diff --git a/.travis.yml b/.travis.yml index 290642c..7838e42 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,30 +1,94 @@ --- -language: python -python: "2.7" -# Use the new container infrastructure -sudo: false -# Install ansible -addons: - apt: - packages: - - python-pip -install: - # Install ansible - - pip install ansible - # Check ansible version - - ansible --version - # Create ansible.cfg with correct roles_path - - printf '[defaults]\nroles_path=../' >ansible.cfg +sudo: required +services: + - docker +env: + - distribution: centos + version: 6 + playbook: basic + - distribution: centos + version: 6 + playbook: push + - distribution: centos + version: 6 + playbook: stable + - distribution: centos + version: 6 + playbook: template + - distribution: centos + version: 7 + playbook: basic + - distribution: centos + version: 7 + playbook: template + - distribution: centos + version: 7 + playbook: stable + - distribution: centos + version: 7 + playbook: push + - distribution: debian + version: jessie + playbook: basic + - distribution: debian + version: jessie + playbook: template + - distribution: debian + version: jessie + playbook: stable + - distribution: debian + version: jessie + playbook: push + - distribution: debian + version: stretch + playbook: basic + - distribution: debian + version: stretch + playbook: template + - distribution: debian + version: stretch + playbook: stable + - distribution: debian + version: stretch + playbook: push + - distribution: ubuntu + version: trusty + playbook: basic + - distribution: ubuntu + version: trusty + playbook: template + - distribution: ubuntu + version: trusty + playbook: stable + - distribution: ubuntu + version: trusty + playbook: push + - distribution: ubuntu + version: xenial + playbook: basic + - distribution: ubuntu + version: xenial + playbook: template + - distribution: ubuntu + version: xenial + playbook: stable + - distribution: ubuntu + version: xenial + playbook: push +before_install: + - 'sudo docker pull ${distribution}:${version}' + - 'sudo docker build --no-cache --rm --file=tests/dockerfiles/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' script: - # Basic role syntax check - - ansible-playbook tests/test.yml -i tests/inventory --syntax-check - # Run the role with ansible-playbook. - - ansible-playbook tests/test.yml -i tests/inventory --connection=local --sudo - # Run the role again, checking to make sure it's idempotent. + - container_id=$(mktemp) + - 'sudo docker run --detach --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro --volume="${PWD}":/etc/ansible/roles/ansible-role-nginx:ro ${distribution}-${version}:ansible > "${container_id}"' + - 'sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/ansible-role-nginx/tests/playbooks/nginx-${playbook}.yml --syntax-check' + - 'sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/ansible-role-nginx/tests/playbooks/nginx-${playbook}.yml' - > - ansible-playbook tests/test.yml -i tests/inventory --connection=local --sudo | grep -q 'changed=0.*failed=0' - && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) - # Request a page via the web server, to make sure NGINX is running and responds. - - curl http://localhost/ + sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/ansible-role-nginx/tests/playbooks/nginx-${playbook}.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + - 'sudo docker exec "$(cat ${container_id})" curl http://localhost/' + - 'sudo docker rm -f "$(cat ${container_id})"' notifications: webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/README.md b/README.md index e969684..f7331cf 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Ansible NGINX Role [![Ansible Galaxy](https://img.shields.io/badge/galaxy-nginxinc.nginx-5bbdbf.svg)](https://galaxy.ansible.com/nginxinc/nginx) [![Build Status](https://travis-ci.org/nginxinc/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/nginxinc/ansible-role-nginx) -This role installs open source NGINX, NGINX Plus, or NGINX Unit on your target host. +This role installs NGINX Open Source, NGINX Plus, or NGINX Unit on your target host. Requirements ------------ @@ -13,9 +13,9 @@ This