Add basic assertions (#319)
This commit is contained in:
parent
856a9c93bf
commit
17b5c87d71
2
.github/ISSUE_TEMPLATE/bug_report.md
vendored
2
.github/ISSUE_TEMPLATE/bug_report.md
vendored
@ -20,7 +20,7 @@ Steps to reproduce the behavior:
|
||||
A clear and concise description of what you expected to happen.
|
||||
|
||||
**Your environment:**
|
||||
- Version of the NGINX Role or specific commit
|
||||
- Version of the NGINX role or specific commit
|
||||
- Version of Ansible
|
||||
- Target deployment platform
|
||||
|
||||
|
2
.github/pull_request_template.md
vendored
2
.github/pull_request_template.md
vendored
@ -4,7 +4,7 @@ Describe the use case and detail of the change. If this PR addresses an issue on
|
||||
### Checklist
|
||||
Before creating a PR, run through this checklist and mark each as complete.
|
||||
|
||||
- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx/blob/master/CONTRIBUTING.md) document
|
||||
- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx/blob/main/CONTRIBUTING.md) document
|
||||
- [ ] I have added Molecule tests that prove my fix is effective or that my feature works
|
||||
- [ ] I have checked that all Molecule tests pass after adding my changes
|
||||
- [ ] I have updated any relevant documentation (`defaults/main/*.yml`, `README.md` and `CHANGELOG.md`)
|
||||
|
12
.travis.yml
12
.travis.yml
@ -6,7 +6,7 @@ jobs:
|
||||
- name: "(Debian/Ubuntu) Install Specific Version"
|
||||
env:
|
||||
scenario: default
|
||||
- name: "(Alpine) Install Specific Version"
|
||||
- name: "(Alpine Linux) Install Specific Version"
|
||||
env:
|
||||
scenario: default_alpine
|
||||
- name: "(CentOS) Install Specific Version"
|
||||
@ -15,7 +15,7 @@ jobs:
|
||||
- name: "(Debian/Ubuntu) Install Modules"
|
||||
env:
|
||||
scenario: module
|
||||
- name: "(Alpine) Install Modules"
|
||||
- name: "(Alpine Linux) Install Modules"
|
||||
env:
|
||||
scenario: module_alpine
|
||||
- name: "(CentOS) Install Modules"
|
||||
@ -24,7 +24,7 @@ jobs:
|
||||
- name: "(Debian/Ubuntu) Install Stable Branch and Push Configuration"
|
||||
env:
|
||||
scenario: stable_push
|
||||
- name: "(Alpine) Install Stable Branch and Push Configuration"
|
||||
- name: "(Alpine Linux) Install Stable Branch and Push Configuration"
|
||||
env:
|
||||
scenario: stable_push_alpine
|
||||
- name: "(CentOS) Install Stable Branch and Push Configuration"
|
||||
@ -33,7 +33,7 @@ jobs:
|
||||
- name: "(Debian/Ubuntu) Use Template Setting"
|
||||
env:
|
||||
scenario: template
|
||||
- name: "(Alpine) Use Template Setting"
|
||||
- name: "(Alpine Linux) Use Template Setting"
|
||||
env:
|
||||
scenario: template_alpine
|
||||
- name: "(CentOS) Use Template Setting"
|
||||
@ -42,7 +42,7 @@ jobs:
|
||||
- name: "(Debian/Ubuntu) Install NGINX Unit"
|
||||
env:
|
||||
scenario: unit
|
||||
- name: "(Alpine) Install NGINX Unit"
|
||||
- name: "(Alpine Linux) Install NGINX Unit"
|
||||
env:
|
||||
scenario: unit_alpine
|
||||
- name: "(CentOS) Install NGINX Unit"
|
||||
@ -51,7 +51,7 @@ jobs:
|
||||
- name: "(Debian/Ubuntu) Install from Source"
|
||||
env:
|
||||
scenario: source
|
||||
- name: "(Alpine) Install from Source"
|
||||
- name: "(Alpine Linux) Install from Source"
|
||||
env:
|
||||
scenario: source_alpine
|
||||
- name: "(CentOS) Install from Source"
|
||||
|
21
CHANGELOG.md
21
CHANGELOG.md
@ -4,21 +4,32 @@
|
||||
|
||||
BREAKING CHANGES:
|
||||
|
||||
* The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/master/vars/main.yml).
|
||||
* The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml).
|
||||
* Modules can no longer be added to your NGINX config using this role. Please use the [`nginx_config`](https://github.com/nginxinc/ansible-role-nginx-config) role instead.
|
||||
* Changed `nginx_configure` default value from `true` to `false` to further promote the adoption of the [NGINX config](https://github.com/nginxinc/ansible-role-nginx-config) role.
|
||||
|
||||
FEATURES:
|
||||
|
||||
* Add Alpine 3.12 to the list of supported platforms
|
||||
* Remove Alpine 3.8 from the list of supported platforms
|
||||
* Two new variables have been introduced:
|
||||
* `nginx_setup_license` -- Determine whether you want to use this role to upload your NGINX license to your target host.
|
||||
* `nginx_debug_tasks` -- Print task related information to give you a better insight into the current progress of the role.
|
||||
* The role will now fail automatically if you try to deploy NGINX from an official repository in an unsupported distribution. You can find a list of supported distributions for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml)
|
||||
* Three new tags have been introduced -- `nginx_setup_license`, `nginx_install` and `nginx_check_support`.
|
||||
* Add Alpine 3.12 to the list of supported platforms.
|
||||
* Remove Alpine 3.8 from the list of supported platforms.
|
||||
|
||||
ENHANCEMENTS:
|
||||
|
||||
* Major backend refactoring to reduce the number of files and tasks.
|
||||
* You can now specify an `nginx_repository` for NGINX Plus too.
|
||||
* Moved "constant" variables to `vars/main.yml`.
|
||||
* Included deprecation warnings in task names and files.
|
||||
* Improved tasks naming conventions.
|
||||
* Update Ansible to `2.9.13` and Ansible Lint to `4.3.4`.
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* NGINX Plus repository data for RedHat based distros is now appropriately set.
|
||||
* NGINX Plus repository data for RHEL based distros is now appropriately set.
|
||||
|
||||
## 0.16.0 (August 28, 2020)
|
||||
|
||||
@ -47,7 +58,7 @@ DEPRECATION WARNING:
|
||||
With the advent of Ansible collections and to reduce the overhead of this role, the decision has been made to split this role into three smaller roles:
|
||||
* The NGINX Ansible role will keep working as is and be used to install and setup NGINX.
|
||||
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release.
|
||||
* NGINX Unit has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
|
||||
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
|
||||
|
||||
BREAKING CHANGES:
|
||||
|
||||
|
@ -14,25 +14,26 @@ The following is a set of guidelines for contributing to the NGINX Ansible role.
|
||||
* [Git Guidelines](#git-guidelines)
|
||||
* [Ansible Guidelines](#ansible-guidelines)
|
||||
|
||||
[Code of Conduct](https://github.com/nginxinc/ansible-role-nginx/blob/master/CODE_OF_CONDUCT.md)
|
||||
[Code of Conduct](https://github.com/nginxinc/ansible-role-nginx/blob/main/CODE_OF_CONDUCT.md)
|
||||
|
||||
## Ask a Question
|
||||
|
||||
Don't know how something works? Curious if the role can achieve your desired functionality. Please open an Issue on GitHub with the label `question`.
|
||||
Don't know how something works? Curious if the role can achieve your desired functionality? Please open an Issue on GitHub with the label `question`.
|
||||
|
||||
## Getting Started
|
||||
|
||||
Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx/blob/master/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Ansible role.
|
||||
Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx/blob/main/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Ansible role.
|
||||
|
||||
### Project Structure
|
||||
|
||||
* The NGINX Ansible role is written in `yaml` and supports NGINX Open Source, NGINX Plus, NGINX Amplify, and NGINX Unit.
|
||||
* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html)
|
||||
* The main code is found in `tasks/`
|
||||
* The main variables can be found in `defaults/main/*.yml`
|
||||
* Configuration templates for NGINX can be found in `templates/`
|
||||
* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html):
|
||||
* The main code is found in `tasks/`.
|
||||
* Variables can be found in `defaults/main/*.yml`.
|
||||
* "Constant" variables can be found in `vars/main.yml`.
|
||||
* Configuration templates for NGINX can be found in `templates/`.
|
||||
* [Molecule](https://molecule.readthedocs.io/) tests can be found in `molecule/`.
|
||||
* CI/CD is done via Travis using `.travis.yml` deployment yaml files
|
||||
* CI/CD is done via Travis using `.travis.yml` deployment `yaml` files.
|
||||
|
||||
## Contributing
|
||||
|
||||
@ -46,8 +47,8 @@ To suggest an enhancement, please create an issue on GitHub with the label `enha
|
||||
|
||||
### Open a Pull Request
|
||||
|
||||
* Fork the repo, create a branch, submit a PR when your changes are **tested** (ideally using Molecule) and ready for review
|
||||
* Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx/blob/master/.github/PULL_REQUEST_TEMPLATE.md)
|
||||
* Fork the repo, create a branch, submit a PR when your changes are **tested** (ideally using Molecule) and ready for review.
|
||||
* Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx/blob/main/.github/PULL_REQUEST_TEMPLATE.md).
|
||||
|
||||
Note: if you’d like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature.
|
||||
|
||||
@ -63,10 +64,10 @@ Note: if you’d like to implement a new feature, please consider creating a fea
|
||||
|
||||
### Git Guidelines
|
||||
|
||||
* Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR
|
||||
* Follow the guidelines of writing a good commit message as described here <https://chris.beams.io/posts/git-commit/> and summarised in the next few points
|
||||
* In the subject line, use the present tense ("Add feature" not "Added feature")
|
||||
* In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...")
|
||||
* Limit the subject line to 72 characters or less
|
||||
* Reference issues and pull requests liberally after the subject line
|
||||
* Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`)
|
||||
* Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR.
|
||||
* Follow the guidelines of writing a good commit message as described here <https://chris.beams.io/posts/git-commit/> and summarised in the next few points:
|
||||
* In the subject line, use the present tense ("Add feature" not "Added feature").
|
||||
* In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...").
|
||||
* Limit the subject line to 72 characters or less.
|
||||
* Reference issues and pull requests liberally after the subject line.
|
||||
* Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`).
|
||||
|
32
README.md
32
README.md
@ -10,8 +10,10 @@ This role installs NGINX Open Source, NGINX Plus, the NGINX Amplify agent, or NG
|
||||
|
||||
**Deprecation Warnings:**
|
||||
|
||||
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX configuration functionalities included in this role will be removed in an upcoming release.
|
||||
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX Unit functionalities included in this role will be removed in an upcoming release.
|
||||
With the advent of Ansible collections and to reduce the overhead of this role, the decision has been made to split this role into three smaller roles:
|
||||
* The NGINX Ansible role will keep working as is and be used to install and setup NGINX.
|
||||
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release.
|
||||
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
@ -42,7 +44,7 @@ Use `git clone https://github.com/nginxinc/ansible-role-nginx.git` to pull the l
|
||||
Platforms
|
||||
---------
|
||||
|
||||
The NGINX Ansible role supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html#mainline), [NGINX Plus](https://www.nginx.com/products/technical-specs/), the [NGINX Amplify agent](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-faq.md#21-what-operating-systems-are-supported), and [NGINX Unit](https://unit.nginx.org/installation/#official-packages):
|
||||
The NGINX Ansible role supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html), [NGINX Plus](https://docs.nginx.com/nginx/technical-specs/), the [NGINX Amplify agent](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-faq.md#21-what-operating-systems-are-supported), and [NGINX Unit](https://unit.nginx.org/installation/#official-packages) (you can also use this role to compile NGINX Open Source from source or install it on BSD systems at your own risk):
|
||||
|
||||
**NGINX Open Source**
|
||||
|
||||
@ -54,15 +56,12 @@ Alpine:
|
||||
- 3.12
|
||||
CentOS:
|
||||
- 6
|
||||
- 7
|
||||
- 7.4+
|
||||
- 8
|
||||
Debian:
|
||||
- stretch
|
||||
- buster
|
||||
FreeBSD:
|
||||
- 11.2+
|
||||
- 12
|
||||
RedHat:
|
||||
Red Hat:
|
||||
- 6
|
||||
- 7.4+
|
||||
- 8
|
||||
@ -72,6 +71,7 @@ SUSE/SLES:
|
||||
Ubuntu:
|
||||
- xenial
|
||||
- bionic
|
||||
- eoan
|
||||
- focal
|
||||
```
|
||||
|
||||
@ -82,7 +82,6 @@ Alpine:
|
||||
- 3.9
|
||||
- 3.10
|
||||
- 3.11
|
||||
- 3.12
|
||||
Amazon Linux:
|
||||
- 2018.03
|
||||
Amazon Linux 2:
|
||||
@ -100,7 +99,7 @@ FreeBSD:
|
||||
Oracle Linux:
|
||||
- 6.5+
|
||||
- 7.4+
|
||||
RedHat:
|
||||
Red Hat:
|
||||
- 6.5+
|
||||
- 7.4+
|
||||
- 8
|
||||
@ -110,6 +109,7 @@ SUSE/SLES:
|
||||
Ubuntu:
|
||||
- xenial
|
||||
- bionic
|
||||
- eoan
|
||||
- focal
|
||||
```
|
||||
|
||||
@ -124,7 +124,7 @@ CentOS:
|
||||
Debian:
|
||||
- jessie
|
||||
- stretch
|
||||
RedHat:
|
||||
Red Hat:
|
||||
- 6
|
||||
- 7
|
||||
Ubuntu:
|
||||
@ -147,7 +147,7 @@ CentOS:
|
||||
Debian:
|
||||
- stretch
|
||||
- buster
|
||||
RedHat:
|
||||
Red Hat:
|
||||
- 6
|
||||
- 7
|
||||
- 8
|
||||
@ -160,7 +160,7 @@ Ubuntu:
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
This role has multiple variables. The descriptions and defaults for all these variables can be found in the **`defaults/main`** directory in the following files:
|
||||
This role has multiple variables. The descriptions and defaults for all these variables can be found in the **`defaults/main/`** directory in the following files:
|
||||
|
||||
- **[defaults/main/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/main.yml):** NGINX installation variables
|
||||
- **[defaults/main/amplify.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/amplify.yml):** NGINX Amplify agent installation variables
|
||||
@ -170,14 +170,14 @@ This role has multiple variables. The descriptions and defaults for all these va
|
||||
- **[defaults/main/bsd.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/bsd.yml):** BSD installation variables
|
||||
- **[defaults/main/unit.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/unit.yml):** NGINX Unit installation variables
|
||||
|
||||
Similarly, descriptions and defaults for preset variables can be found in the **`vars`** directory:
|
||||
Similarly, descriptions and defaults for preset variables can be found in the **`vars/`** directory in the following files:
|
||||
|
||||
- **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml):** NGINX supported modules
|
||||
- **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml):** List of supported NGINX platforms and modules
|
||||
|
||||
Example Playbooks
|
||||
-----------------
|
||||
|
||||
Working functional playbook examples can be found in the **`molecule/common`** directory in the following files:
|
||||
Working functional playbook examples can be found in the **`molecule/common/`** directory in the following files:
|
||||
|
||||
- **[molecule/common/playbooks/default_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/default_converge.yml):** Install a specific version of NGINX and set up logrotate
|
||||
- **[molecule/common/playbooks/module_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/module_converge.yml):** Install various NGINX supported modules
|
||||
|
@ -1,11 +1,4 @@
|
||||
---
|
||||
# Supported distributions
|
||||
nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD']
|
||||
|
||||
# Supported distributions NGINX Plus
|
||||
# https://docs.nginx.com/nginx/technical-specs/
|
||||
nginx_plus_bsd_systems: ['FreeBSD']
|
||||
|
||||
# Choose to install BSD packages or ports.
|
||||
# Options are true for packages or false for ports.
|
||||
# Default is true.
|
||||
@ -21,6 +14,3 @@ nginx_bsd_update_ports: true
|
||||
# Options are true for use packages or false for do not use packages.
|
||||
# Default is true.
|
||||
nginx_bsd_portinstall_use_packages: true
|
||||
|
||||
# FreeBSD extra packages
|
||||
nginx_freebsd_extra_packages: ['security/ca_root_nss']
|
||||
|
@ -1,13 +0,0 @@
|
||||
---
|
||||
# Supported distributions
|
||||
nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
|
||||
|
||||
# Supported distributions NGINX Plus
|
||||
# https://docs.nginx.com/nginx/technical-specs/
|
||||
# RedHat={Amazon,CentOS,OracleLinux,RHEL} Debian={Ubuntu,Debian}
|
||||
nginx_plus_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
|
||||
|
||||
# Default locations and versions when 'nginx_install_from; is set to 'source'
|
||||
pcre_version: pcre-8.44
|
||||
zlib_version: zlib-1.2.11
|
||||
openssl_version: openssl-1.1.1g
|
@ -8,15 +8,18 @@ nginx_enable: true
|
||||
# Default is true.
|
||||
nginx_install: true
|
||||
|
||||
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
|
||||
# Enable NGINX configuration options.
|
||||
# Variables for these options can be found in `./template.yml` and `./upload.yml`.
|
||||
# Default is true.
|
||||
nginx_configure: true
|
||||
# Default is false.
|
||||
nginx_configure: false
|
||||
|
||||
# Start NGINX service.
|
||||
# Default is true.
|
||||
nginx_start: true
|
||||
|
||||
# Print NGINX task information to terminal during playbook execution.
|
||||
nginx_debug_tasks: false
|
||||
# Print NGINX configuration file to terminal after executing playbook.
|
||||
nginx_debug_output: false
|
||||
|
||||
@ -28,7 +31,7 @@ nginx_type: opensource
|
||||
# Specify which version of NGINX you want to install.
|
||||
# Default is empty.
|
||||
# nginx_version: "=19-1~bionic"
|
||||
# For Plus and modules you'll need a wilcard like below (which installs plus-20 and modules)
|
||||
# For NGINX Plus and modules you'll need a wilcard like below (which installs plus-20 and modules)
|
||||
# nginx_version: "-20*"
|
||||
|
||||
# Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX.
