sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add basic assertions (#319)

Browse Source
This commit is contained in:
Alessandro Fael Garcia 2020-09-15 21:27:06 +02:00 committed by GitHub
parent 856a9c93bf
commit 17b5c87d71
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
79 changed files with 1053 additions and 955 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@ -20,7 +20,7 @@ Steps to reproduce the behavior:
A clear and concise description of what you expected to happen.
**Your environment:**
- Version of the NGINX Role or specific commit
- Version of the NGINX role or specific commit
- Version of Ansible
- Target deployment platform

2
.github/pull_request_template.md vendored
View File

@ -4,7 +4,7 @@ Describe the use case and detail of the change. If this PR addresses an issue on
### Checklist
Before creating a PR, run through this checklist and mark each as complete.
- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx/blob/master/CONTRIBUTING.md) document
- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx/blob/main/CONTRIBUTING.md) document
- [ ] I have added Molecule tests that prove my fix is effective or that my feature works
- [ ] I have checked that all Molecule tests pass after adding my changes
- [ ] I have updated any relevant documentation (`defaults/main/*.yml`, `README.md` and `CHANGELOG.md`)

12
.travis.yml
View File

@ -6,7 +6,7 @@ jobs:
- name: "(Debian/Ubuntu) Install Specific Version"
env:
scenario: default
- name: "(Alpine) Install Specific Version"
- name: "(Alpine Linux) Install Specific Version"
env:
scenario: default_alpine
- name: "(CentOS) Install Specific Version"
@ -15,7 +15,7 @@ jobs:
- name: "(Debian/Ubuntu) Install Modules"
env:
scenario: module
- name: "(Alpine) Install Modules"
- name: "(Alpine Linux) Install Modules"
env:
scenario: module_alpine
- name: "(CentOS) Install Modules"
@ -24,7 +24,7 @@ jobs:
- name: "(Debian/Ubuntu) Install Stable Branch and Push Configuration"
env:
scenario: stable_push
- name: "(Alpine) Install Stable Branch and Push Configuration"
- name: "(Alpine Linux) Install Stable Branch and Push Configuration"
env:
scenario: stable_push_alpine
- name: "(CentOS) Install Stable Branch and Push Configuration"
@ -33,7 +33,7 @@ jobs:
- name: "(Debian/Ubuntu) Use Template Setting"
env:
scenario: template
- name: "(Alpine) Use Template Setting"
- name: "(Alpine Linux) Use Template Setting"
env:
scenario: template_alpine
- name: "(CentOS) Use Template Setting"
@ -42,7 +42,7 @@ jobs:
- name: "(Debian/Ubuntu) Install NGINX Unit"
env:
scenario: unit
- name: "(Alpine) Install NGINX Unit"
- name: "(Alpine Linux) Install NGINX Unit"
env:
scenario: unit_alpine
- name: "(CentOS) Install NGINX Unit"
@ -51,7 +51,7 @@ jobs:
- name: "(Debian/Ubuntu) Install from Source"
env:
scenario: source
- name: "(Alpine) Install from Source"
- name: "(Alpine Linux) Install from Source"
env:
scenario: source_alpine
- name: "(CentOS) Install from Source"

21
CHANGELOG.md
View File

@ -4,21 +4,32 @@
BREAKING CHANGES:
* The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/master/vars/main.yml).
* The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml).
* Modules can no longer be added to your NGINX config using this role. Please use the [`nginx_config`](https://github.com/nginxinc/ansible-role-nginx-config) role instead.
* Changed `nginx_configure` default value from `true` to `false` to further promote the adoption of the [NGINX config](https://github.com/nginxinc/ansible-role-nginx-config) role.
FEATURES:
* Add Alpine 3.12 to the list of supported platforms
* Remove Alpine 3.8 from the list of supported platforms
* Two new variables have been introduced:
* `nginx_setup_license` -- Determine whether you want to use this role to upload your NGINX license to your target host.
* `nginx_debug_tasks` -- Print task related information to give you a better insight into the current progress of the role.
* The role will now fail automatically if you try to deploy NGINX from an official repository in an unsupported distribution. You can find a list of supported distributions for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml)
* Three new tags have been introduced -- `nginx_setup_license`, `nginx_install` and `nginx_check_support`.
* Add Alpine 3.12 to the list of supported platforms.
* Remove Alpine 3.8 from the list of supported platforms.
ENHANCEMENTS:
* Major backend refactoring to reduce the number of files and tasks.
* You can now specify an `nginx_repository` for NGINX Plus too.
* Moved "constant" variables to `vars/main.yml`.
* Included deprecation warnings in task names and files.
* Improved tasks naming conventions.
* Update Ansible to `2.9.13` and Ansible Lint to `4.3.4`.
BUG FIXES:
* NGINX Plus repository data for RedHat based distros is now appropriately set.
* NGINX Plus repository data for RHEL based distros is now appropriately set.
## 0.16.0 (August 28, 2020)
@ -47,7 +58,7 @@ DEPRECATION WARNING:
With the advent of Ansible collections and to reduce the overhead of this role, the decision has been made to split this role into three smaller roles:
* The NGINX Ansible role will keep working as is and be used to install and setup NGINX.
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release.
* NGINX Unit has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
BREAKING CHANGES:

35
CONTRIBUTING.md
View File

@ -14,25 +14,26 @@ The following is a set of guidelines for contributing to the NGINX Ansible role.
* [Git Guidelines](#git-guidelines)
* [Ansible Guidelines](#ansible-guidelines)
[Code of Conduct](https://github.com/nginxinc/ansible-role-nginx/blob/master/CODE_OF_CONDUCT.md)
[Code of Conduct](https://github.com/nginxinc/ansible-role-nginx/blob/main/CODE_OF_CONDUCT.md)
## Ask a Question
Don't know how something works? Curious if the role can achieve your desired functionality. Please open an Issue on GitHub with the label `question`.
Don't know how something works? Curious if the role can achieve your desired functionality? Please open an Issue on GitHub with the label `question`.
## Getting Started
Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx/blob/master/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Ansible role.
Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx/blob/main/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Ansible role.
### Project Structure
* The NGINX Ansible role is written in `yaml` and supports NGINX Open Source, NGINX Plus, NGINX Amplify, and NGINX Unit.
* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html)
* The main code is found in `tasks/`
* The main variables can be found in `defaults/main/*.yml`
* Configuration templates for NGINX can be found in `templates/`
* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html):
* The main code is found in `tasks/`.
* Variables can be found in `defaults/main/*.yml`.
* "Constant" variables can be found in `vars/main.yml`.
* Configuration templates for NGINX can be found in `templates/`.
* [Molecule](https://molecule.readthedocs.io/) tests can be found in `molecule/`.
* CI/CD is done via Travis using `.travis.yml` deployment yaml files
* CI/CD is done via Travis using `.travis.yml` deployment `yaml` files.
## Contributing
@ -46,8 +47,8 @@ To suggest an enhancement, please create an issue on GitHub with the label `enha
### Open a Pull Request
* Fork the repo, create a branch, submit a PR when your changes are **tested** (ideally using Molecule) and ready for review
* Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx/blob/master/.github/PULL_REQUEST_TEMPLATE.md)
* Fork the repo, create a branch, submit a PR when your changes are **tested** (ideally using Molecule) and ready for review.
* Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx/blob/main/.github/PULL_REQUEST_TEMPLATE.md).
Note: if youd like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature.
@ -63,10 +64,10 @@ Note: if youd like to implement a new feature, please consider creating a fea
### Git Guidelines
* Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR
* Follow the guidelines of writing a good commit message as described here <https://chris.beams.io/posts/git-commit/> and summarised in the next few points
* In the subject line, use the present tense ("Add feature" not "Added feature")
* In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...")
* Limit the subject line to 72 characters or less
* Reference issues and pull requests liberally after the subject line
* Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`)
* Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR.
* Follow the guidelines of writing a good commit message as described here <https://chris.beams.io/posts/git-commit/> and summarised in the next few points:
* In the subject line, use the present tense ("Add feature" not "Added feature").
* In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...").
* Limit the subject line to 72 characters or less.
* Reference issues and pull requests liberally after the subject line.
* Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`).

32
README.md
View File

@ -10,8 +10,10 @@ This role installs NGINX Open Source, NGINX Plus, the NGINX Amplify agent, or NG
**Deprecation Warnings:**
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX configuration functionalities included in this role will be removed in an upcoming release.
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX Unit functionalities included in this role will be removed in an upcoming release.
With the advent of Ansible collections and to reduce the overhead of this role, the decision has been made to split this role into three smaller roles:
* The NGINX Ansible role will keep working as is and be used to install and setup NGINX.
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release.
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
Requirements
------------
@ -42,7 +44,7 @@ Use `git clone https://github.com/nginxinc/ansible-role-nginx.git` to pull the l
Platforms
---------
The NGINX Ansible role supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html#mainline), [NGINX Plus](https://www.nginx.com/products/technical-specs/), the [NGINX Amplify agent](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-faq.md#21-what-operating-systems-are-supported), and [NGINX Unit](https://unit.nginx.org/installation/#official-packages):
The NGINX Ansible role supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html), [NGINX Plus](https://docs.nginx.com/nginx/technical-specs/), the [NGINX Amplify agent](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-faq.md#21-what-operating-systems-are-supported), and [NGINX Unit](https://unit.nginx.org/installation/#official-packages) (you can also use this role to compile NGINX Open Source from source or install it on BSD systems at your own risk):
**NGINX Open Source**
@ -54,15 +56,12 @@ Alpine:
- 3.12
CentOS:
- 6
- 7
- 7.4+
- 8
Debian:
- stretch
- buster
FreeBSD:
- 11.2+
- 12
RedHat:
Red Hat:
- 6
- 7.4+
- 8
@ -72,6 +71,7 @@ SUSE/SLES:
Ubuntu:
- xenial
- bionic
- eoan
- focal
```
@ -82,7 +82,6 @@ Alpine:
- 3.9
- 3.10
- 3.11
- 3.12
Amazon Linux:
- 2018.03
Amazon Linux 2:
@ -100,7 +99,7 @@ FreeBSD:
Oracle Linux:
- 6.5+
- 7.4+
RedHat:
Red Hat:
- 6.5+
- 7.4+
- 8
@ -110,6 +109,7 @@ SUSE/SLES:
Ubuntu:
- xenial
- bionic
- eoan
- focal
```
@ -124,7 +124,7 @@ CentOS:
Debian:
- jessie
- stretch
RedHat:
Red Hat:
- 6
- 7
Ubuntu:
@ -147,7 +147,7 @@ CentOS:
Debian:
- stretch
- buster
RedHat:
Red Hat:
- 6
- 7
- 8
@ -160,7 +160,7 @@ Ubuntu:
Role Variables
--------------
This role has multiple variables. The descriptions and defaults for all these variables can be found in the **`defaults/main`** directory in the following files:
This role has multiple variables. The descriptions and defaults for all these variables can be found in the **`defaults/main/`** directory in the following files:
- **[defaults/main/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/main.yml):** NGINX installation variables
- **[defaults/main/amplify.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/amplify.yml):** NGINX Amplify agent installation variables
@ -170,14 +170,14 @@ This role has multiple variables. The descriptions and defaults for all these va
- **[defaults/main/bsd.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/bsd.yml):** BSD installation variables
- **[defaults/main/unit.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/unit.yml):** NGINX Unit installation variables
Similarly, descriptions and defaults for preset variables can be found in the **`vars`** directory:
Similarly, descriptions and defaults for preset variables can be found in the **`vars/`** directory in the following files:
- **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml):** NGINX supported modules
- **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml):** List of supported NGINX platforms and modules
Example Playbooks
-----------------
Working functional playbook examples can be found in the **`molecule/common`** directory in the following files:
Working functional playbook examples can be found in the **`molecule/common/`** directory in the following files:
- **[molecule/common/playbooks/default_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/default_converge.yml):** Install a specific version of NGINX and set up logrotate
- **[molecule/common/playbooks/module_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/module_converge.yml):** Install various NGINX supported modules

10
defaults/main/bsd.yml
View File

@ -1,11 +1,4 @@
---
# Supported distributions
nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD']
# Supported distributions NGINX Plus
# https://docs.nginx.com/nginx/technical-specs/
nginx_plus_bsd_systems: ['FreeBSD']
# Choose to install BSD packages or ports.
# Options are true for packages or false for ports.
# Default is true.
@ -21,6 +14,3 @@ nginx_bsd_update_ports: true
# Options are true for use packages or false for do not use packages.
# Default is true.
nginx_bsd_portinstall_use_packages: true
# FreeBSD extra packages
nginx_freebsd_extra_packages: ['security/ca_root_nss']

13
defaults/main/linux.yml
View File

@ -1,13 +0,0 @@
---
# Supported distributions
nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
# Supported distributions NGINX Plus
# https://docs.nginx.com/nginx/technical-specs/
# RedHat={Amazon,CentOS,OracleLinux,RHEL} Debian={Ubuntu,Debian}
nginx_plus_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
# Default locations and versions when 'nginx_install_from; is set to 'source'
pcre_version: pcre-8.44
zlib_version: zlib-1.2.11
openssl_version: openssl-1.1.1g

