diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 6d30a9a..7a63863 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -20,7 +20,7 @@ Steps to reproduce the behavior:
A clear and concise description of what you expected to happen.
**Your environment:**
-- Version of the NGINX Role or specific commit
+- Version of the NGINX role or specific commit
- Version of Ansible
- Target deployment platform
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 7ba7694..f07653a 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -4,7 +4,7 @@ Describe the use case and detail of the change. If this PR addresses an issue on
### Checklist
Before creating a PR, run through this checklist and mark each as complete.
-- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx/blob/master/CONTRIBUTING.md) document
+- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx/blob/main/CONTRIBUTING.md) document
- [ ] I have added Molecule tests that prove my fix is effective or that my feature works
- [ ] I have checked that all Molecule tests pass after adding my changes
- [ ] I have updated any relevant documentation (`defaults/main/*.yml`, `README.md` and `CHANGELOG.md`)
diff --git a/.travis.yml b/.travis.yml
index 34f55ab..b7ba2db 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,7 +6,7 @@ jobs:
- name: "(Debian/Ubuntu) Install Specific Version"
env:
scenario: default
- - name: "(Alpine) Install Specific Version"
+ - name: "(Alpine Linux) Install Specific Version"
env:
scenario: default_alpine
- name: "(CentOS) Install Specific Version"
@@ -15,7 +15,7 @@ jobs:
- name: "(Debian/Ubuntu) Install Modules"
env:
scenario: module
- - name: "(Alpine) Install Modules"
+ - name: "(Alpine Linux) Install Modules"
env:
scenario: module_alpine
- name: "(CentOS) Install Modules"
@@ -24,7 +24,7 @@ jobs:
- name: "(Debian/Ubuntu) Install Stable Branch and Push Configuration"
env:
scenario: stable_push
- - name: "(Alpine) Install Stable Branch and Push Configuration"
+ - name: "(Alpine Linux) Install Stable Branch and Push Configuration"
env:
scenario: stable_push_alpine
- name: "(CentOS) Install Stable Branch and Push Configuration"
@@ -33,7 +33,7 @@ jobs:
- name: "(Debian/Ubuntu) Use Template Setting"
env:
scenario: template
- - name: "(Alpine) Use Template Setting"
+ - name: "(Alpine Linux) Use Template Setting"
env:
scenario: template_alpine
- name: "(CentOS) Use Template Setting"
@@ -42,7 +42,7 @@ jobs:
- name: "(Debian/Ubuntu) Install NGINX Unit"
env:
scenario: unit
- - name: "(Alpine) Install NGINX Unit"
+ - name: "(Alpine Linux) Install NGINX Unit"
env:
scenario: unit_alpine
- name: "(CentOS) Install NGINX Unit"
@@ -51,7 +51,7 @@ jobs:
- name: "(Debian/Ubuntu) Install from Source"
env:
scenario: source
- - name: "(Alpine) Install from Source"
+ - name: "(Alpine Linux) Install from Source"
env:
scenario: source_alpine
- name: "(CentOS) Install from Source"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f89f5d7..68f5801 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,21 +4,32 @@
BREAKING CHANGES:
-* The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/master/vars/main.yml).
+* The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml).
* Modules can no longer be added to your NGINX config using this role. Please use the [`nginx_config`](https://github.com/nginxinc/ansible-role-nginx-config) role instead.
+* Changed `nginx_configure` default value from `true` to `false` to further promote the adoption of the [NGINX config](https://github.com/nginxinc/ansible-role-nginx-config) role.
FEATURES:
-* Add Alpine 3.12 to the list of supported platforms
-* Remove Alpine 3.8 from the list of supported platforms
+* Two new variables have been introduced:
+ * `nginx_setup_license` -- Determine whether you want to use this role to upload your NGINX license to your target host.
+ * `nginx_debug_tasks` -- Print task related information to give you a better insight into the current progress of the role.
+* The role will now fail automatically if you try to deploy NGINX from an official repository in an unsupported distribution. You can find a list of supported distributions for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml)
+* Three new tags have been introduced -- `nginx_setup_license`, `nginx_install` and `nginx_check_support`.
+* Add Alpine 3.12 to the list of supported platforms.
+* Remove Alpine 3.8 from the list of supported platforms.
ENHANCEMENTS:
+* Major backend refactoring to reduce the number of files and tasks.
+* You can now specify an `nginx_repository` for NGINX Plus too.
+* Moved "constant" variables to `vars/main.yml`.
+* Included deprecation warnings in task names and files.
+* Improved tasks naming conventions.
* Update Ansible to `2.9.13` and Ansible Lint to `4.3.4`.
BUG FIXES:
-* NGINX Plus repository data for RedHat based distros is now appropriately set.
+* NGINX Plus repository data for RHEL based distros is now appropriately set.
## 0.16.0 (August 28, 2020)
@@ -47,7 +58,7 @@ DEPRECATION WARNING:
With the advent of Ansible collections and to reduce the overhead of this role, the decision has been made to split this role into three smaller roles:
* The NGINX Ansible role will keep working as is and be used to install and setup NGINX.
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release.
-* NGINX Unit has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
+* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
BREAKING CHANGES:
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 2315310..c3f7cb1 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -14,25 +14,26 @@ The following is a set of guidelines for contributing to the NGINX Ansible role.
* [Git Guidelines](#git-guidelines)
* [Ansible Guidelines](#ansible-guidelines)
-[Code of Conduct](https://github.com/nginxinc/ansible-role-nginx/blob/master/CODE_OF_CONDUCT.md)
+[Code of Conduct](https://github.com/nginxinc/ansible-role-nginx/blob/main/CODE_OF_CONDUCT.md)
## Ask a Question
-Don't know how something works? Curious if the role can achieve your desired functionality. Please open an Issue on GitHub with the label `question`.
+Don't know how something works? Curious if the role can achieve your desired functionality? Please open an Issue on GitHub with the label `question`.
## Getting Started
-Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx/blob/master/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Ansible role.
+Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx/blob/main/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Ansible role.
### Project Structure
* The NGINX Ansible role is written in `yaml` and supports NGINX Open Source, NGINX Plus, NGINX Amplify, and NGINX Unit.
-* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html)
- * The main code is found in `tasks/`
- * The main variables can be found in `defaults/main/*.yml`
- * Configuration templates for NGINX can be found in `templates/`
+* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html):
+ * The main code is found in `tasks/`.
+ * Variables can be found in `defaults/main/*.yml`.
+ * "Constant" variables can be found in `vars/main.yml`.
+ * Configuration templates for NGINX can be found in `templates/`.
* [Molecule](https://molecule.readthedocs.io/) tests can be found in `molecule/`.
- * CI/CD is done via Travis using `.travis.yml` deployment yaml files
+ * CI/CD is done via Travis using `.travis.yml` deployment `yaml` files.
## Contributing
@@ -46,8 +47,8 @@ To suggest an enhancement, please create an issue on GitHub with the label `enha
### Open a Pull Request
-* Fork the repo, create a branch, submit a PR when your changes are **tested** (ideally using Molecule) and ready for review
-* Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx/blob/master/.github/PULL_REQUEST_TEMPLATE.md)
+* Fork the repo, create a branch, submit a PR when your changes are **tested** (ideally using Molecule) and ready for review.
+* Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx/blob/main/.github/PULL_REQUEST_TEMPLATE.md).
Note: if you’d like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature.
@@ -63,10 +64,10 @@ Note: if you’d like to implement a new feature, please consider creating a fea
### Git Guidelines
-* Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR
-* Follow the guidelines of writing a good commit message as described here and summarised in the next few points
- * In the subject line, use the present tense ("Add feature" not "Added feature")
- * In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...")
- * Limit the subject line to 72 characters or less
- * Reference issues and pull requests liberally after the subject line
- * Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`)
+* Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR.
+* Follow the guidelines of writing a good commit message as described here and summarised in the next few points:
+ * In the subject line, use the present tense ("Add feature" not "Added feature").
+ * In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...").
+ * Limit the subject line to 72 characters or less.
+ * Reference issues and pull requests liberally after the subject line.
+ * Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`).
diff --git a/README.md b/README.md
index 70da1a4..efa1fbb 100644
--- a/README.md
+++ b/README.md
@@ -10,8 +10,10 @@ This role installs NGINX Open Source, NGINX Plus, the NGINX Amplify agent, or NG
**Deprecation Warnings:**
-* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX configuration functionalities included in this role will be removed in an upcoming release.
-* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX Unit functionalities included in this role will be removed in an upcoming release.
+With the advent of Ansible collections and to reduce the overhead of this role, the decision has been made to split this role into three smaller roles:
+* The NGINX Ansible role will keep working as is and be used to install and setup NGINX.
+* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release.
+* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
Requirements
------------
@@ -42,7 +44,7 @@ Use `git clone https://github.com/nginxinc/ansible-role-nginx.git` to pull the l
Platforms
---------
-The NGINX Ansible role supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html#mainline), [NGINX Plus](https://www.nginx.com/products/technical-specs/), the [NGINX Amplify agent](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-faq.md#21-what-operating-systems-are-supported), and [NGINX Unit](https://unit.nginx.org/installation/#official-packages):
+The NGINX Ansible role supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html), [NGINX Plus](https://docs.nginx.com/nginx/technical-specs/), the [NGINX Amplify agent](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-faq.md#21-what-operating-systems-are-supported), and [NGINX Unit](https://unit.nginx.org/installation/#official-packages) (you can also use this role to compile NGINX Open Source from source or install it on BSD systems at your own risk):
**NGINX Open Source**
@@ -54,15 +56,12 @@ Alpine:
- 3.12
CentOS:
- 6
- - 7
+ - 7.4+
- 8
Debian:
- stretch
- buster
-FreeBSD:
- - 11.2+
- - 12
-RedHat:
+Red Hat:
- 6
- 7.4+
- 8
@@ -72,6 +71,7 @@ SUSE/SLES:
Ubuntu:
- xenial
- bionic
+ - eoan
- focal
```
@@ -82,7 +82,6 @@ Alpine:
- 3.9
- 3.10
- 3.11
- - 3.12
Amazon Linux:
- 2018.03
Amazon Linux 2:
@@ -100,7 +99,7 @@ FreeBSD:
Oracle Linux:
- 6.5+
- 7.4+
-RedHat:
+Red Hat:
- 6.5+
- 7.4+
- 8
@@ -110,6 +109,7 @@ SUSE/SLES:
Ubuntu:
- xenial
- bionic
+ - eoan
- focal
```
@@ -124,7 +124,7 @@ CentOS:
Debian:
- jessie
- stretch
-RedHat:
+Red Hat:
- 6
- 7
Ubuntu:
@@ -147,7 +147,7 @@ CentOS:
Debian:
- stretch
- buster
-RedHat:
+Red Hat:
- 6
- 7
- 8
@@ -160,7 +160,7 @@ Ubuntu:
Role Variables
--------------
-This role has multiple variables. The descriptions and defaults for all these variables can be found in the **`defaults/main`** directory in the following files:
+This role has multiple variables. The descriptions and defaults for all these variables can be found in the **`defaults/main/`** directory in the following files:
- **[defaults/main/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/main.yml):** NGINX installation variables
- **[defaults/main/amplify.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/amplify.yml):** NGINX Amplify agent installation variables
@@ -170,14 +170,14 @@ This role has multiple variables. The descriptions and defaults for all these va
- **[defaults/main/bsd.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/bsd.yml):** BSD installation variables
- **[defaults/main/unit.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/unit.yml):** NGINX Unit installation variables
-Similarly, descriptions and defaults for preset variables can be found in the **`vars`** directory:
+Similarly, descriptions and defaults for preset variables can be found in the **`vars/`** directory in the following files:
-- **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml):** NGINX supported modules
+- **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml):** List of supported NGINX platforms and modules
Example Playbooks
-----------------
-Working functional playbook examples can be found in the **`molecule/common`** directory in the following files:
+Working functional playbook examples can be found in the **`molecule/common/`** directory in the following files:
- **[molecule/common/playbooks/default_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/default_converge.yml):** Install a specific version of NGINX and set up logrotate
- **[molecule/common/playbooks/module_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/module_converge.yml):** Install various NGINX supported modules
diff --git a/defaults/main/bsd.yml b/defaults/main/bsd.yml
index 0fa68c9..be7c5fb 100644
--- a/defaults/main/bsd.yml
+++ b/defaults/main/bsd.yml
@@ -1,11 +1,4 @@
---
-# Supported distributions
-nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD']
-
-# Supported distributions NGINX Plus
-# https://docs.nginx.com/nginx/technical-specs/
-nginx_plus_bsd_systems: ['FreeBSD']
-
# Choose to install BSD packages or ports.
# Options are true for packages or false for ports.
# Default is true.
@@ -21,6 +14,3 @@ nginx_bsd_update_ports: true
# Options are true for use packages or false for do not use packages.
# Default is true.
nginx_bsd_portinstall_use_packages: true
-
-# FreeBSD extra packages
-nginx_freebsd_extra_packages: ['security/ca_root_nss']
diff --git a/defaults/main/linux.yml b/defaults/main/linux.yml
deleted file mode 100644
index 53f7f29..0000000
--- a/defaults/main/linux.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-# Supported distributions
-nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
-
-# Supported distributions NGINX Plus
-# https://docs.nginx.com/nginx/technical-specs/
-# RedHat={Amazon,CentOS,OracleLinux,RHEL} Debian={Ubuntu,Debian}
-nginx_plus_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
-
-# Default locations and versions when 'nginx_install_from; is set to 'source'
-pcre_version: pcre-8.44
-zlib_version: zlib-1.2.11
-openssl_version: openssl-1.1.1g
diff --git a/defaults/main/main.yml b/defaults/main/main.yml
index 493a1f0..c4dae20 100644
--- a/defaults/main/main.yml
+++ b/defaults/main/main.yml
@@ -8,15 +8,18 @@ nginx_enable: true
# Default is true.
nginx_install: true
+## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
# Enable NGINX configuration options.
# Variables for these options can be found in `./template.yml` and `./upload.yml`.
-# Default is true.
-nginx_configure: true
+# Default is false.
+nginx_configure: false
# Start NGINX service.
# Default is true.
nginx_start: true
+# Print NGINX task information to terminal during playbook execution.
+nginx_debug_tasks: false
# Print NGINX configuration file to terminal after executing playbook.
nginx_debug_output: false
@@ -28,7 +31,7 @@ nginx_type: opensource
# Specify which version of NGINX you want to install.
# Default is empty.
# nginx_version: "=19-1~bionic"
-# For Plus and modules you'll need a wilcard like below (which installs plus-20 and modules)
+# For NGINX Plus and modules you'll need a wilcard like below (which installs plus-20 and modules)
# nginx_version: "-20*"
# Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX.
@@ -60,10 +63,10 @@ nginx_install_source_zlib: false
# Default is the official NGINX signing key host.
# nginx_signing_key: http://nginx.org/keys/nginx_signing.key
-# Specify source repository for NGINX Open Source.
-# Only works if 'install_from' is set to 'nginx_repository'.
+# Specify repository for NGINX Open Source or NGINX Plus.
+# Only works if 'install_from' is set to 'nginx_repository' when installing NGINX Open Source.
# Defaults are the official NGINX repositories.
-# nginx_repository: deb https://nginx.org/packages/mainline/debian/ stretch nginx
+# nginx_repository: deb [arch=amd64] https://nginx.org/packages/mainline/debian/ buster nginx
# Specify which branch of NGINX Open Source you want to install.
# Options are 'mainline' or 'stable'.
@@ -77,9 +80,13 @@ nginx_license:
certificate: license/nginx-repo.crt
key: license/nginx-repo.key
+# Set up NGINX Plus license before installation.
+# Default is true.