|
||||
@ -60,10 +63,10 @@ nginx_install_source_zlib: false
|
||||
# Default is the official NGINX signing key host.
|
||||
# nginx_signing_key: http://nginx.org/keys/nginx_signing.key
|
||||
|
||||
# Specify source repository for NGINX Open Source.
|
||||
# Only works if 'install_from' is set to 'nginx_repository'.
|
||||
# Specify repository for NGINX Open Source or NGINX Plus.
|
||||
# Only works if 'install_from' is set to 'nginx_repository' when installing NGINX Open Source.
|
||||
# Defaults are the official NGINX repositories.
|
||||
# nginx_repository: deb https://nginx.org/packages/mainline/debian/ stretch nginx
|
||||
# nginx_repository: deb [arch=amd64] https://nginx.org/packages/mainline/debian/ buster nginx
|
||||
|
||||
# Specify which branch of NGINX Open Source you want to install.
|
||||
# Options are 'mainline' or 'stable'.
|
||||
@ -77,9 +80,13 @@ nginx_license:
|
||||
certificate: license/nginx-repo.crt
|
||||
key: license/nginx-repo.key
|
||||
|
||||
# Set up NGINX Plus license before installation.
|
||||
# Default is true.
|
||||
nginx_setup_license: true
|
||||
|
||||
# Remove NGINX Plus license and repository after installation for security purposes.
|
||||
# Default is false.
|
||||
nginx_delete_license: false
|
||||
nginx_remove_license: false
|
||||
|
||||
# Install NGINX Modules.
|
||||
# You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked).
|
||||
@ -104,6 +111,7 @@ nginx_modules: []
|
||||
# - waf # NGINX Plus
|
||||
# - xslt
|
||||
|
||||
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
|
||||
# Remove previously existing NGINX configuration files.
|
||||
# You can specify a list of paths you wish to remove.
|
||||
# You can also choose whether to recurse through the paths specified.
|
||||
@ -116,18 +124,3 @@ nginx_cleanup_config_paths:
|
||||
recurse: false
|
||||
# nginx_cleanup_config_files:
|
||||
# - /etc/nginx/conf.d/default.conf
|
||||
|
||||
# Set SELinux enforcing for NGINX (Centos/Redhat only) - you may need to open ports on your own
|
||||
nginx_selinux: false
|
||||
# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
|
||||
nginx_selinux_enforcing: true
|
||||
# List of TCP ports to add to http_port_t type (80 and 443 have this type already)
|
||||
# nginx_selinux_tcp_ports:
|
||||
# - 80
|
||||
# - 443
|
||||
# List of UDP ports to add to http_port_t type
|
||||
# nginx_selinux_udp_ports:
|
||||
# - 80
|
||||
# - 443
|
||||
# Temporary directory to hold selinux modules
|
||||
nginx_tempdir: /tmp
|
||||
|
15
defaults/main/selinux.yml
Normal file
15
defaults/main/selinux.yml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
# Set SELinux enforcing for NGINX (CentOS/Red Hat only) - you may need to open ports on your own
|
||||
nginx_selinux: false
|
||||
# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
|
||||
nginx_selinux_enforcing: true
|
||||
# List of TCP ports to add to http_port_t type (80 and 443 have this type already)
|
||||
# nginx_selinux_tcp_ports:
|
||||
# - 80
|
||||
# - 443
|
||||
# List of UDP ports to add to http_port_t type
|
||||
# nginx_selinux_udp_ports:
|
||||
# - 80
|
||||
# - 443
|
||||
# Temporary directory to hold selinux modules
|
||||
nginx_selinux_tempdir: /tmp
|
@ -1,3 +1,4 @@
|
||||
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
|
||||
---
|
||||
# Enable creating dynamic templated NGINX HTML demo websites.
|
||||
nginx_html_demo_template_enable: false
|
||||
|
@ -1,3 +1,4 @@
|
||||
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
|
||||
---
|
||||
# Install NGINX Unit and NGINX Unit modules.
|
||||
# Use a list of supported NGINX Unit modules.
|
||||
|
@ -1,3 +1,4 @@
|
||||
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
|
||||
---
|
||||
# Enable uploading NGINX configuration files to your system.
|
||||
# Default for uploading files is false.
|
||||
|
@ -1,30 +1,30 @@
|
||||
---
|
||||
- name: "(Handler: All OSs) Check NGINX"
|
||||
- name: "(Handler) Check NGINX"
|
||||
command: "nginx -t"
|
||||
changed_when: false
|
||||
|
||||
- name: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
- name: "(Handler) Systemd Daemon-Reload"
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
notify: "(Handler) Start NGINX"
|
||||
|
||||
- name: "(Handler: All OSs) Run NGINX"
|
||||
- name: "(Handler) Run NGINX"
|
||||
block:
|
||||
- name: "(Handler: All OSs) Start NGINX"
|
||||
- name: "(Handler) Start NGINX"
|
||||
service:
|
||||
name: nginx
|
||||
state: started
|
||||
enabled: yes
|
||||
notify: "(Handler: All OSs) Check NGINX"
|
||||
notify: "(Handler) Check NGINX"
|
||||
|
||||
- name: "(Handler: All OSs) Reload NGINX"
|
||||
- name: "(Handler) Reload NGINX"
|
||||
command: "nginx -s reload"
|
||||
changed_when: false
|
||||
when:
|
||||
- nginx_start | bool
|
||||
- not ansible_check_mode | bool
|
||||
|
||||
- name: "(Handler: All OSs) Start NGINX Amplify Agent"
|
||||
- name: "(Handler) Start NGINX Amplify agent"
|
||||
service:
|
||||
name: amplify-agent
|
||||
state: started
|
||||
@ -41,5 +41,5 @@
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: "(Config: All OSs) Run Logrotate"
|
||||
- name: "(Handler) Run logrotate"
|
||||
command: logrotate -f /etc/logrotate.d/nginx
|
||||
|
@ -17,27 +17,27 @@ ENV {{ var }} {{ value }}
|
||||
RUN \
|
||||
if [ $(command -v apt-get) ]; then \
|
||||
apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive apt-get install -y python3 sudo bash ca-certificates iproute2 python3-apt aptitude systemd systemd-sysv procps curl \
|
||||
&& DEBIAN_FRONTEND=noninteractive apt-get install -y aptitude bash ca-certificates curl iproute2 python-apt python3 python3-apt procps sudo systemd systemd-sysv vim \
|
||||
&& apt-get clean; \
|
||||
elif [ $(command -v dnf) ]; then \
|
||||
dnf makecache \
|
||||
&& dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 bash iproute \
|
||||
&& dnf --assumeyes install bash iproute /usr/bin/dnf-3 /usr/bin/python3 /usr/bin/python3-config vim \
|
||||
&& dnf clean all; \
|
||||
elif [ $(command -v yum) ]; then \
|
||||
yum makecache fast \
|
||||
&& yum install -y /usr/bin/python /usr/bin/python2-config sudo yum-plugin-ovl bash iproute \
|
||||
&& yum install -y bash iproute /usr/bin/python /usr/bin/python2-config sudo vim yum-plugin-ovl \
|
||||
&& sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \
|
||||
&& yum clean all; \
|
||||
elif [ $(command -v zypper) ]; then \
|
||||
zypper refresh \
|
||||
&& zypper install -y python3 sudo bash iproute2 \
|
||||
&& zypper install -y bash iproute2 python3 sudo vim \
|
||||
&& zypper clean -a; \
|
||||
elif [ $(command -v apk) ]; then \
|
||||
apk update \
|
||||
&& apk add --no-cache python3 sudo bash ca-certificates curl openrc; \
|
||||
&& apk add --no-cache bash ca-certificates curl openrc python3 sudo vim; \
|
||||
echo 'rc_provide="loopback net"' >> /etc/rc.conf; \
|
||||
elif [ $(command -v xbps-install) ]; then \
|
||||
xbps-install -Syu \
|
||||
&& xbps-install -y python3 sudo bash ca-certificates iproute2 \
|
||||
&& xbps-install -y bash ca-certificates iproute2 python3 sudo vim \
|
||||
&& xbps-remove -O; \
|
||||
fi
|
||||
|
@ -5,22 +5,22 @@
|
||||
- name: Set repo if Alpine
|
||||
set_fact:
|
||||
version: "=1.19.1-r1"
|
||||
when: ansible_os_family == "Alpine"
|
||||
when: ansible_facts['os_family'] == "Alpine"
|
||||
- name: Set repo if Debian
|
||||
set_fact:
|
||||
version: "=1.19.1-1~{{ ansible_distribution_release }}"
|
||||
when: ansible_os_family == "Debian"
|
||||
- name: Set repo if RedHat
|
||||
version: "=1.19.1-1~{{ ansible_facts['distribution_release'] }}"
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
- name: Set repo if Red Hat
|
||||
set_fact:
|
||||
version: "-1.19.1-1.el{{ ansible_distribution_major_version }}.ngx"
|
||||
when: ansible_os_family == "RedHat"
|
||||
version: "-1.19.1-1.el{{ ansible_facts['distribution_major_version'] }}.ngx"
|
||||
when: ansible_facts['os_family'] == "RedHat"
|
||||
- name: Enable NGINX @CentOS-AppStream dnf modules
|
||||
shell:
|
||||
args:
|
||||
cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa 204 303
|
||||
register: dnf_module_enable
|
||||
changed_when: dnf_module_enable.stdout != 'ENABLED'
|
||||
when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8"
|
||||
when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')
|
||||
tasks:
|
||||
- name: Install NGINX
|
||||
include_role:
|
||||
|
@ -15,6 +15,7 @@
|
||||
- 80
|
||||
- 443
|
||||
|
||||
nginx_configure: true
|
||||
nginx_cleanup_config: true
|
||||
nginx_cleanup_config_paths:
|
||||
- directory:
|
||||
|
@ -8,6 +8,7 @@
|
||||
vars:
|
||||
nginx_debug_output: true
|
||||
|
||||
nginx_configure: true
|
||||
nginx_main_template_enable: true
|
||||
nginx_main_template:
|
||||
template_file: nginx.conf.j2
|
||||
|
@ -8,20 +8,20 @@
|
||||
- unit-perl
|
||||
- unit-php7
|
||||
- unit-python3
|
||||
when: ansible_os_family == "Alpine"
|
||||
- name: Set module if Debian/RedHat
|
||||
when: ansible_facts['os_family'] == "Alpine"
|
||||
- name: Set module if Debian
|
||||
set_fact:
|
||||
module:
|
||||
- unit-perl
|
||||
- unit-php
|
||||
- unit-ruby
|
||||
when: ansible_os_family == "Debian"
|
||||
- name: Set module if RedHat
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
- name: Set module if Red Hat
|
||||
set_fact:
|
||||
module:
|
||||
- unit-php
|
||||
- unit-go
|
||||
when: ansible_os_family == "RedHat"
|
||||
when: ansible_facts['os_family'] == "RedHat"
|
||||
tasks:
|
||||
- name: Install NGINX Unit
|
||||
include_role:
|
||||
|
@ -6,13 +6,6 @@ lint: |
|
||||
yamllint .