37
defaults/main/main.yml
View File

@ -8,15 +8,18 @@ nginx_enable: true
# Default is true.
nginx_install: true
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
# Enable NGINX configuration options.
# Variables for these options can be found in `./template.yml` and `./upload.yml`.
# Default is true.
nginx_configure: true
# Default is false.
nginx_configure: false
# Start NGINX service.
# Default is true.
nginx_start: true
# Print NGINX task information to terminal during playbook execution.
nginx_debug_tasks: false
# Print NGINX configuration file to terminal after executing playbook.
nginx_debug_output: false
@ -28,7 +31,7 @@ nginx_type: opensource
# Specify which version of NGINX you want to install.
# Default is empty.
# nginx_version: "=19-1~bionic"
# For Plus and modules you'll need a wilcard like below (which installs plus-20 and modules)
# For NGINX Plus and modules you'll need a wilcard like below (which installs plus-20 and modules)
# nginx_version: "-20*"
# Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX.
@ -60,10 +63,10 @@ nginx_install_source_zlib: false
# Default is the official NGINX signing key host.
# nginx_signing_key: http://nginx.org/keys/nginx_signing.key
# Specify source repository for NGINX Open Source.
# Only works if 'install_from' is set to 'nginx_repository'.
# Specify repository for NGINX Open Source or NGINX Plus.
# Only works if 'install_from' is set to 'nginx_repository' when installing NGINX Open Source.
# Defaults are the official NGINX repositories.
# nginx_repository: deb https://nginx.org/packages/mainline/debian/ stretch nginx
# nginx_repository: deb [arch=amd64] https://nginx.org/packages/mainline/debian/ buster nginx
# Specify which branch of NGINX Open Source you want to install.
# Options are 'mainline' or 'stable'.
@ -77,9 +80,13 @@ nginx_license:
certificate: license/nginx-repo.crt
key: license/nginx-repo.key
# Set up NGINX Plus license before installation.
# Default is true.
nginx_setup_license: true
# Remove NGINX Plus license and repository after installation for security purposes.
# Default is false.
nginx_delete_license: false
nginx_remove_license: false
# Install NGINX Modules.
# You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked).
@ -104,6 +111,7 @@ nginx_modules: []
# - waf # NGINX Plus
# - xslt
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
# Remove previously existing NGINX configuration files.
# You can specify a list of paths you wish to remove.
# You can also choose whether to recurse through the paths specified.
@ -116,18 +124,3 @@ nginx_cleanup_config_paths:
recurse: false
# nginx_cleanup_config_files:
# - /etc/nginx/conf.d/default.conf
# Set SELinux enforcing for NGINX (Centos/Redhat only) - you may need to open ports on your own
nginx_selinux: false
# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
nginx_selinux_enforcing: true
# List of TCP ports to add to http_port_t type (80 and 443 have this type already)
# nginx_selinux_tcp_ports:
# - 80
# - 443
# List of UDP ports to add to http_port_t type
# nginx_selinux_udp_ports:
# - 80
# - 443
# Temporary directory to hold selinux modules
nginx_tempdir: /tmp

15
defaults/main/selinux.yml Normal file
View File

@ -0,0 +1,15 @@
---
# Set SELinux enforcing for NGINX (CentOS/Red Hat only) - you may need to open ports on your own
nginx_selinux: false
# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
nginx_selinux_enforcing: true
# List of TCP ports to add to http_port_t type (80 and 443 have this type already)
# nginx_selinux_tcp_ports:
# - 80
# - 443
# List of UDP ports to add to http_port_t type
# nginx_selinux_udp_ports:
# - 80
# - 443
# Temporary directory to hold selinux modules
nginx_selinux_tempdir: /tmp

1
defaults/main/template.yml
View File

@ -1,3 +1,4 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
# Enable creating dynamic templated NGINX HTML demo websites.
nginx_html_demo_template_enable: false

1
defaults/main/unit.yml
View File

@ -1,3 +1,4 @@
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
---
# Install NGINX Unit and NGINX Unit modules.
# Use a list of supported NGINX Unit modules.

1
defaults/main/upload.yml
View File

@ -1,3 +1,4 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
# Enable uploading NGINX configuration files to your system.
# Default for uploading files is false.

18
handlers/main.yml
View File

@ -1,30 +1,30 @@
---
- name: "(Handler: All OSs) Check NGINX"
- name: "(Handler) Check NGINX"
command: "nginx -t"
changed_when: false
- name: "(Handler: All OSs) Systemd Daemon-Reload"
- name: "(Handler) Systemd Daemon-Reload"
systemd:
daemon_reload: yes
notify: "(Handler: All OSs) Start NGINX"
notify: "(Handler) Start NGINX"
- name: "(Handler: All OSs) Run NGINX"
- name: "(Handler) Run NGINX"
block:
- name: "(Handler: All OSs) Start NGINX"
- name: "(Handler) Start NGINX"
service:
name: nginx
state: started
enabled: yes
notify: "(Handler: All OSs) Check NGINX"
notify: "(Handler) Check NGINX"
- name: "(Handler: All OSs) Reload NGINX"
- name: "(Handler) Reload NGINX"
command: "nginx -s reload"
changed_when: false
when:
- nginx_start | bool
- not ansible_check_mode | bool
- name: "(Handler: All OSs) Start NGINX Amplify Agent"
- name: "(Handler) Start NGINX Amplify agent"
service:
name: amplify-agent
state: started
@ -41,5 +41,5 @@
state: started
enabled: yes
- name: "(Config: All OSs) Run Logrotate"
- name: "(Handler) Run logrotate"
command: logrotate -f /etc/logrotate.d/nginx

12
molecule/common/Dockerfile.j2
View File

@ -17,27 +17,27 @@ ENV {{ var }} {{ value }}
RUN \
if [ $(command -v apt-get) ]; then \
apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y python3 sudo bash ca-certificates iproute2 python3-apt aptitude systemd systemd-sysv procps curl \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y aptitude bash ca-certificates curl iproute2 python-apt python3 python3-apt procps sudo systemd systemd-sysv vim \
&& apt-get clean; \
elif [ $(command -v dnf) ]; then \
dnf makecache \
&& dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 bash iproute \
&& dnf --assumeyes install bash iproute /usr/bin/dnf-3 /usr/bin/python3 /usr/bin/python3-config vim \
&& dnf clean all; \
elif [ $(command -v yum) ]; then \
yum makecache fast \
&& yum install -y /usr/bin/python /usr/bin/python2-config sudo yum-plugin-ovl bash iproute \
&& yum install -y bash iproute /usr/bin/python /usr/bin/python2-config sudo vim yum-plugin-ovl \
&& sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \
&& yum clean all; \
elif [ $(command -v zypper) ]; then \
zypper refresh \
&& zypper install -y python3 sudo bash iproute2 \
&& zypper install -y bash iproute2 python3 sudo vim \
&& zypper clean -a; \
elif [ $(command -v apk) ]; then \
apk update \
&& apk add --no-cache python3 sudo bash ca-certificates curl openrc; \
&& apk add --no-cache bash ca-certificates curl openrc python3 sudo vim; \
echo 'rc_provide="loopback net"' >> /etc/rc.conf; \
elif [ $(command -v xbps-install) ]; then \
xbps-install -Syu \
&& xbps-install -y python3 sudo bash ca-certificates iproute2 \
&& xbps-install -y bash ca-certificates iproute2 python3 sudo vim \
&& xbps-remove -O; \
fi

14
molecule/common/playbooks/default_converge.yml
View File

@ -5,22 +5,22 @@
- name: Set repo if Alpine
set_fact:
version: "=1.19.1-r1"
when: ansible_os_family == "Alpine"
when: ansible_facts['os_family'] == "Alpine"
- name: Set repo if Debian
set_fact:
version: "=1.19.1-1~{{ ansible_distribution_release }}"
when: ansible_os_family == "Debian"
- name: Set repo if RedHat
version: "=1.19.1-1~{{ ansible_facts['distribution_release'] }}"
when: ansible_facts['os_family'] == "Debian"
- name: Set repo if Red Hat
set_fact:
version: "-1.19.1-1.el{{ ansible_distribution_major_version }}.ngx"
when: ansible_os_family == "RedHat"
version: "-1.19.1-1.el{{ ansible_facts['distribution_major_version'] }}.ngx"
when: ansible_facts['os_family'] == "RedHat"
- name: Enable NGINX @CentOS-AppStream dnf modules
shell:
args:
cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa 204 303
register: dnf_module_enable
changed_when: dnf_module_enable.stdout != 'ENABLED'
when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8"
when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')
tasks:
- name: Install NGINX
include_role:

1
molecule/common/playbooks/module_converge.yml
View File

@ -15,6 +15,7 @@
- 80
- 443
nginx_configure: true
nginx_cleanup_config: true
nginx_cleanup_config_paths:
- directory:

1
molecule/common/playbooks/template_converge.yml
View File

@ -8,6 +8,7 @@
vars:
nginx_debug_output: true
nginx_configure: true
nginx_main_template_enable: true
nginx_main_template:
template_file: nginx.conf.j2

10
molecule/common/playbooks/unit_converge.yml
View File

@ -8,20 +8,20 @@
- unit-perl
- unit-php7
- unit-python3
when: ansible_os_family == "Alpine"
- name: Set module if Debian/RedHat
when: ansible_facts['os_family'] == "Alpine"
- name: Set module if Debian
set_fact:
module:
- unit-perl
- unit-php
- unit-ruby
when: ansible_os_family == "Debian"
- name: Set module if RedHat
when: ansible_facts['os_family'] == "Debian"
- name: Set module if Red Hat
set_fact:
module:
- unit-php
- unit-go
when: ansible_os_family == "RedHat"
when: ansible_facts['os_family'] == "RedHat"
tasks:
- name: Install NGINX Unit
include_role:

7
molecule/plus_alpine/molecule.yml
View File

@ -6,13 +6,6 @@ lint: |
yamllint .
ansible-lint --force-color
platforms:
- name: alpine-3.8
image: alpine:3.8
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.9
image: alpine:3.9
dockerfile: ../common/Dockerfile.j2

16
tasks/amplify/install-amplify.yml
View File

@ -1,24 +1,24 @@
---
- name: "(Setup: All OSs) Configure NGINX Amplify Agent Repository"
include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_os_family | lower }}.yml"
when: ansible_os_family == "Debian"
or ansible_os_family == "Redhat"
- name: "Configure NGINX Amplify agent repository"
include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_facts['os_family'] | lower }}.yml"
when: ansible_facts['os_family'] == "Debian"
or ansible_facts['os_family'] == "Redhat"
- name: "(Install: All OSs) Install NGINX Amplify Agent"
- name: "Install NGINX Amplify agent"
package:
name: nginx-amplify-agent
state: present
- name: "(Setup: All OSs) Copy NGINX Configurator Agent Configuration Template"
- name: "Copy NGINX configurator agent configuration template"
copy:
remote_src: yes
src: /etc/amplify-agent/agent.conf.default
dest: /etc/amplify-agent/agent.conf
mode: 0644
- name: "(Setup: All OSs) Configure NGINX Amplify Agent API Key"
- name: "Configure NGINX Amplify agent API key"
lineinfile:
dest: /etc/amplify-agent/agent.conf
regexp: api_key =.*
line: "api_key = {{ nginx_amplify_api_key }}"
notify: "(Handler: All OSs) Start NGINX Amplify Agent"
notify: "(Handler) Start NGINX Amplify agent"

12
tasks/amplify/setup-debian.yml
View File

@ -1,16 +1,18 @@
---
- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository"
- name: "(Debian/Ubuntu) Add NGINX Amplify agent repository"
apt_repository:
filename: nginx-amplify
repo: deb [arch=amd64] http://packages.amplify.nginx.com/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} amplify-agent
repo: >-
deb [arch=amd64] https://packages.amplify.nginx.com/
{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] | lower }} amplify-agent
update_cache: yes
mode: 0644
when: ansible_distribution_release != "focal"
when: ansible_facts['distribution_release'] != "focal"
- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository"
- name: "(Ubuntu 20.04) Add NGINX Amplify agent repository"
apt_repository:
filename: nginx-amplify
repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent
update_cache: yes
mode: 0644
when: ansible_distribution_release == "focal"
when: ansible_facts['distribution_release'] == "focal"

4
tasks/amplify/setup-redhat.yml
View File

@ -1,8 +1,8 @@
---
- name: "(Install: CentOS/RedHat/Amazon Linux) Add NGINX Amplify Agent Repository"
- name: "(Amazon Linux/CentOS/RHEL) Add NGINX Amplify agent repository"
yum_repository:
name: nginx-amplify
baseurl: http://packages.amplify.nginx.com/{{ (ansible_distribution == "Amazon") | ternary('amzn/', 'centos/') }}/$releasever/$basearch/
baseurl: http://packages.amplify.nginx.com/{{ (ansible_facts['distribution'] == "Amazon") | ternary('amzn/', 'centos/') }}/$releasever/$basearch/
description: NGINX Amplify Agent
enabled: yes
gpgcheck: yes

9
tasks/conf/debug-output.yml
View File

@ -1,9 +0,0 @@
---
- name: "(Setup: All OSs) Register NGINX configuration"
command: nginx -T
changed_when: false
register: nginx_configuration
- name: "(Setup: All OSs) Print NGINX configuration"
debug:
var: nginx_configuration.stdout_lines