+nginx_setup_license: true
+
# Remove NGINX Plus license and repository after installation for security purposes.
# Default is false.
-nginx_delete_license: false
+nginx_remove_license: false
# Install NGINX Modules.
# You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked).
@@ -104,6 +111,7 @@ nginx_modules: []
# - waf # NGINX Plus
# - xslt
+## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
# Remove previously existing NGINX configuration files.
# You can specify a list of paths you wish to remove.
# You can also choose whether to recurse through the paths specified.
@@ -116,18 +124,3 @@ nginx_cleanup_config_paths:
recurse: false
# nginx_cleanup_config_files:
# - /etc/nginx/conf.d/default.conf
-
-# Set SELinux enforcing for NGINX (Centos/Redhat only) - you may need to open ports on your own
-nginx_selinux: false
-# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
-nginx_selinux_enforcing: true
-# List of TCP ports to add to http_port_t type (80 and 443 have this type already)
-# nginx_selinux_tcp_ports:
-# - 80
-# - 443
-# List of UDP ports to add to http_port_t type
-# nginx_selinux_udp_ports:
-# - 80
-# - 443
-# Temporary directory to hold selinux modules
-nginx_tempdir: /tmp
diff --git a/defaults/main/selinux.yml b/defaults/main/selinux.yml
new file mode 100644
index 0000000..5c6afb5
--- /dev/null
+++ b/defaults/main/selinux.yml
@@ -0,0 +1,15 @@
+---
+# Set SELinux enforcing for NGINX (CentOS/Red Hat only) - you may need to open ports on your own
+nginx_selinux: false
+# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
+nginx_selinux_enforcing: true
+# List of TCP ports to add to http_port_t type (80 and 443 have this type already)
+# nginx_selinux_tcp_ports:
+# - 80
+# - 443
+# List of UDP ports to add to http_port_t type
+# nginx_selinux_udp_ports:
+# - 80
+# - 443
+# Temporary directory to hold selinux modules
+nginx_selinux_tempdir: /tmp
diff --git a/defaults/main/template.yml b/defaults/main/template.yml
index 80125d1..5df7892 100644
--- a/defaults/main/template.yml
+++ b/defaults/main/template.yml
@@ -1,3 +1,4 @@
+## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
# Enable creating dynamic templated NGINX HTML demo websites.
nginx_html_demo_template_enable: false
diff --git a/defaults/main/unit.yml b/defaults/main/unit.yml
index 6d7e992..0506b72 100644
--- a/defaults/main/unit.yml
+++ b/defaults/main/unit.yml
@@ -1,3 +1,4 @@
+## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
---
# Install NGINX Unit and NGINX Unit modules.
# Use a list of supported NGINX Unit modules.
diff --git a/defaults/main/upload.yml b/defaults/main/upload.yml
index d6aca77..f19f332 100644
--- a/defaults/main/upload.yml
+++ b/defaults/main/upload.yml
@@ -1,3 +1,4 @@
+## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
# Enable uploading NGINX configuration files to your system.
# Default for uploading files is false.
diff --git a/handlers/main.yml b/handlers/main.yml
index 7acb8a7..3ae7f56 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,30 +1,30 @@
---
-- name: "(Handler: All OSs) Check NGINX"
+- name: "(Handler) Check NGINX"
command: "nginx -t"
changed_when: false
-- name: "(Handler: All OSs) Systemd Daemon-Reload"
+- name: "(Handler) Systemd Daemon-Reload"
systemd:
daemon_reload: yes
- notify: "(Handler: All OSs) Start NGINX"
+ notify: "(Handler) Start NGINX"
-- name: "(Handler: All OSs) Run NGINX"
+- name: "(Handler) Run NGINX"
block:
- - name: "(Handler: All OSs) Start NGINX"
+ - name: "(Handler) Start NGINX"
service:
name: nginx
state: started
enabled: yes
- notify: "(Handler: All OSs) Check NGINX"
+ notify: "(Handler) Check NGINX"
- - name: "(Handler: All OSs) Reload NGINX"
+ - name: "(Handler) Reload NGINX"
command: "nginx -s reload"
changed_when: false
when:
- nginx_start | bool
- not ansible_check_mode | bool
-- name: "(Handler: All OSs) Start NGINX Amplify Agent"
+- name: "(Handler) Start NGINX Amplify agent"
service:
name: amplify-agent
state: started
@@ -41,5 +41,5 @@
state: started
enabled: yes
-- name: "(Config: All OSs) Run Logrotate"
+- name: "(Handler) Run logrotate"
command: logrotate -f /etc/logrotate.d/nginx
diff --git a/molecule/common/Dockerfile.j2 b/molecule/common/Dockerfile.j2
index 0f4a8a7..d5a90a7 100644
--- a/molecule/common/Dockerfile.j2
+++ b/molecule/common/Dockerfile.j2
@@ -17,27 +17,27 @@ ENV {{ var }} {{ value }}
RUN \
if [ $(command -v apt-get) ]; then \
apt-get update \
- && DEBIAN_FRONTEND=noninteractive apt-get install -y python3 sudo bash ca-certificates iproute2 python3-apt aptitude systemd systemd-sysv procps curl \
+ && DEBIAN_FRONTEND=noninteractive apt-get install -y aptitude bash ca-certificates curl iproute2 python-apt python3 python3-apt procps sudo systemd systemd-sysv vim \
&& apt-get clean; \
elif [ $(command -v dnf) ]; then \
dnf makecache \
- && dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 bash iproute \
+ && dnf --assumeyes install bash iproute /usr/bin/dnf-3 /usr/bin/python3 /usr/bin/python3-config vim \
&& dnf clean all; \
elif [ $(command -v yum) ]; then \
yum makecache fast \
- && yum install -y /usr/bin/python /usr/bin/python2-config sudo yum-plugin-ovl bash iproute \
+ && yum install -y bash iproute /usr/bin/python /usr/bin/python2-config sudo vim yum-plugin-ovl \
&& sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \
&& yum clean all; \
elif [ $(command -v zypper) ]; then \
zypper refresh \
- && zypper install -y python3 sudo bash iproute2 \
+ && zypper install -y bash iproute2 python3 sudo vim \
&& zypper clean -a; \
elif [ $(command -v apk) ]; then \
apk update \
- && apk add --no-cache python3 sudo bash ca-certificates curl openrc; \
+ && apk add --no-cache bash ca-certificates curl openrc python3 sudo vim; \
echo 'rc_provide="loopback net"' >> /etc/rc.conf; \
elif [ $(command -v xbps-install) ]; then \
xbps-install -Syu \
- && xbps-install -y python3 sudo bash ca-certificates iproute2 \
+ && xbps-install -y bash ca-certificates iproute2 python3 sudo vim \
&& xbps-remove -O; \
fi
diff --git a/molecule/common/playbooks/default_converge.yml b/molecule/common/playbooks/default_converge.yml
index 2e4d8aa..50c53ef 100644
--- a/molecule/common/playbooks/default_converge.yml
+++ b/molecule/common/playbooks/default_converge.yml
@@ -5,22 +5,22 @@
- name: Set repo if Alpine
set_fact:
version: "=1.19.1-r1"
- when: ansible_os_family == "Alpine"
+ when: ansible_facts['os_family'] == "Alpine"
- name: Set repo if Debian
set_fact:
- version: "=1.19.1-1~{{ ansible_distribution_release }}"
- when: ansible_os_family == "Debian"
- - name: Set repo if RedHat
+ version: "=1.19.1-1~{{ ansible_facts['distribution_release'] }}"
+ when: ansible_facts['os_family'] == "Debian"
+ - name: Set repo if Red Hat
set_fact:
- version: "-1.19.1-1.el{{ ansible_distribution_major_version }}.ngx"
- when: ansible_os_family == "RedHat"
+ version: "-1.19.1-1.el{{ ansible_facts['distribution_major_version'] }}.ngx"
+ when: ansible_facts['os_family'] == "RedHat"
- name: Enable NGINX @CentOS-AppStream dnf modules
shell:
args:
cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa 204 303
register: dnf_module_enable
changed_when: dnf_module_enable.stdout != 'ENABLED'
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8"
+ when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')
tasks:
- name: Install NGINX
include_role:
diff --git a/molecule/common/playbooks/module_converge.yml b/molecule/common/playbooks/module_converge.yml
index 904979a..c04775e 100644
--- a/molecule/common/playbooks/module_converge.yml
+++ b/molecule/common/playbooks/module_converge.yml
@@ -15,6 +15,7 @@
- 80
- 443
+ nginx_configure: true
nginx_cleanup_config: true
nginx_cleanup_config_paths:
- directory:
diff --git a/molecule/common/playbooks/template_converge.yml b/molecule/common/playbooks/template_converge.yml
index b2467f1..06763e9 100644
--- a/molecule/common/playbooks/template_converge.yml
+++ b/molecule/common/playbooks/template_converge.yml
@@ -8,6 +8,7 @@
vars:
nginx_debug_output: true
+ nginx_configure: true
nginx_main_template_enable: true
nginx_main_template:
template_file: nginx.conf.j2
diff --git a/molecule/common/playbooks/unit_converge.yml b/molecule/common/playbooks/unit_converge.yml
index 46715d4..60a9673 100644
--- a/molecule/common/playbooks/unit_converge.yml
+++ b/molecule/common/playbooks/unit_converge.yml
@@ -8,20 +8,20 @@
- unit-perl
- unit-php7
- unit-python3
- when: ansible_os_family == "Alpine"
- - name: Set module if Debian/RedHat
+ when: ansible_facts['os_family'] == "Alpine"
+ - name: Set module if Debian
set_fact:
module:
- unit-perl
- unit-php
- unit-ruby
- when: ansible_os_family == "Debian"
- - name: Set module if RedHat
+ when: ansible_facts['os_family'] == "Debian"
+ - name: Set module if Red Hat
set_fact:
module:
- unit-php
- unit-go
- when: ansible_os_family == "RedHat"
+ when: ansible_facts['os_family'] == "RedHat"
tasks:
- name: Install NGINX Unit
include_role:
diff --git a/molecule/plus_alpine/molecule.yml b/molecule/plus_alpine/molecule.yml
index 08b8e83..9f5622f 100644
--- a/molecule/plus_alpine/molecule.yml
+++ b/molecule/plus_alpine/molecule.yml
@@ -6,13 +6,6 @@ lint: |
yamllint .
ansible-lint --force-color
platforms:
- - name: alpine-3.8
- image: alpine:3.8
- dockerfile: ../common/Dockerfile.j2
- privileged: true
- volumes:
- - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
- command: "/sbin/init"
- name: alpine-3.9
image: alpine:3.9
dockerfile: ../common/Dockerfile.j2
diff --git a/tasks/amplify/install-amplify.yml b/tasks/amplify/install-amplify.yml
index a33fdcb..e442a28 100644
--- a/tasks/amplify/install-amplify.yml
+++ b/tasks/amplify/install-amplify.yml
@@ -1,24 +1,24 @@
---
-- name: "(Setup: All OSs) Configure NGINX Amplify Agent Repository"
- include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_os_family | lower }}.yml"
- when: ansible_os_family == "Debian"
- or ansible_os_family == "Redhat"
+- name: "Configure NGINX Amplify agent repository"
+ include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_facts['os_family'] | lower }}.yml"
+ when: ansible_facts['os_family'] == "Debian"
+ or ansible_facts['os_family'] == "Redhat"
-- name: "(Install: All OSs) Install NGINX Amplify Agent"
+- name: "Install NGINX Amplify agent"
package:
name: nginx-amplify-agent
state: present
-- name: "(Setup: All OSs) Copy NGINX Configurator Agent Configuration Template"
+- name: "Copy NGINX configurator agent configuration template"
copy:
remote_src: yes
src: /etc/amplify-agent/agent.conf.default
dest: /etc/amplify-agent/agent.conf
mode: 0644
-- name: "(Setup: All OSs) Configure NGINX Amplify Agent API Key"
+- name: "Configure NGINX Amplify agent API key"
lineinfile:
dest: /etc/amplify-agent/agent.conf
regexp: api_key =.*
line: "api_key = {{ nginx_amplify_api_key }}"
- notify: "(Handler: All OSs) Start NGINX Amplify Agent"
+ notify: "(Handler) Start NGINX Amplify agent"
diff --git a/tasks/amplify/setup-debian.yml b/tasks/amplify/setup-debian.yml
index abe6923..78b68c6 100644
--- a/tasks/amplify/setup-debian.yml
+++ b/tasks/amplify/setup-debian.yml
@@ -1,16 +1,18 @@
---
-- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository"
+- name: "(Debian/Ubuntu) Add NGINX Amplify agent repository"
apt_repository:
filename: nginx-amplify
- repo: deb [arch=amd64] http://packages.amplify.nginx.com/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} amplify-agent
+ repo: >-
+ deb [arch=amd64] https://packages.amplify.nginx.com/
+ {{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] | lower }} amplify-agent
update_cache: yes
mode: 0644
- when: ansible_distribution_release != "focal"
+ when: ansible_facts['distribution_release'] != "focal"
-- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository"
+- name: "(Ubuntu 20.04) Add NGINX Amplify agent repository"
apt_repository:
filename: nginx-amplify
repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent
update_cache: yes
mode: 0644
- when: ansible_distribution_release == "focal"
+ when: ansible_facts['distribution_release'] == "focal"
diff --git a/tasks/amplify/setup-redhat.yml b/tasks/amplify/setup-redhat.yml
index bea8a20..3659375 100644
--- a/tasks/amplify/setup-redhat.yml
+++ b/tasks/amplify/setup-redhat.yml
@@ -1,8 +1,8 @@
---
-- name: "(Install: CentOS/RedHat/Amazon Linux) Add NGINX Amplify Agent Repository"
+- name: "(Amazon Linux/CentOS/RHEL) Add NGINX Amplify agent repository"
yum_repository:
name: nginx-amplify
- baseurl: http://packages.amplify.nginx.com/{{ (ansible_distribution == "Amazon") | ternary('amzn/', 'centos/') }}/$releasever/$basearch/
+ baseurl: http://packages.amplify.nginx.com/{{ (ansible_facts['distribution'] == "Amazon") | ternary('amzn/', 'centos/') }}/$releasever/$basearch/
description: NGINX Amplify Agent
enabled: yes
gpgcheck: yes
diff --git a/tasks/conf/debug-output.yml b/tasks/conf/debug-output.yml
deleted file mode 100644
index 6ad7ba1..0000000
--- a/tasks/conf/debug-output.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-- name: "(Setup: All OSs) Register NGINX configuration"
- command: nginx -T
- changed_when: false
- register: nginx_configuration
-
-- name: "(Setup: All OSs) Print NGINX configuration"
- debug:
- var: nginx_configuration.stdout_lines
diff --git a/tasks/conf/logrotate.yml b/tasks/conf/logrotate.yml
deleted file mode 100644
index 990d4c9..0000000
--- a/tasks/conf/logrotate.yml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-- name: "(Config: Alpine) Install Logrotate"
- apk:
- name: logrotate
- when: ansible_os_family == "Alpine"
-
-- name: "(Config: Ubuntu/Debian) Install Logrotate"
- apt:
- name: logrotate
- state: present
- when: ansible_os_family == "Debian"
-
-- name: "(Config: CentOS/RedHat) Install Logrotate"
- yum:
- name: logrotate
- state: present
- when: ansible_os_family == "RedHat"
-
-- name: "(Config: SUSE) Add Logrotate Repo"
- zypper_repository:
- repo: https://download.opensuse.org/repositories/openSUSE:Leap:42.1/standard/openSUSE:Leap:42.1.repo
- when: ansible_os_family == "Suse"
-
-- name: "(Config: SUSE) Install Logrotate"
- zypper:
- name: logrotate
- state: present
- when: ansible_os_family == "Suse"
-
-- name: "(Config: All OSs) Create Logrotate Config"
- template:
- src: "logrotate/nginx.j2"
- dest: "/etc/logrotate.d/nginx"
- mode: 0644
- notify: "(Config: All OSs) Run Logrotate"
diff --git a/tasks/conf/cleanup-config.yml b/tasks/config/cleanup-config.yml
similarity index 54%
rename from tasks/conf/cleanup-config.yml
rename to tasks/config/cleanup-config.yml
index ef9ee9e..3724d88 100644
--- a/tasks/conf/cleanup-config.yml
+++ b/tasks/config/cleanup-config.yml
@@ -1,5 +1,10 @@
+## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
-- name: "(Setup: All OSs) Find NGINX Configuration Files"
+- name: "Deprecation warning"
+ debug:
+ msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)"
+
+- name: "(DEPRECATED) Find NGINX Configuration Files"
find:
paths: "{{ item.directory }}"
patterns: "*.conf"
@@ -8,7 +13,7 @@
when: nginx_cleanup_config_paths is defined
register: nginx_config_files
-- name: "(Setup: All OSs) Remove NGINX Configuration Files"
+- name: "(DEPRECATED) Remove NGINX Configuration Files"
file:
path: "{{ item }}"
state: absent