|
||||
ansible-lint --force-color
|
||||
platforms:
|
||||
- name: alpine-3.8
|
||||
image: alpine:3.8
|
||||
dockerfile: ../common/Dockerfile.j2
|
||||
privileged: true
|
||||
volumes:
|
||||
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
||||
command: "/sbin/init"
|
||||
- name: alpine-3.9
|
||||
image: alpine:3.9
|
||||
dockerfile: ../common/Dockerfile.j2
|
||||
|
@ -1,24 +1,24 @@
|
||||
---
|
||||
- name: "(Setup: All OSs) Configure NGINX Amplify Agent Repository"
|
||||
include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_os_family | lower }}.yml"
|
||||
when: ansible_os_family == "Debian"
|
||||
or ansible_os_family == "Redhat"
|
||||
- name: "Configure NGINX Amplify agent repository"
|
||||
include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_facts['os_family'] | lower }}.yml"
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
or ansible_facts['os_family'] == "Redhat"
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Amplify Agent"
|
||||
- name: "Install NGINX Amplify agent"
|
||||
package:
|
||||
name: nginx-amplify-agent
|
||||
state: present
|
||||
|
||||
- name: "(Setup: All OSs) Copy NGINX Configurator Agent Configuration Template"
|
||||
- name: "Copy NGINX configurator agent configuration template"
|
||||
copy:
|
||||
remote_src: yes
|
||||
src: /etc/amplify-agent/agent.conf.default
|
||||
dest: /etc/amplify-agent/agent.conf
|
||||
mode: 0644
|
||||
|
||||
- name: "(Setup: All OSs) Configure NGINX Amplify Agent API Key"
|
||||
- name: "Configure NGINX Amplify agent API key"
|
||||
lineinfile:
|
||||
dest: /etc/amplify-agent/agent.conf
|
||||
regexp: api_key =.*
|
||||
line: "api_key = {{ nginx_amplify_api_key }}"
|
||||
notify: "(Handler: All OSs) Start NGINX Amplify Agent"
|
||||
notify: "(Handler) Start NGINX Amplify agent"
|
||||
|
@ -1,16 +1,18 @@
|
||||
---
|
||||
- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository"
|
||||
- name: "(Debian/Ubuntu) Add NGINX Amplify agent repository"
|
||||
apt_repository:
|
||||
filename: nginx-amplify
|
||||
repo: deb [arch=amd64] http://packages.amplify.nginx.com/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} amplify-agent
|
||||
repo: >-
|
||||
deb [arch=amd64] https://packages.amplify.nginx.com/
|
||||
{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] | lower }} amplify-agent
|
||||
update_cache: yes
|
||||
mode: 0644
|
||||
when: ansible_distribution_release != "focal"
|
||||
when: ansible_facts['distribution_release'] != "focal"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository"
|
||||
- name: "(Ubuntu 20.04) Add NGINX Amplify agent repository"
|
||||
apt_repository:
|
||||
filename: nginx-amplify
|
||||
repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent
|
||||
update_cache: yes
|
||||
mode: 0644
|
||||
when: ansible_distribution_release == "focal"
|
||||
when: ansible_facts['distribution_release'] == "focal"
|
||||
|
@ -1,8 +1,8 @@
|
||||
---
|
||||
- name: "(Install: CentOS/RedHat/Amazon Linux) Add NGINX Amplify Agent Repository"
|
||||
- name: "(Amazon Linux/CentOS/RHEL) Add NGINX Amplify agent repository"
|
||||
yum_repository:
|
||||
name: nginx-amplify
|
||||
baseurl: http://packages.amplify.nginx.com/{{ (ansible_distribution == "Amazon") | ternary('amzn/', 'centos/') }}/$releasever/$basearch/
|
||||
baseurl: http://packages.amplify.nginx.com/{{ (ansible_facts['distribution'] == "Amazon") | ternary('amzn/', 'centos/') }}/$releasever/$basearch/
|
||||
description: NGINX Amplify Agent
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
|
@ -1,9 +0,0 @@
|
||||
---
|
||||
- name: "(Setup: All OSs) Register NGINX configuration"
|
||||
command: nginx -T
|
||||
changed_when: false
|
||||
register: nginx_configuration
|
||||
|
||||
- name: "(Setup: All OSs) Print NGINX configuration"
|
||||
debug:
|
||||
var: nginx_configuration.stdout_lines
|
@ -1,35 +0,0 @@
|
||||
---
|
||||
- name: "(Config: Alpine) Install Logrotate"
|
||||
apk:
|
||||
name: logrotate
|
||||
when: ansible_os_family == "Alpine"
|
||||
|
||||
- name: "(Config: Ubuntu/Debian) Install Logrotate"
|
||||
apt:
|
||||
name: logrotate
|
||||
state: present
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: "(Config: CentOS/RedHat) Install Logrotate"
|
||||
yum:
|
||||
name: logrotate
|
||||
state: present
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- name: "(Config: SUSE) Add Logrotate Repo"
|
||||
zypper_repository:
|
||||
repo: https://download.opensuse.org/repositories/openSUSE:Leap:42.1/standard/openSUSE:Leap:42.1.repo
|
||||
when: ansible_os_family == "Suse"
|
||||
|
||||
- name: "(Config: SUSE) Install Logrotate"
|
||||
zypper:
|
||||
name: logrotate
|
||||
state: present
|
||||
when: ansible_os_family == "Suse"
|
||||
|
||||
- name: "(Config: All OSs) Create Logrotate Config"
|
||||
template:
|
||||
src: "logrotate/nginx.j2"
|
||||
dest: "/etc/logrotate.d/nginx"
|
||||
mode: 0644
|
||||
notify: "(Config: All OSs) Run Logrotate"
|
@ -1,5 +1,10 @@
|
||||
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
|
||||
---
|
||||
- name: "(Setup: All OSs) Find NGINX Configuration Files"
|
||||
- name: "Deprecation warning"
|
||||
debug:
|
||||
msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)"
|
||||
|
||||
- name: "(DEPRECATED) Find NGINX Configuration Files"
|
||||
find:
|
||||
paths: "{{ item.directory }}"
|
||||
patterns: "*.conf"
|
||||
@ -8,7 +13,7 @@
|
||||
when: nginx_cleanup_config_paths is defined
|
||||
register: nginx_config_files
|
||||
|
||||
- name: "(Setup: All OSs) Remove NGINX Configuration Files"
|
||||
- name: "(DEPRECATED) Remove NGINX Configuration Files"
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
14
tasks/config/debug-output.yml
Normal file
14
tasks/config/debug-output.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: "Print NGINX config"
|
||||
debug:
|
||||
msg: "Printing NGINX config"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
||||
- name: "Register NGINX configuration"
|
||||
command: nginx -T
|
||||
changed_when: false
|
||||
register: config
|
||||
|
||||
- name: "Print NGINX config"
|
||||
debug:
|
||||
var: config.stdout_lines
|
@ -1,11 +1,16 @@
|
||||
---
|
||||
- name: "(Setup: Linux) Create Override Directory For NGINX Systemd Service"
|
||||
- name: "Modify systemd"
|
||||
debug:
|
||||
msg: "Modifying systemd"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
||||
- name: "Create override directory for NGINX systemd service"
|
||||
file:
|
||||
path: "{{ nginx_service_overridepath }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: "(Setup: Linux) Create Override For NGINX Systemd Service"
|
||||
- name: "Create override for NGINX systemd service"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/services/nginx.service.override.conf.j2"
|
||||
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
|
||||
@ -15,9 +20,9 @@
|
||||
when:
|
||||
- not nginx_service_custom | bool
|
||||
- not nginx_service_clean | bool
|
||||
notify: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
notify: "(Handler) Systemd Daemon-Reload"
|
||||
|
||||
- name: "(Setup: Linux) Customize Override For NGINX Systemd Service"
|
||||
- name: "Customize override for NGINX systemd service"
|
||||
copy:
|
||||
src: "{{ nginx_service_custom_file }}"
|
||||
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
|
||||
@ -27,11 +32,16 @@
|
||||
when:
|
||||
- nginx_service_custom | bool
|
||||
- not nginx_service_clean | bool
|
||||
notify: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
notify: "(Handler) Systemd Daemon-Reload"
|
||||
|
||||
- name: "(Setup: Linux) Remove Override For NGINX Systemd Service"
|
||||
- name: "Remove override for NGINX systemd service"
|
||||
file:
|
||||
path: "{{ nginx_service_overridepath }}"
|
||||
state: absent
|
||||
when: nginx_service_clean | bool
|
||||
notify: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
notify: "(Handler) Systemd Daemon-Reload"
|
||||
|
||||
- name: "Modify systemd"
|
||||
debug:
|
||||
msg: "Done modifying systemd"
|
||||
when: nginx_debug_tasks | bool
|
46
tasks/config/setup-logrotate.yml
Normal file
46
tasks/config/setup-logrotate.yml
Normal file
@ -0,0 +1,46 @@
|
||||
---
|
||||
- name: "Set up logrotate"
|
||||
debug:
|
||||
msg: "Setting up logrotate"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
||||
- name: "(Alpine Linux OSs) Install logrotate"
|
||||
apk:
|
||||
name: logrotate
|
||||
when: ansible_facts['os_family'] == "Alpine"
|
||||
|
||||
- name: "(Debian OSs) Install logrotate"
|
||||
apt:
|
||||
name: logrotate
|
||||
state: present
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
|
||||
- name: "(Red Hat OSs) Install logrotate"
|
||||
yum:
|
||||
name: logrotate
|
||||
state: present
|
||||
when: ansible_facts['os_family'] == "RedHat"
|
||||
|
||||
- name: "(SLES OSs) Set up logrotate"
|
||||
block:
|
||||
- name: "(SLES OSs) Configure logrotate repository"
|
||||
zypper_repository:
|
||||
repo: https://download.opensuse.org/repositories/openSUSE:Leap:42.1/standard/openSUSE:Leap:42.1.repo
|
||||
|
||||
- name: "(SLES OSs) Install Logrotate"
|
||||
zypper:
|
||||
name: logrotate
|
||||
state: present
|
||||
when: ansible_facts['os_family'] == "Suse"
|
||||
|
||||
- name: "Create logrotate config"
|
||||
template:
|
||||
src: "logrotate/nginx.j2"
|
||||
dest: "/etc/logrotate.d/nginx"
|
||||
mode: 0644
|
||||
notify: "(Handler) Run logrotate"
|
||||
|
||||
- name: "Set up logrotate"
|
||||
debug:
|
||||
msg: "Done setting up logrotate"
|
||||
when: nginx_debug_tasks | bool
|
@ -1,5 +1,10 @@
|
||||
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
|
||||
---
|
||||
- name: "(Setup: All NGINX) Ensure HTML Directory Exists"
|
||||
- name: "Deprecation warning"
|
||||
debug:
|
||||
msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)"
|
||||
|
||||
- name: "(DEPRECATED) Ensure HTML Directory Exists"
|
||||
file:
|
||||
path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}"
|
||||
state: directory
|
||||
@ -7,7 +12,7 @@
|
||||
with_dict: "{{ nginx_html_demo_template }}"
|
||||
when: nginx_html_demo_template_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Dynamically Generate HTML Files"
|
||||
- name: "(DEPRECATED) Dynamically Generate HTML Files"
|
||||
template:
|
||||
src: "{{ item.value.template_file | default('www/index.html.j2') }}"
|
||||
dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}"
|
||||
@ -16,23 +21,23 @@
|
||||
with_dict: "{{ nginx_html_demo_template }}"
|
||||
when: nginx_html_demo_template_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
|
||||
- name: "(DEPRECATED) Ensure NGINX Main Directory Exists"
|
||||
file:
|
||||
path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_main_template_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File"
|
||||
- name: "(DEPRECATED) Dynamically Generate NGINX Main Configuration File"
|
||||
template:
|
||||
src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}"
|
||||
dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}"
|
||||
backup: yes
|
||||
mode: 0644
|
||||
when: nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
notify: "(Handler) Reload NGINX"
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists"
|
||||
- name: "(DEPRECATED) Ensure NGINX HTTP Directory Exists"
|
||||
file:
|
||||
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}"
|
||||
state: directory
|
||||
@ -40,7 +45,7 @@
|
||||
with_dict: "{{ nginx_http_template }}"
|
||||
when: nginx_http_template_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure NGINX Proxy Cache Directories Exist"
|
||||
- name: "(DEPRECATED) Ensure NGINX Proxy Cache Directories Exist"
|
||||
file:
|
||||
path: "{{ item.1.path }}"
|
||||
state: directory
|
||||
@ -49,10 +54,10 @@
|
||||
with_subelements:
|
||||
- "{{ nginx_http_template }}"
|
||||
- proxy_cache.proxy_cache_path
|
||||
- skip_missing: true
|
||||
- skip_missing: yes
|
||||
when: nginx_http_template_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files"
|
||||
- name: "(DEPRECATED) Dynamically Generate NGINX HTTP Configuration Files"
|
||||
template:
|
||||
src: "{{ item.value.template_file | default('http/default.conf.j2') }}"
|
||||
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
|
||||
@ -60,27 +65,27 @@
|
||||
mode: 0644
|
||||
with_dict: "{{ nginx_http_template }}"
|
||||
when: nginx_http_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
notify: "(Handler) Reload NGINX"
|
||||
|
||||
- name: "(Setup: All NGINX) Dynamically Generate NGINX Stub Status Configuration File"
|
||||
- name: "(DEPRECATED) Dynamically Generate NGINX Stub Status Configuration File"
|
||||
template:
|
||||
src: "{{ nginx_status_template_file | default('http/status.conf.j2') }}"
|
||||
dest: "{{ nginx_status_file_location | default('/etc/nginx/conf.d/status.conf') }}"
|
||||
backup: yes
|
||||
mode: 0644
|
||||
when: nginx_status_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
notify: "(Handler) Reload NGINX"
|
||||
|
||||
- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File"
|
||||
- name: "(DEPRECATED) Dynamically Generate NGINX API Configuration File"
|
||||
template:
|
||||
src: "{{ nginx_rest_api_template_file | default('http/api.conf.j2') }}"
|
||||
dest: "{{ nginx_rest_api_file_location | default('/etc/nginx/conf.d/api.conf') }}"
|
||||
backup: yes
|
||||
mode: 0644
|
||||
when: nginx_rest_api_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
notify: "(Handler) Reload NGINX"
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
|
||||
- name: "(DEPRECATED) Ensure NGINX Stream Directory Exists"
|
||||
file:
|
||||
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}"
|
||||
state: directory
|
||||
@ -88,7 +93,7 @@
|
||||
with_dict: "{{ nginx_stream_template }}"
|
||||
when: nginx_stream_template_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Dynamically Generate NGINX Stream Configuration Files"
|
||||
- name: "(DEPRECATED) Dynamically Generate NGINX Stream Configuration Files"
|
||||
template:
|
||||
src: "{{ item.value.template_file | default('stream/default.conf.j2') }}"
|
||||
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
|
||||
@ -96,4 +101,4 @@
|
||||
mode: 0644
|
||||
with_dict: "{{ nginx_stream_template }}"
|
||||
when: nginx_stream_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
notify: "(Handler) Reload NGINX"
|
@ -1,12 +1,17 @@
|
||||
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
|
||||
---
|
||||
- name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists"
|
||||
- name: "Deprecation warning"
|
||||
debug:
|
||||
msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)"
|
||||
|
||||
- name: "(DEPRECATED) Ensure NGINX HTML Directory Exists"
|
||||
file:
|
||||
path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_html_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Upload NGINX HTML Files"
|
||||
- name: "(DEPRECATED) Upload NGINX HTML Files"
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
|
||||
@ -14,32 +19,32 @@
|
||||
mode: 0644
|
||||
with_fileglob: "{{ nginx_html_upload_src }}"
|
||||
when: nginx_html_upload_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
notify: "(Handler) Reload NGINX"
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
|
||||
- name: "(DEPRECATED) Ensure NGINX Main Directory Exists"
|
||||
file:
|
||||
path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_main_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Upload NGINX Main Configuration File"
|
||||
- name: "(DEPRECATED) Upload NGINX Main Configuration File"
|
||||
copy:
|
||||
src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}"
|
||||
dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
|
||||
backup: yes
|
||||
mode: 0644
|
||||
when: nginx_main_upload_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
notify: "(Handler) Reload NGINX"
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists"
|
||||
- name: "(DEPRECATED) Ensure NGINX HTTP Directory Exists"
|
||||
file:
|
||||
path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_http_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files"
|
||||
- name: "(DEPRECATED) Upload NGINX HTTP Configuration Files"
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
|
||||
@ -47,16 +52,16 @@
|
||||
mode: 0644
|
||||
with_fileglob: "{{ nginx_http_upload_src }}"
|
||||
when: nginx_http_upload_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
notify: "(Handler) Reload NGINX"
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
|
||||
- name: "(DEPRECATED) Ensure NGINX Stream Directory Exists"
|
||||
file:
|
||||
path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_stream_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files"
|
||||
- name: "(DEPRECATED) Upload NGINX Stream Configuration Files"
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
|
||||
@ -64,23 +69,23 @@
|
||||
mode: 0644
|
||||
with_fileglob: "{{ nginx_stream_upload_src }}"
|
||||
when: nginx_stream_upload_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
notify: "(Handler) Reload NGINX"
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure SSL Certificate Directory Exists"
|
||||
- name: "(DEPRECATED) Ensure SSL Certificate Directory Exists"
|
||||
file:
|
||||
path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_ssl_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure SSL Key Directory Exists"
|
||||
- name: "(DEPRECATED) Ensure SSL Key Directory Exists"
|
||||
file:
|
||||
path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_ssl_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Upload NGINX SSL Certificates"
|
||||
- name: "(DEPRECATED) Upload NGINX SSL Certificates"
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
|
||||
@ -90,7 +95,7 @@
|
||||
with_fileglob: "{{ nginx_ssl_crt_upload_src }}"
|
||||
when: nginx_ssl_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Upload NGINX SSL Keys"
|
||||
- name: "(DEPRECATED) Upload NGINX SSL Keys"
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
|
@ -1,14 +0,0 @@
|
||||
---
|
||||
- name: "(Install: APK OSs) Set Default APK NGINX Signing Key URL"
|
||||
set_fact:
|
||||
default_keysite: https://nginx.org/keys/nginx_signing.rsa.pub
|
||||
|
||||
- name: "(Install: APK OSs) Set APK NGINX Signing Key URL"
|
||||
set_fact:
|
||||