35
tasks/conf/logrotate.yml
View File

@ -1,35 +0,0 @@
---
- name: "(Config: Alpine) Install Logrotate"
apk:
name: logrotate
when: ansible_os_family == "Alpine"
- name: "(Config: Ubuntu/Debian) Install Logrotate"
apt:
name: logrotate
state: present
when: ansible_os_family == "Debian"
- name: "(Config: CentOS/RedHat) Install Logrotate"
yum:
name: logrotate
state: present
when: ansible_os_family == "RedHat"
- name: "(Config: SUSE) Add Logrotate Repo"
zypper_repository:
repo: https://download.opensuse.org/repositories/openSUSE:Leap:42.1/standard/openSUSE:Leap:42.1.repo
when: ansible_os_family == "Suse"
- name: "(Config: SUSE) Install Logrotate"
zypper:
name: logrotate
state: present
when: ansible_os_family == "Suse"
- name: "(Config: All OSs) Create Logrotate Config"
template:
src: "logrotate/nginx.j2"
dest: "/etc/logrotate.d/nginx"
mode: 0644
notify: "(Config: All OSs) Run Logrotate"

9
tasks/conf/cleanup-config.yml → tasks/config/cleanup-config.yml
View File

@ -1,5 +1,10 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
- name: "(Setup: All OSs) Find NGINX Configuration Files"
- name: "Deprecation warning"
debug:
msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)"
- name: "(DEPRECATED) Find NGINX Configuration Files"
find:
paths: "{{ item.directory }}"
patterns: "*.conf"
@ -8,7 +13,7 @@
when: nginx_cleanup_config_paths is defined
register: nginx_config_files
- name: "(Setup: All OSs) Remove NGINX Configuration Files"
- name: "(DEPRECATED) Remove NGINX Configuration Files"
file:
path: "{{ item }}"
state: absent

14
tasks/config/debug-output.yml Normal file
View File

@ -0,0 +1,14 @@
---
- name: "Print NGINX config"
debug:
msg: "Printing NGINX config"
when: nginx_debug_tasks | bool
- name: "Register NGINX configuration"
command: nginx -T
changed_when: false
register: config
- name: "Print NGINX config"
debug:
var: config.stdout_lines

24
tasks/prerequisites/setup-systemd.yml → tasks/config/modify-systemd.yml
View File

@ -1,11 +1,16 @@
---
- name: "(Setup: Linux) Create Override Directory For NGINX Systemd Service"
- name: "Modify systemd"
debug:
msg: "Modifying systemd"
when: nginx_debug_tasks | bool
- name: "Create override directory for NGINX systemd service"
file:
path: "{{ nginx_service_overridepath }}"
state: directory
mode: 0755
- name: "(Setup: Linux) Create Override For NGINX Systemd Service"
- name: "Create override for NGINX systemd service"
template:
src: "{{ role_path }}/templates/services/nginx.service.override.conf.j2"
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
@ -15,9 +20,9 @@
when:
- not nginx_service_custom | bool
- not nginx_service_clean | bool
notify: "(Handler: All OSs) Systemd Daemon-Reload"
notify: "(Handler) Systemd Daemon-Reload"
- name: "(Setup: Linux) Customize Override For NGINX Systemd Service"
- name: "Customize override for NGINX systemd service"
copy:
src: "{{ nginx_service_custom_file }}"
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
@ -27,11 +32,16 @@
when:
- nginx_service_custom | bool
- not nginx_service_clean | bool
notify: "(Handler: All OSs) Systemd Daemon-Reload"
notify: "(Handler) Systemd Daemon-Reload"
- name: "(Setup: Linux) Remove Override For NGINX Systemd Service"
- name: "Remove override for NGINX systemd service"
file:
path: "{{ nginx_service_overridepath }}"
state: absent
when: nginx_service_clean | bool
notify: "(Handler: All OSs) Systemd Daemon-Reload"
notify: "(Handler) Systemd Daemon-Reload"
- name: "Modify systemd"
debug:
msg: "Done modifying systemd"
when: nginx_debug_tasks | bool

46
tasks/config/setup-logrotate.yml Normal file
View File

@ -0,0 +1,46 @@
---
- name: "Set up logrotate"
debug:
msg: "Setting up logrotate"
when: nginx_debug_tasks | bool
- name: "(Alpine Linux OSs) Install logrotate"
apk:
name: logrotate
when: ansible_facts['os_family'] == "Alpine"
- name: "(Debian OSs) Install logrotate"
apt:
name: logrotate
state: present
when: ansible_facts['os_family'] == "Debian"
- name: "(Red Hat OSs) Install logrotate"
yum:
name: logrotate
state: present
when: ansible_facts['os_family'] == "RedHat"
- name: "(SLES OSs) Set up logrotate"
block:
- name: "(SLES OSs) Configure logrotate repository"
zypper_repository:
repo: https://download.opensuse.org/repositories/openSUSE:Leap:42.1/standard/openSUSE:Leap:42.1.repo
- name: "(SLES OSs) Install Logrotate"
zypper:
name: logrotate
state: present
when: ansible_facts['os_family'] == "Suse"
- name: "Create logrotate config"
template:
src: "logrotate/nginx.j2"
dest: "/etc/logrotate.d/nginx"
mode: 0644
notify: "(Handler) Run logrotate"
- name: "Set up logrotate"
debug:
msg: "Done setting up logrotate"
when: nginx_debug_tasks | bool

39
tasks/conf/template-config.yml → tasks/config/template-config.yml
View File

@ -1,5 +1,10 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
- name: "(Setup: All NGINX) Ensure HTML Directory Exists"
- name: "Deprecation warning"
debug:
msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)"
- name: "(DEPRECATED) Ensure HTML Directory Exists"
file:
path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}"
state: directory
@ -7,7 +12,7 @@
with_dict: "{{ nginx_html_demo_template }}"
when: nginx_html_demo_template_enable | bool
- name: "(Setup: All NGINX) Dynamically Generate HTML Files"
- name: "(DEPRECATED) Dynamically Generate HTML Files"
template:
src: "{{ item.value.template_file | default('www/index.html.j2') }}"
dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}"
@ -16,23 +21,23 @@
with_dict: "{{ nginx_html_demo_template }}"
when: nginx_html_demo_template_enable | bool
- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
- name: "(DEPRECATED) Ensure NGINX Main Directory Exists"
file:
path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}"
state: directory
mode: 0755
when: nginx_main_template_enable | bool
- name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File"
- name: "(DEPRECATED) Dynamically Generate NGINX Main Configuration File"
template:
src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}"
dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}"
backup: yes
mode: 0644
when: nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists"
- name: "(DEPRECATED) Ensure NGINX HTTP Directory Exists"
file:
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}"
state: directory
@ -40,7 +45,7 @@
with_dict: "{{ nginx_http_template }}"
when: nginx_http_template_enable | bool
- name: "(Setup: All NGINX) Ensure NGINX Proxy Cache Directories Exist"
- name: "(DEPRECATED) Ensure NGINX Proxy Cache Directories Exist"
file:
path: "{{ item.1.path }}"
state: directory
@ -49,10 +54,10 @@
with_subelements:
- "{{ nginx_http_template }}"
- proxy_cache.proxy_cache_path
- skip_missing: true
- skip_missing: yes
when: nginx_http_template_enable | bool
- name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files"
- name: "(DEPRECATED) Dynamically Generate NGINX HTTP Configuration Files"
template:
src: "{{ item.value.template_file | default('http/default.conf.j2') }}"
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
@ -60,27 +65,27 @@
mode: 0644
with_dict: "{{ nginx_http_template }}"
when: nginx_http_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Dynamically Generate NGINX Stub Status Configuration File"
- name: "(DEPRECATED) Dynamically Generate NGINX Stub Status Configuration File"
template:
src: "{{ nginx_status_template_file | default('http/status.conf.j2') }}"
dest: "{{ nginx_status_file_location | default('/etc/nginx/conf.d/status.conf') }}"
backup: yes
mode: 0644
when: nginx_status_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File"
- name: "(DEPRECATED) Dynamically Generate NGINX API Configuration File"
template:
src: "{{ nginx_rest_api_template_file | default('http/api.conf.j2') }}"
dest: "{{ nginx_rest_api_file_location | default('/etc/nginx/conf.d/api.conf') }}"
backup: yes
mode: 0644
when: nginx_rest_api_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
- name: "(DEPRECATED) Ensure NGINX Stream Directory Exists"
file:
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}"
state: directory
@ -88,7 +93,7 @@
with_dict: "{{ nginx_stream_template }}"
when: nginx_stream_template_enable | bool
- name: "(Setup: All NGINX) Dynamically Generate NGINX Stream Configuration Files"
- name: "(DEPRECATED) Dynamically Generate NGINX Stream Configuration Files"
template:
src: "{{ item.value.template_file | default('stream/default.conf.j2') }}"
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
@ -96,4 +101,4 @@
mode: 0644
with_dict: "{{ nginx_stream_template }}"
when: nginx_stream_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
notify: "(Handler) Reload NGINX"

37
tasks/conf/upload-config.yml → tasks/config/upload-config.yml
View File

@ -1,12 +1,17 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
- name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists"
- name: "Deprecation warning"
debug:
msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)"
- name: "(DEPRECATED) Ensure NGINX HTML Directory Exists"
file:
path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
state: directory
mode: 0755
when: nginx_html_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX HTML Files"
- name: "(DEPRECATED) Upload NGINX HTML Files"
copy:
src: "{{ item }}"
dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
@ -14,32 +19,32 @@
mode: 0644
with_fileglob: "{{ nginx_html_upload_src }}"
when: nginx_html_upload_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
- name: "(DEPRECATED) Ensure NGINX Main Directory Exists"
file:
path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
state: directory
mode: 0755
when: nginx_main_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX Main Configuration File"
- name: "(DEPRECATED) Upload NGINX Main Configuration File"
copy:
src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}"
dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
backup: yes
mode: 0644
when: nginx_main_upload_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists"
- name: "(DEPRECATED) Ensure NGINX HTTP Directory Exists"
file:
path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
state: directory
mode: 0755
when: nginx_http_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files"
- name: "(DEPRECATED) Upload NGINX HTTP Configuration Files"
copy:
src: "{{ item }}"
dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
@ -47,16 +52,16 @@
mode: 0644
with_fileglob: "{{ nginx_http_upload_src }}"
when: nginx_http_upload_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
- name: "(DEPRECATED) Ensure NGINX Stream Directory Exists"
file:
path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
state: directory
mode: 0755
when: nginx_stream_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files"
- name: "(DEPRECATED) Upload NGINX Stream Configuration Files"
copy:
src: "{{ item }}"
dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
@ -64,23 +69,23 @@
mode: 0644
with_fileglob: "{{ nginx_stream_upload_src }}"
when: nginx_stream_upload_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Ensure SSL Certificate Directory Exists"
- name: "(DEPRECATED) Ensure SSL Certificate Directory Exists"
file:
path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
state: directory
mode: 0755
when: nginx_ssl_upload_enable | bool
- name: "(Setup: All NGINX) Ensure SSL Key Directory Exists"
- name: "(DEPRECATED) Ensure SSL Key Directory Exists"
file:
path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
state: directory
mode: 0755
when: nginx_ssl_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX SSL Certificates"
- name: "(DEPRECATED) Upload NGINX SSL Certificates"
copy:
src: "{{ item }}"
dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
@ -90,7 +95,7 @@
with_fileglob: "{{ nginx_ssl_crt_upload_src }}"
when: nginx_ssl_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX SSL Keys"
- name: "(DEPRECATED) Upload NGINX SSL Keys"
copy:
src: "{{ item }}"
dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"

14
tasks/keys/apk-key.yml
View File

@ -1,14 +0,0 @@
---
- name: "(Install: APK OSs) Set Default APK NGINX Signing Key URL"
set_fact:
default_keysite: https://nginx.org/keys/nginx_signing.rsa.pub
- name: "(Install: APK OSs) Set APK NGINX Signing Key URL"
set_fact:
keysite: "{{ nginx_signing_key | default(default_keysite) }}"
- name: "(Install: APK OSs) Download NGINX Signing Key"
get_url:
url: "{{ keysite }}"
dest: /etc/apk/keys/nginx_signing.rsa.pub
mode: 0400

12
tasks/keys/apt-key.yml
View File

@ -1,12 +0,0 @@
---
- name: "(Install: APT OSs) Set Default APT NGINX Signing Key URL"
set_fact:
default_keysite: https://nginx.org/keys/nginx_signing.key
- name: "(Install: APT OSs) Set APT NGINX Signing Key URL"
set_fact:
keysite: "{{ nginx_signing_key | default(default_keysite) }}"
- name: "(Install: APT OSs) Add APT NGINX Signing Key"
apt_key:
url: "{{ keysite }}"

14
tasks/keys/rpm-key.yml
View File

@ -1,14 +0,0 @@
---
- name: "(Install: RPM OSs) Set Default RPM NGINX Signing Key"
set_fact:
default_keysite: >-
{{ (ansible_distribution_major_version|int == 6)
| ternary('http://nginx.org/keys/nginx_signing.key', 'https://nginx.org/keys/nginx_signing.key') }}
- name: "(Install: RPM OSs) Set RPM NGINX Signing Key URL"
set_fact:
keysite: "{{ nginx_signing_key | default(default_keysite) }}"
- name: "(Install: RPM OSs) Add RPM NGINX Signing Key"
rpm_key:
key: "{{ keysite }}"