diff --git a/tasks/config/debug-output.yml b/tasks/config/debug-output.yml
new file mode 100644
index 0000000..b05bcab
--- /dev/null
+++ b/tasks/config/debug-output.yml
@@ -0,0 +1,14 @@
+---
+- name: "Print NGINX config"
+ debug:
+ msg: "Printing NGINX config"
+ when: nginx_debug_tasks | bool
+
+- name: "Register NGINX configuration"
+ command: nginx -T
+ changed_when: false
+ register: config
+
+- name: "Print NGINX config"
+ debug:
+ var: config.stdout_lines
diff --git a/tasks/prerequisites/setup-systemd.yml b/tasks/config/modify-systemd.yml
similarity index 57%
rename from tasks/prerequisites/setup-systemd.yml
rename to tasks/config/modify-systemd.yml
index 43d9a86..10742e5 100644
--- a/tasks/prerequisites/setup-systemd.yml
+++ b/tasks/config/modify-systemd.yml
@@ -1,11 +1,16 @@
---
-- name: "(Setup: Linux) Create Override Directory For NGINX Systemd Service"
+- name: "Modify systemd"
+ debug:
+ msg: "Modifying systemd"
+ when: nginx_debug_tasks | bool
+
+- name: "Create override directory for NGINX systemd service"
file:
path: "{{ nginx_service_overridepath }}"
state: directory
mode: 0755
-- name: "(Setup: Linux) Create Override For NGINX Systemd Service"
+- name: "Create override for NGINX systemd service"
template:
src: "{{ role_path }}/templates/services/nginx.service.override.conf.j2"
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
@@ -15,9 +20,9 @@
when:
- not nginx_service_custom | bool
- not nginx_service_clean | bool
- notify: "(Handler: All OSs) Systemd Daemon-Reload"
+ notify: "(Handler) Systemd Daemon-Reload"
-- name: "(Setup: Linux) Customize Override For NGINX Systemd Service"
+- name: "Customize override for NGINX systemd service"
copy:
src: "{{ nginx_service_custom_file }}"
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
@@ -27,11 +32,16 @@
when:
- nginx_service_custom | bool
- not nginx_service_clean | bool
- notify: "(Handler: All OSs) Systemd Daemon-Reload"
+ notify: "(Handler) Systemd Daemon-Reload"
-- name: "(Setup: Linux) Remove Override For NGINX Systemd Service"
+- name: "Remove override for NGINX systemd service"
file:
path: "{{ nginx_service_overridepath }}"
state: absent
when: nginx_service_clean | bool
- notify: "(Handler: All OSs) Systemd Daemon-Reload"
+ notify: "(Handler) Systemd Daemon-Reload"
+
+- name: "Modify systemd"
+ debug:
+ msg: "Done modifying systemd"
+ when: nginx_debug_tasks | bool
diff --git a/tasks/config/setup-logrotate.yml b/tasks/config/setup-logrotate.yml
new file mode 100644
index 0000000..966edb7
--- /dev/null
+++ b/tasks/config/setup-logrotate.yml
@@ -0,0 +1,46 @@
+---
+- name: "Set up logrotate"
+ debug:
+ msg: "Setting up logrotate"
+ when: nginx_debug_tasks | bool
+
+- name: "(Alpine Linux OSs) Install logrotate"
+ apk:
+ name: logrotate
+ when: ansible_facts['os_family'] == "Alpine"
+
+- name: "(Debian OSs) Install logrotate"
+ apt:
+ name: logrotate
+ state: present
+ when: ansible_facts['os_family'] == "Debian"
+
+- name: "(Red Hat OSs) Install logrotate"
+ yum:
+ name: logrotate
+ state: present
+ when: ansible_facts['os_family'] == "RedHat"
+
+- name: "(SLES OSs) Set up logrotate"
+ block:
+ - name: "(SLES OSs) Configure logrotate repository"
+ zypper_repository:
+ repo: https://download.opensuse.org/repositories/openSUSE:Leap:42.1/standard/openSUSE:Leap:42.1.repo
+
+ - name: "(SLES OSs) Install Logrotate"
+ zypper:
+ name: logrotate
+ state: present
+ when: ansible_facts['os_family'] == "Suse"
+
+- name: "Create logrotate config"
+ template:
+ src: "logrotate/nginx.j2"
+ dest: "/etc/logrotate.d/nginx"
+ mode: 0644
+ notify: "(Handler) Run logrotate"
+
+- name: "Set up logrotate"
+ debug:
+ msg: "Done setting up logrotate"
+ when: nginx_debug_tasks | bool
diff --git a/tasks/conf/template-config.yml b/tasks/config/template-config.yml
similarity index 70%
rename from tasks/conf/template-config.yml
rename to tasks/config/template-config.yml
index d1c7a65..043d153 100644
--- a/tasks/conf/template-config.yml
+++ b/tasks/config/template-config.yml
@@ -1,5 +1,10 @@
+## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
-- name: "(Setup: All NGINX) Ensure HTML Directory Exists"
+- name: "Deprecation warning"
+ debug:
+ msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)"
+
+- name: "(DEPRECATED) Ensure HTML Directory Exists"
file:
path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}"
state: directory
@@ -7,7 +12,7 @@
with_dict: "{{ nginx_html_demo_template }}"
when: nginx_html_demo_template_enable | bool
-- name: "(Setup: All NGINX) Dynamically Generate HTML Files"
+- name: "(DEPRECATED) Dynamically Generate HTML Files"
template:
src: "{{ item.value.template_file | default('www/index.html.j2') }}"
dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}"
@@ -16,23 +21,23 @@
with_dict: "{{ nginx_html_demo_template }}"
when: nginx_html_demo_template_enable | bool
-- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
+- name: "(DEPRECATED) Ensure NGINX Main Directory Exists"
file:
path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}"
state: directory
mode: 0755
when: nginx_main_template_enable | bool
-- name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File"
+- name: "(DEPRECATED) Dynamically Generate NGINX Main Configuration File"
template:
src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}"
dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}"
backup: yes
mode: 0644
when: nginx_main_template_enable | bool
- notify: "(Handler: All OSs) Reload NGINX"
+ notify: "(Handler) Reload NGINX"
-- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists"
+- name: "(DEPRECATED) Ensure NGINX HTTP Directory Exists"
file:
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}"
state: directory
@@ -40,7 +45,7 @@
with_dict: "{{ nginx_http_template }}"
when: nginx_http_template_enable | bool
-- name: "(Setup: All NGINX) Ensure NGINX Proxy Cache Directories Exist"
+- name: "(DEPRECATED) Ensure NGINX Proxy Cache Directories Exist"
file:
path: "{{ item.1.path }}"
state: directory
@@ -49,10 +54,10 @@
with_subelements:
- "{{ nginx_http_template }}"
- proxy_cache.proxy_cache_path
- - skip_missing: true
+ - skip_missing: yes
when: nginx_http_template_enable | bool
-- name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files"
+- name: "(DEPRECATED) Dynamically Generate NGINX HTTP Configuration Files"
template:
src: "{{ item.value.template_file | default('http/default.conf.j2') }}"
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
@@ -60,27 +65,27 @@
mode: 0644
with_dict: "{{ nginx_http_template }}"
when: nginx_http_template_enable | bool
- notify: "(Handler: All OSs) Reload NGINX"
+ notify: "(Handler) Reload NGINX"
-- name: "(Setup: All NGINX) Dynamically Generate NGINX Stub Status Configuration File"
+- name: "(DEPRECATED) Dynamically Generate NGINX Stub Status Configuration File"
template:
src: "{{ nginx_status_template_file | default('http/status.conf.j2') }}"
dest: "{{ nginx_status_file_location | default('/etc/nginx/conf.d/status.conf') }}"
backup: yes
mode: 0644
when: nginx_status_enable | bool
- notify: "(Handler: All OSs) Reload NGINX"
+ notify: "(Handler) Reload NGINX"
-- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File"
+- name: "(DEPRECATED) Dynamically Generate NGINX API Configuration File"
template:
src: "{{ nginx_rest_api_template_file | default('http/api.conf.j2') }}"
dest: "{{ nginx_rest_api_file_location | default('/etc/nginx/conf.d/api.conf') }}"
backup: yes
mode: 0644
when: nginx_rest_api_enable | bool
- notify: "(Handler: All OSs) Reload NGINX"
+ notify: "(Handler) Reload NGINX"
-- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
+- name: "(DEPRECATED) Ensure NGINX Stream Directory Exists"
file:
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}"
state: directory
@@ -88,7 +93,7 @@
with_dict: "{{ nginx_stream_template }}"
when: nginx_stream_template_enable | bool
-- name: "(Setup: All NGINX) Dynamically Generate NGINX Stream Configuration Files"
+- name: "(DEPRECATED) Dynamically Generate NGINX Stream Configuration Files"
template:
src: "{{ item.value.template_file | default('stream/default.conf.j2') }}"
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
@@ -96,4 +101,4 @@
mode: 0644
with_dict: "{{ nginx_stream_template }}"
when: nginx_stream_template_enable | bool
- notify: "(Handler: All OSs) Reload NGINX"
+ notify: "(Handler) Reload NGINX"
diff --git a/tasks/conf/upload-config.yml b/tasks/config/upload-config.yml
similarity index 68%
rename from tasks/conf/upload-config.yml
rename to tasks/config/upload-config.yml
index f3c3782..dd7f393 100644
--- a/tasks/conf/upload-config.yml
+++ b/tasks/config/upload-config.yml
@@ -1,12 +1,17 @@
+## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
-- name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists"
+- name: "Deprecation warning"
+ debug:
+ msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)"
+
+- name: "(DEPRECATED) Ensure NGINX HTML Directory Exists"
file:
path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
state: directory
mode: 0755
when: nginx_html_upload_enable | bool
-- name: "(Setup: All NGINX) Upload NGINX HTML Files"
+- name: "(DEPRECATED) Upload NGINX HTML Files"
copy:
src: "{{ item }}"
dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
@@ -14,32 +19,32 @@
mode: 0644
with_fileglob: "{{ nginx_html_upload_src }}"
when: nginx_html_upload_enable | bool
- notify: "(Handler: All OSs) Reload NGINX"
+ notify: "(Handler) Reload NGINX"
-- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
+- name: "(DEPRECATED) Ensure NGINX Main Directory Exists"
file:
path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
state: directory
mode: 0755
when: nginx_main_upload_enable | bool
-- name: "(Setup: All NGINX) Upload NGINX Main Configuration File"
+- name: "(DEPRECATED) Upload NGINX Main Configuration File"
copy:
src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}"
dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
backup: yes
mode: 0644
when: nginx_main_upload_enable | bool
- notify: "(Handler: All OSs) Reload NGINX"
+ notify: "(Handler) Reload NGINX"
-- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists"
+- name: "(DEPRECATED) Ensure NGINX HTTP Directory Exists"
file:
path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
state: directory
mode: 0755
when: nginx_http_upload_enable | bool
-- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files"
+- name: "(DEPRECATED) Upload NGINX HTTP Configuration Files"
copy:
src: "{{ item }}"
dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
@@ -47,16 +52,16 @@
mode: 0644
with_fileglob: "{{ nginx_http_upload_src }}"
when: nginx_http_upload_enable | bool
- notify: "(Handler: All OSs) Reload NGINX"
+ notify: "(Handler) Reload NGINX"
-- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
+- name: "(DEPRECATED) Ensure NGINX Stream Directory Exists"
file:
path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
state: directory
mode: 0755
when: nginx_stream_upload_enable | bool
-- name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files"
+- name: "(DEPRECATED) Upload NGINX Stream Configuration Files"
copy:
src: "{{ item }}"
dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
@@ -64,23 +69,23 @@
mode: 0644
with_fileglob: "{{ nginx_stream_upload_src }}"
when: nginx_stream_upload_enable | bool
- notify: "(Handler: All OSs) Reload NGINX"
+ notify: "(Handler) Reload NGINX"
-- name: "(Setup: All NGINX) Ensure SSL Certificate Directory Exists"
+- name: "(DEPRECATED) Ensure SSL Certificate Directory Exists"
file:
path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
state: directory
mode: 0755
when: nginx_ssl_upload_enable | bool
-- name: "(Setup: All NGINX) Ensure SSL Key Directory Exists"
+- name: "(DEPRECATED) Ensure SSL Key Directory Exists"
file:
path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
state: directory
mode: 0755
when: nginx_ssl_upload_enable | bool
-- name: "(Setup: All NGINX) Upload NGINX SSL Certificates"
+- name: "(DEPRECATED) Upload NGINX SSL Certificates"
copy:
src: "{{ item }}"
dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
@@ -90,7 +95,7 @@
with_fileglob: "{{ nginx_ssl_crt_upload_src }}"
when: nginx_ssl_upload_enable | bool
-- name: "(Setup: All NGINX) Upload NGINX SSL Keys"
+- name: "(DEPRECATED) Upload NGINX SSL Keys"
copy:
src: "{{ item }}"
dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
diff --git a/tasks/keys/apk-key.yml b/tasks/keys/apk-key.yml
deleted file mode 100644
index b74dc2a..0000000
--- a/tasks/keys/apk-key.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-- name: "(Install: APK OSs) Set Default APK NGINX Signing Key URL"
- set_fact:
- default_keysite: https://nginx.org/keys/nginx_signing.rsa.pub
-
-- name: "(Install: APK OSs) Set APK NGINX Signing Key URL"
- set_fact:
- keysite: "{{ nginx_signing_key | default(default_keysite) }}"
-
-- name: "(Install: APK OSs) Download NGINX Signing Key"
- get_url:
- url: "{{ keysite }}"
- dest: /etc/apk/keys/nginx_signing.rsa.pub
- mode: 0400
diff --git a/tasks/keys/apt-key.yml b/tasks/keys/apt-key.yml
deleted file mode 100644
index ef7f140..0000000
--- a/tasks/keys/apt-key.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-- name: "(Install: APT OSs) Set Default APT NGINX Signing Key URL"
- set_fact:
- default_keysite: https://nginx.org/keys/nginx_signing.key
-
-- name: "(Install: APT OSs) Set APT NGINX Signing Key URL"
- set_fact:
- keysite: "{{ nginx_signing_key | default(default_keysite) }}"
-
-- name: "(Install: APT OSs) Add APT NGINX Signing Key"
- apt_key:
- url: "{{ keysite }}"
diff --git a/tasks/keys/rpm-key.yml b/tasks/keys/rpm-key.yml
deleted file mode 100644
index 0323d56..0000000
--- a/tasks/keys/rpm-key.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-- name: "(Install: RPM OSs) Set Default RPM NGINX Signing Key"
- set_fact:
- default_keysite: >-
- {{ (ansible_distribution_major_version|int == 6)
- | ternary('http://nginx.org/keys/nginx_signing.key', 'https://nginx.org/keys/nginx_signing.key') }}
-
-- name: "(Install: RPM OSs) Set RPM NGINX Signing Key URL"
- set_fact:
- keysite: "{{ nginx_signing_key | default(default_keysite) }}"
-
-- name: "(Install: RPM OSs) Add RPM NGINX Signing Key"
- rpm_key:
- key: "{{ keysite }}"
diff --git a/tasks/keys/setup-keys.yml b/tasks/keys/setup-keys.yml
index 4b4a0f8..82bf8ff 100644
--- a/tasks/keys/setup-keys.yml
+++ b/tasks/keys/setup-keys.yml
@@ -1,16 +1,41 @@
---
-- name: "(Setup: Keys) Alpine"
- include_tasks: "{{ role_path }}/tasks/keys/apk-key.yml"
- when: ansible_os_family == "Alpine"
- tags: nginx_apkkey
+- name: "Set up signing keys"
+ debug:
+ msg: "Setting up signing keys"
+ when: nginx_debug_tasks | bool
-- name: "(Setup: Keys) Debian/Ubuntu"
- include_tasks: "{{ role_path }}/tasks/keys/apt-key.yml"
- when: ansible_os_family == "Debian"
- tags: nginx_aptkey
+- name: "(Alpine Linux) Set up signing key"
+ block:
+ - name: "(Alpine Linux) Set up NGINX signing key URL"
+ set_fact:
+ keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['rsa_pub']) }}"
-- name: "(Setup: Keys) CentOS/RedHat/SUSE"
- include_tasks: "{{ role_path }}/tasks/keys/rpm-key.yml"
- when: ansible_os_family == "RedHat"
- or ansible_os_family == "Suse"
- tags: nginx_rpmkey
+ - name: "(Alpine Linux) Download NGINX signing key"