keysite: "{{ nginx_signing_key | default(default_keysite) }}"
|
||||
|
||||
- name: "(Install: APK OSs) Download NGINX Signing Key"
|
||||
get_url:
|
||||
url: "{{ keysite }}"
|
||||
dest: /etc/apk/keys/nginx_signing.rsa.pub
|
||||
mode: 0400
|
@ -1,12 +0,0 @@
|
||||
---
|
||||
- name: "(Install: APT OSs) Set Default APT NGINX Signing Key URL"
|
||||
set_fact:
|
||||
default_keysite: https://nginx.org/keys/nginx_signing.key
|
||||
|
||||
- name: "(Install: APT OSs) Set APT NGINX Signing Key URL"
|
||||
set_fact:
|
||||
keysite: "{{ nginx_signing_key | default(default_keysite) }}"
|
||||
|
||||
- name: "(Install: APT OSs) Add APT NGINX Signing Key"
|
||||
apt_key:
|
||||
url: "{{ keysite }}"
|
@ -1,14 +0,0 @@
|
||||
---
|
||||
- name: "(Install: RPM OSs) Set Default RPM NGINX Signing Key"
|
||||
set_fact:
|
||||
default_keysite: >-
|
||||
{{ (ansible_distribution_major_version|int == 6)
|
||||
| ternary('http://nginx.org/keys/nginx_signing.key', 'https://nginx.org/keys/nginx_signing.key') }}
|
||||
|
||||
- name: "(Install: RPM OSs) Set RPM NGINX Signing Key URL"
|
||||
set_fact:
|
||||
keysite: "{{ nginx_signing_key | default(default_keysite) }}"
|
||||
|
||||
- name: "(Install: RPM OSs) Add RPM NGINX Signing Key"
|
||||
rpm_key:
|
||||
key: "{{ keysite }}"
|
@ -1,16 +1,41 @@
|
||||
---
|
||||
- name: "(Setup: Keys) Alpine"
|
||||
include_tasks: "{{ role_path }}/tasks/keys/apk-key.yml"
|
||||
when: ansible_os_family == "Alpine"
|
||||
tags: nginx_apkkey
|
||||
- name: "Set up signing keys"
|
||||
debug:
|
||||
msg: "Setting up signing keys"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
||||
- name: "(Setup: Keys) Debian/Ubuntu"
|
||||
include_tasks: "{{ role_path }}/tasks/keys/apt-key.yml"
|
||||
when: ansible_os_family == "Debian"
|
||||
tags: nginx_aptkey
|
||||
- name: "(Alpine Linux) Set up signing key"
|
||||
block:
|
||||
- name: "(Alpine Linux) Set up NGINX signing key URL"
|
||||
set_fact:
|
||||
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['rsa_pub']) }}"
|
||||
|
||||
- name: "(Setup: Keys) CentOS/RedHat/SUSE"
|
||||
include_tasks: "{{ role_path }}/tasks/keys/rpm-key.yml"
|
||||
when: ansible_os_family == "RedHat"
|
||||
or ansible_os_family == "Suse"
|
||||
tags: nginx_rpmkey
|
||||
- name: "(Alpine Linux) Download NGINX signing key"
|
||||
get_url:
|
||||
url: "{{ keysite }}"
|
||||
dest: /etc/apk/keys/nginx_signing.rsa.pub
|
||||
mode: 0400
|
||||
when: ansible_facts['os_family'] == "Alpine"
|
||||
|
||||
- name: "(Debian/Red Hat/SLES OSs) Set up NGINX signing key URL"
|
||||
set_fact:
|
||||
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['pgp']) }}"
|
||||
when: ansible_facts['os_family'] != "Alpine"
|
||||
|
||||
- name: "(Debian/Ubuntu) Add NGINX signing key"
|
||||
apt_key:
|
||||
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
|
||||
url: "{{ keysite }}"
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
|
||||
- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL/SLES) Add NGINX signing key"
|
||||
rpm_key:
|
||||
fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
|
||||
key: "{{ keysite }}"
|
||||
validate_certs: "{{ (ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}"
|
||||
when: ansible_facts['os_family'] in ['RedHat', 'Suse']
|
||||
|
||||
- name: "Set up signing keys"
|
||||
debug:
|
||||
msg: "Done setting up signing keys"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
@ -1,58 +1,78 @@
|
||||
---
|
||||
- name: "(Setup: All OSs) Setup Prerequisites"
|
||||
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-{{ ansible_os_family | lower }}.yml"
|
||||
- name: "Check whether you are using a supported NGINX distribution"
|
||||
assert:
|
||||
that: (nginx_type == "opensource" and ansible_facts['distribution'] in nginx_distributions)
|
||||
or (nginx_type == "plus" and ansible_facts['distribution'] in nginx_plus_distributions)
|
||||
success_msg: "Your OS, {{ ansible_facts['distribution'] }} is supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}"
|
||||
fail_msg: "Your OS, {{ ansible_facts['distribution'] }} is not supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}"
|
||||
when:
|
||||
- nginx_install | bool
|
||||
- (nginx_install_from == "nginx_repository" or nginx_type == "plus")
|
||||
tags: nginx_check_support
|
||||
|
||||
- name: "Set up prerequisites"
|
||||
include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml"
|
||||
tags: nginx_prerequisites
|
||||
|
||||
- name: "(Setup: All OSs) Setup Keys"
|
||||
import_tasks: keys/setup-keys.yml
|
||||
when:
|
||||
- ansible_os_family == "Alpine"
|
||||
or ansible_os_family == "Debian"
|
||||
or ansible_os_family == "RedHat"
|
||||
or ansible_os_family == "Suse"
|
||||
- nginx_install_from == "nginx_repository"
|
||||
or nginx_amplify_enable | bool
|
||||
or nginx_unit_enable | bool
|
||||
- name: "Set up signing keys"
|
||||
include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml"
|
||||
when: (nginx_install | bool and nginx_install_from == "nginx_repository")
|
||||
or nginx_amplify_enable | bool or nginx_unit_enable | bool
|
||||
tags: nginx_key
|
||||
|
||||
- name: "(Install/Config: All OSs) Install and Configure NGINX"
|
||||
- name: "Install and Configure NGINX"
|
||||
block:
|
||||
- name: "(Install: All OSs) Install NGINX"
|
||||
- name: "Install NGINX"
|
||||
block:
|
||||
- name: "(Install: All OSs) Install NGINX Open Source"
|
||||
- name: "Install NGINX Open Source"
|
||||
include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml"
|
||||
when: nginx_type == "opensource"
|
||||
tags: nginx_install_oss
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Plus"
|
||||
- name: "Set up NGINX Plus license"
|
||||
include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml"
|
||||
when:
|
||||
- nginx_type == "plus"
|
||||
- nginx_setup_license | bool
|
||||
tags: nginx_setup_license
|
||||
|
||||
- name: "Install NGINX Plus"
|
||||
include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml"
|
||||
when: nginx_type == "plus"
|
||||
tags: nginx_install_plus
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Modules"
|
||||
- name: "Install NGINX modules"
|
||||
include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml"
|
||||
when:
|
||||
- nginx_modules is defined
|
||||
- nginx_modules | length > 0
|
||||
tags: nginx_install_modules
|
||||
|
||||
- name: "(Install: All OSs) Delete NGINX Plus License"
|
||||
include_tasks: "{{ role_path }}/tasks/plus/delete-license.yml"
|
||||
- name: "Remove NGINX Plus license"
|
||||
include_tasks: "{{ role_path }}/tasks/plus/remove-license.yml"
|
||||
when:
|
||||
- nginx_type == "plus"
|
||||
- nginx_delete_license | bool
|
||||
tags: nginx_delete_license
|
||||
when: nginx_install | bool
|
||||
- nginx_remove_license | bool
|
||||
tags: nginx_remove_license
|
||||
|
||||
- name: "(Config: All OSs) Configure NGINX"
|
||||
- name: "Modify Service For Systemd"
|
||||
include_tasks: "{{ role_path }}/tasks/config/modify-systemd.yml"
|
||||
when:
|
||||
- ansible_facts['service_mgr'] == "systemd"
|
||||
- nginx_service_modify | bool
|
||||
tags: nginx_modify_systemd
|
||||
when: nginx_install | bool
|
||||
tags: nginx_install
|
||||
|
||||
- name: "(DEPRECATED) Configure NGINX"
|
||||
block:
|
||||
- name: "(Config: All OSs) Cleanup NGINX Config"
|
||||
include_tasks: "{{ role_path }}/tasks/conf/cleanup-config.yml"
|
||||
- name: "(DEPRECATED) Cleanup NGINX Config"
|
||||
include_tasks: "{{ role_path }}/tasks/config/cleanup-config.yml"
|
||||
when: nginx_cleanup_config | bool
|
||||
tags: nginx_cleanup_config
|
||||
|
||||
- name: "(Config: All OSs) Upload NGINX Config"
|
||||
include_tasks: "{{ role_path }}/tasks/conf/upload-config.yml"
|
||||
- name: "(DEPRECATED) Upload NGINX Config"
|
||||
include_tasks: "{{ role_path }}/tasks/config/upload-config.yml"
|
||||
when: nginx_main_upload_enable | bool
|
||||
or nginx_http_upload_enable | bool
|
||||
or nginx_stream_upload_enable | bool
|
||||
@ -60,8 +80,8 @@
|
||||
or nginx_ssl_upload_enable | bool
|
||||
tags: nginx_upload_config
|
||||
|
||||
- name: "(Config: All OSs) Create NGINX Config"
|
||||
include_tasks: "{{ role_path }}/tasks/conf/template-config.yml"
|
||||
- name: "(DEPRECATED) Create NGINX Config"
|
||||
include_tasks: "{{ role_path }}/tasks/config/template-config.yml"
|
||||
when: nginx_main_template_enable | bool
|
||||
or nginx_http_template_enable | bool
|
||||
or nginx_stream_template_enable | bool
|
||||
@ -69,21 +89,21 @@
|
||||
tags: nginx_template_config
|
||||
when: nginx_configure | bool
|
||||
|
||||
- name: "(Config: All OSs) Ensure NGINX is Running"
|
||||
- name: "Ensure NGINX is running"
|
||||
meta: flush_handlers
|
||||
|
||||
- name: "(Config: All OSs) Debug Output"
|
||||
include_tasks: "{{ role_path }}/tasks/conf/debug-output.yml"
|
||||
- name: "Debug NGINX output"
|
||||
include_tasks: "{{ role_path }}/tasks/config/debug-output.yml"
|
||||
when: nginx_debug_output | bool
|
||||
tags: nginx_debug_output
|
||||
|
||||
- name: "(Config: All OSs): Configure Logrotate"
|
||||
include_tasks: "{{ role_path }}/tasks/conf/logrotate.yml"
|
||||
- name: "Configure logrotate for NGINX"
|
||||
include_tasks: "{{ role_path }}/tasks/config/setup-logrotate.yml"
|
||||
when: nginx_logrotate_conf_enable | bool
|
||||
tags: nginx_logrotate_config
|
||||
when: nginx_enable | bool
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Amplify"
|
||||
- name: "Install NGINX Amplify"
|
||||
include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml"
|
||||
when:
|
||||
- nginx_amplify_enable | bool
|
||||
@ -91,7 +111,7 @@
|
||||
- nginx_amplify_api_key | length > 0
|
||||
tags: nginx_install_amplify
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Unit"
|
||||
- name: "(DEPRECATED) Install NGINX Unit"
|
||||
include_tasks: "{{ role_path }}/tasks/unit/install-unit.yml"
|
||||
when: nginx_unit_enable | bool
|
||||
tags: nginx_install_unit
|
||||
|
@ -1,12 +1,12 @@
|
||||
---
|
||||
- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies"
|
||||
- name: "(CentOS) Install GeoIP dependencies"
|
||||
yum:
|
||||
name: epel-release
|
||||
when:
|
||||
- ansible_distribution == "CentOS"
|
||||
- ansible_facts['distribution'] == "CentOS"
|
||||
- '"geoip" in nginx_modules'
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Modules"
|
||||
- name: "Install NGINX Modules"
|
||||
package:
|
||||
name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item }}{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
@ -15,18 +15,18 @@
|
||||
- (item in nginx_modules_list and nginx_type == 'opensource')
|
||||
or (item in nginx_plus_modules_list and nginx_type == 'plus')
|
||||
- not (item == "auth-spnego")
|
||||
or not (ansible_os_family == "Alpine" and (ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') == "3.8"))
|
||||
or not (ansible_facts['os_family'] == "Alpine" and (ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') is version('3.8', '==')))
|
||||
- not (item == "geoip")
|
||||
or not ((ansible_os_family == "RedHat" and ansible_distribution_major_version == "8")
|
||||
or (ansible_os_family == "FreeBSD"))
|
||||
or not ((ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '=='))
|
||||
or (ansible_facts['os_family'] == "FreeBSD"))
|
||||
- not (item == "brotli")
|
||||
or not ((ansible_os_family == "Alpine")
|
||||
or (ansible_os_family == "RedHat" and ansible_distribution_major_version < "8")
|
||||
or (ansible_os_family == "Debian" and ansible_distribution_major_version == "9")
|
||||
or (ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
|
||||
or (ansible_distribution == "Amazon")
|
||||
or (ansible_distribution == "OracleLinux"))
|
||||
- not (item == "geoip2") or not (ansible_os_family == "Suse")
|
||||
or not ((ansible_facts['os_family'] == "Alpine")
|
||||
or (ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '<'))
|
||||
or (ansible_facts['os_family'] == "Debian" and ansible_facts['distribution_major_version'] is version('9', '=='))
|
||||
or (ansible_facts['os_family'] == "Suse" and ansible_facts['distribution_major_version'] is version('12', '<'))
|
||||
or (ansible_facts['distribution'] == "Amazon")
|
||||
or (ansible_facts['distribution'] == "OracleLinux"))
|
||||
- not (item == "geoip2") or not (ansible_facts['os_family'] == "Suse")
|
||||
- not (item == "opentracing")
|
||||
or not ((ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
|
||||
or (ansible_os_family == "RedHat" and ansible_distribution_major_version == "6"))
|
||||
or not ((ansible_facts['os_family'] == "Suse" and ansible_facts['distribution_major_version'] is version('12', '=='))
|
||||
or (ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('6', '==')))
|
||||
|
14
tasks/opensource/install-alpine.yml
Normal file
14
tasks/opensource/install-alpine.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: "(Alpine Linux) Configure NGINX repository"
|
||||
lineinfile:
|
||||
path: /etc/apk/repositories
|
||||
insertafter: EOF
|
||||
line: "{{ repository }}"
|
||||
|
||||
- name: "(Alpine Linux) Install NGINX"
|
||||
apk:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
repository: "{{ repository }}"
|
||||
state: "{{ nginx_state }}"
|
||||
update_cache: yes
|
||||
notify: "(Handler) Start NGINX"
|
78
tasks/opensource/install-bsd.yml
Normal file
78
tasks/opensource/install-bsd.yml
Normal file
@ -0,0 +1,78 @@
|
||||
---
|
||||
- name: "(FreeBSD) Update ports"
|
||||
block:
|
||||
- name: "(FreeBSD) Fetch ports"
|
||||
command: portsnap fetch --interactive
|
||||
args:
|
||||
creates: /var/db/portsnap/INDEX
|
||||
|
||||
- name: "(FreeBSD) Extract ports"
|
||||
command: portsnap extract
|
||||
args:
|
||||
creates: /usr/ports
|
||||
when:
|
||||
- ansible_facts['system'] == "FreeBSD"
|
||||
- nginx_bsd_update_ports | bool
|
||||
|
||||
- name: "(FreeBSD) Install NGINX"
|
||||
block:
|
||||
- name: "(FreeBSD) Install NGINX package"
|
||||
pkgng:
|
||||
name: "www/nginx{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler) Start NGINX"
|
||||
|
||||
- name: "(FreeBSD) Install NGINX port"
|
||||
portinstall:
|
||||
name: "www/nginx{{ nginx_version | default('') }}"
|
||||
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
|
||||
state: "{{ nginx_state }}"
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
notify: "(Handler) Start NGINX"
|
||||
when: ansible_facts['system'] == "FreeBSD"
|
||||
|
||||
- name: "(OpenBSD) Install NGINX"
|
||||
block:
|
||||
- name: "(OpenBSD) Install NGINX package"
|
||||
openbsd_pkg:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
build: no
|
||||
state: "{{ nginx_state }}"
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler) Start NGINX"
|
||||
|
||||
- name: "(OpenBSD) Install NGINX port"
|
||||
openbsd_pkg:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
build: yes
|
||||
state: "{{ nginx_state }}"
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
notify: "(Handler) Start NGINX"
|
||||
when: ansible_facts['system'] == "OpenBSD"
|
||||
|
||||
- name: "(NetBSD) Install NGINX"
|
||||
block:
|
||||
- name: "NetBSD) Install NGINX package"
|
||||
command: "pkg_add www/nginx{{ nginx_version | default('') }}"
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler) Start NGINX"
|
||||
|
||||
- name: "(NetBSD) Install NGINX port"
|
||||
fail:
|
||||
msg: "{{ ansible_facts['system'] }} Install NGINX port not implemented."
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
when: ansible_facts['system'] == "NetBSD"
|
||||
|
||||
- name: "(DragonFlyBSD/HardenedBSD) Install NGINX"
|
||||
block:
|
||||
- name: "Install NGINX package"
|
||||
command: "pkg install www/nginx{{ nginx_version | default('') }}"
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler) Start NGINX"
|
||||
|
||||
- name: "Install NGINX port"
|
||||
fail:
|
||||
msg: "{{ ansible_facts['system'] }} Install NGINX port not implemented."
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
when: ansible_facts['system'] in ['DragonFlyBSD', 'HardenedBSD']
|
14
tasks/opensource/install-debian.yml
Normal file
14
tasks/opensource/install-debian.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: "(Debian/Ubuntu) Configure NGINX repository"
|
||||
apt_repository:
|
||||
filename: nginx
|
||||
repo: "{{ item }}"
|
||||
update_cache: yes
|
||||
mode: 0644
|
||||
loop: "{{ repository }}"
|
||||
|
||||
- name: "(Debian/Ubuntu) Install NGINX"
|
||||
apt:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
notify: "(Handler) Start NGINX"
|
@ -1,91 +0,0 @@
|
||||
---
|
||||
- name: "(Install: FreeBSD) Update Ports"
|
||||
block:
|
||||
- name: "(Install: FreeBSD) Fetch Ports"
|
||||
command: portsnap fetch --interactive
|
||||
args:
|
||||
creates: /var/db/portsnap/INDEX
|
||||
|
||||
- name: "(Install: FreeBSD) Extract Ports"
|
||||
command: portsnap extract
|
||||
args:
|
||||
creates: /usr/ports
|
||||
when:
|
||||
- ansible_system == "FreeBSD"
|
||||
- nginx_bsd_update_ports | bool
|
||||
|
||||
- name: "(Install: FreeBSD)"
|
||||
block:
|
||||
- name: "(Install: FreeBSD) Install NGINX Package"
|
||||
pkgng:
|
||||
name: "www/nginx{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Install: FreeBSD) Install NGINX Port"
|
||||
portinstall:
|
||||
name: "www/nginx{{ nginx_version | default('') }}"
|
||||
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
|
||||
state: "{{ nginx_state }}"
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
when: ansible_system == "FreeBSD"
|
||||
|
||||
- name: "(Install: OpenBSD)"
|
||||
block:
|
||||
- name: "(Install: OpenBSD) Install NGINX Package"
|
||||
openbsd_pkg:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
build: no
|
||||
state: "{{ nginx_state }}"
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Install: OpenBSD) Install NGINX Port"
|
||||
openbsd_pkg:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
build: yes
|
||||
state: "{{ nginx_state }}"
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
when: ansible_system == "OpenBSD"
|
||||
|
||||
- name: "(Install: NetBSD)"
|
||||
block:
|
||||
- name: "(Install: NetBSD) Install NGINX Package"
|
||||
command: "pkg_add www/nginx{{ nginx_version | default('') }}"
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Install: NetBSD) Install NGINX Port"
|
||||
fail:
|
||||
msg: "{{ ansible_system }} Install NGINX port not implemented."