51
tasks/keys/setup-keys.yml
View File

@ -1,16 +1,41 @@
---
- name: "(Setup: Keys) Alpine"
include_tasks: "{{ role_path }}/tasks/keys/apk-key.yml"
when: ansible_os_family == "Alpine"
tags: nginx_apkkey
- name: "Set up signing keys"
debug:
msg: "Setting up signing keys"
when: nginx_debug_tasks | bool
- name: "(Setup: Keys) Debian/Ubuntu"
include_tasks: "{{ role_path }}/tasks/keys/apt-key.yml"
when: ansible_os_family == "Debian"
tags: nginx_aptkey
- name: "(Alpine Linux) Set up signing key"
block:
- name: "(Alpine Linux) Set up NGINX signing key URL"
set_fact:
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['rsa_pub']) }}"
- name: "(Setup: Keys) CentOS/RedHat/SUSE"
include_tasks: "{{ role_path }}/tasks/keys/rpm-key.yml"
when: ansible_os_family == "RedHat"
or ansible_os_family == "Suse"
tags: nginx_rpmkey
- name: "(Alpine Linux) Download NGINX signing key"
get_url:
url: "{{ keysite }}"
dest: /etc/apk/keys/nginx_signing.rsa.pub
mode: 0400
when: ansible_facts['os_family'] == "Alpine"
- name: "(Debian/Red Hat/SLES OSs) Set up NGINX signing key URL"
set_fact:
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['pgp']) }}"
when: ansible_facts['os_family'] != "Alpine"
- name: "(Debian/Ubuntu) Add NGINX signing key"
apt_key:
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
url: "{{ keysite }}"
when: ansible_facts['os_family'] == "Debian"
- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL/SLES) Add NGINX signing key"
rpm_key:
fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
key: "{{ keysite }}"
validate_certs: "{{ (ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}"
when: ansible_facts['os_family'] in ['RedHat', 'Suse']
- name: "Set up signing keys"
debug:
msg: "Done setting up signing keys"
when: nginx_debug_tasks | bool

92
tasks/main.yml
View File

@ -1,58 +1,78 @@
---
- name: "(Setup: All OSs) Setup Prerequisites"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-{{ ansible_os_family | lower }}.yml"
- name: "Check whether you are using a supported NGINX distribution"
assert:
that: (nginx_type == "opensource" and ansible_facts['distribution'] in nginx_distributions)
or (nginx_type == "plus" and ansible_facts['distribution'] in nginx_plus_distributions)
success_msg: "Your OS, {{ ansible_facts['distribution'] }} is supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}"
fail_msg: "Your OS, {{ ansible_facts['distribution'] }} is not supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}"
when:
- nginx_install | bool
- (nginx_install_from == "nginx_repository" or nginx_type == "plus")
tags: nginx_check_support
- name: "Set up prerequisites"
include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml"
tags: nginx_prerequisites
- name: "(Setup: All OSs) Setup Keys"
import_tasks: keys/setup-keys.yml
when:
- ansible_os_family == "Alpine"
or ansible_os_family == "Debian"
or ansible_os_family == "RedHat"
or ansible_os_family == "Suse"
- nginx_install_from == "nginx_repository"
or nginx_amplify_enable | bool
or nginx_unit_enable | bool
- name: "Set up signing keys"
include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml"
when: (nginx_install | bool and nginx_install_from == "nginx_repository")
or nginx_amplify_enable | bool or nginx_unit_enable | bool
tags: nginx_key
- name: "(Install/Config: All OSs) Install and Configure NGINX"
- name: "Install and Configure NGINX"
block:
- name: "(Install: All OSs) Install NGINX"
- name: "Install NGINX"
block:
- name: "(Install: All OSs) Install NGINX Open Source"
- name: "Install NGINX Open Source"
include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml"
when: nginx_type == "opensource"
tags: nginx_install_oss
- name: "(Install: All OSs) Install NGINX Plus"
- name: "Set up NGINX Plus license"
include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml"
when:
- nginx_type == "plus"
- nginx_setup_license | bool
tags: nginx_setup_license
- name: "Install NGINX Plus"
include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml"
when: nginx_type == "plus"
tags: nginx_install_plus
- name: "(Install: All OSs) Install NGINX Modules"
- name: "Install NGINX modules"
include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml"
when:
- nginx_modules is defined
- nginx_modules | length > 0
tags: nginx_install_modules
- name: "(Install: All OSs) Delete NGINX Plus License"
include_tasks: "{{ role_path }}/tasks/plus/delete-license.yml"
- name: "Remove NGINX Plus license"
include_tasks: "{{ role_path }}/tasks/plus/remove-license.yml"
when:
- nginx_type == "plus"
- nginx_delete_license | bool
tags: nginx_delete_license
when: nginx_install | bool
- nginx_remove_license | bool
tags: nginx_remove_license
- name: "(Config: All OSs) Configure NGINX"
- name: "Modify Service For Systemd"
include_tasks: "{{ role_path }}/tasks/config/modify-systemd.yml"
when:
- ansible_facts['service_mgr'] == "systemd"
- nginx_service_modify | bool
tags: nginx_modify_systemd
when: nginx_install | bool
tags: nginx_install
- name: "(DEPRECATED) Configure NGINX"
block:
- name: "(Config: All OSs) Cleanup NGINX Config"
include_tasks: "{{ role_path }}/tasks/conf/cleanup-config.yml"
- name: "(DEPRECATED) Cleanup NGINX Config"
include_tasks: "{{ role_path }}/tasks/config/cleanup-config.yml"
when: nginx_cleanup_config | bool
tags: nginx_cleanup_config
- name: "(Config: All OSs) Upload NGINX Config"
include_tasks: "{{ role_path }}/tasks/conf/upload-config.yml"
- name: "(DEPRECATED) Upload NGINX Config"
include_tasks: "{{ role_path }}/tasks/config/upload-config.yml"
when: nginx_main_upload_enable | bool
or nginx_http_upload_enable | bool
or nginx_stream_upload_enable | bool
@ -60,8 +80,8 @@
or nginx_ssl_upload_enable | bool
tags: nginx_upload_config
- name: "(Config: All OSs) Create NGINX Config"
include_tasks: "{{ role_path }}/tasks/conf/template-config.yml"
- name: "(DEPRECATED) Create NGINX Config"
include_tasks: "{{ role_path }}/tasks/config/template-config.yml"
when: nginx_main_template_enable | bool
or nginx_http_template_enable | bool
or nginx_stream_template_enable | bool
@ -69,21 +89,21 @@
tags: nginx_template_config
when: nginx_configure | bool
- name: "(Config: All OSs) Ensure NGINX is Running"
- name: "Ensure NGINX is running"
meta: flush_handlers
- name: "(Config: All OSs) Debug Output"
include_tasks: "{{ role_path }}/tasks/conf/debug-output.yml"
- name: "Debug NGINX output"
include_tasks: "{{ role_path }}/tasks/config/debug-output.yml"
when: nginx_debug_output | bool
tags: nginx_debug_output
- name: "(Config: All OSs): Configure Logrotate"
include_tasks: "{{ role_path }}/tasks/conf/logrotate.yml"
- name: "Configure logrotate for NGINX"
include_tasks: "{{ role_path }}/tasks/config/setup-logrotate.yml"
when: nginx_logrotate_conf_enable | bool
tags: nginx_logrotate_config
when: nginx_enable | bool
- name: "(Install: All OSs) Install NGINX Amplify"
- name: "Install NGINX Amplify"
include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml"
when:
- nginx_amplify_enable | bool
@ -91,7 +111,7 @@
- nginx_amplify_api_key | length > 0
tags: nginx_install_amplify
- name: "(Install: All OSs) Install NGINX Unit"
- name: "(DEPRECATED) Install NGINX Unit"
include_tasks: "{{ role_path }}/tasks/unit/install-unit.yml"
when: nginx_unit_enable | bool
tags: nginx_install_unit

30
tasks/modules/install-modules.yml
View File

@ -1,12 +1,12 @@
---
- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies"
- name: "(CentOS) Install GeoIP dependencies"
yum:
name: epel-release
when:
- ansible_distribution == "CentOS"
- ansible_facts['distribution'] == "CentOS"
- '"geoip" in nginx_modules'
- name: "(Install: All OSs) Install NGINX Modules"
- name: "Install NGINX Modules"
package:
name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item }}{{ nginx_version | default('') }}"
state: present
@ -15,18 +15,18 @@
- (item in nginx_modules_list and nginx_type == 'opensource')
or (item in nginx_plus_modules_list and nginx_type == 'plus')
- not (item == "auth-spnego")
or not (ansible_os_family == "Alpine" and (ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') == "3.8"))
or not (ansible_facts['os_family'] == "Alpine" and (ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') is version('3.8', '==')))
- not (item == "geoip")
or not ((ansible_os_family == "RedHat" and ansible_distribution_major_version == "8")
or (ansible_os_family == "FreeBSD"))
or not ((ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '=='))
or (ansible_facts['os_family'] == "FreeBSD"))
- not (item == "brotli")
or not ((ansible_os_family == "Alpine")
or (ansible_os_family == "RedHat" and ansible_distribution_major_version < "8")
or (ansible_os_family == "Debian" and ansible_distribution_major_version == "9")
or (ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
or (ansible_distribution == "Amazon")
or (ansible_distribution == "OracleLinux"))
- not (item == "geoip2") or not (ansible_os_family == "Suse")
or not ((ansible_facts['os_family'] == "Alpine")
or (ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '<'))
or (ansible_facts['os_family'] == "Debian" and ansible_facts['distribution_major_version'] is version('9', '=='))
or (ansible_facts['os_family'] == "Suse" and ansible_facts['distribution_major_version'] is version('12', '<'))
or (ansible_facts['distribution'] == "Amazon")
or (ansible_facts['distribution'] == "OracleLinux"))
- not (item == "geoip2") or not (ansible_facts['os_family'] == "Suse")
- not (item == "opentracing")
or not ((ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
or (ansible_os_family == "RedHat" and ansible_distribution_major_version == "6"))
or not ((ansible_facts['os_family'] == "Suse" and ansible_facts['distribution_major_version'] is version('12', '=='))
or (ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('6', '==')))

14
tasks/opensource/install-alpine.yml Normal file
View File

@ -0,0 +1,14 @@
---
- name: "(Alpine Linux) Configure NGINX repository"
lineinfile:
path: /etc/apk/repositories
insertafter: EOF
line: "{{ repository }}"
- name: "(Alpine Linux) Install NGINX"
apk:
name: "nginx{{ nginx_version | default('') }}"
repository: "{{ repository }}"
state: "{{ nginx_state }}"
update_cache: yes
notify: "(Handler) Start NGINX"

78
tasks/opensource/install-bsd.yml Normal file
View File

@ -0,0 +1,78 @@
---
- name: "(FreeBSD) Update ports"
block:
- name: "(FreeBSD) Fetch ports"
command: portsnap fetch --interactive
args:
creates: /var/db/portsnap/INDEX
- name: "(FreeBSD) Extract ports"
command: portsnap extract
args:
creates: /usr/ports
when:
- ansible_facts['system'] == "FreeBSD"
- nginx_bsd_update_ports | bool
- name: "(FreeBSD) Install NGINX"
block:
- name: "(FreeBSD) Install NGINX package"
pkgng:
name: "www/nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler) Start NGINX"
- name: "(FreeBSD) Install NGINX port"
portinstall:
name: "www/nginx{{ nginx_version | default('') }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages | bool
notify: "(Handler) Start NGINX"
when: ansible_facts['system'] == "FreeBSD"
- name: "(OpenBSD) Install NGINX"
block:
- name: "(OpenBSD) Install NGINX package"
openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}"
build: no
state: "{{ nginx_state }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler) Start NGINX"
- name: "(OpenBSD) Install NGINX port"
openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}"
build: yes
state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages | bool
notify: "(Handler) Start NGINX"
when: ansible_facts['system'] == "OpenBSD"
- name: "(NetBSD) Install NGINX"
block:
- name: "NetBSD) Install NGINX package"
command: "pkg_add www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler) Start NGINX"
- name: "(NetBSD) Install NGINX port"
fail:
msg: "{{ ansible_facts['system'] }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages | bool
when: ansible_facts['system'] == "NetBSD"
- name: "(DragonFlyBSD/HardenedBSD) Install NGINX"
block:
- name: "Install NGINX package"
command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler) Start NGINX"
- name: "Install NGINX port"
fail:
msg: "{{ ansible_facts['system'] }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages | bool
when: ansible_facts['system'] in ['DragonFlyBSD', 'HardenedBSD']

14
tasks/opensource/install-debian.yml Normal file
View File

@ -0,0 +1,14 @@
---
- name: "(Debian/Ubuntu) Configure NGINX repository"
apt_repository:
filename: nginx
repo: "{{ item }}"
update_cache: yes
mode: 0644
loop: "{{ repository }}"
- name: "(Debian/Ubuntu) Install NGINX"
apt:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler) Start NGINX"

91
tasks/opensource/install-oss-bsd.yml
View File

@ -1,91 +0,0 @@
---
- name: "(Install: FreeBSD) Update Ports"
block:
- name: "(Install: FreeBSD) Fetch Ports"
command: portsnap fetch --interactive
args:
creates: /var/db/portsnap/INDEX
- name: "(Install: FreeBSD) Extract Ports"
command: portsnap extract
args:
creates: /usr/ports
when:
- ansible_system == "FreeBSD"
- nginx_bsd_update_ports | bool
- name: "(Install: FreeBSD)"
block:
- name: "(Install: FreeBSD) Install NGINX Package"
pkgng:
name: "www/nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: FreeBSD) Install NGINX Port"
portinstall:
name: "www/nginx{{ nginx_version | default('') }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
when: ansible_system == "FreeBSD"
- name: "(Install: OpenBSD)"
block:
- name: "(Install: OpenBSD) Install NGINX Package"
openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}"
build: no
state: "{{ nginx_state }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: OpenBSD) Install NGINX Port"
openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}"
build: yes
state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
when: ansible_system == "OpenBSD"
- name: "(Install: NetBSD)"
block:
- name: "(Install: NetBSD) Install NGINX Package"
command: "pkg_add www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: NetBSD) Install NGINX Port"
fail:
msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages | bool
when: ansible_system == "NetBSD"
- name: "(Install: DragonFlyBSD)"
block:
- name: "(Install: DragonFlyBSD) Install NGINX Package"
command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: DragonFlyBSD) Install NGINX port"
fail:
msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages | bool
when: ansible_system == "DragonFlyBSD"
- name: "(Install: HardenedBSD)"
block:
- name: "(Install: HardenedBSD) Install NGINX package"
command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: HardenedBSD) Install NGINX port"
fail:
msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages | bool
when: ansible_system == "HardenedBSD"