+ get_url:
+ url: "{{ keysite }}"
+ dest: /etc/apk/keys/nginx_signing.rsa.pub
+ mode: 0400
+ when: ansible_facts['os_family'] == "Alpine"
+
+- name: "(Debian/Red Hat/SLES OSs) Set up NGINX signing key URL"
+ set_fact:
+ keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['pgp']) }}"
+ when: ansible_facts['os_family'] != "Alpine"
+
+- name: "(Debian/Ubuntu) Add NGINX signing key"
+ apt_key:
+ id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
+ url: "{{ keysite }}"
+ when: ansible_facts['os_family'] == "Debian"
+
+- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL/SLES) Add NGINX signing key"
+ rpm_key:
+ fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
+ key: "{{ keysite }}"
+ validate_certs: "{{ (ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}"
+ when: ansible_facts['os_family'] in ['RedHat', 'Suse']
+
+- name: "Set up signing keys"
+ debug:
+ msg: "Done setting up signing keys"
+ when: nginx_debug_tasks | bool
diff --git a/tasks/main.yml b/tasks/main.yml
index af55ef7..b7eb7c7 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,58 +1,78 @@
---
-- name: "(Setup: All OSs) Setup Prerequisites"
- include_tasks: "{{ role_path }}/tasks/prerequisites/setup-{{ ansible_os_family | lower }}.yml"
+- name: "Check whether you are using a supported NGINX distribution"
+ assert:
+ that: (nginx_type == "opensource" and ansible_facts['distribution'] in nginx_distributions)
+ or (nginx_type == "plus" and ansible_facts['distribution'] in nginx_plus_distributions)
+ success_msg: "Your OS, {{ ansible_facts['distribution'] }} is supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}"
+ fail_msg: "Your OS, {{ ansible_facts['distribution'] }} is not supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}"
+ when:
+ - nginx_install | bool
+ - (nginx_install_from == "nginx_repository" or nginx_type == "plus")
+ tags: nginx_check_support
+
+- name: "Set up prerequisites"
+ include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml"
tags: nginx_prerequisites
-- name: "(Setup: All OSs) Setup Keys"
- import_tasks: keys/setup-keys.yml
- when:
- - ansible_os_family == "Alpine"
- or ansible_os_family == "Debian"
- or ansible_os_family == "RedHat"
- or ansible_os_family == "Suse"
- - nginx_install_from == "nginx_repository"
- or nginx_amplify_enable | bool
- or nginx_unit_enable | bool
+- name: "Set up signing keys"
+ include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml"
+ when: (nginx_install | bool and nginx_install_from == "nginx_repository")
+ or nginx_amplify_enable | bool or nginx_unit_enable | bool
tags: nginx_key
-- name: "(Install/Config: All OSs) Install and Configure NGINX"
+- name: "Install and Configure NGINX"
block:
- - name: "(Install: All OSs) Install NGINX"
+ - name: "Install NGINX"
block:
- - name: "(Install: All OSs) Install NGINX Open Source"
+ - name: "Install NGINX Open Source"
include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml"
when: nginx_type == "opensource"
tags: nginx_install_oss
- - name: "(Install: All OSs) Install NGINX Plus"
+ - name: "Set up NGINX Plus license"
+ include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml"
+ when:
+ - nginx_type == "plus"
+ - nginx_setup_license | bool
+ tags: nginx_setup_license
+
+ - name: "Install NGINX Plus"
include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml"
when: nginx_type == "plus"
tags: nginx_install_plus
- - name: "(Install: All OSs) Install NGINX Modules"
+ - name: "Install NGINX modules"
include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml"
when:
- nginx_modules is defined
- nginx_modules | length > 0
tags: nginx_install_modules
- - name: "(Install: All OSs) Delete NGINX Plus License"
- include_tasks: "{{ role_path }}/tasks/plus/delete-license.yml"
+ - name: "Remove NGINX Plus license"
+ include_tasks: "{{ role_path }}/tasks/plus/remove-license.yml"
when:
- nginx_type == "plus"
- - nginx_delete_license | bool
- tags: nginx_delete_license
- when: nginx_install | bool
+ - nginx_remove_license | bool
+ tags: nginx_remove_license
- - name: "(Config: All OSs) Configure NGINX"
+ - name: "Modify Service For Systemd"
+ include_tasks: "{{ role_path }}/tasks/config/modify-systemd.yml"
+ when:
+ - ansible_facts['service_mgr'] == "systemd"
+ - nginx_service_modify | bool
+ tags: nginx_modify_systemd
+ when: nginx_install | bool
+ tags: nginx_install
+
+ - name: "(DEPRECATED) Configure NGINX"
block:
- - name: "(Config: All OSs) Cleanup NGINX Config"
- include_tasks: "{{ role_path }}/tasks/conf/cleanup-config.yml"
+ - name: "(DEPRECATED) Cleanup NGINX Config"
+ include_tasks: "{{ role_path }}/tasks/config/cleanup-config.yml"
when: nginx_cleanup_config | bool
tags: nginx_cleanup_config
- - name: "(Config: All OSs) Upload NGINX Config"
- include_tasks: "{{ role_path }}/tasks/conf/upload-config.yml"
+ - name: "(DEPRECATED) Upload NGINX Config"
+ include_tasks: "{{ role_path }}/tasks/config/upload-config.yml"
when: nginx_main_upload_enable | bool
or nginx_http_upload_enable | bool
or nginx_stream_upload_enable | bool
@@ -60,8 +80,8 @@
or nginx_ssl_upload_enable | bool
tags: nginx_upload_config
- - name: "(Config: All OSs) Create NGINX Config"
- include_tasks: "{{ role_path }}/tasks/conf/template-config.yml"
+ - name: "(DEPRECATED) Create NGINX Config"
+ include_tasks: "{{ role_path }}/tasks/config/template-config.yml"
when: nginx_main_template_enable | bool
or nginx_http_template_enable | bool
or nginx_stream_template_enable | bool
@@ -69,21 +89,21 @@
tags: nginx_template_config
when: nginx_configure | bool
- - name: "(Config: All OSs) Ensure NGINX is Running"
+ - name: "Ensure NGINX is running"
meta: flush_handlers
- - name: "(Config: All OSs) Debug Output"
- include_tasks: "{{ role_path }}/tasks/conf/debug-output.yml"
+ - name: "Debug NGINX output"
+ include_tasks: "{{ role_path }}/tasks/config/debug-output.yml"
when: nginx_debug_output | bool
tags: nginx_debug_output
- - name: "(Config: All OSs): Configure Logrotate"
- include_tasks: "{{ role_path }}/tasks/conf/logrotate.yml"
+ - name: "Configure logrotate for NGINX"
+ include_tasks: "{{ role_path }}/tasks/config/setup-logrotate.yml"
when: nginx_logrotate_conf_enable | bool
tags: nginx_logrotate_config
when: nginx_enable | bool
-- name: "(Install: All OSs) Install NGINX Amplify"
+- name: "Install NGINX Amplify"
include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml"
when:
- nginx_amplify_enable | bool
@@ -91,7 +111,7 @@
- nginx_amplify_api_key | length > 0
tags: nginx_install_amplify
-- name: "(Install: All OSs) Install NGINX Unit"
+- name: "(DEPRECATED) Install NGINX Unit"
include_tasks: "{{ role_path }}/tasks/unit/install-unit.yml"
when: nginx_unit_enable | bool
tags: nginx_install_unit
diff --git a/tasks/modules/install-modules.yml b/tasks/modules/install-modules.yml
index b10cc4d..0fb4259 100644
--- a/tasks/modules/install-modules.yml
+++ b/tasks/modules/install-modules.yml
@@ -1,12 +1,12 @@
---
-- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies"
+- name: "(CentOS) Install GeoIP dependencies"
yum:
name: epel-release
when:
- - ansible_distribution == "CentOS"
+ - ansible_facts['distribution'] == "CentOS"
- '"geoip" in nginx_modules'
-- name: "(Install: All OSs) Install NGINX Modules"
+- name: "Install NGINX Modules"
package:
name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item }}{{ nginx_version | default('') }}"
state: present
@@ -15,18 +15,18 @@
- (item in nginx_modules_list and nginx_type == 'opensource')
or (item in nginx_plus_modules_list and nginx_type == 'plus')
- not (item == "auth-spnego")
- or not (ansible_os_family == "Alpine" and (ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') == "3.8"))
+ or not (ansible_facts['os_family'] == "Alpine" and (ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') is version('3.8', '==')))
- not (item == "geoip")
- or not ((ansible_os_family == "RedHat" and ansible_distribution_major_version == "8")
- or (ansible_os_family == "FreeBSD"))
+ or not ((ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '=='))
+ or (ansible_facts['os_family'] == "FreeBSD"))
- not (item == "brotli")
- or not ((ansible_os_family == "Alpine")
- or (ansible_os_family == "RedHat" and ansible_distribution_major_version < "8")
- or (ansible_os_family == "Debian" and ansible_distribution_major_version == "9")
- or (ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
- or (ansible_distribution == "Amazon")
- or (ansible_distribution == "OracleLinux"))
- - not (item == "geoip2") or not (ansible_os_family == "Suse")
+ or not ((ansible_facts['os_family'] == "Alpine")
+ or (ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '<'))
+ or (ansible_facts['os_family'] == "Debian" and ansible_facts['distribution_major_version'] is version('9', '=='))
+ or (ansible_facts['os_family'] == "Suse" and ansible_facts['distribution_major_version'] is version('12', '<'))
+ or (ansible_facts['distribution'] == "Amazon")
+ or (ansible_facts['distribution'] == "OracleLinux"))
+ - not (item == "geoip2") or not (ansible_facts['os_family'] == "Suse")
- not (item == "opentracing")
- or not ((ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
- or (ansible_os_family == "RedHat" and ansible_distribution_major_version == "6"))
+ or not ((ansible_facts['os_family'] == "Suse" and ansible_facts['distribution_major_version'] is version('12', '=='))
+ or (ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('6', '==')))
diff --git a/tasks/opensource/install-alpine.yml b/tasks/opensource/install-alpine.yml
new file mode 100644
index 0000000..d77ee92
--- /dev/null
+++ b/tasks/opensource/install-alpine.yml
@@ -0,0 +1,14 @@
+---
+- name: "(Alpine Linux) Configure NGINX repository"
+ lineinfile:
+ path: /etc/apk/repositories
+ insertafter: EOF
+ line: "{{ repository }}"
+
+- name: "(Alpine Linux) Install NGINX"
+ apk:
+ name: "nginx{{ nginx_version | default('') }}"
+ repository: "{{ repository }}"
+ state: "{{ nginx_state }}"
+ update_cache: yes
+ notify: "(Handler) Start NGINX"
diff --git a/tasks/opensource/install-bsd.yml b/tasks/opensource/install-bsd.yml
new file mode 100644
index 0000000..bced3af
--- /dev/null
+++ b/tasks/opensource/install-bsd.yml
@@ -0,0 +1,78 @@
+---
+- name: "(FreeBSD) Update ports"
+ block:
+ - name: "(FreeBSD) Fetch ports"
+ command: portsnap fetch --interactive
+ args:
+ creates: /var/db/portsnap/INDEX
+
+ - name: "(FreeBSD) Extract ports"
+ command: portsnap extract
+ args:
+ creates: /usr/ports
+ when:
+ - ansible_facts['system'] == "FreeBSD"
+ - nginx_bsd_update_ports | bool
+
+- name: "(FreeBSD) Install NGINX"
+ block:
+ - name: "(FreeBSD) Install NGINX package"
+ pkgng:
+ name: "www/nginx{{ nginx_version | default('') }}"
+ state: "{{ nginx_state }}"
+ when: nginx_bsd_install_packages | bool
+ notify: "(Handler) Start NGINX"
+
+ - name: "(FreeBSD) Install NGINX port"
+ portinstall:
+ name: "www/nginx{{ nginx_version | default('') }}"
+ use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
+ state: "{{ nginx_state }}"
+ when: not nginx_bsd_install_packages | bool
+ notify: "(Handler) Start NGINX"
+ when: ansible_facts['system'] == "FreeBSD"
+
+- name: "(OpenBSD) Install NGINX"
+ block:
+ - name: "(OpenBSD) Install NGINX package"
+ openbsd_pkg:
+ name: "nginx{{ nginx_version | default('') }}"
+ build: no
+ state: "{{ nginx_state }}"
+ when: nginx_bsd_install_packages | bool
+ notify: "(Handler) Start NGINX"
+
+ - name: "(OpenBSD) Install NGINX port"
+ openbsd_pkg:
+ name: "nginx{{ nginx_version | default('') }}"
+ build: yes
+ state: "{{ nginx_state }}"
+ when: not nginx_bsd_install_packages | bool
+ notify: "(Handler) Start NGINX"
+ when: ansible_facts['system'] == "OpenBSD"
+
+- name: "(NetBSD) Install NGINX"
+ block:
+ - name: "NetBSD) Install NGINX package"
+ command: "pkg_add www/nginx{{ nginx_version | default('') }}"
+ when: nginx_bsd_install_packages | bool
+ notify: "(Handler) Start NGINX"
+
+ - name: "(NetBSD) Install NGINX port"
+ fail:
+ msg: "{{ ansible_facts['system'] }} Install NGINX port not implemented."
+ when: not nginx_bsd_install_packages | bool
+ when: ansible_facts['system'] == "NetBSD"
+
+- name: "(DragonFlyBSD/HardenedBSD) Install NGINX"
+ block:
+ - name: "Install NGINX package"
+ command: "pkg install www/nginx{{ nginx_version | default('') }}"
+ when: nginx_bsd_install_packages | bool
+ notify: "(Handler) Start NGINX"
+
+ - name: "Install NGINX port"
+ fail:
+ msg: "{{ ansible_facts['system'] }} Install NGINX port not implemented."
+ when: not nginx_bsd_install_packages | bool
+ when: ansible_facts['system'] in ['DragonFlyBSD', 'HardenedBSD']
diff --git a/tasks/opensource/install-debian.yml b/tasks/opensource/install-debian.yml
new file mode 100644
index 0000000..2a67e7f
--- /dev/null
+++ b/tasks/opensource/install-debian.yml
@@ -0,0 +1,14 @@
+---
+- name: "(Debian/Ubuntu) Configure NGINX repository"
+ apt_repository:
+ filename: nginx
+ repo: "{{ item }}"
+ update_cache: yes
+ mode: 0644
+ loop: "{{ repository }}"
+
+- name: "(Debian/Ubuntu) Install NGINX"
+ apt:
+ name: "nginx{{ nginx_version | default('') }}"
+ state: "{{ nginx_state }}"
+ notify: "(Handler) Start NGINX"
diff --git a/tasks/opensource/install-oss-bsd.yml b/tasks/opensource/install-oss-bsd.yml
deleted file mode 100644
index 3ae8c8f..0000000
--- a/tasks/opensource/install-oss-bsd.yml
+++ /dev/null
@@ -1,91 +0,0 @@
----
-- name: "(Install: FreeBSD) Update Ports"
- block:
- - name: "(Install: FreeBSD) Fetch Ports"
- command: portsnap fetch --interactive
- args:
- creates: /var/db/portsnap/INDEX
-
- - name: "(Install: FreeBSD) Extract Ports"
- command: portsnap extract
- args:
- creates: /usr/ports
- when:
- - ansible_system == "FreeBSD"
- - nginx_bsd_update_ports | bool
-
-- name: "(Install: FreeBSD)"
- block:
- - name: "(Install: FreeBSD) Install NGINX Package"
- pkgng:
- name: "www/nginx{{ nginx_version | default('') }}"
- state: "{{ nginx_state }}"
- when: nginx_bsd_install_packages | bool
- notify: "(Handler: All OSs) Start NGINX"
-
- - name: "(Install: FreeBSD) Install NGINX Port"
- portinstall:
- name: "www/nginx{{ nginx_version | default('') }}"
- use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
- state: "{{ nginx_state }}"
- when: not nginx_bsd_install_packages | bool
- notify: "(Handler: All OSs) Start NGINX"
- when: ansible_system == "FreeBSD"
-
-- name: "(Install: OpenBSD)"
- block:
- - name: "(Install: OpenBSD) Install NGINX Package"
- openbsd_pkg:
- name: "nginx{{ nginx_version | default('') }}"
- build: no
- state: "{{ nginx_state }}"
- when: nginx_bsd_install_packages | bool
- notify: "(Handler: All OSs) Start NGINX"
-
- - name: "(Install: OpenBSD) Install NGINX Port"
- openbsd_pkg:
- name: "nginx{{ nginx_version | default('') }}"
- build: yes
- state: "{{ nginx_state }}"
- when: not nginx_bsd_install_packages | bool
- notify: "(Handler: All OSs) Start NGINX"
- when: ansible_system == "OpenBSD"
-
-- name: "(Install: NetBSD)"
- block:
- - name: "(Install: NetBSD) Install NGINX Package"
- command: "pkg_add www/nginx{{ nginx_version | default('') }}"
- when: nginx_bsd_install_packages | bool
- notify: "(Handler: All OSs) Start NGINX"
-
- - name: "(Install: NetBSD) Install NGINX Port"
- fail:
- msg: "{{ ansible_system }} Install NGINX port not implemented."