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
when: ansible_system == "NetBSD"
|
||||
|
||||
- name: "(Install: DragonFlyBSD)"
|
||||
block:
|
||||
- name: "(Install: DragonFlyBSD) Install NGINX Package"
|
||||
command: "pkg install www/nginx{{ nginx_version | default('') }}"
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Install: DragonFlyBSD) Install NGINX port"
|
||||
fail:
|
||||
msg: "{{ ansible_system }} Install NGINX port not implemented."
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
when: ansible_system == "DragonFlyBSD"
|
||||
|
||||
- name: "(Install: HardenedBSD)"
|
||||
block:
|
||||
- name: "(Install: HardenedBSD) Install NGINX package"
|
||||
command: "pkg install www/nginx{{ nginx_version | default('') }}"
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Install: HardenedBSD) Install NGINX port"
|
||||
fail:
|
||||
msg: "{{ ansible_system }} Install NGINX port not implemented."
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
when: ansible_system == "HardenedBSD"
|
@ -1,26 +0,0 @@
|
||||
---
|
||||
- name: "(Install: Linux) Configure NGINX Repository"
|
||||
include_tasks: "{{ role_path }}/tasks/opensource/setup-{{ ansible_os_family | lower }}.yml"
|
||||
when:
|
||||
- ansible_os_family == "Alpine"
|
||||
or ansible_os_family == "Debian"
|
||||
or ansible_os_family == "RedHat"
|
||||
or ansible_os_family == "Suse"
|
||||
- nginx_install_from == "nginx_repository"
|
||||
|
||||
- name: "(Install: Linux) Modify Service For Systemd"
|
||||
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
|
||||
when:
|
||||
- ansible_service_mgr == "systemd"
|
||||
- nginx_service_modify | bool
|
||||
|
||||
- name: "(Install: Linux) Install NGINX From Source"
|
||||
include_tasks: "{{ role_path }}/tasks/opensource/setup-source.yml"
|
||||
when: nginx_install_from == "source"
|
||||
|
||||
- name: "(Install: Linux) Install NGINX Package"
|
||||
package:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
when: nginx_install_from == "os_repository"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
@ -1,8 +1,38 @@
|
||||
---
|
||||
- name: "(Install: OSS Linux)"
|
||||
include_tasks: "{{ role_path }}/tasks/opensource/install-oss-linux.yml"
|
||||
when: ansible_os_family in nginx_linux_families
|
||||
- name: "Install NGINX"
|
||||
debug:
|
||||
msg: "Installing NGINX"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
||||
- name: "(Install: OSS BSD)"
|
||||
include_tasks: "{{ role_path }}/tasks/opensource/install-oss-bsd.yml"
|
||||
when: ansible_system in nginx_bsd_systems
|
||||
- name: "Install NGINX in Linux systems"
|
||||
block:
|
||||
- name: "Install NGINX from repository"
|
||||
block:
|
||||
- name: "Set NGINX repository"
|
||||
set_fact:
|
||||
repository: "{{ nginx_repository | default(nginx_default_repository[ansible_facts['os_family'] | lower]) }}"
|
||||
|
||||
- name: "Install NGINX from repository"
|
||||
include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml"
|
||||
when: nginx_install_from == "nginx_repository"
|
||||
|
||||
- name: "Install NGINX from source"
|
||||
include_tasks: "{{ role_path }}/tasks/opensource/install-source.yml"
|
||||
when: nginx_install_from == "source"
|
||||
|
||||
- name: "Install NGINX from package"
|
||||
package:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
when: nginx_install_from == "os_repository"
|
||||
notify: "(Handler) Start NGINX"
|
||||
when: ansible_facts['system'] | lower is not search('bsd')
|
||||
|
||||
- name: "Install NGINX in Unix systems"
|
||||
include_tasks: "{{ role_path }}/tasks/opensource/install-bsd.yml"
|
||||
when: ansible_facts['system'] | lower is search('bsd')
|
||||
|
||||
- name: "Install NGINX"
|
||||
debug:
|
||||
msg: "Done installing NGINX"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
33
tasks/opensource/install-redhat.yml
Normal file
33
tasks/opensource/install-redhat.yml
Normal file
@ -0,0 +1,33 @@
|
||||
---
|
||||
- name: "(CentOS/RHEL 6/7) Configure NGINX repository"
|
||||
yum_repository:
|
||||
name: nginx
|
||||
baseurl: "{{ repository }}"
|
||||
description: NGINX Repository
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
mode: 0644
|
||||
when: ansible_facts['distribution_major_version'] is version('8', '<')
|
||||
|
||||
- name: "(CentOS/RHEL 8) Configure NGINX repository"
|
||||
blockinfile:
|
||||
path: /etc/yum.repos.d/nginx.repo
|
||||
create: yes
|
||||
block: |
|
||||
[nginx]
|
||||
baseurl = {{ repository }}
|
||||
enabled = 1
|
||||
gpgcheck = 1
|
||||
name = NGINX Repository
|
||||
module_hotfixes = true
|
||||
mode: 0644
|
||||
when: ansible_facts['distribution_major_version'] is version('8', '==')
|
||||
|
||||
- name: "(CentOS/RHEL) Install NGINX"
|
||||
yum:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
disablerepo: "*"
|
||||
enablerepo: "nginx"
|
||||
update_cache: yes
|
||||
notify: "(Handler) Start NGINX"
|
@ -1,9 +1,9 @@
|
||||
---
|
||||
- name: "(Install: Linux) Check For Build Tools"
|
||||
- name: "Check for build tools"
|
||||
block:
|
||||
- name: "(Install: Centos/RHEL) Setup Python 3"
|
||||
- name: "(CentOS/RHEL 8) Setup python 3"
|
||||
block:
|
||||
- name: "(Install: Centos/RHEL) Install Python 3"
|
||||
- name: "(CentOS/RHEL 8) Install python 3"
|
||||
yum:
|
||||
name:
|
||||
- python3
|
||||
@ -11,144 +11,144 @@
|
||||
- python3-devel
|
||||
update_cache: yes
|
||||
|
||||
- name: "(Install: Centos/RHEL) Set Python 3 Default"
|
||||
- name: "(Centos/RHEL 8) Set python 3 as default"
|
||||
alternatives:
|
||||
name: python
|
||||
path: /usr/bin/python3
|
||||
link: /usr/bin/python
|
||||
when:
|
||||
- ansible_os_family == "RedHat"
|
||||
- ansible_distribution_major_version == "8"
|
||||
- ansible_facts['os_family'] == "RedHat"
|
||||
- ansible_facts['distribution_major_version'] is version('8', '==')
|
||||
|
||||
- name: "(Install: Centos/RHEL) Install Build Tools"
|
||||
- name: "(Centos/RHEL) Install build tools"
|
||||
yum:
|
||||
name:
|
||||
- "@Development tools"
|
||||
- ca-certificates
|
||||
- gcc
|
||||
- glibc
|
||||
- glibc-common
|
||||
- gd
|
||||
- gd-devel
|
||||
- glibc
|
||||
- glibc-common
|
||||
- perl-core
|
||||
- wget
|
||||
- ca-certificates
|
||||
- zlib-devel
|
||||
update_cache: yes
|
||||
when: ansible_os_family == "RedHat"
|
||||
when: ansible_facts['os_family'] == "RedHat"
|
||||
|
||||
- name: "(Install: Debian) Install Backports Repo For Buster"
|
||||
- name: "(Debian) Install backports repo for buster"
|
||||
apt_repository:
|
||||
filename: buster-backports
|
||||
repo: deb http://ftp.us.debian.org/debian buster-backports main
|
||||
update_cache: yes
|
||||
mode: 0644
|
||||
when: ansible_distribution_release == "buster"
|
||||
when: ansible_facts['distribution_release'] == "buster"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Install Build Tools"
|
||||
- name: "(Debian/Ubuntu) Install build tools"
|
||||
apt:
|
||||
name:
|
||||
- python3-minimal
|
||||
- build-essential
|
||||
- checkinstall
|
||||
- libtemplate-perl
|
||||
- python3-minimal
|
||||
- perl
|
||||
- tar
|
||||
- checkinstall
|
||||
- zlib1g-dev
|
||||
- libtemplate-perl
|
||||
update_cache: yes
|
||||
when: ansible_os_family == "Debian"
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
|
||||
- name: "(Install: Alpine) Install Build Tools"
|
||||
- name: "(Alpine Linux) Install build tools"
|
||||
apk:
|
||||
name:
|
||||
- python3
|
||||
- alpine-sdk
|
||||
- build-base
|
||||
- git
|
||||
- wget
|
||||
- openrc
|
||||
- perl
|
||||
- python3
|
||||
- linux-headers
|
||||
- tar
|
||||
- openrc
|
||||
- wget
|
||||
update_cache: yes
|
||||
when: ansible_os_family == "Alpine"
|
||||
when: ansible_facts['os_family'] == "Alpine"
|
||||
|
||||
- name: "(Install: Alpine) Enable OpenRC"
|
||||
- name: "(Alpine Linux) Enable OpenRC"
|
||||
copy:
|
||||
content: ""
|
||||
dest: /run/openrc/softlevel
|
||||
force: no
|
||||
owner: root
|
||||
mode: 0644
|
||||
when: ansible_os_family == "Alpine"
|
||||
when: ansible_facts['os_family'] == "Alpine"
|
||||
when: nginx_install_source_build_tools | bool
|
||||
|
||||
- name: "(Install: Linux) Check For Source Installs"
|
||||
- name: "Check for source installs"
|
||||
block:
|
||||
- name: "(Install: Linux) Check For PCRE Install"
|
||||
- name: "Check for PCRE install"
|
||||
stat:
|
||||
path: /tmp/{{ pcre_version }}
|
||||
register: pcre_result
|
||||
|
||||
- name: "(Install: Linux) Check For ZLib Install"
|
||||
- name: "Check for ZLib install"
|
||||
stat:
|
||||
path: /tmp/{{ zlib_version }}
|
||||
register: zlib_result
|
||||
|
||||
- name: "(Install: Linux) Check For OpenSSL Install"
|
||||
- name: "Check for OpenSSL install"
|
||||
stat:
|
||||
path: /tmp/{{ openssl_version }}
|
||||
register: openssl_result
|
||||
|
||||
- name: "(Install: Centos/RHEL) Install PCRE Dependency From Package"
|
||||
- name: "(CentOS/RHEL) Install PCRE dependency from package"
|
||||
yum:
|
||||
name: pcre-devel
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_pcre | bool
|
||||
- ansible_os_family == "RedHat"
|
||||
- ansible_facts['os_family'] == "RedHat"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Install PCRE Dependency From Package"
|
||||
- name: "(Debian/Ubuntu) Install PCRE dependency from package"
|
||||
apt:
|
||||
name: libpcre3-dev
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_pcre | bool
|
||||
- ansible_os_family == "Debian"
|
||||
- ansible_facts['os_family'] == "Debian"
|
||||
|
||||
- name: "(Install: Alpine) Install PCRE Dependency From Package"
|
||||
- name: "(Alpine Linux) Install PCRE dependency from package"
|
||||
apk:
|
||||
name: pcre-dev
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_pcre | bool
|
||||
- ansible_os_family == "Alpine"
|
||||
- ansible_facts['os_family'] == "Alpine"
|
||||
|
||||
- name: "(Install: Linux) Install PCRE Dependence From Source"
|
||||
- name: "Install PCRE dependence from source"
|
||||
block:
|
||||
- name: "(Install: Linux) Download PCRE Dependency"
|
||||
- name: "Download PCRE dependency"
|
||||
get_url:
|
||||
url: "http://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz"
|
||||
url: "https://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz"
|
||||
dest: "/tmp/{{ pcre_version }}.tar.gz"
|
||||
mode: 0600
|
||||
register: pcre_source
|
||||
|
||||
- name: "(Install: Linux) Unpack PCRE Dependency"
|
||||
- name: "Unpack PCRE dependency"
|
||||
unarchive:
|
||||
copy: no
|
||||
dest: /tmp/
|
||||
src: "{{ pcre_source.dest }}"
|
||||
mode: 0700
|
||||
|
||||
- name: "(Install: Linux) Configure PCRE Dependency"
|
||||
- name: "Configure PCRE dependency"
|
||||
command: "./configure"
|
||||
args:
|
||||
chdir: "/tmp/{{ pcre_version }}"
|
||||
|
||||
- name: "(Install: Linux) Make PCRE Dependency"
|
||||
- name: "Make PCRE dependency"
|
||||
make:
|
||||
chdir: "/tmp/{{ pcre_version }}"
|
||||
|
||||
- name: "(Install: Linux) Install PCRE Dependency"
|
||||
- name: "Install PCRE dependency"
|
||||
make:
|
||||
chdir: "/tmp/{{ pcre_version }}"
|
||||
target: install
|
||||
@ -156,56 +156,56 @@
|
||||
- not pcre_result.stat.exists | bool
|
||||
- not nginx_install_source_pcre | bool
|
||||
|
||||
- name: "(Install: Centos/RHEL) Install ZLib Dependency From Package"
|
||||
- name: "(Centos/RHEL) Install ZLib dependency from package"
|
||||
yum:
|
||||
name: zlib-devel
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_zlib | bool
|
||||
- ansible_os_family == "RedHat"
|
||||
- ansible_facts['os_family'] == "RedHat"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Install ZLib Dependency From Package"
|
||||
- name: "(Debian/Ubuntu) Install ZLib dependency from package"
|
||||
apt:
|
||||
name: zlib1g-dev
|
||||
update_cache: true
|
||||
when:
|
||||
- nginx_install_source_zlib | bool
|
||||
- ansible_os_family == "Debian"
|
||||
- ansible_facts['os_family'] == "Debian"
|
||||
|
||||
- name: "(Install: Alpine) Install ZLib Dependency From Package"
|
||||
- name: "(Alpine Linux) Install ZLib dependency from package"
|
||||
apk:
|
||||
name: zlib-dev
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_zlib | bool
|
||||
- ansible_os_family == "Alpine"
|
||||
- ansible_facts['os_family'] == "Alpine"
|
||||
|
||||
- name: "(Install: Linux) Install ZLib Dependency From Source"
|
||||
- name: "Install ZLib dependency from source"
|
||||
block:
|
||||
- name: "(Install: Linux) Download ZLib Dependency"
|
||||
- name: "Download ZLib dependency"
|
||||
get_url:
|
||||
url: "http://zlib.net/{{ zlib_version }}.tar.gz"
|
||||
url: "https://zlib.net/{{ zlib_version }}.tar.gz"
|
||||
dest: "/tmp/{{ zlib_version }}.tar.gz"
|
||||
mode: 0600
|
||||
register: zlib_source
|
||||
|
||||
- name: "(Install: Linux) Unpack ZLib Dependency"
|
||||
- name: "Unpack ZLib dependency"
|
||||
unarchive:
|
||||
copy: no
|
||||
dest: /tmp/
|
||||
src: "{{ zlib_source.dest }}"
|
||||
mode: 0700
|
||||
|
||||
- name: "(Install: Linux) Configure zlib Dependency"
|
||||
- name: "Configure ZLib dependency"
|
||||
command: "./configure"
|
||||
args:
|
||||
chdir: "/tmp/{{ zlib_version }}"
|
||||
|
||||
- name: "(Install: Linux) Make ZLib Dependency"
|
||||
- name: "Make ZLib dependency"
|
||||
make:
|
||||
chdir: "/tmp/{{ zlib_version }}"
|
||||
|
||||
- name: "(Install: Linux) Install ZLib Dependency"
|
||||
- name: "Install ZLib dependency"
|
||||
make:
|
||||
chdir: "/tmp/{{ zlib_version }}"
|
||||
target: install
|
||||
@ -213,56 +213,56 @@
|
||||
- not zlib_result.stat.exists | bool
|
||||
- not nginx_install_source_zlib | bool
|
||||
|
||||
- name: "(Install: Centos/RHEL) Install OpenSSL Dependency From Package"
|
||||
- name: "(CentOS/RHEL) Install OpenSSL dependency from package"
|
||||
yum:
|
||||
name: openssl-devel
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_openssl | bool
|
||||
- ansible_os_family == "RedHat"
|
||||
- ansible_facts['os_family'] == "RedHat"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Install OpenSSL Dependency From Package"
|
||||
- name: "(Debian/Ubuntu) Install OpenSSL dependency from package"
|
||||
apt:
|
||||
name: libssl-dev
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_openssl | bool
|
||||
- ansible_os_family == "Debian"
|
||||
- ansible_facts['os_family'] == "Debian"
|
||||
|
||||
- name: "(Install: Alpine) Install OpenSSL Dependency From Package"
|
||||
- name: "(Alpine Linux) Install OpenSSL dependency from package"
|
||||
apk:
|
||||
name: openssl-dev
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_openssl | bool
|
||||
- ansible_os_family == "Alpine"
|
||||
- ansible_facts['os_family'] == "Alpine"
|
||||
|
||||
- name: "(Install: Linux) Install OpenSSL Dependency From Source"
|
||||
- name: "Install OpenSSL dependency from source"
|
||||
block:
|
||||
- name: "(Install: Linux) Download OpenSSL Dependency"
|
||||
- name: "Download OpenSSL dependency"
