tmp/nginx-plus-module-appprotect.mod
102+
creates: /opt/app_protect/tmp/nginx-plus-module-appprotect.mod
103103
changed_when: false
104104

105105
- name: "(Install: SELinux: Module) Compile NGINX Plus App Protect Module"
106-
command: semodule_package -o /tmp/nginx-plus-module-appprotect.pp -m /tmp/nginx-plus-module-appprotect.mod
106+
command: semodule_package -o /opt/app_protect/tmp/nginx-plus-module-appprotect.pp -m /opt/app_protect/tmp/nginx-plus-module-appprotect.mod
107107
args:
108-
creates: /tmp/nginx-plus-module-appprotect.pp
108+
creates: /opt/app_protect/tmp/nginx-plus-module-appprotect.pp
109109
changed_when: false
110110

111111
- name: "(Install: SELinux: Module) Import NGINX Plus App Protect Module"
112-
command: semodule -i /tmp/nginx-plus-module-appprotect.pp
112+
command: semodule -i /opt/app_protect/tmp/nginx-plus-module-appprotect.pp
113113
changed_when: false
114114

115-
- name: "(Install: SELinux: Module) Cleanup NGINX Plus App Protect Module"
116-
file:
117-
path: "/tmp/{{ item }}"
118-
state: absent
119-
with_items:
120-
- nginx-plus-module-appprotect.te
121-
- nginx-plus-module-appprotect.mod
122-
- nginx-plus-module-appprotect.pp
123-
124115
- name: "(Install: SELinux: Module) Create NGINX Plus Metrics Module"
125116
template:
126117
src: nginx-plus-module-f5-metrics.te.j2
127-
dest: /tmp/nginx-plus-module-f5-metrics.te
118+
dest: /opt/app_protect/tmp/nginx-plus-module-f5-metrics.te
128119

129120
- name: "(Install: SELinux: Module) Check NGINX Plus Metrics Module"
130-
command: checkmodule -M -m -o /tmp/nginx-plus-module-f5-metrics.mod /tmp/nginx-plus-module-f5-metrics.te
121+
command: checkmodule -M -m -o /opt/app_protect/tmp/nginx-plus-module-f5-metrics.mod /opt/app_protect/tmp/nginx-plus-module-f5-metrics.te
131122
args:
132-
creates: /tmp/nginx-plus-module-f5-metrics.mod
123+
creates: /opt/app_protect/tmp/nginx-plus-module-f5-metrics.mod
133124
changed_when: false
134125

135126
- name: "(Install: SELinux: Module) Compile NGINX Plus Metrics Module"
136-
command: semodule_package -o /tmp/nginx-plus-module-f5-metrics.pp -m /tmp/nginx-plus-module-f5-metrics.mod
127+
command: semodule_package -o /opt/app_protect/tmp/nginx-plus-module-f5-metrics.pp -m /opt/app_protect/tmp/nginx-plus-module-f5-metrics.mod
137128
args:
138-
creates: /tmp/nginx-plus-module-f5-metrics.pp
129+
creates: /opt/app_protect/tmp/nginx-plus-module-f5-metrics.pp
139130
changed_when: false
140131

141132
- name: "(Install: SELinux: Module) Import NGINX Plus Metrics Module"
142-
command: semodule -i /tmp/nginx-plus-module-f5-metrics.pp
133+
command: semodule -i /opt/app_protect/tmp/nginx-plus-module-f5-metrics.pp
143134
changed_when: false
144135

145-
- name: "(Install: SELinux: Module) Cleanup NGINX Plus Metrics Module"
146-
file:
147-
path: "/tmp/{{ item }}"
148-
state: absent
149-
with_items:
150-
- nginx-plus-module-f5-metrics.te
151-
- nginx-plus-module-f5-metrics.mod
152-
- nginx-plus-module-f5-metrics.pp
153-
154136
- name: "(Install: SELinux) Enforce SELinux"
155137
selinux:
156138
state: enforcing
Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
[Service]
2+
# Override default 90 second timeout
3+
TimeoutStopSec={{ nginx_timeout }}

0 commit comments

Comments
 (0)