- when: not nginx_bsd_install_packages | bool
- when: ansible_system == "NetBSD"
-
-- name: "(Install: DragonFlyBSD)"
- block:
- - name: "(Install: DragonFlyBSD) Install NGINX Package"
- command: "pkg install www/nginx{{ nginx_version | default('') }}"
- when: nginx_bsd_install_packages | bool
- notify: "(Handler: All OSs) Start NGINX"
-
- - name: "(Install: DragonFlyBSD) Install NGINX port"
- fail:
- msg: "{{ ansible_system }} Install NGINX port not implemented."
- when: not nginx_bsd_install_packages | bool
- when: ansible_system == "DragonFlyBSD"
-
-- name: "(Install: HardenedBSD)"
- block:
- - name: "(Install: HardenedBSD) Install NGINX package"
- command: "pkg install www/nginx{{ nginx_version | default('') }}"
- when: nginx_bsd_install_packages | bool
- notify: "(Handler: All OSs) Start NGINX"
-
- - name: "(Install: HardenedBSD) Install NGINX port"
- fail:
- msg: "{{ ansible_system }} Install NGINX port not implemented."
- when: not nginx_bsd_install_packages | bool
- when: ansible_system == "HardenedBSD"
diff --git a/tasks/opensource/install-oss-linux.yml b/tasks/opensource/install-oss-linux.yml
deleted file mode 100644
index ca4845c..0000000
--- a/tasks/opensource/install-oss-linux.yml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-- name: "(Install: Linux) Configure NGINX Repository"
- include_tasks: "{{ role_path }}/tasks/opensource/setup-{{ ansible_os_family | lower }}.yml"
- when:
- - ansible_os_family == "Alpine"
- or ansible_os_family == "Debian"
- or ansible_os_family == "RedHat"
- or ansible_os_family == "Suse"
- - nginx_install_from == "nginx_repository"
-
-- name: "(Install: Linux) Modify Service For Systemd"
- include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
- when:
- - ansible_service_mgr == "systemd"
- - nginx_service_modify | bool
-
-- name: "(Install: Linux) Install NGINX From Source"
- include_tasks: "{{ role_path }}/tasks/opensource/setup-source.yml"
- when: nginx_install_from == "source"
-
-- name: "(Install: Linux) Install NGINX Package"
- package:
- name: "nginx{{ nginx_version | default('') }}"
- state: "{{ nginx_state }}"
- when: nginx_install_from == "os_repository"
- notify: "(Handler: All OSs) Start NGINX"
diff --git a/tasks/opensource/install-oss.yml b/tasks/opensource/install-oss.yml
index 8139d55..35c7f20 100644
--- a/tasks/opensource/install-oss.yml
+++ b/tasks/opensource/install-oss.yml
@@ -1,8 +1,38 @@
---
-- name: "(Install: OSS Linux)"
- include_tasks: "{{ role_path }}/tasks/opensource/install-oss-linux.yml"
- when: ansible_os_family in nginx_linux_families
+- name: "Install NGINX"
+ debug:
+ msg: "Installing NGINX"
+ when: nginx_debug_tasks | bool
-- name: "(Install: OSS BSD)"
- include_tasks: "{{ role_path }}/tasks/opensource/install-oss-bsd.yml"
- when: ansible_system in nginx_bsd_systems
+- name: "Install NGINX in Linux systems"
+ block:
+ - name: "Install NGINX from repository"
+ block:
+ - name: "Set NGINX repository"
+ set_fact:
+ repository: "{{ nginx_repository | default(nginx_default_repository[ansible_facts['os_family'] | lower]) }}"
+
+ - name: "Install NGINX from repository"
+ include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml"
+ when: nginx_install_from == "nginx_repository"
+
+ - name: "Install NGINX from source"
+ include_tasks: "{{ role_path }}/tasks/opensource/install-source.yml"
+ when: nginx_install_from == "source"
+
+ - name: "Install NGINX from package"
+ package:
+ name: "nginx{{ nginx_version | default('') }}"
+ state: "{{ nginx_state }}"
+ when: nginx_install_from == "os_repository"
+ notify: "(Handler) Start NGINX"
+ when: ansible_facts['system'] | lower is not search('bsd')
+
+- name: "Install NGINX in Unix systems"
+ include_tasks: "{{ role_path }}/tasks/opensource/install-bsd.yml"
+ when: ansible_facts['system'] | lower is search('bsd')
+
+- name: "Install NGINX"
+ debug:
+ msg: "Done installing NGINX"
+ when: nginx_debug_tasks | bool
diff --git a/tasks/opensource/install-redhat.yml b/tasks/opensource/install-redhat.yml
new file mode 100644
index 0000000..fa45b97
--- /dev/null
+++ b/tasks/opensource/install-redhat.yml
@@ -0,0 +1,33 @@
+---
+- name: "(CentOS/RHEL 6/7) Configure NGINX repository"
+ yum_repository:
+ name: nginx
+ baseurl: "{{ repository }}"
+ description: NGINX Repository
+ enabled: yes
+ gpgcheck: yes
+ mode: 0644
+ when: ansible_facts['distribution_major_version'] is version('8', '<')
+
+- name: "(CentOS/RHEL 8) Configure NGINX repository"
+ blockinfile:
+ path: /etc/yum.repos.d/nginx.repo
+ create: yes
+ block: |
+ [nginx]
+ baseurl = {{ repository }}
+ enabled = 1
+ gpgcheck = 1
+ name = NGINX Repository
+ module_hotfixes = true
+ mode: 0644
+ when: ansible_facts['distribution_major_version'] is version('8', '==')
+
+- name: "(CentOS/RHEL) Install NGINX"
+ yum:
+ name: "nginx{{ nginx_version | default('') }}"
+ state: "{{ nginx_state }}"
+ disablerepo: "*"
+ enablerepo: "nginx"
+ update_cache: yes
+ notify: "(Handler) Start NGINX"
diff --git a/tasks/opensource/setup-source.yml b/tasks/opensource/install-source.yml
similarity index 58%
rename from tasks/opensource/setup-source.yml
rename to tasks/opensource/install-source.yml
index 42af2fa..d672fac 100644
--- a/tasks/opensource/setup-source.yml
+++ b/tasks/opensource/install-source.yml
@@ -1,9 +1,9 @@
---
-- name: "(Install: Linux) Check For Build Tools"
+- name: "Check for build tools"
block:
- - name: "(Install: Centos/RHEL) Setup Python 3"
+ - name: "(CentOS/RHEL 8) Setup python 3"
block:
- - name: "(Install: Centos/RHEL) Install Python 3"
+ - name: "(CentOS/RHEL 8) Install python 3"
yum:
name:
- python3
@@ -11,144 +11,144 @@
- python3-devel
update_cache: yes
- - name: "(Install: Centos/RHEL) Set Python 3 Default"
+ - name: "(Centos/RHEL 8) Set python 3 as default"
alternatives:
name: python
path: /usr/bin/python3
link: /usr/bin/python
when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version == "8"
+ - ansible_facts['os_family'] == "RedHat"
+ - ansible_facts['distribution_major_version'] is version('8', '==')
- - name: "(Install: Centos/RHEL) Install Build Tools"
+ - name: "(Centos/RHEL) Install build tools"
yum:
name:
- "@Development tools"
+ - ca-certificates
- gcc
- - glibc
- - glibc-common
- gd
- gd-devel
+ - glibc
+ - glibc-common
- perl-core
- wget
- - ca-certificates
- zlib-devel
update_cache: yes
- when: ansible_os_family == "RedHat"
+ when: ansible_facts['os_family'] == "RedHat"
- - name: "(Install: Debian) Install Backports Repo For Buster"
+ - name: "(Debian) Install backports repo for buster"
apt_repository:
filename: buster-backports
repo: deb http://ftp.us.debian.org/debian buster-backports main
update_cache: yes
mode: 0644
- when: ansible_distribution_release == "buster"
+ when: ansible_facts['distribution_release'] == "buster"
- - name: "(Install: Debian/Ubuntu) Install Build Tools"
+ - name: "(Debian/Ubuntu) Install build tools"
apt:
name:
- - python3-minimal
- build-essential
+ - checkinstall
+ - libtemplate-perl
+ - python3-minimal
- perl
- tar
- - checkinstall
- zlib1g-dev
- - libtemplate-perl
update_cache: yes
- when: ansible_os_family == "Debian"
+ when: ansible_facts['os_family'] == "Debian"
- - name: "(Install: Alpine) Install Build Tools"
+ - name: "(Alpine Linux) Install build tools"
apk:
name:
- - python3
- alpine-sdk
- build-base
- git
- - wget
+ - openrc
- perl
+ - python3
- linux-headers
- tar
- - openrc
+ - wget
update_cache: yes
- when: ansible_os_family == "Alpine"
+ when: ansible_facts['os_family'] == "Alpine"
- - name: "(Install: Alpine) Enable OpenRC"
+ - name: "(Alpine Linux) Enable OpenRC"
copy:
content: ""
dest: /run/openrc/softlevel
force: no
owner: root
mode: 0644
- when: ansible_os_family == "Alpine"
+ when: ansible_facts['os_family'] == "Alpine"
when: nginx_install_source_build_tools | bool
-- name: "(Install: Linux) Check For Source Installs"
+- name: "Check for source installs"
block:
- - name: "(Install: Linux) Check For PCRE Install"
+ - name: "Check for PCRE install"
stat:
path: /tmp/{{ pcre_version }}
register: pcre_result
- - name: "(Install: Linux) Check For ZLib Install"
+ - name: "Check for ZLib install"
stat:
path: /tmp/{{ zlib_version }}
register: zlib_result
- - name: "(Install: Linux) Check For OpenSSL Install"
+ - name: "Check for OpenSSL install"
stat:
path: /tmp/{{ openssl_version }}
register: openssl_result
-- name: "(Install: Centos/RHEL) Install PCRE Dependency From Package"
+- name: "(CentOS/RHEL) Install PCRE dependency from package"
yum:
name: pcre-devel
update_cache: yes
when:
- nginx_install_source_pcre | bool
- - ansible_os_family == "RedHat"
+ - ansible_facts['os_family'] == "RedHat"
-- name: "(Install: Debian/Ubuntu) Install PCRE Dependency From Package"
+- name: "(Debian/Ubuntu) Install PCRE dependency from package"
apt:
name: libpcre3-dev
update_cache: yes
when:
- nginx_install_source_pcre | bool
- - ansible_os_family == "Debian"
+ - ansible_facts['os_family'] == "Debian"
-- name: "(Install: Alpine) Install PCRE Dependency From Package"
+- name: "(Alpine Linux) Install PCRE dependency from package"
apk:
name: pcre-dev
update_cache: yes
when:
- nginx_install_source_pcre | bool
- - ansible_os_family == "Alpine"
+ - ansible_facts['os_family'] == "Alpine"
-- name: "(Install: Linux) Install PCRE Dependence From Source"
+- name: "Install PCRE dependence from source"
block:
- - name: "(Install: Linux) Download PCRE Dependency"
+ - name: "Download PCRE dependency"
get_url:
- url: "http://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz"
+ url: "https://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz"
dest: "/tmp/{{ pcre_version }}.tar.gz"
mode: 0600
register: pcre_source
- - name: "(Install: Linux) Unpack PCRE Dependency"
+ - name: "Unpack PCRE dependency"
unarchive:
copy: no
dest: /tmp/
src: "{{ pcre_source.dest }}"
mode: 0700
- - name: "(Install: Linux) Configure PCRE Dependency"
+ - name: "Configure PCRE dependency"
command: "./configure"
args:
chdir: "/tmp/{{ pcre_version }}"
- - name: "(Install: Linux) Make PCRE Dependency"
+ - name: "Make PCRE dependency"
make:
chdir: "/tmp/{{ pcre_version }}"
- - name: "(Install: Linux) Install PCRE Dependency"
+ - name: "Install PCRE dependency"
make:
chdir: "/tmp/{{ pcre_version }}"
target: install
@@ -156,56 +156,56 @@
- not pcre_result.stat.exists | bool
- not nginx_install_source_pcre | bool
-- name: "(Install: Centos/RHEL) Install ZLib Dependency From Package"
+- name: "(Centos/RHEL) Install ZLib dependency from package"
yum:
name: zlib-devel
update_cache: yes
when:
- nginx_install_source_zlib | bool
- - ansible_os_family == "RedHat"
+ - ansible_facts['os_family'] == "RedHat"
-- name: "(Install: Debian/Ubuntu) Install ZLib Dependency From Package"
+- name: "(Debian/Ubuntu) Install ZLib dependency from package"
apt:
name: zlib1g-dev
update_cache: true
when:
- nginx_install_source_zlib | bool
- - ansible_os_family == "Debian"
+ - ansible_facts['os_family'] == "Debian"
-- name: "(Install: Alpine) Install ZLib Dependency From Package"
+- name: "(Alpine Linux) Install ZLib dependency from package"
apk:
name: zlib-dev
update_cache: yes
when:
- nginx_install_source_zlib | bool
- - ansible_os_family == "Alpine"
+ - ansible_facts['os_family'] == "Alpine"
-- name: "(Install: Linux) Install ZLib Dependency From Source"
+- name: "Install ZLib dependency from source"
block:
- - name: "(Install: Linux) Download ZLib Dependency"
+ - name: "Download ZLib dependency"
get_url:
- url: "http://zlib.net/{{ zlib_version }}.tar.gz"
+ url: "https://zlib.net/{{ zlib_version }}.tar.gz"
dest: "/tmp/{{ zlib_version }}.tar.gz"
mode: 0600
register: zlib_source
- - name: "(Install: Linux) Unpack ZLib Dependency"
+ - name: "Unpack ZLib dependency"
unarchive:
copy: no
dest: /tmp/
src: "{{ zlib_source.dest }}"
mode: 0700
- - name: "(Install: Linux) Configure zlib Dependency"
+ - name: "Configure ZLib dependency"
command: "./configure"
args:
chdir: "/tmp/{{ zlib_version }}"
- - name: "(Install: Linux) Make ZLib Dependency"
+ - name: "Make ZLib dependency"
make:
chdir: "/tmp/{{ zlib_version }}"
- - name: "(Install: Linux) Install ZLib Dependency"
+ - name: "Install ZLib dependency"
make:
chdir: "/tmp/{{ zlib_version }}"
target: install
@@ -213,56 +213,56 @@
- not zlib_result.stat.exists | bool
- not nginx_install_source_zlib | bool
-- name: "(Install: Centos/RHEL) Install OpenSSL Dependency From Package"
+- name: "(CentOS/RHEL) Install OpenSSL dependency from package"
yum:
name: openssl-devel
update_cache: yes
when:
- nginx_install_source_openssl | bool
- - ansible_os_family == "RedHat"
+ - ansible_facts['os_family'] == "RedHat"
-- name: "(Install: Debian/Ubuntu) Install OpenSSL Dependency From Package"
+- name: "(Debian/Ubuntu) Install OpenSSL dependency from package"
apt:
name: libssl-dev
update_cache: yes
when:
- nginx_install_source_openssl | bool
- - ansible_os_family == "Debian"
+ - ansible_facts['os_family'] == "Debian"
-- name: "(Install: Alpine) Install OpenSSL Dependency From Package"
+- name: "(Alpine Linux) Install OpenSSL dependency from package"
apk:
name: openssl-dev
update_cache: yes
when:
- nginx_install_source_openssl | bool
- - ansible_os_family == "Alpine"
+ - ansible_facts['os_family'] == "Alpine"
-- name: "(Install: Linux) Install OpenSSL Dependency From Source"
+- name: "Install OpenSSL dependency from source"
block:
- - name: "(Install: Linux) Download OpenSSL Dependency"
+ - name: "Download OpenSSL dependency"
get_url:
- url: "http://www.openssl.org/source/{{ openssl_version }}.tar.gz"
+ url: "https://www.openssl.org/source/{{ openssl_version }}.tar.gz"
dest: "/tmp/{{ openssl_version }}.tar.gz"
mode: 0600
register: openssl_source
- - name: "(Install: Linux) Unpack OpenSSL Dependency"
+ - name: "Unpack OpenSSL dependency"
unarchive:
copy: no
dest: /tmp/
src: "{{ openssl_source.dest }}"
mode: 0700
- - name: "(Install: Linux) Configure OpenSSL Dependency"
+ - name: "Configure OpenSSL dependency"
command: "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib"
args:
chdir: "/tmp/{{ openssl_version }}"
- - name: "(Install: Linux) Make OpenSSL Dependency"
+ - name: "Make OpenSSL dependency"
make:
chdir: "/tmp/{{ openssl_version }}"
- - name: "(Install: Linux) Install OpenSSL Dependency"
+ - name: "Install OpenSSL dependency"
make:
chdir: "/tmp/{{ openssl_version }}"
target: install
@@ -270,72 +270,72 @@
- not openssl_result.stat.exists | bool
- not nginx_install_source_openssl | bool
-- name: "(Install: Linux) Get NGINX Version"