|
||||
get_url:
|
||||
url: "http://www.openssl.org/source/{{ openssl_version }}.tar.gz"
|
||||
url: "https://www.openssl.org/source/{{ openssl_version }}.tar.gz"
|
||||
dest: "/tmp/{{ openssl_version }}.tar.gz"
|
||||
mode: 0600
|
||||
register: openssl_source
|
||||
|
||||
- name: "(Install: Linux) Unpack OpenSSL Dependency"
|
||||
- name: "Unpack OpenSSL dependency"
|
||||
unarchive:
|
||||
copy: no
|
||||
dest: /tmp/
|
||||
src: "{{ openssl_source.dest }}"
|
||||
mode: 0700
|
||||
|
||||
- name: "(Install: Linux) Configure OpenSSL Dependency"
|
||||
- name: "Configure OpenSSL dependency"
|
||||
command: "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib"
|
||||
args:
|
||||
chdir: "/tmp/{{ openssl_version }}"
|
||||
|
||||
- name: "(Install: Linux) Make OpenSSL Dependency"
|
||||
- name: "Make OpenSSL dependency"
|
||||
make:
|
||||
chdir: "/tmp/{{ openssl_version }}"
|
||||
|
||||
- name: "(Install: Linux) Install OpenSSL Dependency"
|
||||
- name: "Install OpenSSL dependency"
|
||||
make:
|
||||
chdir: "/tmp/{{ openssl_version }}"
|
||||
target: install
|
||||
@ -270,72 +270,72 @@
|
||||
- not openssl_result.stat.exists | bool
|
||||
- not nginx_install_source_openssl | bool
|
||||
|
||||
- name: "(Install: Linux) Get NGINX Version"
|
||||
- name: "Get NGINX version"
|
||||
block:
|
||||
- name: "(Install: Linux) Fetch NGINX Version"
|
||||
- name: "Fetch NGINX version"
|
||||
uri:
|
||||
url: https://trac.nginx.org/nginx/browser
|
||||
return_content: yes
|
||||
register: nginx_versions
|
||||
|
||||
- name: "(Install: Linux) Set NGINX Mainline Version"
|
||||
- name: "Set NGINX mainline version"
|
||||
set_fact:
|
||||
nginx_version: "{{ nginx_versions.content | regex_search('release[^<]*') | regex_replace('release', 'nginx') }}"
|
||||
when: nginx_branch == "mainline"
|
||||
|
||||
- name: "(Install: Linux) Set NGINX Stable Version 1/2"
|
||||
- name: "Set NGINX stable version 1/2"
|
||||
set_fact:
|
||||
nginx_version: "{{ nginx_versions.content | regex_search('stable[^<]*') | regex_replace('stable', 'release') }}"
|
||||
when: nginx_branch == "stable"
|
||||
|
||||
- name: "(Install: Linux) Set NGINX Stable Version 2/2"
|
||||
- name: "Set NGINX stable version 2/2"
|
||||
set_fact:
|
||||
nginx_version: "{{ nginx_versions.content | regex_search(nginx_version + '[^<]*') | regex_replace('release', 'nginx') }}"
|
||||
when: nginx_branch == "stable"
|
||||
|
||||
- name: "(Install: Linux) Set NGINX Download Filename"
|
||||
- name: "Set NGINX download filename"
|
||||
set_fact:
|
||||
nginx_download_name: "{{ nginx_version }}"
|
||||
|
||||
- name: "(Install: Linux) Check For NGINX Install"
|
||||
- name: "Check for NGINX install"
|
||||
stat:
|
||||
path: /usr/sbin/nginx
|
||||
follow: yes
|
||||
register: nginx_result
|
||||
|
||||
- name: "(Install: Linux) Add NGINX User"
|
||||
- name: "Add NGINX user"
|
||||
user:
|
||||
name: nginx
|
||||
|
||||
- name: "(Install: Linux) Install NGINX"
|
||||
- name: "Install NGINX"
|
||||
block:
|
||||
- name: "(Install: Linux) Download NGINX"
|
||||
- name: "Download NGINX"
|
||||
get_url:
|
||||
url: "http://nginx.org/download/{{ nginx_download_name }}.tar.gz"
|
||||
url: "https://nginx.org/download/{{ nginx_download_name }}.tar.gz"
|
||||
dest: "/tmp/{{ nginx_download_name }}.tar.gz"
|
||||
mode: 0600
|
||||
register: nginx_source
|
||||
|
||||
- name: "(Install: Linux) Unpack NGINX"
|
||||
- name: "Unpack NGINX"
|
||||
unarchive:
|
||||
copy: no
|
||||
dest: /tmp/
|
||||
src: "{{ nginx_source.dest }}"
|
||||
mode: 0755
|
||||
|
||||
- name: "(Install: Linux) Configure NGINX"
|
||||
- name: "Configure NGINX"
|
||||
command: >-
|
||||
./configure
|
||||
--prefix=/usr
|
||||
--pid-path=/var/run/nginx.pid
|
||||
--conf-path=/etc/nginx/nginx.conf
|
||||
--error-log-path=/var/log/nginx/error.log
|
||||
--http-log-path=/var/log/nginx/access.log
|
||||
--lock-path=/var/lock/nginx.lock
|
||||
--modules-path=/usr/lib/nginx/modules
|
||||
--prefix=/usr
|
||||
--pid-path=/var/run/nginx.pid
|
||||
--with-http_ssl_module
|
||||
--with-stream
|
||||
--with-mail=dynamic
|
||||
--with-stream
|
||||
{{ nginx_install_source_pcre | ternary('', '--with-pcre=../' + pcre_version) }}
|
||||
{{ nginx_install_source_zlib | ternary('', '--with-zlib=../' + zlib_version) }}
|
||||
{{ nginx_install_source_openssl | ternary('', '--with-openssl=../' + openssl_version) }}
|
||||
@ -343,86 +343,86 @@
|
||||
chdir: "/tmp/{{ nginx_version }}"
|
||||
register: nginx_configure
|
||||
|
||||
- name: "(Install: Linux) Make NGINX"
|
||||
- name: "Make NGINX"
|
||||
make:
|
||||
chdir: "/tmp/{{ nginx_version }}"
|
||||
|
||||
- name: "(Install: Linux) Install NGINX"
|
||||
- name: "Install NGINX"
|
||||
make:
|
||||
chdir: "/tmp/{{ nginx_version }}"
|
||||
target: install
|
||||
|
||||
- name: "(Install: Linux) Upload systemd NGINX Service File"
|
||||
- name: "Upload systemd NGINX service file"
|
||||
copy:
|
||||
src: services/nginx.systemd
|
||||
dest: /lib/systemd/system/nginx.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
when: ansible_service_mgr == "systemd"
|
||||
when: ansible_facts['service_mgr'] == "systemd"
|
||||
|
||||
- name: "(Install: Linux) Enable systemd NGINX Service File"
|
||||
- name: "Enable systemd NGINX service file"
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
name: nginx
|
||||
state: restarted
|
||||
enabled: yes
|
||||
when: ansible_service_mgr == "systemd"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
when: ansible_facts['service_mgr'] == "systemd"
|
||||
notify: "(Handler) Start NGINX"
|
||||
|
||||
- name: "(Install: Linux) Upload upstart NGINX Service File"
|
||||
- name: "Upload upstart NGINX service file"
|
||||
copy:
|
||||
src: services/nginx.upstart
|
||||
dest: /etc/init.d/nginx
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
when: ansible_service_mgr == "upstart"
|
||||
when: ansible_facts['service_mgr'] == "upstart"
|
||||
|
||||
- name: "(Install: Linux) Upload upstart NGINX Service Conf File"
|
||||
- name: "Upload upstart NGINX service conf file"
|
||||
copy:
|
||||
src: services/nginx.conf.upstart
|
||||
dest: /etc/init/nginx.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
when: ansible_service_mgr == "upstart"
|
||||
when: ansible_facts['service_mgr'] == "upstart"
|
||||
|
||||
- name: "(Install: Linux) Enable upstart NGINX Service Reload"
|
||||
- name: "Enable upstart NGINX service reload"
|
||||
command: "initctl reload-configuration"
|
||||
when: ansible_service_mgr == "upstart"
|
||||
when: ansible_facts['service_mgr'] == "upstart"
|
||||
|
||||
- name: "(Install: Linux) Start upstart NGINX Service Reload"
|
||||
- name: "Start upstart NGINX service reload"
|
||||
command: "nginx"
|
||||
when: ansible_service_mgr == "upstart"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
when: ansible_facts['service_mgr'] == "upstart"
|
||||
notify: "(Handler) Start NGINX"
|
||||
|
||||
- name: "(Install: Linux) Upload sysvinit NGINX Service File"
|
||||
- name: "Upload sysvinit NGINX service file"
|
||||
copy:
|
||||
src: services/nginx.sysvinit
|
||||
dest: /etc/init.d/nginx
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
when: ansible_service_mgr == "sysvinit"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
when: ansible_facts['service_mgr'] == "sysvinit"
|
||||
notify: "(Handler) Start NGINX"
|
||||
|
||||
- name: "(Install: Linux) Upload openrc NGINX Service File"
|
||||
- name: "Upload openrc NGINX service file"
|
||||
copy:
|
||||
src: services/nginx.openrc
|
||||
dest: /etc/init.d/nginx
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
when: ansible_service_mgr == "openrc"
|
||||
when: ansible_facts['service_mgr'] == "openrc"
|
||||
|
||||
- name: "(Install: Linux) Enable openrc NGINX Service"
|
||||
- name: "Enable openrc NGINX service"
|
||||
command: rc-update add nginx default
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
when: ansible_service_mgr == "openrc"
|
||||
when: ansible_facts['service_mgr'] == "openrc"
|
||||
notify: "(Handler) Start NGINX"
|
||||
when: not nginx_result.stat.exists
|
||||
|
||||
- name: "(Install: Linux) Cleanup Downloads"
|
||||
- name: "Cleanup downloads"
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
13
tasks/opensource/install-suse.yml
Normal file
13
tasks/opensource/install-suse.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
- name: "(SLES) Configure NGINX repository"
|
||||
zypper_repository:
|
||||
name: "nginx-{{ nginx_branch }}"
|
||||
repo: "{{ repository }}"
|
||||
|
||||
- name: "(SLES) Install NGINX"
|
||||
zypper:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
disable_recommends: no
|
||||
update_cache: yes
|
||||
notify: "(Handler) Start NGINX"
|
@ -1,29 +0,0 @@
|
||||
---
|
||||
- name: "(Install: Alpine) Set Default APK NGINX Repository"
|
||||
set_fact:
|
||||
default_repository: >-
|
||||
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
||||
| ternary('mainline/', '') }}alpine/v{{ ansible_distribution_version.split('.')[0] }}.{{ ansible_distribution_version.split('.')[1] }}/main
|
||||
|
||||
- name: "(Install: Alpine) Set APK NGINX Repository"
|
||||
set_fact:
|
||||
repository: "{{ nginx_repository | default(default_repository) }}"
|
||||
|
||||
- name: "(Install: Alpine) Add NGINX Repository"
|
||||
lineinfile:
|
||||
path: /etc/apk/repositories
|
||||
insertafter: EOF
|
||||
line: "{{ repository }}"
|
||||
|
||||
- name: "(Install: Alpine) Install Required Alpine Dependencies"
|
||||
apk:
|
||||
name:
|
||||
- openssl
|
||||
- pcre
|
||||
|
||||
- name: "(Install: Alpine) Install NGINX"
|
||||
apk:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
repository: "{{ repository }}"
|
||||
state: "{{ nginx_state }}"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
@ -1,28 +0,0 @@
|
||||
---
|
||||
- name: "(Install: Debian/Ubuntu) Set Default APT NGINX Repository"
|
||||
set_fact:
|
||||
default_repository:
|
||||
- >-
|
||||
deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
||||
| ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
|
||||
- >-
|
||||
deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
||||
| ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Set APT NGINX Repository"
|
||||
set_fact:
|
||||
repository: "{{ nginx_repository | default(default_repository) }}"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Add NGINX Repository"
|
||||
apt_repository:
|
||||
filename: nginx
|
||||
repo: "{{ item }}"
|
||||
update_cache: yes
|
||||
mode: 0644
|
||||
loop: "{{ repository }}"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Install NGINX"
|
||||
apt:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
@ -1,47 +0,0 @@
|
||||
---
|
||||
- name: "(Install: CentOS/RedHat) Set Default YUM NGINX Repository"
|
||||
set_fact:
|
||||
default_repository: >-
|
||||
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
||||
| ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat")
|
||||
| ternary('rhel', 'centos') }}/{{ ansible_distribution_major_version }}/$basearch/
|
||||
|
||||
- name: "(Install: CentOS/RedHat) Set YUM NGINX Repository"
|
||||
set_fact:
|
||||
repository: "{{ nginx_repository | default(default_repository) }}"
|
||||
|
||||
- name: "(Install: CentOS/RedHat) Add NGINX Repository for CentOS/RHEL 6/7"
|
||||
yum_repository:
|
||||
name: nginx
|
||||
baseurl: "{{ repository }}"
|
||||
description: NGINX Repository
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
mode: 0644
|
||||
when: ansible_distribution_major_version < "8"
|
||||
|
||||
- name: "(Install: CentOS/RedHat) Add NGINX Repository for CentOS/RHEL 8"
|
||||
blockinfile:
|
||||
path: /etc/yum.repos.d/nginx.repo
|
||||
create: yes
|
||||
block: |
|
||||
[nginx]
|
||||
baseurl = {{ repository }}
|
||||
enabled = 1
|
||||
gpgcheck = 1
|
||||
name = NGINX Repository
|
||||
module_hotfixes = true
|
||||
mode: 0644
|
||||
when: ansible_distribution_major_version == "8"
|
||||
|
||||
- name: "(Install: CentOS/RedHat) Install Required CentOS/RedHat Dependencies"
|
||||
yum:
|
||||
name: openssl
|
||||
|
||||
- name: "(Install: CentOS/RedHat) Install NGINX"
|
||||
yum:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
disablerepo: "*"
|
||||
enablerepo: "nginx"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
@ -1,21 +0,0 @@
|
||||
---
|
||||
- name: "(Install: SUSE) Set Default SUSE NGINX Repository"
|
||||
set_fact:
|
||||
default_repository: >-
|
||||
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
||||
| ternary('mainline/', '') }}sles/{{ ansible_distribution_major_version }}
|
||||
|
||||
- name: "(Install: SUSE) Set SUSE NGINX Repository"
|
||||
set_fact:
|
||||
repository: "{{ nginx_repository | default(default_repository) }}"
|
||||
|
||||
- name: "(Install: SUSE) Add NGINX Repository"
|
||||
zypper_repository:
|
||||
name: "nginx-{{ nginx_branch }}"
|
||||
repo: "{{ repository }}"
|
||||
|
||||
- name: "(Install: SUSE) Install NGINX"
|
||||
zypper:
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
@ -1,26 +0,0 @@
|
||||
---
|
||||
- name: "(Setup: All OSs) Set NGINX Plus License State"
|
||||
set_fact:
|
||||
nginx_license_status: absent
|
||||
|
||||
- name: "(Setup: All OSs Besides Alpine Linux) Delete NGINX Plus License"
|
||||
file:
|
||||
path: /etc/ssl/nginx
|
||||
state: absent
|
||||
when: ansible_distribution != "Alpine"
|
||||
|
||||
- name: "(Setup: Alpine Linux) Delete NGINX Plus License"
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- /etc/apk/cert.key
|
||||
- /etc/apk/cert.pem
|
||||
when: ansible_distribution == "Alpine"
|
||||
|
||||
- include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml"
|
||||
when: ansible_os_family == "Alpine"
|
||||
or ansible_os_family == "FreeBSD"
|
||||
or ansible_os_family == "Debian"
|
||||
or ansible_os_family == "RedHat"
|
||||
or ansible_os_family == "Suse"
|
14
tasks/plus/install-alpine.yml
Normal file
14
tasks/plus/install-alpine.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: "(Alpine Linux) Configure NGINX Plus repository"
|
||||
lineinfile:
|
||||
path: /etc/apk/repositories
|
||||
insertafter: EOF
|
||||
line: "{{ repository }}"
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
|
||||
- name: "(Alpine Linux) Install NGINX Plus"
|
||||
apk:
|
||||
name: "nginx-plus{{ nginx_version | default('') }}"
|
||||
repository: "{{ repository }}"
|
||||
state: "{{ nginx_state }}"
|
||||
notify: "(Handler) Start NGINX"
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus License"
|
||||
- name: "(Debian/Ubuntu) Set up NGINX Plus license verification"
|
||||
blockinfile:
|
||||
path: /etc/apt/apt.conf.d/90nginx
|
||||
create: yes
|
||||
@ -11,10 +11,16 @@
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
mode: 0444
|
||||
|
||||
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus Repository"
|
||||