26
tasks/opensource/install-oss-linux.yml
View File

@ -1,26 +0,0 @@
---
- name: "(Install: Linux) Configure NGINX Repository"
include_tasks: "{{ role_path }}/tasks/opensource/setup-{{ ansible_os_family | lower }}.yml"
when:
- ansible_os_family == "Alpine"
or ansible_os_family == "Debian"
or ansible_os_family == "RedHat"
or ansible_os_family == "Suse"
- nginx_install_from == "nginx_repository"
- name: "(Install: Linux) Modify Service For Systemd"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
when:
- ansible_service_mgr == "systemd"
- nginx_service_modify | bool
- name: "(Install: Linux) Install NGINX From Source"
include_tasks: "{{ role_path }}/tasks/opensource/setup-source.yml"
when: nginx_install_from == "source"
- name: "(Install: Linux) Install NGINX Package"
package:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
when: nginx_install_from == "os_repository"
notify: "(Handler: All OSs) Start NGINX"

42
tasks/opensource/install-oss.yml
View File

@ -1,8 +1,38 @@
---
- name: "(Install: OSS Linux)"
include_tasks: "{{ role_path }}/tasks/opensource/install-oss-linux.yml"
when: ansible_os_family in nginx_linux_families
- name: "Install NGINX"
debug:
msg: "Installing NGINX"
when: nginx_debug_tasks | bool
- name: "(Install: OSS BSD)"
include_tasks: "{{ role_path }}/tasks/opensource/install-oss-bsd.yml"
when: ansible_system in nginx_bsd_systems
- name: "Install NGINX in Linux systems"
block:
- name: "Install NGINX from repository"
block:
- name: "Set NGINX repository"
set_fact:
repository: "{{ nginx_repository | default(nginx_default_repository[ansible_facts['os_family'] | lower]) }}"
- name: "Install NGINX from repository"
include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml"
when: nginx_install_from == "nginx_repository"
- name: "Install NGINX from source"
include_tasks: "{{ role_path }}/tasks/opensource/install-source.yml"
when: nginx_install_from == "source"
- name: "Install NGINX from package"
package:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
when: nginx_install_from == "os_repository"
notify: "(Handler) Start NGINX"
when: ansible_facts['system'] | lower is not search('bsd')
- name: "Install NGINX in Unix systems"
include_tasks: "{{ role_path }}/tasks/opensource/install-bsd.yml"
when: ansible_facts['system'] | lower is search('bsd')
- name: "Install NGINX"
debug:
msg: "Done installing NGINX"
when: nginx_debug_tasks | bool

33
tasks/opensource/install-redhat.yml Normal file
View File

@ -0,0 +1,33 @@
---
- name: "(CentOS/RHEL 6/7) Configure NGINX repository"
yum_repository:
name: nginx
baseurl: "{{ repository }}"
description: NGINX Repository
enabled: yes
gpgcheck: yes
mode: 0644
when: ansible_facts['distribution_major_version'] is version('8', '<')
- name: "(CentOS/RHEL 8) Configure NGINX repository"
blockinfile:
path: /etc/yum.repos.d/nginx.repo
create: yes
block: |
[nginx]
baseurl = {{ repository }}
enabled = 1
gpgcheck = 1
name = NGINX Repository
module_hotfixes = true
mode: 0644
when: ansible_facts['distribution_major_version'] is version('8', '==')
- name: "(CentOS/RHEL) Install NGINX"
yum:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
disablerepo: "*"
enablerepo: "nginx"
update_cache: yes
notify: "(Handler) Start NGINX"

218
tasks/opensource/setup-source.yml → tasks/opensource/install-source.yml
View File

@ -1,9 +1,9 @@
---
- name: "(Install: Linux) Check For Build Tools"
- name: "Check for build tools"
block:
- name: "(Install: Centos/RHEL) Setup Python 3"
- name: "(CentOS/RHEL 8) Setup python 3"
block:
- name: "(Install: Centos/RHEL) Install Python 3"
- name: "(CentOS/RHEL 8) Install python 3"
yum:
name:
- python3
@ -11,144 +11,144 @@
- python3-devel
update_cache: yes
- name: "(Install: Centos/RHEL) Set Python 3 Default"
- name: "(Centos/RHEL 8) Set python 3 as default"
alternatives:
name: python
path: /usr/bin/python3
link: /usr/bin/python
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "8"
- ansible_facts['os_family'] == "RedHat"
- ansible_facts['distribution_major_version'] is version('8', '==')
- name: "(Install: Centos/RHEL) Install Build Tools"
- name: "(Centos/RHEL) Install build tools"
yum:
name:
- "@Development tools"
- ca-certificates
- gcc
- glibc
- glibc-common
- gd
- gd-devel
- glibc
- glibc-common
- perl-core
- wget
- ca-certificates
- zlib-devel
update_cache: yes
when: ansible_os_family == "RedHat"
when: ansible_facts['os_family'] == "RedHat"
- name: "(Install: Debian) Install Backports Repo For Buster"
- name: "(Debian) Install backports repo for buster"
apt_repository:
filename: buster-backports
repo: deb http://ftp.us.debian.org/debian buster-backports main
update_cache: yes
mode: 0644
when: ansible_distribution_release == "buster"
when: ansible_facts['distribution_release'] == "buster"
- name: "(Install: Debian/Ubuntu) Install Build Tools"
- name: "(Debian/Ubuntu) Install build tools"
apt:
name:
- python3-minimal
- build-essential
- checkinstall
- libtemplate-perl
- python3-minimal
- perl
- tar
- checkinstall
- zlib1g-dev
- libtemplate-perl
update_cache: yes
when: ansible_os_family == "Debian"
when: ansible_facts['os_family'] == "Debian"
- name: "(Install: Alpine) Install Build Tools"
- name: "(Alpine Linux) Install build tools"
apk:
name:
- python3
- alpine-sdk
- build-base
- git
- wget
- openrc
- perl
- python3
- linux-headers
- tar
- openrc
- wget
update_cache: yes
when: ansible_os_family == "Alpine"
when: ansible_facts['os_family'] == "Alpine"
- name: "(Install: Alpine) Enable OpenRC"
- name: "(Alpine Linux) Enable OpenRC"
copy:
content: ""
dest: /run/openrc/softlevel
force: no
owner: root
mode: 0644
when: ansible_os_family == "Alpine"
when: ansible_facts['os_family'] == "Alpine"
when: nginx_install_source_build_tools | bool
- name: "(Install: Linux) Check For Source Installs"
- name: "Check for source installs"
block:
- name: "(Install: Linux) Check For PCRE Install"
- name: "Check for PCRE install"
stat:
path: /tmp/{{ pcre_version }}
register: pcre_result
- name: "(Install: Linux) Check For ZLib Install"
- name: "Check for ZLib install"
stat:
path: /tmp/{{ zlib_version }}
register: zlib_result
- name: "(Install: Linux) Check For OpenSSL Install"
- name: "Check for OpenSSL install"
stat:
path: /tmp/{{ openssl_version }}
register: openssl_result
- name: "(Install: Centos/RHEL) Install PCRE Dependency From Package"
- name: "(CentOS/RHEL) Install PCRE dependency from package"
yum:
name: pcre-devel
update_cache: yes
when:
- nginx_install_source_pcre | bool
- ansible_os_family == "RedHat"
- ansible_facts['os_family'] == "RedHat"
- name: "(Install: Debian/Ubuntu) Install PCRE Dependency From Package"
- name: "(Debian/Ubuntu) Install PCRE dependency from package"
apt:
name: libpcre3-dev
update_cache: yes
when:
- nginx_install_source_pcre | bool
- ansible_os_family == "Debian"
- ansible_facts['os_family'] == "Debian"
- name: "(Install: Alpine) Install PCRE Dependency From Package"
- name: "(Alpine Linux) Install PCRE dependency from package"
apk:
name: pcre-dev
update_cache: yes
when:
- nginx_install_source_pcre | bool
- ansible_os_family == "Alpine"
- ansible_facts['os_family'] == "Alpine"
- name: "(Install: Linux) Install PCRE Dependence From Source"
- name: "Install PCRE dependence from source"
block:
- name: "(Install: Linux) Download PCRE Dependency"
- name: "Download PCRE dependency"
get_url:
url: "http://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz"
url: "https://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz"
dest: "/tmp/{{ pcre_version }}.tar.gz"
mode: 0600
register: pcre_source
- name: "(Install: Linux) Unpack PCRE Dependency"
- name: "Unpack PCRE dependency"
unarchive:
copy: no
dest: /tmp/
src: "{{ pcre_source.dest }}"
mode: 0700
- name: "(Install: Linux) Configure PCRE Dependency"
- name: "Configure PCRE dependency"
command: "./configure"
args:
chdir: "/tmp/{{ pcre_version }}"
- name: "(Install: Linux) Make PCRE Dependency"
- name: "Make PCRE dependency"
make:
chdir: "/tmp/{{ pcre_version }}"
- name: "(Install: Linux) Install PCRE Dependency"
- name: "Install PCRE dependency"
make:
chdir: "/tmp/{{ pcre_version }}"
target: install
@ -156,56 +156,56 @@
- not pcre_result.stat.exists | bool
- not nginx_install_source_pcre | bool
- name: "(Install: Centos/RHEL) Install ZLib Dependency From Package"
- name: "(Centos/RHEL) Install ZLib dependency from package"
yum:
name: zlib-devel
update_cache: yes
when:
- nginx_install_source_zlib | bool
- ansible_os_family == "RedHat"
- ansible_facts['os_family'] == "RedHat"
- name: "(Install: Debian/Ubuntu) Install ZLib Dependency From Package"
- name: "(Debian/Ubuntu) Install ZLib dependency from package"
apt:
name: zlib1g-dev
update_cache: true
when:
- nginx_install_source_zlib | bool
- ansible_os_family == "Debian"
- ansible_facts['os_family'] == "Debian"
- name: "(Install: Alpine) Install ZLib Dependency From Package"
- name: "(Alpine Linux) Install ZLib dependency from package"
apk:
name: zlib-dev
update_cache: yes
when:
- nginx_install_source_zlib | bool
- ansible_os_family == "Alpine"
- ansible_facts['os_family'] == "Alpine"
- name: "(Install: Linux) Install ZLib Dependency From Source"
- name: "Install ZLib dependency from source"
block:
- name: "(Install: Linux) Download ZLib Dependency"
- name: "Download ZLib dependency"
get_url:
url: "http://zlib.net/{{ zlib_version }}.tar.gz"
url: "https://zlib.net/{{ zlib_version }}.tar.gz"
dest: "/tmp/{{ zlib_version }}.tar.gz"
mode: 0600
register: zlib_source
- name: "(Install: Linux) Unpack ZLib Dependency"
- name: "Unpack ZLib dependency"
unarchive:
copy: no
dest: /tmp/
src: "{{ zlib_source.dest }}"
mode: 0700
- name: "(Install: Linux) Configure zlib Dependency"
- name: "Configure ZLib dependency"
command: "./configure"
args:
chdir: "/tmp/{{ zlib_version }}"
- name: "(Install: Linux) Make ZLib Dependency"
- name: "Make ZLib dependency"
make:
chdir: "/tmp/{{ zlib_version }}"
- name: "(Install: Linux) Install ZLib Dependency"
- name: "Install ZLib dependency"
make:
chdir: "/tmp/{{ zlib_version }}"
target: install
@ -213,56 +213,56 @@
- not zlib_result.stat.exists | bool
- not nginx_install_source_zlib | bool
- name: "(Install: Centos/RHEL) Install OpenSSL Dependency From Package"
- name: "(CentOS/RHEL) Install OpenSSL dependency from package"
yum:
name: openssl-devel
update_cache: yes
when:
- nginx_install_source_openssl | bool
- ansible_os_family == "RedHat"
- ansible_facts['os_family'] == "RedHat"
- name: "(Install: Debian/Ubuntu) Install OpenSSL Dependency From Package"
- name: "(Debian/Ubuntu) Install OpenSSL dependency from package"
apt:
name: libssl-dev
update_cache: yes
when:
- nginx_install_source_openssl | bool
- ansible_os_family == "Debian"
- ansible_facts['os_family'] == "Debian"
- name: "(Install: Alpine) Install OpenSSL Dependency From Package"
- name: "(Alpine Linux) Install OpenSSL dependency from package"
apk:
name: openssl-dev
update_cache: yes
when:
- nginx_install_source_openssl | bool
- ansible_os_family == "Alpine"
- ansible_facts['os_family'] == "Alpine"
- name: "(Install: Linux) Install OpenSSL Dependency From Source"
- name: "Install OpenSSL dependency from source"
block:
- name: "(Install: Linux) Download OpenSSL Dependency"
- name: "Download OpenSSL dependency"
get_url:
url: "http://www.openssl.org/source/{{ openssl_version }}.tar.gz"
url: "https://www.openssl.org/source/{{ openssl_version }}.tar.gz"
dest: "/tmp/{{ openssl_version }}.tar.gz"
mode: 0600
register: openssl_source
- name: "(Install: Linux) Unpack OpenSSL Dependency"
- name: "Unpack OpenSSL dependency"
unarchive:
copy: no
dest: /tmp/
src: "{{ openssl_source.dest }}"
mode: 0700
- name: "(Install: Linux) Configure OpenSSL Dependency"
- name: "Configure OpenSSL dependency"
command: "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib"
args:
chdir: "/tmp/{{ openssl_version }}"
- name: "(Install: Linux) Make OpenSSL Dependency"
- name: "Make OpenSSL dependency"
make:
chdir: "/tmp/{{ openssl_version }}"
- name: "(Install: Linux) Install OpenSSL Dependency"
- name: "Install OpenSSL dependency"
make:
chdir: "/tmp/{{ openssl_version }}"
target: install
@ -270,72 +270,72 @@
- not openssl_result.stat.exists | bool
- not nginx_install_source_openssl | bool
- name: "(Install: Linux) Get NGINX Version"
- name: "Get NGINX version"
block:
- name: "(Install: Linux) Fetch NGINX Version"
- name: "Fetch NGINX version"
uri:
url: https://trac.nginx.org/nginx/browser
return_content: yes
register: nginx_versions
- name: "(Install: Linux) Set NGINX Mainline Version"
- name: "Set NGINX mainline version"
set_fact:
nginx_version: "{{ nginx_versions.content | regex_search('release[^<]*') | regex_replace('release', 'nginx') }}"
when: nginx_branch == "mainline"
- name: "(Install: Linux) Set NGINX Stable Version 1/2"
- name: "Set NGINX stable version 1/2"
set_fact:
nginx_version: "{{ nginx_versions.content | regex_search('stable[^<]*') | regex_replace('stable', 'release') }}"
when: nginx_branch == "stable"
- name: "(Install: Linux) Set NGINX Stable Version 2/2"
- name: "Set NGINX stable version 2/2"
set_fact:
nginx_version: "{{ nginx_versions.content | regex_search(nginx_version + '[^<]*') | regex_replace('release', 'nginx') }}"
when: nginx_branch == "stable"
- name: "(Install: Linux) Set NGINX Download Filename"
- name: "Set NGINX download filename"
set_fact:
nginx_download_name: "{{ nginx_version }}"
- name: "(Install: Linux) Check For NGINX Install"
- name: "Check for NGINX install"
stat:
path: /usr/sbin/nginx
follow: yes
register: nginx_result
- name: "(Install: Linux) Add NGINX User"
- name: "Add NGINX user"
user:
name: nginx
- name: "(Install: Linux) Install NGINX"
- name: "Install NGINX"
block:
- name: "(Install: Linux) Download NGINX"
- name: "Download NGINX"
get_url:
url: "http://nginx.org/download/{{ nginx_download_name }}.tar.gz"
url: "https://nginx.org/download/{{ nginx_download_name }}.tar.gz"
dest: "/tmp/{{ nginx_download_name }}.tar.gz"
mode: 0600
register: nginx_source
- name: "(Install: Linux) Unpack NGINX"
- name: "Unpack NGINX"
unarchive:
copy: no
dest: /tmp/
src: "{{ nginx_source.dest }}"
mode: 0755
- name: "(Install: Linux) Configure NGINX"
- name: "Configure NGINX"
command: >-
./configure
--prefix=/usr
--pid-path=/var/run/nginx.pid
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--lock-path=/var/lock/nginx.lock
--modules-path=/usr/lib/nginx/modules
--prefix=/usr
--pid-path=/var/run/nginx.pid
--with-http_ssl_module
--with-stream
--with-mail=dynamic
--with-stream
{{ nginx_install_source_pcre | ternary('', '--with-pcre=../' + pcre_version) }}
{{ nginx_install_source_zlib | ternary('', '--with-zlib=../' + zlib_version) }}
{{ nginx_install_source_openssl | ternary('', '--with-openssl=../' + openssl_version) }}
@ -343,86 +343,86 @@
chdir: "/tmp/{{ nginx_version }}"
register: nginx_configure
- name: "(Install: Linux) Make NGINX"
- name: "Make NGINX"
make:
chdir: "/tmp/{{ nginx_version }}"
- name: "(Install: Linux) Install NGINX"
- name: "Install NGINX"
make:
chdir: "/tmp/{{ nginx_version }}"
target: install
- name: "(Install: Linux) Upload systemd NGINX Service File"
- name: "Upload systemd NGINX service file"
copy:
src: services/nginx.systemd
dest: /lib/systemd/system/nginx.service
owner: root
group: root
mode: 0644
when: ansible_service_mgr == "systemd"
when: ansible_facts['service_mgr'] == "systemd"
- name: "(Install: Linux) Enable systemd NGINX Service File"
- name: "Enable systemd NGINX service file"
systemd:
daemon_reload: yes
name: nginx
state: restarted
enabled: yes
when: ansible_service_mgr == "systemd"
notify: "(Handler: All OSs) Start NGINX"
when: ansible_facts['service_mgr'] == "systemd"
notify: "(Handler) Start NGINX"
- name: "(Install: Linux) Upload upstart NGINX Service File"
- name: "Upload upstart NGINX service file"
copy:
src: services/nginx.upstart
dest: /etc/init.d/nginx
owner: root
group: root
mode: 0755
when: ansible_service_mgr == "upstart"
when: ansible_facts['service_mgr'] == "upstart"
- name: "(Install: Linux) Upload upstart NGINX Service Conf File"
- name: "Upload upstart NGINX service conf file"
copy:
src: services/nginx.conf.upstart
dest: /etc/init/nginx.conf
owner: root
group: root
mode: 0644
when: ansible_service_mgr == "upstart"
when: ansible_facts['service_mgr'] == "upstart"
- name: "(Install: Linux) Enable upstart NGINX Service Reload"
- name: "Enable upstart NGINX service reload"
command: "initctl reload-configuration"
when: ansible_service_mgr == "upstart"
when: ansible_facts['service_mgr'] == "upstart"
- name: "(Install: Linux) Start upstart NGINX Service Reload"
- name: "Start upstart NGINX service reload"
command: "nginx"
when: ansible_service_mgr == "upstart"
notify: "(Handler: All OSs) Start NGINX"
when: ansible_facts['service_mgr'] == "upstart"
notify: "(Handler) Start NGINX"
- name: "(Install: Linux) Upload sysvinit NGINX Service File"
- name: "Upload sysvinit NGINX service file"
copy:
src: services/nginx.sysvinit
dest: /etc/init.d/nginx
owner: root
group: root
mode: 0755
when: ansible_service_mgr == "sysvinit"
notify: "(Handler: All OSs) Start NGINX"
when: ansible_facts['service_mgr'] == "sysvinit"
notify: "(Handler) Start NGINX"
- name: "(Install: Linux) Upload openrc NGINX Service File"
- name: "Upload openrc NGINX service file"
copy:
src: services/nginx.openrc
dest: /etc/init.d/nginx
owner: root
group: root
mode: 0755
when: ansible_service_mgr == "openrc"
when: ansible_facts['service_mgr'] == "openrc"
- name: "(Install: Linux) Enable openrc NGINX Service"
- name: "Enable openrc NGINX service"
command: rc-update add nginx default
notify: "(Handler: All OSs) Start NGINX"
when: ansible_service_mgr == "openrc"
when: ansible_facts['service_mgr'] == "openrc"
notify: "(Handler) Start NGINX"
when: not nginx_result.stat.exists
- name: "(Install: Linux) Cleanup Downloads"
- name: "Cleanup downloads"
file:
path: "{{ item }}"
state: absent