+- name: "Get NGINX version"
block:
- - name: "(Install: Linux) Fetch NGINX Version"
+ - name: "Fetch NGINX version"
uri:
url: https://trac.nginx.org/nginx/browser
return_content: yes
register: nginx_versions
- - name: "(Install: Linux) Set NGINX Mainline Version"
+ - name: "Set NGINX mainline version"
set_fact:
nginx_version: "{{ nginx_versions.content | regex_search('release[^<]*') | regex_replace('release', 'nginx') }}"
when: nginx_branch == "mainline"
- - name: "(Install: Linux) Set NGINX Stable Version 1/2"
+ - name: "Set NGINX stable version 1/2"
set_fact:
nginx_version: "{{ nginx_versions.content | regex_search('stable[^<]*') | regex_replace('stable', 'release') }}"
when: nginx_branch == "stable"
- - name: "(Install: Linux) Set NGINX Stable Version 2/2"
+ - name: "Set NGINX stable version 2/2"
set_fact:
nginx_version: "{{ nginx_versions.content | regex_search(nginx_version + '[^<]*') | regex_replace('release', 'nginx') }}"
when: nginx_branch == "stable"
- - name: "(Install: Linux) Set NGINX Download Filename"
+ - name: "Set NGINX download filename"
set_fact:
nginx_download_name: "{{ nginx_version }}"
- - name: "(Install: Linux) Check For NGINX Install"
+ - name: "Check for NGINX install"
stat:
path: /usr/sbin/nginx
follow: yes
register: nginx_result
-- name: "(Install: Linux) Add NGINX User"
+- name: "Add NGINX user"
user:
name: nginx
-- name: "(Install: Linux) Install NGINX"
+- name: "Install NGINX"
block:
- - name: "(Install: Linux) Download NGINX"
+ - name: "Download NGINX"
get_url:
- url: "http://nginx.org/download/{{ nginx_download_name }}.tar.gz"
+ url: "https://nginx.org/download/{{ nginx_download_name }}.tar.gz"
dest: "/tmp/{{ nginx_download_name }}.tar.gz"
mode: 0600
register: nginx_source
- - name: "(Install: Linux) Unpack NGINX"
+ - name: "Unpack NGINX"
unarchive:
copy: no
dest: /tmp/
src: "{{ nginx_source.dest }}"
mode: 0755
- - name: "(Install: Linux) Configure NGINX"
+ - name: "Configure NGINX"
command: >-
./configure
- --prefix=/usr
- --pid-path=/var/run/nginx.pid
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--lock-path=/var/lock/nginx.lock
--modules-path=/usr/lib/nginx/modules
+ --prefix=/usr
+ --pid-path=/var/run/nginx.pid
--with-http_ssl_module
- --with-stream
--with-mail=dynamic
+ --with-stream
{{ nginx_install_source_pcre | ternary('', '--with-pcre=../' + pcre_version) }}
{{ nginx_install_source_zlib | ternary('', '--with-zlib=../' + zlib_version) }}
{{ nginx_install_source_openssl | ternary('', '--with-openssl=../' + openssl_version) }}
@@ -343,86 +343,86 @@
chdir: "/tmp/{{ nginx_version }}"
register: nginx_configure
- - name: "(Install: Linux) Make NGINX"
+ - name: "Make NGINX"
make:
chdir: "/tmp/{{ nginx_version }}"
- - name: "(Install: Linux) Install NGINX"
+ - name: "Install NGINX"
make:
chdir: "/tmp/{{ nginx_version }}"
target: install
- - name: "(Install: Linux) Upload systemd NGINX Service File"
+ - name: "Upload systemd NGINX service file"
copy:
src: services/nginx.systemd
dest: /lib/systemd/system/nginx.service
owner: root
group: root
mode: 0644
- when: ansible_service_mgr == "systemd"
+ when: ansible_facts['service_mgr'] == "systemd"
- - name: "(Install: Linux) Enable systemd NGINX Service File"
+ - name: "Enable systemd NGINX service file"
systemd:
daemon_reload: yes
name: nginx
state: restarted
enabled: yes
- when: ansible_service_mgr == "systemd"
- notify: "(Handler: All OSs) Start NGINX"
+ when: ansible_facts['service_mgr'] == "systemd"
+ notify: "(Handler) Start NGINX"
- - name: "(Install: Linux) Upload upstart NGINX Service File"
+ - name: "Upload upstart NGINX service file"
copy:
src: services/nginx.upstart
dest: /etc/init.d/nginx
owner: root
group: root
mode: 0755
- when: ansible_service_mgr == "upstart"
+ when: ansible_facts['service_mgr'] == "upstart"
- - name: "(Install: Linux) Upload upstart NGINX Service Conf File"
+ - name: "Upload upstart NGINX service conf file"
copy:
src: services/nginx.conf.upstart
dest: /etc/init/nginx.conf
owner: root
group: root
mode: 0644
- when: ansible_service_mgr == "upstart"
+ when: ansible_facts['service_mgr'] == "upstart"
- - name: "(Install: Linux) Enable upstart NGINX Service Reload"
+ - name: "Enable upstart NGINX service reload"
command: "initctl reload-configuration"
- when: ansible_service_mgr == "upstart"
+ when: ansible_facts['service_mgr'] == "upstart"
- - name: "(Install: Linux) Start upstart NGINX Service Reload"
+ - name: "Start upstart NGINX service reload"
command: "nginx"
- when: ansible_service_mgr == "upstart"
- notify: "(Handler: All OSs) Start NGINX"
+ when: ansible_facts['service_mgr'] == "upstart"
+ notify: "(Handler) Start NGINX"
- - name: "(Install: Linux) Upload sysvinit NGINX Service File"
+ - name: "Upload sysvinit NGINX service file"
copy:
src: services/nginx.sysvinit
dest: /etc/init.d/nginx
owner: root
group: root
mode: 0755
- when: ansible_service_mgr == "sysvinit"
- notify: "(Handler: All OSs) Start NGINX"
+ when: ansible_facts['service_mgr'] == "sysvinit"
+ notify: "(Handler) Start NGINX"
- - name: "(Install: Linux) Upload openrc NGINX Service File"
+ - name: "Upload openrc NGINX service file"
copy:
src: services/nginx.openrc
dest: /etc/init.d/nginx
owner: root
group: root
mode: 0755
- when: ansible_service_mgr == "openrc"
+ when: ansible_facts['service_mgr'] == "openrc"
- - name: "(Install: Linux) Enable openrc NGINX Service"
+ - name: "Enable openrc NGINX service"
command: rc-update add nginx default
- notify: "(Handler: All OSs) Start NGINX"
- when: ansible_service_mgr == "openrc"
+ when: ansible_facts['service_mgr'] == "openrc"
+ notify: "(Handler) Start NGINX"
when: not nginx_result.stat.exists
-- name: "(Install: Linux) Cleanup Downloads"
+- name: "Cleanup downloads"
file:
path: "{{ item }}"
state: absent
diff --git a/tasks/opensource/install-suse.yml b/tasks/opensource/install-suse.yml
new file mode 100644
index 0000000..7544969
--- /dev/null
+++ b/tasks/opensource/install-suse.yml
@@ -0,0 +1,13 @@
+---
+- name: "(SLES) Configure NGINX repository"
+ zypper_repository:
+ name: "nginx-{{ nginx_branch }}"
+ repo: "{{ repository }}"
+
+- name: "(SLES) Install NGINX"
+ zypper:
+ name: "nginx{{ nginx_version | default('') }}"
+ state: "{{ nginx_state }}"
+ disable_recommends: no
+ update_cache: yes
+ notify: "(Handler) Start NGINX"
diff --git a/tasks/opensource/setup-alpine.yml b/tasks/opensource/setup-alpine.yml
deleted file mode 100644
index f5aa5b9..0000000
--- a/tasks/opensource/setup-alpine.yml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-- name: "(Install: Alpine) Set Default APK NGINX Repository"
- set_fact:
- default_repository: >-
- https://nginx.org/packages/{{ (nginx_branch == 'mainline')
- | ternary('mainline/', '') }}alpine/v{{ ansible_distribution_version.split('.')[0] }}.{{ ansible_distribution_version.split('.')[1] }}/main
-
-- name: "(Install: Alpine) Set APK NGINX Repository"
- set_fact:
- repository: "{{ nginx_repository | default(default_repository) }}"
-
-- name: "(Install: Alpine) Add NGINX Repository"
- lineinfile:
- path: /etc/apk/repositories
- insertafter: EOF
- line: "{{ repository }}"
-
-- name: "(Install: Alpine) Install Required Alpine Dependencies"
- apk:
- name:
- - openssl
- - pcre
-
-- name: "(Install: Alpine) Install NGINX"
- apk:
- name: "nginx{{ nginx_version | default('') }}"
- repository: "{{ repository }}"
- state: "{{ nginx_state }}"
- notify: "(Handler: All OSs) Start NGINX"
diff --git a/tasks/opensource/setup-debian.yml b/tasks/opensource/setup-debian.yml
deleted file mode 100644
index 5e26c9b..0000000
--- a/tasks/opensource/setup-debian.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-- name: "(Install: Debian/Ubuntu) Set Default APT NGINX Repository"
- set_fact:
- default_repository:
- - >-
- deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline')
- | ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
- - >-
- deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
- | ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
-
-- name: "(Install: Debian/Ubuntu) Set APT NGINX Repository"
- set_fact:
- repository: "{{ nginx_repository | default(default_repository) }}"
-
-- name: "(Install: Debian/Ubuntu) Add NGINX Repository"
- apt_repository:
- filename: nginx
- repo: "{{ item }}"
- update_cache: yes
- mode: 0644
- loop: "{{ repository }}"
-
-- name: "(Install: Debian/Ubuntu) Install NGINX"
- apt:
- name: "nginx{{ nginx_version | default('') }}"
- state: "{{ nginx_state }}"
- notify: "(Handler: All OSs) Start NGINX"
diff --git a/tasks/opensource/setup-redhat.yml b/tasks/opensource/setup-redhat.yml
deleted file mode 100644
index ff8394e..0000000
--- a/tasks/opensource/setup-redhat.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-- name: "(Install: CentOS/RedHat) Set Default YUM NGINX Repository"
- set_fact:
- default_repository: >-
- https://nginx.org/packages/{{ (nginx_branch == 'mainline')
- | ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat")
- | ternary('rhel', 'centos') }}/{{ ansible_distribution_major_version }}/$basearch/
-
-- name: "(Install: CentOS/RedHat) Set YUM NGINX Repository"
- set_fact:
- repository: "{{ nginx_repository | default(default_repository) }}"
-
-- name: "(Install: CentOS/RedHat) Add NGINX Repository for CentOS/RHEL 6/7"
- yum_repository:
- name: nginx
- baseurl: "{{ repository }}"
- description: NGINX Repository
- enabled: yes
- gpgcheck: yes
- mode: 0644
- when: ansible_distribution_major_version < "8"
-
-- name: "(Install: CentOS/RedHat) Add NGINX Repository for CentOS/RHEL 8"
- blockinfile:
- path: /etc/yum.repos.d/nginx.repo
- create: yes
- block: |
- [nginx]
- baseurl = {{ repository }}
- enabled = 1
- gpgcheck = 1
- name = NGINX Repository
- module_hotfixes = true
- mode: 0644
- when: ansible_distribution_major_version == "8"
-
-- name: "(Install: CentOS/RedHat) Install Required CentOS/RedHat Dependencies"
- yum:
- name: openssl
-
-- name: "(Install: CentOS/RedHat) Install NGINX"
- yum:
- name: "nginx{{ nginx_version | default('') }}"
- state: "{{ nginx_state }}"
- disablerepo: "*"
- enablerepo: "nginx"
- notify: "(Handler: All OSs) Start NGINX"
diff --git a/tasks/opensource/setup-suse.yml b/tasks/opensource/setup-suse.yml
deleted file mode 100644
index cc7bef1..0000000
--- a/tasks/opensource/setup-suse.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-- name: "(Install: SUSE) Set Default SUSE NGINX Repository"
- set_fact:
- default_repository: >-
- https://nginx.org/packages/{{ (nginx_branch == 'mainline')
- | ternary('mainline/', '') }}sles/{{ ansible_distribution_major_version }}
-
-- name: "(Install: SUSE) Set SUSE NGINX Repository"
- set_fact:
- repository: "{{ nginx_repository | default(default_repository) }}"
-
-- name: "(Install: SUSE) Add NGINX Repository"
- zypper_repository:
- name: "nginx-{{ nginx_branch }}"
- repo: "{{ repository }}"
-
-- name: "(Install: SUSE) Install NGINX"
- zypper:
- name: "nginx{{ nginx_version | default('') }}"
- state: "{{ nginx_state }}"
- notify: "(Handler: All OSs) Start NGINX"
diff --git a/tasks/plus/delete-license.yml b/tasks/plus/delete-license.yml
deleted file mode 100644
index c07c981..0000000
--- a/tasks/plus/delete-license.yml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-- name: "(Setup: All OSs) Set NGINX Plus License State"
- set_fact:
- nginx_license_status: absent
-
-- name: "(Setup: All OSs Besides Alpine Linux) Delete NGINX Plus License"
- file:
- path: /etc/ssl/nginx
- state: absent
- when: ansible_distribution != "Alpine"
-
-- name: "(Setup: Alpine Linux) Delete NGINX Plus License"
- file:
- path: "{{ item }}"
- state: absent
- loop:
- - /etc/apk/cert.key
- - /etc/apk/cert.pem
- when: ansible_distribution == "Alpine"
-
-- include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml"
- when: ansible_os_family == "Alpine"
- or ansible_os_family == "FreeBSD"
- or ansible_os_family == "Debian"
- or ansible_os_family == "RedHat"
- or ansible_os_family == "Suse"
diff --git a/tasks/plus/install-alpine.yml b/tasks/plus/install-alpine.yml
new file mode 100644
index 0000000..0e96dd7
--- /dev/null
+++ b/tasks/plus/install-alpine.yml
@@ -0,0 +1,14 @@
+---
+- name: "(Alpine Linux) Configure NGINX Plus repository"
+ lineinfile:
+ path: /etc/apk/repositories
+ insertafter: EOF
+ line: "{{ repository }}"
+ state: "{{ nginx_license_status | default ('present') }}"
+
+- name: "(Alpine Linux) Install NGINX Plus"
+ apk:
+ name: "nginx-plus{{ nginx_version | default('') }}"
+ repository: "{{ repository }}"
+ state: "{{ nginx_state }}"
+ notify: "(Handler) Start NGINX"
diff --git a/tasks/plus/setup-debian.yml b/tasks/plus/install-debian.yml
similarity index 65%
rename from tasks/plus/setup-debian.yml
rename to tasks/plus/install-debian.yml
index 680f6bc..4edbff4 100644
--- a/tasks/plus/setup-debian.yml
+++ b/tasks/plus/install-debian.yml
@@ -1,5 +1,5 @@
---
-- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus License"
+- name: "(Debian/Ubuntu) Set up NGINX Plus license verification"
blockinfile:
path: /etc/apt/apt.conf.d/90nginx
create: yes
@@ -11,10 +11,16 @@
state: "{{ nginx_license_status | default ('present') }}"
mode: 0444
-- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus Repository"
+- name: "(Debian/Ubuntu) Configure NGINX Plus repository"
apt_repository:
filename: nginx-plus
- repo: deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus
+ repo: "{{ repository }}"
update_cache: yes
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
+
+- name: "(Debian/Ubuntu) Install NGINX Plus"
+ apt:
+ name: "nginx-plus{{ nginx_version | default('') }}"
+ state: "{{ nginx_state }}"
+ notify: "(Handler) Start NGINX"
diff --git a/tasks/plus/setup-bsd.yml b/tasks/plus/install-freebsd.yml
similarity index 62%
rename from tasks/plus/setup-bsd.yml
rename to tasks/plus/install-freebsd.yml
index 2620312..d35e6b6 100644
--- a/tasks/plus/setup-bsd.yml
+++ b/tasks/plus/install-freebsd.yml
@@ -1,18 +1,5 @@
---
-- name: "(Setup: FreeBSD) Setup NGINX Plus Repository"
- blockinfile:
- path: /etc/pkg/nginx-plus.conf
- create: yes
- block: |
- nginx-plus: {
- URL: pkg+https://plus-pkgs.nginx.com/freebsd/${ABI}/latest
- ENABLED: yes
- MIRROR_TYPE: SRV
- }
- state: "{{ nginx_license_status | default ('present') }}"
- mode: 0644
-
-- name: "(Setup: FreeBSD) Setup NGINX Plus License"
+- name: "(FreeBSD) Set up NGINX Plus license verification"
blockinfile:
path: /usr/local/etc/pkg.conf
block: |
@@ -20,3 +7,22 @@
SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt",
SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" }
state: "{{ nginx_license_status | default ('present') }}"
+
+- name: "(FreeBSD) Configure NGINX Plus repository"
+ blockinfile:
+ path: /etc/pkg/nginx-plus.conf
+ create: yes
+ block: |
+ nginx-plus: {
+ URL: {{ repository }}
+ ENABLED: yes
+ MIRROR_TYPE: SRV
+ }
+ state: "{{ nginx_license_status | default ('present') }}"
+ mode: 0644
+
+- name: "(FreeBSD) Install NGINX Plus"
+ pkgng:
+ name: "nginx-plus{{ nginx_version | default('') }}"
+ state: "{{ nginx_state }}"
+ notify: "(Handler) Start NGINX"
diff --git a/tasks/plus/install-plus-bsd.yml b/tasks/plus/install-plus-bsd.yml
deleted file mode 100644
index 753bf94..0000000
--- a/tasks/plus/install-plus-bsd.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-- include_tasks: "{{ role_path }}/tasks/plus/setup-bsd.yml"
- when: ansible_os_family == "FreeBSD"
-
-- name: "(Install: FreeBSD) Install NGINX Plus"
- pkgng:
- name: "nginx-plus{{ nginx_version | default('') }}"
- state: "{{ nginx_state }}"
- notify: "(Handler: All OSs) Start NGINX"
diff --git a/tasks/plus/install-plus-linux.yml b/tasks/plus/install-plus-linux.yml
deleted file mode 100644
index 9d6250d..0000000
--- a/tasks/plus/install-plus-linux.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-- name: "(Setup: Linux) Setup NGINX Plus Repository"
- include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml"
- when: ansible_os_family == "Alpine"
- or ansible_os_family == "Debian"
- or ansible_os_family == "RedHat"
- or ansible_os_family == "Suse"
-
-- name: "(Install: Linux) Modify Service for Systemd"
- include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
- when:
- - ansible_service_mgr == "systemd"
- - nginx_service_modify | bool
-
-- name: "(Install: Linux) Install NGINX Plus"
- package:
- name: "nginx-plus{{ nginx_version | default('') }}"
- state: "{{ nginx_state }}"
- notify: "(Handler: All OSs) Start NGINX"
diff --git a/tasks/plus/install-plus.yml b/tasks/plus/install-plus.yml
index 28dd4f3..a4c99d7 100644
--- a/tasks/plus/install-plus.yml
+++ b/tasks/plus/install-plus.yml
@@ -1,11 +1,19 @@
---
-- name: "(Install: All OSs) Setup license"
- include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml"
+- name: "Install NGINX Plus"
+ debug:
+ msg: "Installing NGINX Plus"
+ when: nginx_debug_tasks | bool
-- name: "(Install: Linux) Install NGINX Plus"
- include_tasks: "{{ role_path }}/tasks/plus/install-plus-linux.yml"
- when: ansible_os_family in nginx_plus_linux_families
+- name: "Set NGINX Plus repository"
+ set_fact:
+ repository: >-
+ {{ nginx_repository |
+ default(nginx_plus_default_repository[(ansible_facts['distribution'] == 'Amazon') | ternary('amazon', ansible_facts['os_family'] | lower)]) }}
-- name: "(Install: FreeBSD) Install NGINX Plus"
- include_tasks: "{{ role_path }}/tasks/plus/install-plus-bsd.yml"
- when: ansible_system in nginx_plus_bsd_systems
+- name: "Install NGINX from repository"
+ include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml"
+
+- name: "Install NGINX Plus"
+ debug:
+ msg: "Done installing NGINX Plus"
+ when: nginx_debug_tasks | bool
diff --git a/tasks/plus/install-redhat.yml b/tasks/plus/install-redhat.yml
new file mode 100644
index 0000000..39b2a38
--- /dev/null
+++ b/tasks/plus/install-redhat.yml
@@ -0,0 +1,21 @@
+---
+- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Configure NGINX Plus repository"
+ yum_repository:
+ name: nginx-plus
+ baseurl: "{{ repository }}"
+ description: NGINX Plus Repository
+ sslclientcert: /etc/ssl/nginx/nginx-repo.crt
+ sslclientkey: /etc/ssl/nginx/nginx-repo.key
+ enabled: yes
+ gpgcheck: yes
+ state: "{{ nginx_license_status | default ('present') }}"
+ mode: 0644
+
+- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Install NGINX Plus"
+ yum:
+ name: "nginx-plus{{ nginx_version | default('') }}"
+ state: "{{ nginx_state }}"
+ disablerepo: "*"
+ enablerepo: "nginx-plus"
+ update_cache: yes
+ notify: "(Handler) Start NGINX"
diff --git a/tasks/plus/install-suse.yml b/tasks/plus/install-suse.yml
new file mode 100644
index 0000000..a2abfe4
--- /dev/null
+++ b/tasks/plus/install-suse.yml
@@ -0,0 +1,19 @@
+---
+- name: "(SLES) Combine NGINX Plus certificate and license key"
+ assemble:
+ src: /etc/ssl/nginx
+ dest: /etc/ssl/nginx/nginx-repo-bundle.crt
+ mode: 0444
+
+- name: "(SLES) Configure NGINX Plus repository"
+ zypper_repository:
+ name: nginx-plus
+ repo: "{{ repository }}"
+ state: "{{ nginx_license_status | default ('present') }}"
+
+- name: "(SLES) Install NGINX Plus"
+ zypper:
+ name: "nginx-plus{{ nginx_version | default('') }}"
+ state: "{{ nginx_state }}"
+ update_cache: yes
+ notify: "(Handler) Start NGINX"
diff --git a/tasks/plus/remove-license.yml b/tasks/plus/remove-license.yml
new file mode 100644
index 0000000..84f057f
--- /dev/null
+++ b/tasks/plus/remove-license.yml
@@ -0,0 +1,22 @@
+---
+- name: "Set NGINX Plus license state"
+ set_fact:
+ nginx_license_status: absent
+
+- name: "(Debian/Red Hat/SLES OSs) Delete NGINX Plus license"
+ file:
+ path: /etc/ssl/nginx
+ state: absent
+ when: ansible_facts['distribution'] != "Alpine"
+
+- name: "(Alpine Linux) Delete NGINX Plus license"
+ file:
+ path: "{{ item }}"
+ state: absent
+ loop:
+ - /etc/apk/cert.key
+ - /etc/apk/cert.pem
+ when: ansible_facts['distribution'] == "Alpine"
+
+- name: "Delete NGINX Plus repository data"
+ include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml"
diff --git a/tasks/plus/setup-alpine.yml b/tasks/plus/setup-alpine.yml
deleted file mode 100644
index 3bdc336..0000000
--- a/tasks/plus/setup-alpine.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-- name: "(Setup: Alpine Linux) Setup NGINX Plus Repository"
- lineinfile:
- path: /etc/apk/repositories
- insertafter: EOF
- line: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main"
- state: "{{ nginx_license_status | default ('present') }}"
diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml
index 8c2b5ef..6c49cb7 100644
--- a/tasks/plus/setup-license.yml
+++ b/tasks/plus/setup-license.yml
@@ -1,13 +1,18 @@
---
-- name: "(Setup: All OSs Besides Alpine Linux) Setup NGINX Plus License"
+- name: "Set up NGINX Plus license"
+ debug:
+ msg: "Setting up NGINX Plus license"
+ when: nginx_debug_tasks | bool
+
+- name: "(Debian/Red Hat/SLES OSs) Set up NGINX Plus license"
block:
- - name: "(Setup: All OSs Besides Alpine Linux) Create SSL Directory"
+ - name: "(Debian/Red Hat/SLES OSs) Create SSL directory"
file:
path: /etc/ssl/nginx
state: directory
mode: 0755
- - name: "(Setup: All OSs Besides Alpine Linux) Copy NGINX Plus Certificate and License Key"
+ - name: "(Debian/Red Hat/SLES OSs) Copy NGINX Plus certificate and license key"
copy:
src: "{{ item }}"
dest: /etc/ssl/nginx
@@ -16,27 +21,32 @@
loop:
- "{{ nginx_license.certificate }}"
- "{{ nginx_license.key }}"
- when: ansible_distribution != "Alpine"
+ when: ansible_facts['os_family'] != "Alpine"
-- name: "(Setup: Alpine Linux) Setup NGINX Plus License"
+- name: "(Alpine Linux) Set up NGINX Plus license"
block:
- - name: "(Setup: Alpine Linux) Create APK Directory"
+ - name: "(Alpine Linux) Create APK directory"
file:
path: /etc/apk
state: directory
mode: 0755
- - name: "(Setup: Alpine Linux) Copy NGINX Plus Key"
+ - name: "(Alpine Linux) Copy NGINX Plus key"
copy:
src: "{{ nginx_license.key }}"
dest: /etc/apk/cert.key
decrypt: yes
mode: 0444
- - name: "(Setup: Alpine Linux) Copy NGINX Plus Certificate"
+ - name: "(Alpine Linux) Copy NGINX Plus certificate"
copy:
src: "{{ nginx_license.certificate }}"
dest: /etc/apk/cert.pem
decrypt: yes
mode: 0444
- when: ansible_distribution == "Alpine"
+ when: ansible_facts['os_family'] == "Alpine"
+
+- name: "Set up NGINX Plus license"
+ debug:
+ msg: "Done setting up NGINX Plus license"
+ when: nginx_debug_tasks | bool
diff --git a/tasks/plus/setup-redhat.yml b/tasks/plus/setup-redhat.yml
deleted file mode 100644
index 8dbb968..0000000
--- a/tasks/plus/setup-redhat.yml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-- name: "(Setup: CentOS/RedHat/Oracle Linux) Setup NGINX Plus Repository"
- yum_repository:
- name: nginx-plus
- baseurl: >-
- https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0)
- | ternary('7.4', ansible_distribution_major_version | int) }}/$basearch/
- description: NGINX Plus Repository
- sslclientcert: /etc/ssl/nginx/nginx-repo.crt
- sslclientkey: /etc/ssl/nginx/nginx-repo.key
- enabled: yes
- gpgcheck: yes
- state: "{{ nginx_license_status | default ('present') }}"
- mode: 0644
- when: ansible_distribution != "Amazon"
-
-- name: "(Setup: Amazon Linux) Setup NGINX Plus Repository"
- yum_repository:
- name: nginx-plus
- baseurl: >-
- https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == '2')
- | ternary('2', '') }}/$releasever/$basearch
- description: NGINX Plus Repository
- sslclientcert: /etc/ssl/nginx/nginx-repo.crt
- sslclientkey: /etc/ssl/nginx/nginx-repo.key
- enabled: yes
- gpgcheck: yes
- state: "{{ nginx_license_status | default ('present') }}"
- mode: 0644
- when: ansible_distribution == "Amazon"
diff --git a/tasks/plus/setup-suse.yml b/tasks/plus/setup-suse.yml
deleted file mode 100644
index 4377ac0..0000000
--- a/tasks/plus/setup-suse.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-- name: "(Setup: SUSE) Setup NGINX Plus Certificate and License Keys"
- assemble:
- src: /etc/ssl/nginx
- dest: /etc/ssl/nginx/nginx-repo-bundle.crt
- mode: 0444
-
-- name: "(Setup: SUSE) Setup NGINX Plus Repository"
- zypper_repository:
- name: nginx-plus
- repo: "https://plus-pkgs.nginx.com/sles/{{ ansible_distribution_major_version }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host"
- state: "{{ nginx_license_status | default ('present') }}"
diff --git a/tasks/prerequisites/install-dependencies.yml b/tasks/prerequisites/install-dependencies.yml
new file mode 100644
index 0000000..e6f9e4d
--- /dev/null
+++ b/tasks/prerequisites/install-dependencies.yml
@@ -0,0 +1,37 @@
+---
+- name: "(Alpine Linux) Install dependencies"
+ apk:
+ name: "{{ nginx_alpine_dependencies }}"
+ update_cache: yes
+ when: ansible_facts['os_family'] == "Alpine"
+
+- name: "(Debian/Ubuntu) Install dependencies"
+ apt:
+ name: "{{ nginx_debian_dependencies }}"
+ update_cache: yes
+ when: ansible_facts['os_family'] == "Debian"
+
+- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies"
+ yum:
+ name: "{{ nginx_redhat_dependencies }}"
+ when: ansible_facts['os_family'] == "RedHat"
+
+- name: "(SLES) Install dependencies"
+ zypper:
+ name: "{{ nginx_sles_dependencies }}"
+ when: ansible_facts['os_family'] == "Suse"
+
+- name: "(FreeBSD) Install dependencies"
+ block:
+ - name: "(FreeBSD) Install dependencies using package(s)"
+ pkgng:
+ name: "{{ nginx_freebsd_dependencies }}"
+ when: nginx_bsd_install_packages | bool
+
+ - name: "(FreeBSD) Install dependencies using port(s)"
+ portinstall:
+ name: "{{ item }}"
+ use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
+ loop: "{{ nginx_freebsd_dependencies }}"
+ when: not nginx_bsd_install_packages | bool
+ when: ansible_facts['distribution'] == "FreeBSD"
diff --git a/tasks/prerequisites/prerequisites.yml b/tasks/prerequisites/prerequisites.yml
new file mode 100644
index 0000000..36ae9bb
--- /dev/null
+++ b/tasks/prerequisites/prerequisites.yml
@@ -0,0 +1,38 @@
+---
+- name: "Install dependencies"
+ debug:
+ msg: "Installing dependencies"
+ when: nginx_debug_tasks | bool
+
+- name: "Install dependencies"
+ include_tasks: "{{ role_path }}/tasks/prerequisites/install-dependencies.yml"
+
+- name: "Install dependencies"
+ debug:
+ msg: "Done installing dependencies"
+ when: nginx_debug_tasks | bool
+
+- name: "Set up SELinux"
+ block:
+ - name: "Set up SELinux"
+ debug:
+ msg: "Setting up SELinux"
+ when: nginx_debug_tasks | bool
+
+ - name: "Check if SELinux is enabled"
+ debug:
+ msg: "You need to enable SELinux, if it was disabled you need to reboot"
+ when: ansible_facts['selinux'] is undefined
+
+ - name: "Configure SELinux"
+ include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
+ when: ansible_facts['selinux.mode'] is defined
+
+ - name: "Set up SELinux"
+ debug:
+ msg: "Done setting up SELinux"
+ when: nginx_debug_tasks | bool
+ when:
+ - nginx_selinux | bool
+ - ansible_facts['os_family'] in ['RedHat', 'Suse']
+ - ansible_facts['distribution'] not in ['Amazon', 'OracleLinux']
diff --git a/tasks/prerequisites/setup-alpine.yml b/tasks/prerequisites/setup-alpine.yml
deleted file mode 100644
index ed97d53..0000000
--- a/tasks/prerequisites/setup-alpine.yml
+++ /dev/null
@@ -1 +0,0 @@
----
diff --git a/tasks/prerequisites/setup-debian.yml b/tasks/prerequisites/setup-debian.yml
deleted file mode 100644
index 6f1c0f2..0000000
--- a/tasks/prerequisites/setup-debian.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-- name: "(Setup: Debian/Ubuntu) Install Required Debian and Ubuntu Dependencies"
- apt:
- name:
- - apt-transport-https
- - dirmngr
- update_cache: yes
diff --git a/tasks/prerequisites/setup-freebsd.yml b/tasks/prerequisites/setup-freebsd.yml
deleted file mode 100644
index 472b1ae..0000000
--- a/tasks/prerequisites/setup-freebsd.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-- name: "(Setup: FreeBSD) Install Required Dependencies"
- block:
- - name: "(Setup: FreeBSD) Install Extra Package(s)"
- pkgng:
- name: "{{ nginx_freebsd_extra_packages }}"
- when: nginx_bsd_install_packages | bool
-
- - name: "(Setup: FreeBSD) Install Extra Port(s)"
- portinstall:
- name: "{{ item }}"
- use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
- loop: "{{ nginx_freebsd_extra_packages }}"
- when: not nginx_bsd_install_packages | bool
diff --git a/tasks/prerequisites/setup-redhat.yml b/tasks/prerequisites/setup-redhat.yml
deleted file mode 100644
index 886d5eb..0000000
--- a/tasks/prerequisites/setup-redhat.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: "(Setup: RedHat/CentOS) Setup SELinux"
- include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
- when:
- - nginx_selinux | bool
- - ansible_selinux.mode is defined
diff --git a/tasks/prerequisites/setup-selinux.yml b/tasks/prerequisites/setup-selinux.yml
index 4c45b65..247be30 100644
--- a/tasks/prerequisites/setup-selinux.yml
+++ b/tasks/prerequisites/setup-selinux.yml
@@ -1,50 +1,42 @@
---
-- name: "(Setup: SELinux) Install Required CentOS/RHEL 6/7 Dependencies"
- package:
- name:
- - policycoreutils-python
- - setools
- state: present