- name: "(Debian/Ubuntu) Configure NGINX Plus repository"
|
||||
apt_repository:
|
||||
filename: nginx-plus
|
||||
repo: deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus
|
||||
repo: "{{ repository }}"
|
||||
update_cache: yes
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
mode: 0644
|
||||
|
||||
- name: "(Debian/Ubuntu) Install NGINX Plus"
|
||||
apt:
|
||||
name: "nginx-plus{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
notify: "(Handler) Start NGINX"
|
@ -1,18 +1,5 @@
|
||||
---
|
||||
- name: "(Setup: FreeBSD) Setup NGINX Plus Repository"
|
||||
blockinfile:
|
||||
path: /etc/pkg/nginx-plus.conf
|
||||
create: yes
|
||||
block: |
|
||||
nginx-plus: {
|
||||
URL: pkg+https://plus-pkgs.nginx.com/freebsd/${ABI}/latest
|
||||
ENABLED: yes
|
||||
MIRROR_TYPE: SRV
|
||||
}
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
mode: 0644
|
||||
|
||||
- name: "(Setup: FreeBSD) Setup NGINX Plus License"
|
||||
- name: "(FreeBSD) Set up NGINX Plus license verification"
|
||||
blockinfile:
|
||||
path: /usr/local/etc/pkg.conf
|
||||
block: |
|
||||
@ -20,3 +7,22 @@
|
||||
SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt",
|
||||
SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" }
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
|
||||
- name: "(FreeBSD) Configure NGINX Plus repository"
|
||||
blockinfile:
|
||||
path: /etc/pkg/nginx-plus.conf
|
||||
create: yes
|
||||
block: |
|
||||
nginx-plus: {
|
||||
URL: {{ repository }}
|
||||
ENABLED: yes
|
||||
MIRROR_TYPE: SRV
|
||||
}
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
mode: 0644
|
||||
|
||||
- name: "(FreeBSD) Install NGINX Plus"
|
||||
pkgng:
|
||||
name: "nginx-plus{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
notify: "(Handler) Start NGINX"
|
@ -1,9 +0,0 @@
|
||||
---
|
||||
- include_tasks: "{{ role_path }}/tasks/plus/setup-bsd.yml"
|
||||
when: ansible_os_family == "FreeBSD"
|
||||
|
||||
- name: "(Install: FreeBSD) Install NGINX Plus"
|
||||
pkgng:
|
||||
name: "nginx-plus{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
@ -1,19 +0,0 @@
|
||||
---
|
||||
- name: "(Setup: Linux) Setup NGINX Plus Repository"
|
||||
include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml"
|
||||
when: ansible_os_family == "Alpine"
|
||||
or ansible_os_family == "Debian"
|
||||
or ansible_os_family == "RedHat"
|
||||
or ansible_os_family == "Suse"
|
||||
|
||||
- name: "(Install: Linux) Modify Service for Systemd"
|
||||
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
|
||||
when:
|
||||
- ansible_service_mgr == "systemd"
|
||||
- nginx_service_modify | bool
|
||||
|
||||
- name: "(Install: Linux) Install NGINX Plus"
|
||||
package:
|
||||
name: "nginx-plus{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
@ -1,11 +1,19 @@
|
||||
---
|
||||
- name: "(Install: All OSs) Setup license"
|
||||
include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml"
|
||||
- name: "Install NGINX Plus"
|
||||
debug:
|
||||
msg: "Installing NGINX Plus"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
||||
- name: "(Install: Linux) Install NGINX Plus"
|
||||
include_tasks: "{{ role_path }}/tasks/plus/install-plus-linux.yml"
|
||||
when: ansible_os_family in nginx_plus_linux_families
|
||||
- name: "Set NGINX Plus repository"
|
||||
set_fact:
|
||||
repository: >-
|
||||
{{ nginx_repository |
|
||||
default(nginx_plus_default_repository[(ansible_facts['distribution'] == 'Amazon') | ternary('amazon', ansible_facts['os_family'] | lower)]) }}
|
||||
|
||||
- name: "(Install: FreeBSD) Install NGINX Plus"
|
||||
include_tasks: "{{ role_path }}/tasks/plus/install-plus-bsd.yml"
|
||||
when: ansible_system in nginx_plus_bsd_systems
|
||||
- name: "Install NGINX from repository"
|
||||
include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml"
|
||||
|
||||
- name: "Install NGINX Plus"
|
||||
debug:
|
||||
msg: "Done installing NGINX Plus"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
21
tasks/plus/install-redhat.yml
Normal file
21
tasks/plus/install-redhat.yml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Configure NGINX Plus repository"
|
||||
yum_repository:
|
||||
name: nginx-plus
|
||||
baseurl: "{{ repository }}"
|
||||
description: NGINX Plus Repository
|
||||
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
|
||||
sslclientkey: /etc/ssl/nginx/nginx-repo.key
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
mode: 0644
|
||||
|
||||
- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Install NGINX Plus"
|
||||
yum:
|
||||
name: "nginx-plus{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
disablerepo: "*"
|
||||
enablerepo: "nginx-plus"
|
||||
update_cache: yes
|
||||
notify: "(Handler) Start NGINX"
|
19
tasks/plus/install-suse.yml
Normal file
19
tasks/plus/install-suse.yml
Normal file
@ -0,0 +1,19 @@
|
||||
---
|
||||
- name: "(SLES) Combine NGINX Plus certificate and license key"
|
||||
assemble:
|
||||
src: /etc/ssl/nginx
|
||||
dest: /etc/ssl/nginx/nginx-repo-bundle.crt
|
||||
mode: 0444
|
||||
|
||||
- name: "(SLES) Configure NGINX Plus repository"
|
||||
zypper_repository:
|
||||
name: nginx-plus
|
||||
repo: "{{ repository }}"
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
|
||||
- name: "(SLES) Install NGINX Plus"
|
||||
zypper:
|
||||
name: "nginx-plus{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
update_cache: yes
|
||||
notify: "(Handler) Start NGINX"
|
22
tasks/plus/remove-license.yml
Normal file
22
tasks/plus/remove-license.yml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
- name: "Set NGINX Plus license state"
|
||||
set_fact:
|
||||
nginx_license_status: absent
|
||||
|
||||
- name: "(Debian/Red Hat/SLES OSs) Delete NGINX Plus license"
|
||||
file:
|
||||
path: /etc/ssl/nginx
|
||||
state: absent
|
||||
when: ansible_facts['distribution'] != "Alpine"
|
||||
|
||||
- name: "(Alpine Linux) Delete NGINX Plus license"
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- /etc/apk/cert.key
|
||||
- /etc/apk/cert.pem
|
||||
when: ansible_facts['distribution'] == "Alpine"
|
||||
|
||||
- name: "Delete NGINX Plus repository data"
|
||||
include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml"
|
@ -1,7 +0,0 @@
|
||||
---
|
||||
- name: "(Setup: Alpine Linux) Setup NGINX Plus Repository"
|
||||
lineinfile:
|
||||
path: /etc/apk/repositories
|
||||
insertafter: EOF
|
||||
line: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main"
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
@ -1,13 +1,18 @@
|
||||
---
|
||||
- name: "(Setup: All OSs Besides Alpine Linux) Setup NGINX Plus License"
|
||||
- name: "Set up NGINX Plus license"
|
||||
debug:
|
||||
msg: "Setting up NGINX Plus license"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
||||
- name: "(Debian/Red Hat/SLES OSs) Set up NGINX Plus license"
|
||||
block:
|
||||
- name: "(Setup: All OSs Besides Alpine Linux) Create SSL Directory"
|
||||
- name: "(Debian/Red Hat/SLES OSs) Create SSL directory"
|
||||
file:
|
||||
path: /etc/ssl/nginx
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: "(Setup: All OSs Besides Alpine Linux) Copy NGINX Plus Certificate and License Key"
|
||||
- name: "(Debian/Red Hat/SLES OSs) Copy NGINX Plus certificate and license key"
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: /etc/ssl/nginx
|
||||
@ -16,27 +21,32 @@
|
||||
loop:
|
||||
- "{{ nginx_license.certificate }}"
|
||||
- "{{ nginx_license.key }}"
|
||||
when: ansible_distribution != "Alpine"
|
||||
when: ansible_facts['os_family'] != "Alpine"
|
||||
|
||||
- name: "(Setup: Alpine Linux) Setup NGINX Plus License"
|
||||
- name: "(Alpine Linux) Set up NGINX Plus license"
|
||||
block:
|
||||
- name: "(Setup: Alpine Linux) Create APK Directory"
|
||||
- name: "(Alpine Linux) Create APK directory"
|
||||
file:
|
||||
path: /etc/apk
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: "(Setup: Alpine Linux) Copy NGINX Plus Key"
|
||||
- name: "(Alpine Linux) Copy NGINX Plus key"
|
||||
copy:
|
||||
src: "{{ nginx_license.key }}"
|
||||
dest: /etc/apk/cert.key
|
||||
decrypt: yes
|
||||
mode: 0444
|
||||
|
||||
- name: "(Setup: Alpine Linux) Copy NGINX Plus Certificate"
|
||||
- name: "(Alpine Linux) Copy NGINX Plus certificate"
|
||||
copy:
|
||||
src: "{{ nginx_license.certificate }}"
|
||||
dest: /etc/apk/cert.pem
|
||||
decrypt: yes
|
||||
mode: 0444
|
||||
when: ansible_distribution == "Alpine"
|
||||
when: ansible_facts['os_family'] == "Alpine"
|
||||
|
||||
- name: "Set up NGINX Plus license"
|
||||
debug:
|
||||
msg: "Done setting up NGINX Plus license"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
@ -1,30 +0,0 @@
|
||||
---
|
||||
- name: "(Setup: CentOS/RedHat/Oracle Linux) Setup NGINX Plus Repository"
|
||||
yum_repository:
|
||||
name: nginx-plus
|
||||
baseurl: >-
|
||||
https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0)
|
||||
| ternary('7.4', ansible_distribution_major_version | int) }}/$basearch/
|
||||
description: NGINX Plus Repository
|
||||
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
|
||||
sslclientkey: /etc/ssl/nginx/nginx-repo.key
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
mode: 0644
|
||||
when: ansible_distribution != "Amazon"
|
||||
|
||||
- name: "(Setup: Amazon Linux) Setup NGINX Plus Repository"
|
||||
yum_repository:
|
||||
name: nginx-plus
|
||||
baseurl: >-
|
||||
https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == '2')
|
||||
| ternary('2', '') }}/$releasever/$basearch
|
||||
description: NGINX Plus Repository
|
||||
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
|
||||
sslclientkey: /etc/ssl/nginx/nginx-repo.key
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
mode: 0644
|
||||
when: ansible_distribution == "Amazon"
|
@ -1,12 +0,0 @@
|
||||
---
|
||||
- name: "(Setup: SUSE) Setup NGINX Plus Certificate and License Keys"
|
||||
assemble:
|
||||
src: /etc/ssl/nginx
|
||||
dest: /etc/ssl/nginx/nginx-repo-bundle.crt
|
||||
mode: 0444
|
||||
|
||||
- name: "(Setup: SUSE) Setup NGINX Plus Repository"
|
||||
zypper_repository:
|
||||
name: nginx-plus
|
||||
repo: "https://plus-pkgs.nginx.com/sles/{{ ansible_distribution_major_version }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host"
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
37
tasks/prerequisites/install-dependencies.yml
Normal file
37
tasks/prerequisites/install-dependencies.yml
Normal file
@ -0,0 +1,37 @@
|
||||
---
|
||||
- name: "(Alpine Linux) Install dependencies"
|
||||
apk:
|
||||
name: "{{ nginx_alpine_dependencies }}"
|
||||
update_cache: yes
|
||||
when: ansible_facts['os_family'] == "Alpine"
|
||||
|
||||
- name: "(Debian/Ubuntu) Install dependencies"
|
||||
apt:
|
||||
name: "{{ nginx_debian_dependencies }}"
|
||||
update_cache: yes
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
|
||||
- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies"
|
||||
yum:
|
||||
name: "{{ nginx_redhat_dependencies }}"
|
||||
when: ansible_facts['os_family'] == "RedHat"
|
||||
|
||||
- name: "(SLES) Install dependencies"
|
||||
zypper:
|
||||
name: "{{ nginx_sles_dependencies }}"
|
||||
when: ansible_facts['os_family'] == "Suse"
|
||||
|
||||
- name: "(FreeBSD) Install dependencies"
|
||||
block:
|
||||
- name: "(FreeBSD) Install dependencies using package(s)"
|
||||
pkgng:
|
||||
name: "{{ nginx_freebsd_dependencies }}"
|
||||
when: nginx_bsd_install_packages | bool
|
||||
|
||||
- name: "(FreeBSD) Install dependencies using port(s)"
|
||||
portinstall:
|
||||
name: "{{ item }}"
|
||||
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
|
||||
loop: "{{ nginx_freebsd_dependencies }}"
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
when: ansible_facts['distribution'] == "FreeBSD"
|
38
tasks/prerequisites/prerequisites.yml
Normal file
38
tasks/prerequisites/prerequisites.yml
Normal file
@ -0,0 +1,38 @@
|
||||
---
|
||||
- name: "Install dependencies"
|
||||
debug:
|
||||
msg: "Installing dependencies"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
||||
- name: "Install dependencies"
|
||||
include_tasks: "{{ role_path }}/tasks/prerequisites/install-dependencies.yml"
|
||||
|
||||
- name: "Install dependencies"
|
||||
debug:
|
||||
msg: "Done installing dependencies"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
||||
- name: "Set up SELinux"
|
||||
block:
|
||||
- name: "Set up SELinux"
|
||||
debug:
|
||||
msg: "Setting up SELinux"
|
||||
when: nginx_debug_tasks | bool
|
||||
|
||||
- name: "Check if SELinux is enabled"
|
||||
debug:
|
||||
msg: "You need to enable SELinux, if it was disabled you need to reboot"
|
||||
when: ansible_facts['selinux'] is undefined
|
||||
|
||||
- name: "Configure SELinux"
|
||||
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
|
||||
when: ansible_facts['selinux.mode'] is defined
|
||||
|
||||
- name: "Set up SELinux"
|
||||
debug:
|
||||
msg: "Done setting up SELinux"
|
||||
when: nginx_debug_tasks | bool
|
||||
when:
|
||||
- nginx_selinux | bool
|
||||
- ansible_facts['os_family'] in ['RedHat', 'Suse']
|
||||
- ansible_facts['distribution'] not in ['Amazon', 'OracleLinux']
|
@ -1 +0,0 @@
|
||||
---
|
@ -1,7 +0,0 @@
|
||||
---
|
||||
- name: "(Setup: Debian/Ubuntu) Install Required Debian and Ubuntu Dependencies"
|
||||
apt:
|
||||
name:
|
||||
- apt-transport-https
|
||||
- dirmngr
|
||||
update_cache: yes
|
@ -1,14 +0,0 @@
|
||||
---
|
||||
- name: "(Setup: FreeBSD) Install Required Dependencies"
|
||||
block:
|
||||
- name: "(Setup: FreeBSD) Install Extra Package(s)"
|
||||
pkgng:
|
||||
name: "{{ nginx_freebsd_extra_packages }}"
|
||||
when: nginx_bsd_install_packages | bool
|
||||
|
||||
- name: "(Setup: FreeBSD) Install Extra Port(s)"
|
||||
portinstall:
|
||||
name: "{{ item }}"
|
||||
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
|
||||
loop: "{{ nginx_freebsd_extra_packages }}"
|
||||
when: not nginx_bsd_install_packages | bool
|
@ -1,6 +0,0 @@
|
||||
---
|
||||
- name: "(Setup: RedHat/CentOS) Setup SELinux"
|
||||
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
|
||||
when:
|
||||
- nginx_selinux | bool
|
||||
- ansible_selinux.mode is defined
|
@ -1,50 +1,42 @@
|
||||
---
|
||||
- name: "(Setup: SELinux) Install Required CentOS/RHEL 6/7 Dependencies"
|
||||
package:
|
||||
name:
|
||||
- policycoreutils-python
|
||||
- setools
|
||||
state: present
|
||||
when:
|
||||
- ansible_os_family == "RedHat"
|
||||
- ansible_distribution_major_version != "8"
|
||||
- name: "(CentOS/RHEL) Install dependencies"
|
||||
block:
|
||||
- name: "(CentOS/RHEL 6/7) Install dependencies"
|
||||
yum:
|
||||
name:
|
||||
- policycoreutils-python
|
||||
- setools
|
||||
when: ansible_facts['distribution_major_version'] is version('8', '!=')
|
||||
|
||||
- name: "(Setup: SELinux) Install Required CentOS/RHEL 8 Dependencies"
|
||||
package:
|
||||
name:
|
||||
- selinux-policy-targeted
|