role was developed using Ansible 2.4.0.0. Backwards compatibility is not gu Use `ansible-galaxy install nginxinc.nginx` to install the role on your system. -It supports all platforms supported by [open source NGINX](https://nginx.org/en/linux_packages.html#mainline) and [NGINX Plus](https://www.nginx.com/products/technical-specs/): +It supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html#mainline) and [NGINX Plus](https://www.nginx.com/products/technical-specs/): -**Open Source NGINX:** +**NGINX Open Source:** CentOS: versions: @@ -106,8 +106,27 @@ This role has multiple variables. The defaults for all these variables are the f # Default is 'opensource'. type: opensource - # Specify which branch of Open Source NGINX you want to install. + # Specify repository origin for NGINX Open Source. + # Options are 'nginx_repository' or 'os_repository'. + # Only works if 'type' is set to 'opensource'. + # Default is nginx_repository. + install_from: nginx_repository + + # Specify source repository for NGINX Open Source. + # Only works if 'install_from' is set to 'nginx_repository'. + # Defaults are the official NGINX repositories. + nginx_repository: + debian: + - 'deb https://nginx.org/packages/{{ "mainline/" if branch == "mainline" }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx' + - 'deb-src https://nginx.org/packages/{{ "mainline/" if branch == "mainline" }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx' + redhat: + - https://nginx.org/packages/{{ "mainline/" if branch == "mainline" }}{{ (ansible_distribution == "RedHat") | ternary('rhel/', 'centos/') }}{{ ansible_distribution_major_version|int }}/$basearch/ + suse: + - https://nginx.org/packages/{{ "mainline/" if branch == "mainline" }}sles/12 + + # Specify which branch of NGINX Open Source you want to install. # Options are 'mainline' or 'stable'. + # Only works if 'install_from' is set to 'nginx_repository'. # Default is mainline. branch: mainline @@ -116,8 +135,7 @@ This role has multiple variables. The defaults for all these variables are the f unit_enable: false unit_packages: false - # Install nginscript, perl, waf (NGINX Plus only), geoip, image-filter, rtmp and/or xslt modules. - # Default is false. + # Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming, and/or XSLT modules. # Default is false. modules: njs: false perl: false @@ -134,18 +152,15 @@ This role has multiple variables. The defaults for all these variables are the f amplify_key: null # Enable NGINX status data. - # Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus. + # Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus. # Default is false. status_enable: false - # Enable NGINX Plus REST API and write access. + # Enable NGINX Plus REST API, write access to the REST API, and NGINX Plus dashboard. # Default is false. rest_api_enable: false rest_api_write: false - - # Enable NGINX Plus dashboard. REST API also needs to be enabled. - # Default is false. - dashboard: false + rest_api_dashboard: false # Location of your NGINX Plus license in your local machine. # Default is the files folder within the NGINX Ansible role. @@ -170,8 +185,8 @@ This role has multiple variables. The defaults for all these variables are the f main_template_worker_processes: auto main_template_error_level: warn main_template_worker_connections: 1024 - main_template_keepalive_timeout: 65 http_template_enable: false + http_template_keepalive_timeout: 65 http_template_listen: 80 http_template_server_name: localhost stream_template_enable: false diff --git a/defaults/main.yml b/defaults/main.yml index 7e88205..fb5c893 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,8 +4,27 @@ # Default is 'opensource'. type: opensource -# Specify which branch of Open Source NGINX you want to install. +# Specify repository origin for NGINX Open Source. +# Options are 'nginx_repository' or 'os_repository'. +# Only works if 'type' is set to 'opensource'. +# Default is nginx_repository. +install_from: nginx_repository + +# Specify source repository for NGINX Open Source. +# Only works if 'install_from' is set to 'nginx_repository'. +# Defaults are the official NGINX repositories. +nginx_repository: + debian: + - deb https://nginx.org/packages/{{ (branch == 'mainline') | ternary('mainline/','') }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx + - deb-src https://nginx.org/packages/{{ (branch == 'mainline') | ternary('mainline/','') }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx + redhat: + - https://nginx.org/packages/{{ (branch == 'mainline') | ternary('mainline/','') }}{{ (ansible_distribution == "RedHat") | ternary('rhel/', 'centos/') }}{{ ansible_distribution_major_version|int }}/$basearch/ + suse: + - https://nginx.org/packages/{{ (branch == 'mainline') | ternary('mainline/','') }}sles/12 + +# Specify which branch of NGINX Open Source you want to install. # Options are 'mainline' or 'stable'. +# Only works if 'install_from' is set to 'nginx_repository'. # Default is mainline. branch: mainline @@ -14,7 +33,7 @@ branch: mainline unit_enable: false unit_packages: false -# Install nginscript, perl, waf (NGINX Plus only), geoip, image-filter, rtmp and/or xslt modules. +# Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming, and/or XSLT modules. # Default is false. modules: njs: false @@ -32,18 +51,15 @@ amplify_enable: false amplify_key: null # Enable NGINX status data. -# Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus. +# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus. # Default is false. status_enable: false -# Enable NGINX Plus REST API and write access. +# Enable NGINX Plus REST API, write access to the REST API, and NGINX Plus dashboard. # Default is false. rest_api_enable: false rest_api_write: false - -# Enable NGINX Plus dashboard. REST API also needs to be enabled. -# Default is false. -dashboard: false +rest_api_dashboard: false # Location of your NGINX Plus license in your local machine. # Default is the files folder within the NGINX Ansible role. @@ -68,8 +84,8 @@ main_template_user: nginx main_template_worker_processes: auto main_template_error_level: warn main_template_worker_connections: 1024 -main_template_keepalive_timeout: 65 http_template_enable: false +http_template_keepalive_timeout: 65 http_template_listen: 80 http_template_server_name: localhost stream_template_enable: false diff --git a/tasks/conf/push-config.yml b/tasks/conf/push-config.yml index 6dd21b6..b996889 100644 --- a/tasks/conf/push-config.yml +++ b/tasks/conf/push-config.yml @@ -1,25 +1,40 @@ --- - name: "(Setup: All NGINX) Upload NGINX Main Configuration File" copy: - src: "{{ main_upload_location }}" + src: "{{ main_push_location }}" dest: /etc/nginx/nginx.conf + backup: yes notify: "(Handler: All OSs) Reload NGINX" - when: main_upload_enable + when: main_push_enable + +- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists" + file: + path: /etc/nginx/conf.d/http + state: directory + when: http_push_enable - name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files" copy: src: "{{ item }}" - dest: /etc/nginx/conf.d/ + dest: /etc/nginx/conf.d/http + backup: yes with_fileglob: - - "{{ http_upload_location }}" + - "{{ http_push_location }}" notify: "(Handler: All OSs) Reload NGINX" - when: http_upload_enable + when: http_push_enable + +- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists" + file: + path: /etc/nginx/conf.d/stream + state: directory + when: stream_push_enable - name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files" copy: src: "{{ item }}" - dest: /etc/nginx/conf.d/ + dest: /etc/nginx/conf.d/stream + backup: yes with_fileglob: - - "{{ stream_upload_location }}" + - "{{ stream_push_location }}" notify: "(Handler: All OSs) Reload NGINX" - when: stream_upload_enable + when: stream_push_enable diff --git a/tasks/conf/setup-rest-api.yml b/tasks/conf/setup-rest-api.yml index d49e1e2..67abbba 100644 --- a/tasks/conf/setup-rest-api.yml +++ b/tasks/conf/setup-rest-api.yml @@ -1,6 +1,22 @@ --- - name: "(Setup: NGINX Plus) Setup NGINX Plus API" - template: - src: api.conf.j2 - dest: "{{ (http_template_enable) | ternary('/etc/nginx/conf.d/http/api.conf','/etc/nginx/conf.d/api.conf') }}" + blockinfile: + path: "{{ (http_template_enable) | ternary('/etc/nginx/conf.d/http/api.conf','/etc/nginx/conf.d/api.conf') }}" + create: yes + block: | + server { + listen 8080; + location /api { + {% if rest_api_write %} + api write=on; + {% else %} + api; + {% endif %} + } + {% if rest_api_dashboard %} + location = /dashboard.html { + root /usr/share/nginx/html; + } + {% endif %} + } notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/conf/setup-status.yml b/tasks/conf/setup-status.yml index c8258e9..e1f609a 100644 --- a/tasks/conf/setup-status.yml +++ b/tasks/conf/setup-status.yml @@ -1,7 +1,7 @@ --- -- name: "(Setup: Open Source NGINX) Enable Open Source NGINX Status" +- name: "(Setup: NGINX Open Source) Enable NGINX Open Source Status" blockinfile: - path: /etc/nginx/conf.d/stub_status.conf + path: "{{ (http_template_enable) | ternary('/etc/nginx/conf.d/http/stub_status.conf','/etc/nginx/conf.d/stub_status.conf') }}" create: yes block: | server { @@ -17,7 +17,7 @@ - name: "(Setup: NGINX Plus) Enable NGINX Plus Status" blockinfile: - path: /etc/nginx/conf.d/status.conf + path: "{{ (http_template_enable) | ternary('/etc/nginx/conf.d/http/status.conf','/etc/nginx/conf.d/status.conf') }}" create: yes block: | server { diff --git a/tasks/conf/template-config.yml b/tasks/conf/template-config.yml index 46490ec..49c8756 100644 --- a/tasks/conf/template-config.yml +++ b/tasks/conf/template-config.yml @@ -3,20 +3,38 @@ template: src: nginx.conf.j2 dest: /etc/nginx/nginx.conf + backup: yes + when: main_template_enable notify: "(Handler: All OSs) Reload NGINX" +- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists" + file: + path: /etc/nginx/conf.d/http + state: directory + when: http_template_enable + - name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files" template: src: "{{ item }}" - dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2','') }} + dest: /etc/nginx/conf.d/http/{{ item | basename | regex_replace('\.j2','') }} + backup: yes with_fileglob: - "../templates/http/*.j2" + when: http_template_enable notify: "(Handler: All OSs) Reload NGINX" +- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists" + file: + path: /etc/nginx/conf.d/stream + state: directory + when: stream_template_enable + - name: "(Setup: All NGINX) Dynamically Generate NGINX Stream Configuration Files" template: src: "{{ item }}" - dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2','') }} + dest: /etc/nginx/conf.d/stream/{{ item | basename | regex_replace('\.j2','') }} + backup: yes with_fileglob: - "../templates/stream/*.j2" + when: stream_template_enable notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/modules/install-geoip.yml b/tasks/modules/install-geoip.yml index 29ca8aa..387c77c 100644 --- a/tasks/modules/install-geoip.yml +++ b/tasks/modules/install-geoip.yml @@ -1,5 +1,5 @@ --- -- name: "(Install: All OSs) Install Open Source NGINX GeoIP Module" +- name: "(Install: All OSs) Install NGINX Open Source GeoIP Module" package: name: nginx-geoip-perl state: present diff --git a/tasks/modules/install-image-filter.yml b/tasks/modules/install-image-filter.yml index 8072617..ab89bc6 100644 --- a/tasks/modules/install-image-filter.yml +++ b/tasks/modules/install-image-filter.yml @@ -1,5 +1,5 @@ --- -- name: "(Install: All OSs) Install Open Source NGINX Image Filter Module" +- name: "(Install: All OSs) Install NGINX Open Source Image Filter Module" package: name: nginx-module-image-filter state: present diff --git a/tasks/modules/install-njs.yml b/tasks/modules/install-njs.yml index 6216308..54ab926 100644 --- a/tasks/modules/install-njs.yml +++ b/tasks/modules/install-njs.yml @@ -1,17 +1,17 @@ --- -- name: "(Install: All OSs) Install Open Source NGINX NJS Module" +- name: "(Install: All OSs) Install NGINX Open Source JavaScript Module" package: name: nginx-module-njs state: present when: type == "opensource" -- name: "(Install: All OSs) Install NGINX Plus NJS Module" +- name: "(Install: All OSs) Install NGINX Plus JavaScript Module" package: name: nginx-plus-module-njs state: present when: type == "plus" -- name: "(Setup: All NGINX) Load NGINX NJS Module" +- name: "(Setup: All NGINX) Load NGINX JavaScript Module" blockinfile: path: /etc/nginx/nginx.conf insertbefore: BOF diff --git a/tasks/modules/install-perl.yml