modify timeout

magicalyak · magicalyak · commit 7ba789a81a2c · 2020-06-22T10:42:14.000-04:00
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -29,6 +29,9 @@ app_protect_delete_license: true
 # Default is true.
 nginx_start: true
 
+# Increase NGINX service timeout to accomdate ruleset loading from default 90s
+nginx_timeout: 180
+
 # Choose where to fetch the NGINX App Protect signing key from.
 # Default is the official NGINX App Protect signing key host.
 # app_protect_signing_key: https://cs.nginx.com/static/keys/app-protect.key
diff --git a/tasks/install-app-protect.yml b/tasks/install-app-protect.yml
@@ -21,5 +21,21 @@
     success_msg: "'nginx_plus_version' is {{ (nginx_plus_version is defined) | ternary(nginx_plus_version, 'NONE') }}"
     quiet: true
 
+- name: "(Install: Linux) Create override for NGINX Plus service"
+  file:
+    path: /etc/systemd/system/nginx.service.d
+    state: directory
+    mode: '0755'
+  when: nginx_timeout is defined
+
+- name: "(Install: Linux) Increase timeout for NGINX Plus Service"
+  template:
+    src: nginx.service.override.conf.j2
+    dest: /etc/systemd/system/nginx.service.d/override.conf
+    owner: root
+    group: root
+    mode: '0644'
+  when: nginx_timeout is defined
+
 - name: "(Install: Linux) Install NGINX Plus"
   import_tasks: install-app-protect-linux.yml
diff --git a/tasks/prerequisites/setup-selinux.yml b/tasks/prerequisites/setup-selinux.yml
@@ -94,63 +94,45 @@
 - name: "(Install: SELinux: Module) Create NGINX Plus App Protect Module"
   template:
     src: nginx-plus-module-appprotect.te.j2
-    dest: /tmp/nginx-plus-module-appprotect.te
+    dest: /opt/app_protect/tmp/nginx-plus-module-appprotect.te
 
 - name: "(Install: SELinux: Module) Check NGINX Plus App Protect Module"
-  command: checkmodule -M -m -o /tmp/nginx-plus-module-appprotect.mod /tmp/nginx-plus-module-appprotect.te
+  command: checkmodule -M -m -o /opt/app_protect/tmp/nginx-plus-module-appprotect.mod /opt/app_protect/tmp/nginx-plus-module-appprotect.te
   args:
-    creates: /tmp/nginx-plus-module-appprotect.mod
+    creates: /opt/app_protect/tmp/nginx-plus-module-appprotect.mod
   changed_when: false
 
 - name: "(Install: SELinux: Module) Compile NGINX Plus App Protect Module"
-  command: semodule_package -o /tmp/nginx-plus-module-appprotect.pp -m /tmp/nginx-plus-module-appprotect.mod
+  command: semodule_package -o /opt/app_protect/tmp/nginx-plus-module-appprotect.pp -m /opt/app_protect/tmp/nginx-plus-module-appprotect.mod
   args:
-    creates: /tmp/nginx-plus-module-appprotect.pp
+    creates: /opt/app_protect/tmp/nginx-plus-module-appprotect.pp
   changed_when: false
 
 - name: "(Install: SELinux: Module) Import NGINX Plus App Protect Module"
-  command: semodule -i /tmp/nginx-plus-module-appprotect.pp
+  command: semodule -i /opt/app_protect/tmp/nginx-plus-module-appprotect.pp
   changed_when: false
 
-- name: "(Install: SELinux: Module) Cleanup NGINX Plus App Protect Module"
-  file:
-    path: "/tmp/{{ item }}"
-    state: absent
-  with_items:
-    - nginx-plus-module-appprotect.te
-    - nginx-plus-module-appprotect.mod
-    - nginx-plus-module-appprotect.pp
-
 - name: "(Install: SELinux: Module) Create NGINX Plus Metrics Module"
   template:
     src: nginx-plus-module-f5-metrics.te.j2
-    dest: /tmp/nginx-plus-module-f5-metrics.te
+    dest: /opt/app_protect/tmp/nginx-plus-module-f5-metrics.te
 
 - name: "(Install: SELinux: Module) Check NGINX Plus Metrics Module"
-  command: checkmodule -M -m -o /tmp/nginx-plus-module-f5-metrics.mod /tmp/nginx-plus-module-f5-metrics.te
+  command: checkmodule -M -m -o /opt/app_protect/tmp/nginx-plus-module-f5-metrics.mod /opt/app_protect/tmp/nginx-plus-module-f5-metrics.te
   args:
-    creates: /tmp/nginx-plus-module-f5-metrics.mod
+    creates: /opt/app_protect/tmp/nginx-plus-module-f5-metrics.mod
   changed_when: false
 
 - name: "(Install: SELinux: Module) Compile NGINX Plus Metrics Module"
-  command: semodule_package -o /tmp/nginx-plus-module-f5-metrics.pp -m /tmp/nginx-plus-module-f5-metrics.mod
+  command: semodule_package -o /opt/app_protect/tmp/nginx-plus-module-f5-metrics.pp -m /opt/app_protect/tmp/nginx-plus-module-f5-metrics.mod
   args:
-    creates: /tmp/nginx-plus-module-f5-metrics.pp
+    creates: /opt/app_protect/tmp/nginx-plus-module-f5-metrics.pp
   changed_when: false
 
 - name: "(Install: SELinux: Module) Import NGINX Plus Metrics Module"
-  command: semodule -i /tmp/nginx-plus-module-f5-metrics.pp
+  command: semodule -i /opt/app_protect/tmp/nginx-plus-module-f5-metrics.pp
   changed_when: false
 
-- name: "(Install: SELinux: Module) Cleanup NGINX Plus Metrics Module"
-  file:
-    path: "/tmp/{{ item }}"
-    state: absent
-  with_items:
-    - nginx-plus-module-f5-metrics.te
-    - nginx-plus-module-f5-metrics.mod
-    - nginx-plus-module-f5-metrics.pp
-
 - name: "(Install: SELinux) Enforce SELinux"
   selinux:
     state: enforcing
diff --git a/templates/nginx.service.override.conf.j2 b/templates/nginx.service.override.conf.j2
@@ -0,0 +1,3 @@
+[Service]
+# Override default 90 second timeout
+TimeoutStopSec={{ nginx_timeout }}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+[Service]`
	`2`	`+# Override default 90 second timeout`
	`3`	`+TimeoutStopSec={{ nginx_timeout }}`