13
tasks/opensource/install-suse.yml Normal file
View File

@ -0,0 +1,13 @@
---
- name: "(SLES) Configure NGINX repository"
zypper_repository:
name: "nginx-{{ nginx_branch }}"
repo: "{{ repository }}"
- name: "(SLES) Install NGINX"
zypper:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
disable_recommends: no
update_cache: yes
notify: "(Handler) Start NGINX"

29
tasks/opensource/setup-alpine.yml
View File

@ -1,29 +0,0 @@
---
- name: "(Install: Alpine) Set Default APK NGINX Repository"
set_fact:
default_repository: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}alpine/v{{ ansible_distribution_version.split('.')[0] }}.{{ ansible_distribution_version.split('.')[1] }}/main
- name: "(Install: Alpine) Set APK NGINX Repository"
set_fact:
repository: "{{ nginx_repository | default(default_repository) }}"
- name: "(Install: Alpine) Add NGINX Repository"
lineinfile:
path: /etc/apk/repositories
insertafter: EOF
line: "{{ repository }}"
- name: "(Install: Alpine) Install Required Alpine Dependencies"
apk:
name:
- openssl
- pcre
- name: "(Install: Alpine) Install NGINX"
apk:
name: "nginx{{ nginx_version | default('') }}"
repository: "{{ repository }}"
state: "{{ nginx_state }}"
notify: "(Handler: All OSs) Start NGINX"

28
tasks/opensource/setup-debian.yml
View File

@ -1,28 +0,0 @@
---
- name: "(Install: Debian/Ubuntu) Set Default APT NGINX Repository"
set_fact:
default_repository:
- >-
deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
- >-
deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
- name: "(Install: Debian/Ubuntu) Set APT NGINX Repository"
set_fact:
repository: "{{ nginx_repository | default(default_repository) }}"
- name: "(Install: Debian/Ubuntu) Add NGINX Repository"
apt_repository:
filename: nginx
repo: "{{ item }}"
update_cache: yes
mode: 0644
loop: "{{ repository }}"
- name: "(Install: Debian/Ubuntu) Install NGINX"
apt:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler: All OSs) Start NGINX"

47
tasks/opensource/setup-redhat.yml
View File

@ -1,47 +0,0 @@
---
- name: "(Install: CentOS/RedHat) Set Default YUM NGINX Repository"
set_fact:
default_repository: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat")
| ternary('rhel', 'centos') }}/{{ ansible_distribution_major_version }}/$basearch/
- name: "(Install: CentOS/RedHat) Set YUM NGINX Repository"
set_fact:
repository: "{{ nginx_repository | default(default_repository) }}"
- name: "(Install: CentOS/RedHat) Add NGINX Repository for CentOS/RHEL 6/7"
yum_repository:
name: nginx
baseurl: "{{ repository }}"
description: NGINX Repository
enabled: yes
gpgcheck: yes
mode: 0644
when: ansible_distribution_major_version < "8"
- name: "(Install: CentOS/RedHat) Add NGINX Repository for CentOS/RHEL 8"
blockinfile:
path: /etc/yum.repos.d/nginx.repo
create: yes
block: |
[nginx]
baseurl = {{ repository }}
enabled = 1
gpgcheck = 1
name = NGINX Repository
module_hotfixes = true
mode: 0644
when: ansible_distribution_major_version == "8"
- name: "(Install: CentOS/RedHat) Install Required CentOS/RedHat Dependencies"
yum:
name: openssl
- name: "(Install: CentOS/RedHat) Install NGINX"
yum:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
disablerepo: "*"
enablerepo: "nginx"
notify: "(Handler: All OSs) Start NGINX"

21
tasks/opensource/setup-suse.yml
View File

@ -1,21 +0,0 @@
---
- name: "(Install: SUSE) Set Default SUSE NGINX Repository"
set_fact:
default_repository: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}sles/{{ ansible_distribution_major_version }}
- name: "(Install: SUSE) Set SUSE NGINX Repository"
set_fact:
repository: "{{ nginx_repository | default(default_repository) }}"
- name: "(Install: SUSE) Add NGINX Repository"
zypper_repository:
name: "nginx-{{ nginx_branch }}"
repo: "{{ repository }}"
- name: "(Install: SUSE) Install NGINX"
zypper:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler: All OSs) Start NGINX"

26
tasks/plus/delete-license.yml
View File

@ -1,26 +0,0 @@
---
- name: "(Setup: All OSs) Set NGINX Plus License State"
set_fact:
nginx_license_status: absent
- name: "(Setup: All OSs Besides Alpine Linux) Delete NGINX Plus License"
file:
path: /etc/ssl/nginx
state: absent
when: ansible_distribution != "Alpine"
- name: "(Setup: Alpine Linux) Delete NGINX Plus License"
file:
path: "{{ item }}"
state: absent
loop:
- /etc/apk/cert.key
- /etc/apk/cert.pem
when: ansible_distribution == "Alpine"
- include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml"
when: ansible_os_family == "Alpine"
or ansible_os_family == "FreeBSD"
or ansible_os_family == "Debian"
or ansible_os_family == "RedHat"
or ansible_os_family == "Suse"

14
tasks/plus/install-alpine.yml Normal file
View File

@ -0,0 +1,14 @@
---
- name: "(Alpine Linux) Configure NGINX Plus repository"
lineinfile:
path: /etc/apk/repositories
insertafter: EOF
line: "{{ repository }}"
state: "{{ nginx_license_status | default ('present') }}"
- name: "(Alpine Linux) Install NGINX Plus"
apk:
name: "nginx-plus{{ nginx_version | default('') }}"
repository: "{{ repository }}"
state: "{{ nginx_state }}"
notify: "(Handler) Start NGINX"