b/tasks/modules/install-perl.yml index 5adf910..e14ef06 100644 --- a/tasks/modules/install-perl.yml +++ b/tasks/modules/install-perl.yml @@ -1,5 +1,5 @@ --- -- name: "(Install: All OSs) Install Open Source NGINX Perl Module" +- name: "(Install: All OSs) Install NGINX Open Source Perl Module" package: name: nginx-module-perl state: present diff --git a/tasks/modules/install-rtmp.yml b/tasks/modules/install-rtmp.yml index b08626f..70c7831 100644 --- a/tasks/modules/install-rtmp.yml +++ b/tasks/modules/install-rtmp.yml @@ -1,5 +1,5 @@ --- -- name: "(Install: All OSs) Install Open Source NGINX RTMP Module" +- name: "(Install: All OSs) Install NGINX Open Source RTMP Module" package: name: nginx-module-rtmp state: present diff --git a/tasks/modules/install-xslt.yml b/tasks/modules/install-xslt.yml index 206852c..270d115 100644 --- a/tasks/modules/install-xslt.yml +++ b/tasks/modules/install-xslt.yml @@ -1,5 +1,5 @@ --- -- name: "(Install: All OSs) Install Open Source NGINX XSLT Module" +- name: "(Install: All OSs) Install NGINX Open Source XSLT Module" package: name: nginx-module-xslt state: present diff --git a/tasks/opensource/install-oss.yml b/tasks/opensource/install-oss.yml index e93dbcb..d19e5a5 100644 --- a/tasks/opensource/install-oss.yml +++ b/tasks/opensource/install-oss.yml @@ -1,15 +1,38 @@ --- -- import_tasks: setup-debian.yml - when: ansible_os_family == "Debian" +- name: "" + block: -- import_tasks: setup-redhat.yml - when: ansible_os_family == "RedHat" + - import_tasks: setup-debian.yml + when: ansible_os_family == "Debian" -- import_tasks: setup-suse.yml - when: ansible_os_family == "Suse" + - import_tasks: setup-redhat.yml + when: ansible_os_family == "RedHat" -- name: "(Install: All OSs) Install NGINX" + - import_tasks: setup-suse.yml + when: ansible_os_family == "Suse" + + - import_tasks: setup-freebsd.yml + when: ansible_os_family == "FreeBSD" + + - name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX" + package: + name: nginx + state: present + when: ansible_os_family != "FreeBSD" + notify: "(Handler: All OSs) Start NGINX" + + - name: "(Install: FreeBSD) Install NGINX" + portinstall: + name: nginx + state: present + when: ansible_os_family == "FreeBSD" + notify: "(Handler: All OSs) Start NGINX" + + when: install_from == "nginx_repository" + +- name: "(Install: Debian/Ubuntu/CentOS/RedHat/FreeBSD) Install NGINX" package: name: nginx state: present + when: install_from == "os_repository" notify: "(Handler: All OSs) Start NGINX" diff --git a/tasks/opensource/setup-debian.yml b/tasks/opensource/setup-debian.yml index 8feb1d4..2b90dd3 100644 --- a/tasks/opensource/setup-debian.yml +++ b/tasks/opensource/setup-debian.yml @@ -1,16 +1,6 @@ --- -- name: "(Install: Debian/Ubuntu) Add Mainline NGINX Repository" +- name: "(Install: Debian/Ubuntu) Add NGINX Repository" apt_repository: repo: "{{ item }}" with_items: - - deb https://nginx.org/packages/mainline/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx - - deb-src https://nginx.org/packages/mainline/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx - when: branch == "mainline" - -- name: "(Install: Debian/Ubuntu) Add Stable NGINX Repository" - apt_repository: - repo: "{{ item }}" - with_items: - - deb https://nginx.org/packages/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx - - deb-src https://nginx.org/packages/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx - when: branch == "stable" + - "{{ nginx_repository.debian }}" diff --git a/tasks/opensource/setup-freebsd.yml b/tasks/opensource/setup-freebsd.yml new file mode 100644 index 0000000..fdc1ae5 --- /dev/null +++ b/tasks/opensource/setup-freebsd.yml @@ -0,0 +1,10 @@ +--- +- name: "(Install: FreeBSD) Fetch Ports" + command: portsnap fetch --interactive + args: + creates: /var/db/portsnap/INDEX + +- name: "(Install: FreeBSD) Extract Ports" + command: portsnap extract + args: + creates: /usr/ports diff --git a/tasks/opensource/setup-redhat.yml b/tasks/opensource/setup-redhat.yml index abecbd9..6e70aff 100644 --- a/tasks/opensource/setup-redhat.yml +++ b/tasks/opensource/setup-redhat.yml @@ -1,36 +1,8 @@ --- -- name: "(Install: RedHat) Add Mainline NGINX