||||
- libselinux-utils
|
||||
- policycoreutils
|
||||
state: present
|
||||
when:
|
||||
- ansible_os_family == "RedHat"
|
||||
- ansible_distribution_major_version == "8"
|
||||
- name: "(CentOS/RHEL 8) Install dependencies"
|
||||
yum:
|
||||
name:
|
||||
- libselinux-utils
|
||||
- policycoreutils
|
||||
- selinux-policy-targeted
|
||||
when: ansible_facts['distribution_major_version'] is version('8', '==')
|
||||
when: ansible_facts['os_family'] == "RedHat"
|
||||
|
||||
- name: "(Setup: SELinux) Check if SELinux is Enabled"
|
||||
debug:
|
||||
msg: "You need to enable selinux, if it was disabled you need to reboot"
|
||||
when: ansible_selinux is undefined
|
||||
|
||||
- name: "(Setup: SELinux) Setup Permissive SELinux"
|
||||
- name: "Set SELinux mode to permissive"
|
||||
selinux:
|
||||
state: permissive
|
||||
policy: targeted
|
||||
changed_when: false
|
||||
when: ansible_selinux.mode == "enforcing"
|
||||
when: ansible_facts['selinux.mode'] == "enforcing"
|
||||
|
||||
- name: "(Setup: SELinux) Allow HTTP Network Connection"
|
||||
- name: "Allow SELinux HTTP network connections"
|
||||
seboolean:
|
||||
name: httpd_can_network_connect
|
||||
state: yes
|
||||
persistent: yes
|
||||
|
||||
- name: "(Setup: SELinux) Allow HTTP Relay Connection"
|
||||
- name: "Allow SELinux HTTP network connections"
|
||||
seboolean:
|
||||
name: httpd_can_network_relay
|
||||
state: yes
|
||||
persistent: yes
|
||||
|
||||
- name: "(Setup: SELinux) Allow Status Ports"
|
||||
- name: "Allow SELinux TCP connections on status ports"
|
||||
seport:
|
||||
ports: "{{ nginx_status_port }}"
|
||||
proto: tcp
|
||||
@ -52,7 +44,7 @@
|
||||
state: present
|
||||
when: nginx_status_port is defined
|
||||
|
||||
- name: "(Setup: SELinux) Allow Rest API Ports"
|
||||
- name: "Allow SELinux TCP connections on Rest API ports"
|
||||
seport:
|
||||
ports: "{{ nginx_rest_api_port }}"
|
||||
proto: tcp
|
||||
@ -60,7 +52,7 @@
|
||||
state: present
|
||||
when: nginx_rest_api_port is defined
|
||||
|
||||
- name: "(Setup: SELinux) Allow Specific TCP Ports"
|
||||
- name: "Allow SELinux TCP connections on specific ports"
|
||||
seport:
|
||||
ports: "{{ nginx_selinux_tcp_ports }}"
|
||||
proto: tcp
|
||||
@ -68,7 +60,7 @@
|
||||
state: present
|
||||
when: nginx_selinux_tcp_ports is defined
|
||||
|
||||
- name: "(Setup: SELinux) Allow Specific UDP Ports"
|
||||
- name: "Allow SELinux UDP connections on specific ports"
|
||||
seport:
|
||||
ports: "{{ nginx_selinux_udp_ports }}"
|
||||
proto: udp
|
||||
@ -76,35 +68,35 @@
|
||||
state: present
|
||||
when: nginx_selinux_udp_ports is defined
|
||||
|
||||
- name: "(Setup: SELinux) Create NGINX Plus Module"
|
||||
- name: "Create SELinux NGINX Plus Module"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2"
|
||||
dest: "{{ nginx_tempdir }}/nginx-plus-module.te"
|
||||
dest: "{{ nginx_selinux_tempdir }}/nginx-plus-module.te"
|
||||
mode: 0644
|
||||
register: nginx_selinux_module
|
||||
|
||||
- name: "(Setup: SELinux) Check NGINX Plus Module"
|
||||
command: "checkmodule -M -m -o {{ nginx_tempdir }}/nginx-plus-module.mod {{ nginx_tempdir }}/nginx-plus-module.te"
|
||||
- name: "Check SELinux NGINX Plus Module"
|
||||
command: "checkmodule -M -m -o {{ nginx_selinux_tempdir }}/nginx-plus-module.mod {{ nginx_selinux_tempdir }}/nginx-plus-module.te"
|
||||
args:
|
||||
creates: "{{ nginx_tempdir }}/nginx-plus-module.mod"
|
||||
creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.mod"
|
||||
changed_when: false
|
||||
|
||||
- name: "(Setup: SELinux) Compile NGINX Plus Module"
|
||||
command: "semodule_package -o {{ nginx_tempdir }}/nginx-plus-module.pp -m {{ nginx_tempdir }}/nginx-plus-module.mod"
|
||||
- name: "Compile SELinux NGINX Plus Module"
|
||||
command: "semodule_package -o {{ nginx_selinux_tempdir }}/nginx-plus-module.pp -m {{ nginx_selinux_tempdir }}/nginx-plus-module.mod"
|
||||
args:
|
||||
creates: "{{ nginx_tempdir }}/nginx-plus-module.pp"
|
||||
creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.pp"
|
||||
changed_when: false
|
||||
|
||||
- name: "(Setup: SELinux) Import NGINX Plus Module"
|
||||
command: "semodule -i {{ nginx_tempdir }}/nginx-plus-module.pp" # noqa 503
|
||||
- name: "Import SELinux NGINX Plus Module"
|
||||
command: "semodule -i {{ nginx_selinux_tempdir }}/nginx-plus-module.pp" # noqa 503
|
||||
changed_when: false
|
||||
when: nginx_selinux_module.changed
|
||||
when: nginx_selinux_module.changed | bool
|
||||
|
||||
- name: "(Setup: SELinux) Enforce SELinux"
|
||||
- name: "Set SELinux mode to enforcing"
|
||||
selinux:
|
||||
state: enforcing
|
||||
policy: targeted
|
||||
changed_when: false
|
||||
when:
|
||||
- nginx_selinux_enforcing
|
||||
- ansible_selinux.mode == "permissive"
|
||||
- nginx_selinux_enforcing | bool
|
||||
- ansible_facts['selinux.mode'] == "permissive"
|
||||
|
@ -1,6 +0,0 @@
|
||||
---
|
||||
- name: "(Setup: SUSE) Setup SELinux"
|
||||
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
|
||||
when:
|
||||
- nginx_selinux | bool
|
||||
- ansible_selinux.mode is defined
|
@ -1,16 +1,17 @@
|
||||
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
|
||||
---
|
||||
- name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit Modules"
|
||||
- name: "(Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit Modules"
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop: "{{ nginx_unit_modules }}"
|
||||
when: ansible_os_family != "FreeBSD"
|
||||
when: ansible_facts['os_family'] != "FreeBSD"
|
||||
notify: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit"
|
||||
|
||||
- name: "(Install: FreeBSD) Install NGINX Unit Modules"
|
||||
- name: "(FreeBSD) Install NGINX Unit Modules"
|
||||
portinstall:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop: "{{ nginx_unit_modules }}"
|
||||
when: ansible_os_family == "FreeBSD"
|
||||
when: ansible_facts['os_family'] == "FreeBSD"
|
||||
notify: "(Handler: FreeBSD) Start NGINX Unit"
|
||||
|
@ -1,24 +1,29 @@
|
||||
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
|
||||
---
|
||||
- name: "(Setup: All OSs) Configure NGINX Unit Repository"
|
||||
include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_os_family | lower }}.yml"
|
||||
when: ansible_os_family == "Debian"
|
||||
or ansible_os_family == "RedHat"
|
||||
or ansible_os_family == "FreeBSD"
|
||||
- name: "Deprecation warning"
|
||||
debug:
|
||||
msg: "DEPRECATED TASKS -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit"
|
||||
- name: "(DEPRECATED) Configure NGINX Unit Repository"
|
||||
include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_facts['os_family'] | lower }}.yml"
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
or ansible_facts['os_family'] == "RedHat"
|
||||
or ansible_facts['os_family'] == "FreeBSD"
|
||||
|
||||
- name: "(DEPRECATED) Install NGINX Unit"
|
||||
package:
|
||||
name: unit
|
||||
state: present
|
||||
when: ansible_os_family != "FreeBSD"
|
||||
when: ansible_facts['os_family'] != "FreeBSD"
|
||||
notify: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit"
|
||||
|
||||
- name: "(Install: FreeBSD) Install NGINX Unit"
|
||||
- name: "(DEPRECATED) Install NGINX Unit"
|
||||
portinstall:
|
||||
name: unit
|
||||
state: present
|
||||
when: ansible_os_family == "FreeBSD"
|
||||
when: ansible_facts['os_family'] == "FreeBSD"
|
||||
notify: "(Handler: FreeBSD) Start NGINX Unit"
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Unit modules"
|
||||
- name: "(DEPRECATED) Install NGINX Unit modules"
|
||||
include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml"
|
||||
when: nginx_unit_modules is defined
|
||||
|
@ -1,8 +1,9 @@
|
||||
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
|
||||
---
|
||||
- name: "(Install: Debian/Ubuntu) Add NGINX Unit Repository"
|
||||
- name: "(DEPRECATED) Add NGINX Unit Repository"
|
||||
apt_repository:
|
||||
repo: "{{ item }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit
|
||||
- deb-src https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit
|
||||
- deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_facts['distribution']|lower }}/ {{ ansible_facts['distribution_release'] }} unit
|
||||
- deb-src https://packages.nginx.org/unit/{{ ansible_facts['distribution']|lower }}/ {{ ansible_facts['distribution_release'] }} unit
|
||||
|
@ -1,10 +1,11 @@
|
||||
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
|
||||
---
|
||||
- name: "(Install: FreeBSD) Fetch Ports"
|
||||
- name: "(DEPRECATED) Fetch Ports"
|
||||
command: portsnap fetch --interactive
|
||||
args:
|
||||
creates: /var/db/portsnap/INDEX
|
||||
|
||||
- name: "(Install: FreeBSD) Extract Ports"
|
||||
- name: "(DEPRECATED) Extract Ports"
|
||||
command: portsnap extract
|
||||
args:
|
||||
creates: /usr/ports
|
||||
|
@ -1,20 +1,21 @@
|
||||
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
|
||||
---
|
||||
- name: "(Install: CentOS/RedHat) Add NGINX Unit Repository"
|
||||
- name: "(DEPRECATED) Add NGINX Unit Repository"
|
||||
yum_repository:
|
||||
name: unit
|
||||
baseurl: https://packages.nginx.org/unit/{{ (ansible_distribution == "RedHat") | ternary('rhel/', 'centos/') }}$releasever/$basearch/
|
||||
baseurl: https://packages.nginx.org/unit/{{ (ansible_facts['distribution'] == "RedHat") | ternary('rhel/', 'centos/') }}$releasever/$basearch/
|
||||
description: NGINX Unit Repository
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
mode: 0644
|
||||
when: ansible_distribution != "Amazon"
|
||||
when: ansible_facts['distribution'] != "Amazon"
|
||||
|
||||
- name: "(Install: Amazon Linux) Add NGINX Unit Repository"
|
||||
- name: "(DEPRECATED) Add NGINX Unit Repository"
|
||||
yum_repository:
|
||||
name: unit
|
||||
baseurl: https://packages.nginx.org/unit/amzn{{ (ansible_distribution_version == "2") | ternary('2', '') }}/$releasever/$basearch/
|
||||
baseurl: https://packages.nginx.org/unit/amzn{{ (ansible_facts['distribution_version'] == "2") | ternary('2', '') }}/$releasever/$basearch/
|
||||
description: NGINX Unit Repository
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
mode: 0644
|
||||
when: ansible_distribution == "Amazon"
|
||||
when: ansible_facts['distribution'] == "Amazon"
|
||||
|
@ -6,7 +6,7 @@
|
||||
{{ option }}
|
||||
{% endfor %}
|
||||
postrotate
|
||||
{% if ansible_os_family == "Debian" %}
|
||||
{% if ansible_facts['os_family'] == "Debian" %}
|
||||
if [ -f /var/run/nginx.pid ]; then
|
||||
kill -USR1 `cat /var/run/nginx.pid`
|
||||
fi
|
||||
|
120
vars/main.yml
120
vars/main.yml
@ -1,27 +1,97 @@
|
||||
---
|
||||
nginx_modules_list:
|
||||
- geoip
|
||||
- image-filter
|
||||
- njs
|
||||
- perl
|
||||
- xslt
|
||||
# Supported NGINX Open Source distributions
|
||||
# https://nginx.org/en/docs/install.html
|
||||
nginx_distributions: [
|
||||
'Alpine', 'CentOS', 'Debian', 'FreeBSD', 'RedHat', 'SLES', 'Ubuntu',
|
||||
'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD',
|
||||
]
|
||||
|
||||
nginx_plus_modules_list:
|
||||
- auth-spnego
|
||||
- brotli
|
||||
- cookie-flag
|
||||
- encrypted-session
|
||||
- geoip
|
||||
- geoip2
|
||||
- headers-more
|
||||
- image-filter
|
||||
- lua
|
||||
- modsecurity
|
||||
- njs
|
||||
- opentracing
|
||||
- passenger
|
||||
- perl
|
||||
- prometheus
|
||||
- rtmp
|
||||
- subs-filter
|
||||
- xslt
|
||||
# Supported NGINX Plus distributions
|
||||
# https://docs.nginx.com/nginx/technical-specs/
|
||||
nginx_plus_distributions: [
|
||||
'Alpine', 'Amazon', 'CentOS', 'Debian', 'FreeBSD', 'OracleLinux', 'RedHat', 'SLES', 'Ubuntu',
|
||||
]
|
||||
|
||||
# Default NGINX signing key
|
||||
nginx_default_signing_key:
|
||||
rsa_pub: https://nginx.org/keys/nginx_signing.rsa.pub
|
||||
pgp: https://nginx.org/keys/nginx_signing.key
|
||||
|
||||
# Default NGINX Open Source repositories
|
||||
nginx_default_repository:
|
||||
alpine: >-
|
||||
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
||||
| ternary('mainline/', '') }}alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main
|
||||
debian:
|
||||
- >-
|
||||
deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
||||
| ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx
|
||||
- >-
|
||||
deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
||||
| ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx
|
||||
redhat: >-
|
||||
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
||||
| ternary('mainline/', '') }}{{ (ansible_facts['distribution'] == "CentOS")
|
||||
| ternary('centos', 'rhel') }}/{{ ansible_facts['distribution_major_version'] }}/$basearch/
|
||||
suse: >-
|
||||
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
||||
| ternary('mainline/', '') }}sles/{{ ansible_facts['distribution_major_version'] }}
|
||||
|
||||
# Default NGINX Plus repositories
|
||||
nginx_plus_default_repository:
|
||||
alpine: >-
|
||||
https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main
|
||||
amazon: >-
|
||||
https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '=='))
|
||||
| ternary('2', '') }}/$releasever/$basearch
|
||||
debian: >-
|
||||
deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus
|
||||
freebsd: >-
|
||||
https://plus-pkgs.nginx.com/freebsd/${ABI}/latest
|
||||
redhat: >-
|
||||
https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == "CentOS")
|
||||
| ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
|
||||
and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/
|
||||
suse: >-
|
||||
https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host
|
||||
|
||||
# Alpine dependencies
|
||||
nginx_alpine_dependencies: [
|
||||
'coreutils', 'openssl', 'pcre',
|
||||
]
|
||||
|
||||
# Debian dependencies
|
||||
nginx_debian_dependencies: [
|
||||
'apt-transport-https', 'ca-certificates', 'dirmngr',
|
||||
]
|
||||
|
||||
# Red Hat dependencies
|
||||
nginx_redhat_dependencies: [
|
||||
'ca-certificates', 'openssl',
|
||||
]
|
||||
|
||||
# SLES dependencies
|
||||
nginx_sles_dependencies: [
|
||||
'ca-certificates',
|
||||
]
|
||||
|
||||
# FreeBSD dependencies
|
||||
nginx_freebsd_dependencies: [
|
||||
'security/ca_root_nss'
|
||||
]
|
||||
|
||||
# Default locations and versions when 'nginx_install_from' is set to 'source'
|
||||
pcre_version: pcre-8.44
|
||||
zlib_version: zlib-1.2.11
|
||||
openssl_version: openssl-1.1.1g
|
||||
|
||||
# Supported NGINX Open Source modules
|
||||
nginx_modules_list: [
|
||||
'geoip', 'image-filter', 'njs', 'perl', 'xslt',
|
||||
]
|
||||
|
||||
# Supported NGINX Plus modules
|
||||
nginx_plus_modules_list: [
|
||||
'auth-spnego', 'brotli', 'cookie-flag', 'encrypted-session', 'geoip', 'geoip2', 'headers-more', 'image-filter', 'lua',
|
||||
'modsecurity', 'njs', 'opentracing', 'passenger', 'perl', 'prometheus', 'rtmp', 'subs-filter', 'xslt',
|
||||
]
|
||||
|
Loading…
Reference in New Issue
Block a user