12
tasks/plus/setup-debian.yml → tasks/plus/install-debian.yml
View File

@ -1,5 +1,5 @@
---
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus License"
- name: "(Debian/Ubuntu) Set up NGINX Plus license verification"
blockinfile:
path: /etc/apt/apt.conf.d/90nginx
create: yes
@ -11,10 +11,16 @@
state: "{{ nginx_license_status | default ('present') }}"
mode: 0444
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus Repository"
- name: "(Debian/Ubuntu) Configure NGINX Plus repository"
apt_repository:
filename: nginx-plus
repo: deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus
repo: "{{ repository }}"
update_cache: yes
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
- name: "(Debian/Ubuntu) Install NGINX Plus"
apt:
name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler) Start NGINX"

34
tasks/plus/setup-bsd.yml → tasks/plus/install-freebsd.yml
View File

@ -1,18 +1,5 @@
---
- name: "(Setup: FreeBSD) Setup NGINX Plus Repository"
blockinfile:
path: /etc/pkg/nginx-plus.conf
create: yes
block: |
nginx-plus: {
URL: pkg+https://plus-pkgs.nginx.com/freebsd/${ABI}/latest
ENABLED: yes
MIRROR_TYPE: SRV
}
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
- name: "(Setup: FreeBSD) Setup NGINX Plus License"
- name: "(FreeBSD) Set up NGINX Plus license verification"
blockinfile:
path: /usr/local/etc/pkg.conf
block: |
@ -20,3 +7,22 @@
SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt",
SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" }
state: "{{ nginx_license_status | default ('present') }}"
- name: "(FreeBSD) Configure NGINX Plus repository"
blockinfile:
path: /etc/pkg/nginx-plus.conf
create: yes
block: |
nginx-plus: {
URL: {{ repository }}
ENABLED: yes
MIRROR_TYPE: SRV
}
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
- name: "(FreeBSD) Install NGINX Plus"
pkgng:
name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler) Start NGINX"

9
tasks/plus/install-plus-bsd.yml
View File

@ -1,9 +0,0 @@
---
- include_tasks: "{{ role_path }}/tasks/plus/setup-bsd.yml"
when: ansible_os_family == "FreeBSD"
- name: "(Install: FreeBSD) Install NGINX Plus"
pkgng:
name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler: All OSs) Start NGINX"

19
tasks/plus/install-plus-linux.yml
View File

@ -1,19 +0,0 @@
---
- name: "(Setup: Linux) Setup NGINX Plus Repository"
include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml"
when: ansible_os_family == "Alpine"
or ansible_os_family == "Debian"
or ansible_os_family == "RedHat"
or ansible_os_family == "Suse"
- name: "(Install: Linux) Modify Service for Systemd"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
when:
- ansible_service_mgr == "systemd"
- nginx_service_modify | bool
- name: "(Install: Linux) Install NGINX Plus"
package:
name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler: All OSs) Start NGINX"

24
tasks/plus/install-plus.yml
View File

@ -1,11 +1,19 @@
---
- name: "(Install: All OSs) Setup license"
include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml"
- name: "Install NGINX Plus"
debug:
msg: "Installing NGINX Plus"
when: nginx_debug_tasks | bool
- name: "(Install: Linux) Install NGINX Plus"
include_tasks: "{{ role_path }}/tasks/plus/install-plus-linux.yml"
when: ansible_os_family in nginx_plus_linux_families
- name: "Set NGINX Plus repository"
set_fact:
repository: >-
{{ nginx_repository |
default(nginx_plus_default_repository[(ansible_facts['distribution'] == 'Amazon') | ternary('amazon', ansible_facts['os_family'] | lower)]) }}
- name: "(Install: FreeBSD) Install NGINX Plus"
include_tasks: "{{ role_path }}/tasks/plus/install-plus-bsd.yml"
when: ansible_system in nginx_plus_bsd_systems
- name: "Install NGINX from repository"
include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml"
- name: "Install NGINX Plus"
debug:
msg: "Done installing NGINX Plus"
when: nginx_debug_tasks | bool

21
tasks/plus/install-redhat.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Configure NGINX Plus repository"
yum_repository:
name: nginx-plus
baseurl: "{{ repository }}"
description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
sslclientkey: /etc/ssl/nginx/nginx-repo.key
enabled: yes
gpgcheck: yes
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Install NGINX Plus"
yum:
name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
disablerepo: "*"
enablerepo: "nginx-plus"
update_cache: yes
notify: "(Handler) Start NGINX"

19
tasks/plus/install-suse.yml Normal file
View File

@ -0,0 +1,19 @@
---
- name: "(SLES) Combine NGINX Plus certificate and license key"
assemble:
src: /etc/ssl/nginx
dest: /etc/ssl/nginx/nginx-repo-bundle.crt
mode: 0444
- name: "(SLES) Configure NGINX Plus repository"
zypper_repository:
name: nginx-plus
repo: "{{ repository }}"
state: "{{ nginx_license_status | default ('present') }}"
- name: "(SLES) Install NGINX Plus"
zypper:
name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
update_cache: yes
notify: "(Handler) Start NGINX"

22
tasks/plus/remove-license.yml Normal file
View File

@ -0,0 +1,22 @@
---
- name: "Set NGINX Plus license state"
set_fact:
nginx_license_status: absent
- name: "(Debian/Red Hat/SLES OSs) Delete NGINX Plus license"
file:
path: /etc/ssl/nginx
state: absent
when: ansible_facts['distribution'] != "Alpine"
- name: "(Alpine Linux) Delete NGINX Plus license"
file:
path: "{{ item }}"
state: absent
loop:
- /etc/apk/cert.key
- /etc/apk/cert.pem
when: ansible_facts['distribution'] == "Alpine"
- name: "Delete NGINX Plus repository data"
include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml"

7
tasks/plus/setup-alpine.yml
View File

@ -1,7 +0,0 @@
---
- name: "(Setup: Alpine Linux) Setup NGINX Plus Repository"
lineinfile:
path: /etc/apk/repositories
insertafter: EOF
line: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main"
state: "{{ nginx_license_status | default ('present') }}"

28
tasks/plus/setup-license.yml
View File

@ -1,13 +1,18 @@
---
- name: "(Setup: All OSs Besides Alpine Linux) Setup NGINX Plus License"
- name: "Set up NGINX Plus license"
debug:
msg: "Setting up NGINX Plus license"
when: nginx_debug_tasks | bool
- name: "(Debian/Red Hat/SLES OSs) Set up NGINX Plus license"
block:
- name: "(Setup: All OSs Besides Alpine Linux) Create SSL Directory"
- name: "(Debian/Red Hat/SLES OSs) Create SSL directory"
file:
path: /etc/ssl/nginx
state: directory
mode: 0755
- name: "(Setup: All OSs Besides Alpine Linux) Copy NGINX Plus Certificate and License Key"
- name: "(Debian/Red Hat/SLES OSs) Copy NGINX Plus certificate and license key"
copy:
src: "{{ item }}"
dest: /etc/ssl/nginx
@ -16,27 +21,32 @@
loop:
- "{{ nginx_license.certificate }}"
- "{{ nginx_license.key }}"
when: ansible_distribution != "Alpine"
when: ansible_facts['os_family'] != "Alpine"
- name: "(Setup: Alpine Linux) Setup NGINX Plus License"
- name: "(Alpine Linux) Set up NGINX Plus license"
block:
- name: "(Setup: Alpine Linux) Create APK Directory"
- name: "(Alpine Linux) Create APK directory"
file:
path: /etc/apk
state: directory
mode: 0755
- name: "(Setup: Alpine Linux) Copy NGINX Plus Key"
- name: "(Alpine Linux) Copy NGINX Plus key"
copy:
src: "{{ nginx_license.key }}"
dest: /etc/apk/cert.key
decrypt: yes
mode: 0444
- name: "(Setup: Alpine Linux) Copy NGINX Plus Certificate"
- name: "(Alpine Linux) Copy NGINX Plus certificate"
copy:
src: "{{ nginx_license.certificate }}"
dest: /etc/apk/cert.pem
decrypt: yes
mode: 0444
when: ansible_distribution == "Alpine"
when: ansible_facts['os_family'] == "Alpine"
- name: "Set up NGINX Plus license"
debug:
msg: "Done setting up NGINX Plus license"
when: nginx_debug_tasks | bool

30
tasks/plus/setup-redhat.yml
View File

@ -1,30 +0,0 @@
---
- name: "(Setup: CentOS/RedHat/Oracle Linux) Setup NGINX Plus Repository"
yum_repository:
name: nginx-plus
baseurl: >-
https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0)
| ternary('7.4', ansible_distribution_major_version | int) }}/$basearch/
description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
sslclientkey: /etc/ssl/nginx/nginx-repo.key
enabled: yes
gpgcheck: yes
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
when: ansible_distribution != "Amazon"
- name: "(Setup: Amazon Linux) Setup NGINX Plus Repository"
yum_repository:
name: nginx-plus
baseurl: >-
https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == '2')
| ternary('2', '') }}/$releasever/$basearch
description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
sslclientkey: /etc/ssl/nginx/nginx-repo.key
enabled: yes
gpgcheck: yes
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
when: ansible_distribution == "Amazon"

12
tasks/plus/setup-suse.yml
View File

@ -1,12 +0,0 @@
---
- name: "(Setup: SUSE) Setup NGINX Plus Certificate and License Keys"
assemble:
src: /etc/ssl/nginx
dest: /etc/ssl/nginx/nginx-repo-bundle.crt
mode: 0444
- name: "(Setup: SUSE) Setup NGINX Plus Repository"
zypper_repository:
name: nginx-plus
repo: "https://plus-pkgs.nginx.com/sles/{{ ansible_distribution_major_version }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host"
state: "{{ nginx_license_status | default ('present') }}"

37
tasks/prerequisites/install-dependencies.yml Normal file
View File

@ -0,0 +1,37 @@
---
- name: "(Alpine Linux) Install dependencies"
apk:
name: "{{ nginx_alpine_dependencies }}"
update_cache: yes
when: ansible_facts['os_family'] == "Alpine"
- name: "(Debian/Ubuntu) Install dependencies"
apt:
name: "{{ nginx_debian_dependencies }}"
update_cache: yes
when: ansible_facts['os_family'] == "Debian"
- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies"
yum:
name: "{{ nginx_redhat_dependencies }}"
when: ansible_facts['os_family'] == "RedHat"
- name: "(SLES) Install dependencies"
zypper:
name: "{{ nginx_sles_dependencies }}"
when: ansible_facts['os_family'] == "Suse"
- name: "(FreeBSD) Install dependencies"
block:
- name: "(FreeBSD) Install dependencies using package(s)"
pkgng:
name: "{{ nginx_freebsd_dependencies }}"
when: nginx_bsd_install_packages | bool
- name: "(FreeBSD) Install dependencies using port(s)"
portinstall:
name: "{{ item }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
loop: "{{ nginx_freebsd_dependencies }}"
when: not nginx_bsd_install_packages | bool
when: ansible_facts['distribution'] == "FreeBSD"

38
tasks/prerequisites/prerequisites.yml Normal file
View File

@ -0,0 +1,38 @@
---
- name: "Install dependencies"
debug:
msg: "Installing dependencies"
when: nginx_debug_tasks | bool
- name: "Install dependencies"
include_tasks: "{{ role_path }}/tasks/prerequisites/install-dependencies.yml"
- name: "Install dependencies"
debug:
msg: "Done installing dependencies"
when: nginx_debug_tasks | bool
- name: "Set up SELinux"
block:
- name: "Set up SELinux"
debug:
msg: "Setting up SELinux"
when: nginx_debug_tasks | bool
- name: "Check if SELinux is enabled"
debug:
msg: "You need to enable SELinux, if it was disabled you need to reboot"
when: ansible_facts['selinux'] is undefined
- name: "Configure SELinux"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
when: ansible_facts['selinux.mode'] is defined
- name: "Set up SELinux"
debug:
msg: "Done setting up SELinux"
when: nginx_debug_tasks | bool
when:
- nginx_selinux | bool
- ansible_facts['os_family'] in ['RedHat', 'Suse']
- ansible_facts['distribution'] not in ['Amazon', 'OracleLinux']

1
tasks/prerequisites/setup-alpine.yml
View File

@ -1 +0,0 @@
---

7
tasks/prerequisites/setup-debian.yml
View File

@ -1,7 +0,0 @@
---
- name: "(Setup: Debian/Ubuntu) Install Required Debian and Ubuntu Dependencies"
apt:
name:
- apt-transport-https
- dirmngr
update_cache: yes

14
tasks/prerequisites/setup-freebsd.yml
View File

@ -1,14 +0,0 @@
---
- name: "(Setup: FreeBSD) Install Required Dependencies"
block:
- name: "(Setup: FreeBSD) Install Extra Package(s)"
pkgng:
name: "{{ nginx_freebsd_extra_packages }}"
when: nginx_bsd_install_packages | bool
- name: "(Setup: FreeBSD) Install Extra Port(s)"
portinstall:
name: "{{ item }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
loop: "{{ nginx_freebsd_extra_packages }}"
when: not nginx_bsd_install_packages | bool

6
tasks/prerequisites/setup-redhat.yml
View File

@ -1,6 +0,0 @@
---
- name: "(Setup: RedHat/CentOS) Setup SELinux"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
when:
- nginx_selinux | bool
- ansible_selinux.mode is defined