Repository" +- name: "(Install: CentOS/RedHat) Add NGINX Repository" yum_repository: name: nginx - baseurl: https://nginx.org/packages/mainline/rhel/{{ ansible_distribution_major_version|int }}/$basearch/ + baseurl: "{{ nginx_repository.redhat }}" description: NGINX Repository enabled: yes gpgcheck: yes - when: branch == "mainline" and ansible_distribution == "RedHat" - -- name: "(Install: CentOS) Add Mainline NGINX Repository" - yum_repository: - name: nginx - baseurl: https://nginx.org/packages/mainline/centos/{{ ansible_distribution_major_version|int }}/$basearch/ - description: NGINX Repository - enabled: yes - gpgcheck: yes - when: branch == "mainline" and ansible_distribution == "CentOS" - -- name: "(Install: RedHat) Add Stable NGINX Repository" - yum_repository: - name: nginx - baseurl: https://nginx.org/packages/rhel/{{ ansible_distribution_major_version|int }}/$basearch/ - description: NGINX Repository - enabled: yes - gpgcheck: yes - when: branch == "stable" and ansible_distribution == "RedHat" - -- name: "(Install: CentOS) Add Stable NGINX Repository" - yum_repository: - name: nginx - baseurl: https://nginx.org/packages/centos/{{ ansible_distribution_major_version|int }}/$basearch/ - description: NGINX Repository - enabled: yes - gpgcheck: yes - when: branch == "stable" and ansible_distribution == "CentOS" diff --git a/tasks/opensource/setup-suse.yml b/tasks/opensource/setup-suse.yml index 2a1c61c..3e9b3e1 100644 --- a/tasks/opensource/setup-suse.yml +++ b/tasks/opensource/setup-suse.yml @@ -1,12 +1,5 @@ --- -- name: "(Install: SUSE) Add Mainline NGINX Repository" +- name: "(Install: SUSE) Add NGINX Repository" zypper_repository: name: nginx - repo: https://nginx.org/packages/mainline/sles/12 - when: branch == "mainline" - -- name: "(Install: SUSE) Add Stable NGINX Repository" - zypper_repository: - name: nginx - repo: https://nginx.org/packages/sles/12 - when: branch == "stable" + repo: "{{ nginx_repository.suse }}" diff --git a/templates/http/api.conf.j2 b/templates/http/api.conf.j2 deleted file mode 100644 index 9b72fe6..0000000 --- a/templates/http/api.conf.j2 +++ /dev/null @@ -1,17 +0,0 @@ -{% if rest_api_enable %} -server { - listen 8080; - location /api { -{% if rest_api_write %} - api write=on; -{% else %} - api; -{% endif %} - } -{% if dashboard %} - location = /dashboard.html { - root /usr/share/nginx/html; - } -{% endif %} -} -{% endif %} diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 5a60037..153696e 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -23,7 +23,7 @@ http { sendfile on; #tcp_nopush on; - keepalive_timeout {{ main_template_keepalive_timeout }}; + keepalive_timeout {{ http_template_keepalive_timeout }}; #gzip on; diff --git a/tests/dockerfiles/Dockerfile.centos-6 b/tests/dockerfiles/Dockerfile.centos-6 new file mode 100644 index 0000000..fef4a5e --- /dev/null +++ b/tests/dockerfiles/Dockerfile.centos-6 @@ -0,0 +1,12 @@ +FROM centos:6 + +RUN yum -y install epel-release +RUN yum -y install git ansible sudo + +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] + +CMD ["/sbin/init"] diff --git a/tests/dockerfiles/Dockerfile.centos-7 b/tests/dockerfiles/Dockerfile.centos-7 new file mode 100644 index 0000000..b7c1e90 --- /dev/null +++ b/tests/dockerfiles/Dockerfile.centos-7 @@ -0,0 +1,24 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +RUN yum -y install epel-release +RUN yum -y install git ansible sudo + +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] + +CMD ["/usr/sbin/init"] diff --git a/tests/dockerfiles/Dockerfile.debian-jessie b/tests/dockerfiles/Dockerfile.debian-jessie new file mode 100644 index 0000000..eafadf5 --- /dev/null +++ b/tests/dockerfiles/Dockerfile.debian-jessie @@ -0,0 +1,19 @@ +FROM debian:jessie + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + software-properties-common \ + build-essential \ + libffi-dev \ + libssl-dev \ + python-dev \ + python-pip \ + git \ + apt-transport-https \ + curl \ + && rm -rf /var/lib/apt/lists/* + +RUN pip install --upgrade setuptools && pip install ansible + +RUN mkdir -p /etc/ansible && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts + +ENTRYPOINT ["/sbin/init"] diff --git a/tests/dockerfiles/Dockerfile.debian-stretch b/tests/dockerfiles/Dockerfile.debian-stretch new file mode 100644 index 0000000..1a0e1e3 --- /dev/null +++ b/tests/dockerfiles/Dockerfile.debian-stretch @@ -0,0 +1,22 @@ +FROM debian:stretch + +RUN apt-get update -y && apt-get install -y --no-install-recommends \ + software-properties-common \ + build-essential \ + libffi-dev \ + libssl-dev \ + python-dev \ + python-pip \ + git \ + systemd \ + apt-transport-https \ + curl \ + gnupg2 \ + dirmngr \ + && rm -rf /var/lib/apt/lists/* + +RUN pip install --upgrade setuptools && pip install ansible + +RUN mkdir -p /etc/ansible && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts + +ENTRYPOINT ["/bin/systemd"] diff --git a/tests/dockerfiles/Dockerfile.ubuntu-trusty b/tests/dockerfiles/Dockerfile.ubuntu-trusty new file mode 100644 index 0000000..c36e55e --- /dev/null +++ b/tests/dockerfiles/Dockerfile.ubuntu-trusty @@ -0,0 +1,14 @@ +FROM ubuntu:trusty + +RUN apt-get update && apt-get dist-upgrade -y && apt-get install -y software-properties-common && rm -rf /var/lib/apt/lists/* + +RUN apt-add-repository -y ppa:ansible/ansible && apt-get update && apt-get install -y \ + git \ + ansible \ + apt-transport-https \ + curl \ + && rm -rf /var/lib/apt/lists/* + +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts + +ENTRYPOINT ["/sbin/init"] diff --git a/tests/dockerfiles/Dockerfile.ubuntu-xenial b/tests/dockerfiles/Dockerfile.ubuntu-xenial new file mode 100644 index 0000000..f8ad055 --- /dev/null +++ b/tests/dockerfiles/Dockerfile.ubuntu-xenial @@ -0,0 +1,14 @@ +FROM ubuntu:xenial + +RUN apt-get update && apt-get dist-upgrade -y && apt-get install -y software-properties-common && rm -rf /var/lib/apt/lists/* + +RUN apt-add-repository -y ppa:ansible/ansible && apt-get update && apt-get install -y \ + git \ + ansible \ + apt-transport-https \ + curl \ + && rm -rf /var/lib/apt/lists/* + +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts + +ENTRYPOINT ["/sbin/init"] diff --git a/tests/files/http/default.conf b/tests/files/http/default.conf new file mode 100644 index 0000000..cb80625 --- /dev/null +++ b/tests/files/http/default.conf @@ -0,0 +1,44 @@ +server { + listen 8080; + server_name localhost; + + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} diff --git a/tests/files/nginx.conf b/tests/files/nginx.conf new file mode 100644 index 0000000..ba09f41 --- /dev/null +++ b/tests/files/nginx.conf @@ -0,0 +1,31 @@ +user nginx; +worker_processes 4; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/tests/inventory b/tests/inventory deleted file mode 100644 index 2fbb50c..0000000 --- a/tests/inventory +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/tests/test.yml b/tests/playbooks/nginx-basic.yml similarity index 83% rename from tests/test.yml rename to tests/playbooks/nginx-basic.yml index 42bba2c..25ce5e7 100644 --- a/tests/test.yml +++ b/tests/playbooks/nginx-basic.yml @@ -1,5 +1,6 @@ --- - hosts: localhost + become: true remote_user: root roles: - ansible-role-nginx diff --git a/tests/playbooks/nginx-push.yml b/tests/playbooks/nginx-push.yml new file mode 100644 index 0000000..92b753b --- /dev/null +++ b/tests/playbooks/nginx-push.yml @@ -0,0 +1,11 @@ +--- +- hosts: localhost + become: true + remote_user: root + roles: + - ansible-role-nginx + vars: + main_push_enable: true + main_push_location: ../files/nginx.conf + http_push_enable: true + http_push_location: ../files/http/*.conf diff --git a/tests/playbooks/nginx-stable.yml b/tests/playbooks/nginx-stable.yml new file mode 100644 index 0000000..27ef08c --- /dev/null +++ b/tests/playbooks/nginx-stable.yml @@ -0,0 +1,8 @@ +--- +- hosts: localhost + become: true + remote_user: root + roles: + - ansible-role-nginx + vars: + branch: stable diff --git a/tests/playbooks/nginx-template.yml b/tests/playbooks/nginx-template.yml new file mode 100644 index 0000000..1c95862 --- /dev/null +++ b/tests/playbooks/nginx-template.yml @@ -0,0 +1,10 @@ +--- +- hosts: localhost + become: true + remote_user: root + roles: + - ansible-role-nginx + vars: + http_template_enable: true + http_template_keepalive_timeout: 70 + http_template_listen: 82