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version != "8"
+- name: "(CentOS/RHEL) Install dependencies"
+ block:
+ - name: "(CentOS/RHEL 6/7) Install dependencies"
+ yum:
+ name:
+ - policycoreutils-python
+ - setools
+ when: ansible_facts['distribution_major_version'] is version('8', '!=')
-- name: "(Setup: SELinux) Install Required CentOS/RHEL 8 Dependencies"
- package:
- name:
- - selinux-policy-targeted
- - libselinux-utils
- - policycoreutils
- state: present
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version == "8"
+ - name: "(CentOS/RHEL 8) Install dependencies"
+ yum:
+ name:
+ - libselinux-utils
+ - policycoreutils
+ - selinux-policy-targeted
+ when: ansible_facts['distribution_major_version'] is version('8', '==')
+ when: ansible_facts['os_family'] == "RedHat"
-- name: "(Setup: SELinux) Check if SELinux is Enabled"
- debug:
- msg: "You need to enable selinux, if it was disabled you need to reboot"
- when: ansible_selinux is undefined
-
-- name: "(Setup: SELinux) Setup Permissive SELinux"
+- name: "Set SELinux mode to permissive"
selinux:
state: permissive
policy: targeted
changed_when: false
- when: ansible_selinux.mode == "enforcing"
+ when: ansible_facts['selinux.mode'] == "enforcing"
-- name: "(Setup: SELinux) Allow HTTP Network Connection"
+- name: "Allow SELinux HTTP network connections"
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
-- name: "(Setup: SELinux) Allow HTTP Relay Connection"
+- name: "Allow SELinux HTTP network connections"
seboolean:
name: httpd_can_network_relay
state: yes
persistent: yes
-- name: "(Setup: SELinux) Allow Status Ports"
+- name: "Allow SELinux TCP connections on status ports"
seport:
ports: "{{ nginx_status_port }}"
proto: tcp
@@ -52,7 +44,7 @@
state: present
when: nginx_status_port is defined
-- name: "(Setup: SELinux) Allow Rest API Ports"
+- name: "Allow SELinux TCP connections on Rest API ports"
seport:
ports: "{{ nginx_rest_api_port }}"
proto: tcp
@@ -60,7 +52,7 @@
state: present
when: nginx_rest_api_port is defined
-- name: "(Setup: SELinux) Allow Specific TCP Ports"
+- name: "Allow SELinux TCP connections on specific ports"
seport:
ports: "{{ nginx_selinux_tcp_ports }}"
proto: tcp
@@ -68,7 +60,7 @@
state: present
when: nginx_selinux_tcp_ports is defined
-- name: "(Setup: SELinux) Allow Specific UDP Ports"
+- name: "Allow SELinux UDP connections on specific ports"
seport:
ports: "{{ nginx_selinux_udp_ports }}"
proto: udp
@@ -76,35 +68,35 @@
state: present
when: nginx_selinux_udp_ports is defined
-- name: "(Setup: SELinux) Create NGINX Plus Module"
+- name: "Create SELinux NGINX Plus Module"
template:
src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2"
- dest: "{{ nginx_tempdir }}/nginx-plus-module.te"
+ dest: "{{ nginx_selinux_tempdir }}/nginx-plus-module.te"
mode: 0644
register: nginx_selinux_module
-- name: "(Setup: SELinux) Check NGINX Plus Module"
- command: "checkmodule -M -m -o {{ nginx_tempdir }}/nginx-plus-module.mod {{ nginx_tempdir }}/nginx-plus-module.te"
+- name: "Check SELinux NGINX Plus Module"
+ command: "checkmodule -M -m -o {{ nginx_selinux_tempdir }}/nginx-plus-module.mod {{ nginx_selinux_tempdir }}/nginx-plus-module.te"
args:
- creates: "{{ nginx_tempdir }}/nginx-plus-module.mod"
+ creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.mod"
changed_when: false
-- name: "(Setup: SELinux) Compile NGINX Plus Module"
- command: "semodule_package -o {{ nginx_tempdir }}/nginx-plus-module.pp -m {{ nginx_tempdir }}/nginx-plus-module.mod"
+- name: "Compile SELinux NGINX Plus Module"
+ command: "semodule_package -o {{ nginx_selinux_tempdir }}/nginx-plus-module.pp -m {{ nginx_selinux_tempdir }}/nginx-plus-module.mod"
args:
- creates: "{{ nginx_tempdir }}/nginx-plus-module.pp"
+ creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.pp"
changed_when: false
-- name: "(Setup: SELinux) Import NGINX Plus Module"
- command: "semodule -i {{ nginx_tempdir }}/nginx-plus-module.pp" # noqa 503
+- name: "Import SELinux NGINX Plus Module"
+ command: "semodule -i {{ nginx_selinux_tempdir }}/nginx-plus-module.pp" # noqa 503
changed_when: false
- when: nginx_selinux_module.changed
+ when: nginx_selinux_module.changed | bool
-- name: "(Setup: SELinux) Enforce SELinux"
+- name: "Set SELinux mode to enforcing"
selinux:
state: enforcing
policy: targeted
changed_when: false
when:
- - nginx_selinux_enforcing
- - ansible_selinux.mode == "permissive"
+ - nginx_selinux_enforcing | bool
+ - ansible_facts['selinux.mode'] == "permissive"
diff --git a/tasks/prerequisites/setup-suse.yml b/tasks/prerequisites/setup-suse.yml
deleted file mode 100644
index 7940a1a..0000000
--- a/tasks/prerequisites/setup-suse.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: "(Setup: SUSE) Setup SELinux"
- include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
- when:
- - nginx_selinux | bool
- - ansible_selinux.mode is defined
diff --git a/tasks/unit/install-modules.yml b/tasks/unit/install-modules.yml
index ae2f711..ffdf113 100644
--- a/tasks/unit/install-modules.yml
+++ b/tasks/unit/install-modules.yml
@@ -1,16 +1,17 @@
+## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
---
-- name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit Modules"
+- name: "(Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit Modules"
package:
name: "{{ item }}"
state: present
loop: "{{ nginx_unit_modules }}"
- when: ansible_os_family != "FreeBSD"
+ when: ansible_facts['os_family'] != "FreeBSD"
notify: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit"
-- name: "(Install: FreeBSD) Install NGINX Unit Modules"
+- name: "(FreeBSD) Install NGINX Unit Modules"
portinstall:
name: "{{ item }}"
state: present
loop: "{{ nginx_unit_modules }}"
- when: ansible_os_family == "FreeBSD"
+ when: ansible_facts['os_family'] == "FreeBSD"
notify: "(Handler: FreeBSD) Start NGINX Unit"
diff --git a/tasks/unit/install-unit.yml b/tasks/unit/install-unit.yml
index ff06604..559b378 100644
--- a/tasks/unit/install-unit.yml
+++ b/tasks/unit/install-unit.yml
@@ -1,24 +1,29 @@
+## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
---
-- name: "(Setup: All OSs) Configure NGINX Unit Repository"
- include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_os_family | lower }}.yml"
- when: ansible_os_family == "Debian"
- or ansible_os_family == "RedHat"
- or ansible_os_family == "FreeBSD"
+- name: "Deprecation warning"
+ debug:
+ msg: "DEPRECATED TASKS -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)"
-- name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit"
+- name: "(DEPRECATED) Configure NGINX Unit Repository"
+ include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_facts['os_family'] | lower }}.yml"
+ when: ansible_facts['os_family'] == "Debian"
+ or ansible_facts['os_family'] == "RedHat"
+ or ansible_facts['os_family'] == "FreeBSD"
+
+- name: "(DEPRECATED) Install NGINX Unit"
package:
name: unit
state: present
- when: ansible_os_family != "FreeBSD"
+ when: ansible_facts['os_family'] != "FreeBSD"
notify: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit"
-- name: "(Install: FreeBSD) Install NGINX Unit"
+- name: "(DEPRECATED) Install NGINX Unit"
portinstall:
name: unit
state: present
- when: ansible_os_family == "FreeBSD"
+ when: ansible_facts['os_family'] == "FreeBSD"
notify: "(Handler: FreeBSD) Start NGINX Unit"
-- name: "(Install: All OSs) Install NGINX Unit modules"
+- name: "(DEPRECATED) Install NGINX Unit modules"
include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml"
when: nginx_unit_modules is defined
diff --git a/tasks/unit/setup-debian.yml b/tasks/unit/setup-debian.yml
index fc14a2d..1204af3 100644
--- a/tasks/unit/setup-debian.yml
+++ b/tasks/unit/setup-debian.yml
@@ -1,8 +1,9 @@
+## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
---
-- name: "(Install: Debian/Ubuntu) Add NGINX Unit Repository"
+- name: "(DEPRECATED) Add NGINX Unit Repository"
apt_repository:
repo: "{{ item }}"
mode: 0644
loop:
- - deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit
- - deb-src https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit
+ - deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_facts['distribution']|lower }}/ {{ ansible_facts['distribution_release'] }} unit
+ - deb-src https://packages.nginx.org/unit/{{ ansible_facts['distribution']|lower }}/ {{ ansible_facts['distribution_release'] }} unit
diff --git a/tasks/unit/setup-freebsd.yml b/tasks/unit/setup-freebsd.yml
index fdc1ae5..cfb4674 100644
--- a/tasks/unit/setup-freebsd.yml
+++ b/tasks/unit/setup-freebsd.yml
@@ -1,10 +1,11 @@
+## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
---
-- name: "(Install: FreeBSD) Fetch Ports"
+- name: "(DEPRECATED) Fetch Ports"
command: portsnap fetch --interactive
args:
creates: /var/db/portsnap/INDEX
-- name: "(Install: FreeBSD) Extract Ports"
+- name: "(DEPRECATED) Extract Ports"
command: portsnap extract
args:
creates: /usr/ports
diff --git a/tasks/unit/setup-redhat.yml b/tasks/unit/setup-redhat.yml
index 8c61f4e..b21c97e 100644
--- a/tasks/unit/setup-redhat.yml
+++ b/tasks/unit/setup-redhat.yml
@@ -1,20 +1,21 @@
+## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
---
-- name: "(Install: CentOS/RedHat) Add NGINX Unit Repository"
+- name: "(DEPRECATED) Add NGINX Unit Repository"
yum_repository:
name: unit
- baseurl: https://packages.nginx.org/unit/{{ (ansible_distribution == "RedHat") | ternary('rhel/', 'centos/') }}$releasever/$basearch/
+ baseurl: https://packages.nginx.org/unit/{{ (ansible_facts['distribution'] == "RedHat") | ternary('rhel/', 'centos/') }}$releasever/$basearch/
description: NGINX Unit Repository
enabled: yes
gpgcheck: yes
mode: 0644
- when: ansible_distribution != "Amazon"
+ when: ansible_facts['distribution'] != "Amazon"
-- name: "(Install: Amazon Linux) Add NGINX Unit Repository"
+- name: "(DEPRECATED) Add NGINX Unit Repository"
yum_repository:
name: unit
- baseurl: https://packages.nginx.org/unit/amzn{{ (ansible_distribution_version == "2") | ternary('2', '') }}/$releasever/$basearch/
+ baseurl: https://packages.nginx.org/unit/amzn{{ (ansible_facts['distribution_version'] == "2") | ternary('2', '') }}/$releasever/$basearch/
description: NGINX Unit Repository
enabled: yes
gpgcheck: yes
mode: 0644
- when: ansible_distribution == "Amazon"
+ when: ansible_facts['distribution'] == "Amazon"
diff --git a/templates/logrotate/nginx.j2 b/templates/logrotate/nginx.j2
index 78ab547..22594e7 100644
--- a/templates/logrotate/nginx.j2
+++ b/templates/logrotate/nginx.j2
@@ -6,7 +6,7 @@
{{ option }}
{% endfor %}
postrotate
-{% if ansible_os_family == "Debian" %}
+{% if ansible_facts['os_family'] == "Debian" %}
if [ -f /var/run/nginx.pid ]; then
kill -USR1 `cat /var/run/nginx.pid`
fi
diff --git a/vars/main.yml b/vars/main.yml
index a4f6e14..fc0d9d7 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,27 +1,97 @@
---
-nginx_modules_list:
- - geoip
- - image-filter
- - njs
- - perl
- - xslt
+# Supported NGINX Open Source distributions
+# https://nginx.org/en/docs/install.html
+nginx_distributions: [
+ 'Alpine', 'CentOS', 'Debian', 'FreeBSD', 'RedHat', 'SLES', 'Ubuntu',
+ 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD',
+]
-nginx_plus_modules_list:
- - auth-spnego
- - brotli
- - cookie-flag
- - encrypted-session
- - geoip
- - geoip2
- - headers-more
- - image-filter
- - lua
- - modsecurity
- - njs
- - opentracing
- - passenger
- - perl
- - prometheus
- - rtmp
- - subs-filter
- - xslt
+# Supported NGINX Plus distributions
+# https://docs.nginx.com/nginx/technical-specs/
+nginx_plus_distributions: [
+ 'Alpine', 'Amazon', 'CentOS', 'Debian', 'FreeBSD', 'OracleLinux', 'RedHat', 'SLES', 'Ubuntu',
+]
+
+# Default NGINX signing key
+nginx_default_signing_key:
+ rsa_pub: https://nginx.org/keys/nginx_signing.rsa.pub
+ pgp: https://nginx.org/keys/nginx_signing.key
+
+# Default NGINX Open Source repositories
+nginx_default_repository:
+ alpine: >-
+ https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+ | ternary('mainline/', '') }}alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main
+ debian:
+ - >-
+ deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+ | ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx
+ - >-
+ deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+ | ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx
+ redhat: >-
+ https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+ | ternary('mainline/', '') }}{{ (ansible_facts['distribution'] == "CentOS")
+ | ternary('centos', 'rhel') }}/{{ ansible_facts['distribution_major_version'] }}/$basearch/
+ suse: >-
+ https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+ | ternary('mainline/', '') }}sles/{{ ansible_facts['distribution_major_version'] }}
+
+# Default NGINX Plus repositories
+nginx_plus_default_repository:
+ alpine: >-
+ https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main
+ amazon: >-
+ https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '=='))
+ | ternary('2', '') }}/$releasever/$basearch
+ debian: >-
+ deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus
+ freebsd: >-
+ https://plus-pkgs.nginx.com/freebsd/${ABI}/latest
+ redhat: >-
+ https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == "CentOS")
+ | ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
+ and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/
+ suse: >-
+ https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host
+
+# Alpine dependencies
+nginx_alpine_dependencies: [
+ 'coreutils', 'openssl', 'pcre',
+]
+
+# Debian dependencies
+nginx_debian_dependencies: [
+ 'apt-transport-https', 'ca-certificates', 'dirmngr',
+]
+
+# Red Hat dependencies
+nginx_redhat_dependencies: [
+ 'ca-certificates', 'openssl',
+]
+
+# SLES dependencies
+nginx_sles_dependencies: [
+ 'ca-certificates',
+]
+
+# FreeBSD dependencies
+nginx_freebsd_dependencies: [
+ 'security/ca_root_nss'
+]
+
+# Default locations and versions when 'nginx_install_from' is set to 'source'
+pcre_version: pcre-8.44
+zlib_version: zlib-1.2.11
+openssl_version: openssl-1.1.1g
+
+# Supported NGINX Open Source modules
+nginx_modules_list: [
+ 'geoip', 'image-filter', 'njs', 'perl', 'xslt',
+]
+
+# Supported NGINX Plus modules
+nginx_plus_modules_list: [
+ 'auth-spnego', 'brotli', 'cookie-flag', 'encrypted-session', 'geoip', 'geoip2', 'headers-more', 'image-filter', 'lua',
+ 'modsecurity', 'njs', 'opentracing', 'passenger', 'perl', 'prometheus', 'rtmp', 'subs-filter', 'xslt',
+]