84
tasks/prerequisites/setup-selinux.yml
View File

@ -1,50 +1,42 @@
---
- name: "(Setup: SELinux) Install Required CentOS/RHEL 6/7 Dependencies"
package:
name:
- policycoreutils-python
- setools
state: present
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version != "8"
- name: "(CentOS/RHEL) Install dependencies"
block:
- name: "(CentOS/RHEL 6/7) Install dependencies"
yum:
name:
- policycoreutils-python
- setools
when: ansible_facts['distribution_major_version'] is version('8', '!=')
- name: "(Setup: SELinux) Install Required CentOS/RHEL 8 Dependencies"
package:
name:
- selinux-policy-targeted
- libselinux-utils
- policycoreutils
state: present
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "8"
- name: "(CentOS/RHEL 8) Install dependencies"
yum:
name:
- libselinux-utils
- policycoreutils
- selinux-policy-targeted
when: ansible_facts['distribution_major_version'] is version('8', '==')
when: ansible_facts['os_family'] == "RedHat"
- name: "(Setup: SELinux) Check if SELinux is Enabled"
debug:
msg: "You need to enable selinux, if it was disabled you need to reboot"
when: ansible_selinux is undefined
- name: "(Setup: SELinux) Setup Permissive SELinux"
- name: "Set SELinux mode to permissive"
selinux:
state: permissive
policy: targeted
changed_when: false
when: ansible_selinux.mode == "enforcing"
when: ansible_facts['selinux.mode'] == "enforcing"
- name: "(Setup: SELinux) Allow HTTP Network Connection"
- name: "Allow SELinux HTTP network connections"
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
- name: "(Setup: SELinux) Allow HTTP Relay Connection"
- name: "Allow SELinux HTTP network connections"
seboolean:
name: httpd_can_network_relay
state: yes
persistent: yes
- name: "(Setup: SELinux) Allow Status Ports"
- name: "Allow SELinux TCP connections on status ports"
seport:
ports: "{{ nginx_status_port }}"
proto: tcp
@ -52,7 +44,7 @@
state: present
when: nginx_status_port is defined
- name: "(Setup: SELinux) Allow Rest API Ports"
- name: "Allow SELinux TCP connections on Rest API ports"
seport:
ports: "{{ nginx_rest_api_port }}"
proto: tcp
@ -60,7 +52,7 @@
state: present
when: nginx_rest_api_port is defined
- name: "(Setup: SELinux) Allow Specific TCP Ports"
- name: "Allow SELinux TCP connections on specific ports"
seport:
ports: "{{ nginx_selinux_tcp_ports }}"
proto: tcp
@ -68,7 +60,7 @@
state: present
when: nginx_selinux_tcp_ports is defined
- name: "(Setup: SELinux) Allow Specific UDP Ports"
- name: "Allow SELinux UDP connections on specific ports"
seport:
ports: "{{ nginx_selinux_udp_ports }}"
proto: udp
@ -76,35 +68,35 @@
state: present
when: nginx_selinux_udp_ports is defined
- name: "(Setup: SELinux) Create NGINX Plus Module"
- name: "Create SELinux NGINX Plus Module"
template:
src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2"
dest: "{{ nginx_tempdir }}/nginx-plus-module.te"
dest: "{{ nginx_selinux_tempdir }}/nginx-plus-module.te"
mode: 0644
register: nginx_selinux_module
- name: "(Setup: SELinux) Check NGINX Plus Module"
command: "checkmodule -M -m -o {{ nginx_tempdir }}/nginx-plus-module.mod {{ nginx_tempdir }}/nginx-plus-module.te"
- name: "Check SELinux NGINX Plus Module"
command: "checkmodule -M -m -o {{ nginx_selinux_tempdir }}/nginx-plus-module.mod {{ nginx_selinux_tempdir }}/nginx-plus-module.te"
args:
creates: "{{ nginx_tempdir }}/nginx-plus-module.mod"
creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.mod"
changed_when: false
- name: "(Setup: SELinux) Compile NGINX Plus Module"
command: "semodule_package -o {{ nginx_tempdir }}/nginx-plus-module.pp -m {{ nginx_tempdir }}/nginx-plus-module.mod"
- name: "Compile SELinux NGINX Plus Module"
command: "semodule_package -o {{ nginx_selinux_tempdir }}/nginx-plus-module.pp -m {{ nginx_selinux_tempdir }}/nginx-plus-module.mod"
args:
creates: "{{ nginx_tempdir }}/nginx-plus-module.pp"
creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.pp"
changed_when: false
- name: "(Setup: SELinux) Import NGINX Plus Module"
command: "semodule -i {{ nginx_tempdir }}/nginx-plus-module.pp" # noqa 503
- name: "Import SELinux NGINX Plus Module"
command: "semodule -i {{ nginx_selinux_tempdir }}/nginx-plus-module.pp" # noqa 503
changed_when: false
when: nginx_selinux_module.changed
when: nginx_selinux_module.changed | bool
- name: "(Setup: SELinux) Enforce SELinux"
- name: "Set SELinux mode to enforcing"
selinux:
state: enforcing
policy: targeted
changed_when: false
when:
- nginx_selinux_enforcing
- ansible_selinux.mode == "permissive"
- nginx_selinux_enforcing | bool
- ansible_facts['selinux.mode'] == "permissive"

6
tasks/prerequisites/setup-suse.yml
View File

@ -1,6 +0,0 @@
---
- name: "(Setup: SUSE) Setup SELinux"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
when:
- nginx_selinux | bool
- ansible_selinux.mode is defined

9
tasks/unit/install-modules.yml
View File

@ -1,16 +1,17 @@
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
---
- name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit Modules"
- name: "(Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit Modules"
package:
name: "{{ item }}"
state: present
loop: "{{ nginx_unit_modules }}"
when: ansible_os_family != "FreeBSD"
when: ansible_facts['os_family'] != "FreeBSD"
notify: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit"
- name: "(Install: FreeBSD) Install NGINX Unit Modules"
- name: "(FreeBSD) Install NGINX Unit Modules"
portinstall:
name: "{{ item }}"
state: present
loop: "{{ nginx_unit_modules }}"
when: ansible_os_family == "FreeBSD"
when: ansible_facts['os_family'] == "FreeBSD"
notify: "(Handler: FreeBSD) Start NGINX Unit"

25
tasks/unit/install-unit.yml
View File

@ -1,24 +1,29 @@
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
---
- name: "(Setup: All OSs) Configure NGINX Unit Repository"
include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_os_family | lower }}.yml"
when: ansible_os_family == "Debian"
or ansible_os_family == "RedHat"
or ansible_os_family == "FreeBSD"
- name: "Deprecation warning"
debug:
msg: "DEPRECATED TASKS -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)"
- name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit"
- name: "(DEPRECATED) Configure NGINX Unit Repository"
include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_facts['os_family'] | lower }}.yml"
when: ansible_facts['os_family'] == "Debian"
or ansible_facts['os_family'] == "RedHat"
or ansible_facts['os_family'] == "FreeBSD"
- name: "(DEPRECATED) Install NGINX Unit"
package:
name: unit
state: present
when: ansible_os_family != "FreeBSD"
when: ansible_facts['os_family'] != "FreeBSD"
notify: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit"
- name: "(Install: FreeBSD) Install NGINX Unit"
- name: "(DEPRECATED) Install NGINX Unit"
portinstall:
name: unit
state: present
when: ansible_os_family == "FreeBSD"
when: ansible_facts['os_family'] == "FreeBSD"
notify: "(Handler: FreeBSD) Start NGINX Unit"
- name: "(Install: All OSs) Install NGINX Unit modules"
- name: "(DEPRECATED) Install NGINX Unit modules"
include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml"
when: nginx_unit_modules is defined

7
tasks/unit/setup-debian.yml
View File

@ -1,8 +1,9 @@
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
---
- name: "(Install: Debian/Ubuntu) Add NGINX Unit Repository"
- name: "(DEPRECATED) Add NGINX Unit Repository"
apt_repository:
repo: "{{ item }}"
mode: 0644
loop:
- deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit
- deb-src https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit
- deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_facts['distribution']|lower }}/ {{ ansible_facts['distribution_release'] }} unit
- deb-src https://packages.nginx.org/unit/{{ ansible_facts['distribution']|lower }}/ {{ ansible_facts['distribution_release'] }} unit

5
tasks/unit/setup-freebsd.yml
View File

@ -1,10 +1,11 @@
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
---
- name: "(Install: FreeBSD) Fetch Ports"
- name: "(DEPRECATED) Fetch Ports"
command: portsnap fetch --interactive
args:
creates: /var/db/portsnap/INDEX
- name: "(Install: FreeBSD) Extract Ports"
- name: "(DEPRECATED) Extract Ports"
command: portsnap extract
args:
creates: /usr/ports

13
tasks/unit/setup-redhat.yml
View File

@ -1,20 +1,21 @@
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
---
- name: "(Install: CentOS/RedHat) Add NGINX Unit Repository"
- name: "(DEPRECATED) Add NGINX Unit Repository"
yum_repository:
name: unit
baseurl: https://packages.nginx.org/unit/{{ (ansible_distribution == "RedHat") | ternary('rhel/', 'centos/') }}$releasever/$basearch/
baseurl: https://packages.nginx.org/unit/{{ (ansible_facts['distribution'] == "RedHat") | ternary('rhel/', 'centos/') }}$releasever/$basearch/
description: NGINX Unit Repository
enabled: yes
gpgcheck: yes
mode: 0644
when: ansible_distribution != "Amazon"
when: ansible_facts['distribution'] != "Amazon"
- name: "(Install: Amazon Linux) Add NGINX Unit Repository"
- name: "(DEPRECATED) Add NGINX Unit Repository"
yum_repository:
name: unit
baseurl: https://packages.nginx.org/unit/amzn{{ (ansible_distribution_version == "2") | ternary('2', '') }}/$releasever/$basearch/
baseurl: https://packages.nginx.org/unit/amzn{{ (ansible_facts['distribution_version'] == "2") | ternary('2', '') }}/$releasever/$basearch/
description: NGINX Unit Repository
enabled: yes
gpgcheck: yes
mode: 0644
when: ansible_distribution == "Amazon"
when: ansible_facts['distribution'] == "Amazon"

2
templates/logrotate/nginx.j2
View File

@ -6,7 +6,7 @@
{{ option }}
{% endfor %}
postrotate
{% if ansible_os_family == "Debian" %}
{% if ansible_facts['os_family'] == "Debian" %}
if [ -f /var/run/nginx.pid ]; then
kill -USR1 `cat /var/run/nginx.pid`
fi

120
vars/main.yml
View File

@ -1,27 +1,97 @@
---
nginx_modules_list:
- geoip
- image-filter
- njs
- perl
- xslt
# Supported NGINX Open Source distributions
# https://nginx.org/en/docs/install.html
nginx_distributions: [
'Alpine', 'CentOS', 'Debian', 'FreeBSD', 'RedHat', 'SLES', 'Ubuntu',
'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD',
]
nginx_plus_modules_list:
- auth-spnego
- brotli
- cookie-flag
- encrypted-session
- geoip
- geoip2
- headers-more
- image-filter
- lua
- modsecurity
- njs
- opentracing
- passenger
- perl
- prometheus
- rtmp
- subs-filter
- xslt
# Supported NGINX Plus distributions
# https://docs.nginx.com/nginx/technical-specs/
nginx_plus_distributions: [
'Alpine', 'Amazon', 'CentOS', 'Debian', 'FreeBSD', 'OracleLinux', 'RedHat', 'SLES', 'Ubuntu',
]
# Default NGINX signing key
nginx_default_signing_key:
rsa_pub: https://nginx.org/keys/nginx_signing.rsa.pub
pgp: https://nginx.org/keys/nginx_signing.key
# Default NGINX Open Source repositories
nginx_default_repository:
alpine: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main
debian:
- >-
deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx
- >-
deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx
redhat: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ (ansible_facts['distribution'] == "CentOS")
| ternary('centos', 'rhel') }}/{{ ansible_facts['distribution_major_version'] }}/$basearch/
suse: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}sles/{{ ansible_facts['distribution_major_version'] }}
# Default NGINX Plus repositories
nginx_plus_default_repository:
alpine: >-
https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main
amazon: >-
https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '=='))
| ternary('2', '') }}/$releasever/$basearch
debian: >-
deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus
freebsd: >-
https://plus-pkgs.nginx.com/freebsd/${ABI}/latest
redhat: >-
https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == "CentOS")
| ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/
suse: >-
https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host
# Alpine dependencies
nginx_alpine_dependencies: [
'coreutils', 'openssl', 'pcre',
]
# Debian dependencies
nginx_debian_dependencies: [
'apt-transport-https', 'ca-certificates', 'dirmngr',
]
# Red Hat dependencies
nginx_redhat_dependencies: [
'ca-certificates', 'openssl',
]
# SLES dependencies
nginx_sles_dependencies: [
'ca-certificates',
]
# FreeBSD dependencies
nginx_freebsd_dependencies: [
'security/ca_root_nss'
]
# Default locations and versions when 'nginx_install_from' is set to 'source'
pcre_version: pcre-8.44
zlib_version: zlib-1.2.11
openssl_version: openssl-1.1.1g
# Supported NGINX Open Source modules
nginx_modules_list: [
'geoip', 'image-filter', 'njs', 'perl', 'xslt',
]
# Supported NGINX Plus modules
nginx_plus_modules_list: [
'auth-spnego', 'brotli', 'cookie-flag', 'encrypted-session', 'geoip', 'geoip2', 'headers-more', 'image-filter', 'lua',
'modsecurity', 'njs', 'opentracing', 'passenger', 'perl', 'prometheus', 'rtmp', 'subs-filter', 'xslt',
]