From 17b5c87d716acccce6e4500729284d4a1c215dd3 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 15 Sep 2020 21:27:06 +0200 Subject: [PATCH] Add basic assertions (#319) --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- .github/pull_request_template.md | 2 +- .travis.yml | 12 +- CHANGELOG.md | 21 +- CONTRIBUTING.md | 35 +-- README.md | 32 +-- defaults/main/bsd.yml | 10 - defaults/main/linux.yml | 13 -- defaults/main/main.yml | 37 ++- defaults/main/selinux.yml | 15 ++ defaults/main/template.yml | 1 + defaults/main/unit.yml | 1 + defaults/main/upload.yml | 1 + handlers/main.yml | 18 +- molecule/common/Dockerfile.j2 | 12 +- .../common/playbooks/default_converge.yml | 14 +- molecule/common/playbooks/module_converge.yml | 1 + .../common/playbooks/template_converge.yml | 1 + molecule/common/playbooks/unit_converge.yml | 10 +- molecule/plus_alpine/molecule.yml | 7 - tasks/amplify/install-amplify.yml | 16 +- tasks/amplify/setup-debian.yml | 12 +- tasks/amplify/setup-redhat.yml | 4 +- tasks/conf/debug-output.yml | 9 - tasks/conf/logrotate.yml | 35 --- tasks/{conf => config}/cleanup-config.yml | 9 +- tasks/config/debug-output.yml | 14 ++ .../modify-systemd.yml} | 24 +- tasks/config/setup-logrotate.yml | 46 ++++ tasks/{conf => config}/template-config.yml | 39 ++-- tasks/{conf => config}/upload-config.yml | 37 +-- tasks/keys/apk-key.yml | 14 -- tasks/keys/apt-key.yml | 12 - tasks/keys/rpm-key.yml | 14 -- tasks/keys/setup-keys.yml | 51 ++-- tasks/main.yml | 92 +++++--- tasks/modules/install-modules.yml | 30 +-- tasks/opensource/install-alpine.yml | 14 ++ tasks/opensource/install-bsd.yml | 78 +++++++ tasks/opensource/install-debian.yml | 14 ++ tasks/opensource/install-oss-bsd.yml | 91 -------- tasks/opensource/install-oss-linux.yml | 26 --- tasks/opensource/install-oss.yml | 42 +++- tasks/opensource/install-redhat.yml | 33 +++ .../{setup-source.yml => install-source.yml} | 218 +++++++++--------- tasks/opensource/install-suse.yml | 13 ++ tasks/opensource/setup-alpine.yml | 29 --- tasks/opensource/setup-debian.yml | 28 --- tasks/opensource/setup-redhat.yml | 47 ---- tasks/opensource/setup-suse.yml | 21 -- tasks/plus/delete-license.yml | 26 --- tasks/plus/install-alpine.yml | 14 ++ .../{setup-debian.yml => install-debian.yml} | 12 +- .../{setup-bsd.yml => install-freebsd.yml} | 34 +-- tasks/plus/install-plus-bsd.yml | 9 - tasks/plus/install-plus-linux.yml | 19 -- tasks/plus/install-plus.yml | 24 +- tasks/plus/install-redhat.yml | 21 ++ tasks/plus/install-suse.yml | 19 ++ tasks/plus/remove-license.yml | 22 ++ tasks/plus/setup-alpine.yml | 7 - tasks/plus/setup-license.yml | 28 ++- tasks/plus/setup-redhat.yml | 30 --- tasks/plus/setup-suse.yml | 12 - tasks/prerequisites/install-dependencies.yml | 37 +++ tasks/prerequisites/prerequisites.yml | 38 +++ tasks/prerequisites/setup-alpine.yml | 1 - tasks/prerequisites/setup-debian.yml | 7 - tasks/prerequisites/setup-freebsd.yml | 14 -- tasks/prerequisites/setup-redhat.yml | 6 - tasks/prerequisites/setup-selinux.yml | 84 +++---- tasks/prerequisites/setup-suse.yml | 6 - tasks/unit/install-modules.yml | 9 +- tasks/unit/install-unit.yml | 25 +- tasks/unit/setup-debian.yml | 7 +- tasks/unit/setup-freebsd.yml | 5 +- tasks/unit/setup-redhat.yml | 13 +- templates/logrotate/nginx.j2 | 2 +- vars/main.yml | 120 ++++++++-- 79 files changed, 1053 insertions(+), 955 deletions(-) delete mode 100644 defaults/main/linux.yml create mode 100644 defaults/main/selinux.yml delete mode 100644 tasks/conf/debug-output.yml delete mode 100644 tasks/conf/logrotate.yml rename tasks/{conf => config}/cleanup-config.yml (54%) create mode 100644 tasks/config/debug-output.yml rename tasks/{prerequisites/setup-systemd.yml => config/modify-systemd.yml} (57%) create mode 100644 tasks/config/setup-logrotate.yml rename tasks/{conf => config}/template-config.yml (70%) rename tasks/{conf => config}/upload-config.yml (68%) delete mode 100644 tasks/keys/apk-key.yml delete mode 100644 tasks/keys/apt-key.yml delete mode 100644 tasks/keys/rpm-key.yml create mode 100644 tasks/opensource/install-alpine.yml create mode 100644 tasks/opensource/install-bsd.yml create mode 100644 tasks/opensource/install-debian.yml delete mode 100644 tasks/opensource/install-oss-bsd.yml delete mode 100644 tasks/opensource/install-oss-linux.yml create mode 100644 tasks/opensource/install-redhat.yml rename tasks/opensource/{setup-source.yml => install-source.yml} (58%) create mode 100644 tasks/opensource/install-suse.yml delete mode 100644 tasks/opensource/setup-alpine.yml delete mode 100644 tasks/opensource/setup-debian.yml delete mode 100644 tasks/opensource/setup-redhat.yml delete mode 100644 tasks/opensource/setup-suse.yml delete mode 100644 tasks/plus/delete-license.yml create mode 100644 tasks/plus/install-alpine.yml rename tasks/plus/{setup-debian.yml => install-debian.yml} (65%) rename tasks/plus/{setup-bsd.yml => install-freebsd.yml} (62%) delete mode 100644 tasks/plus/install-plus-bsd.yml delete mode 100644 tasks/plus/install-plus-linux.yml create mode 100644 tasks/plus/install-redhat.yml create mode 100644 tasks/plus/install-suse.yml create mode 100644 tasks/plus/remove-license.yml delete mode 100644 tasks/plus/setup-alpine.yml delete mode 100644 tasks/plus/setup-redhat.yml delete mode 100644 tasks/plus/setup-suse.yml create mode 100644 tasks/prerequisites/install-dependencies.yml create mode 100644 tasks/prerequisites/prerequisites.yml delete mode 100644 tasks/prerequisites/setup-alpine.yml delete mode 100644 tasks/prerequisites/setup-debian.yml delete mode 100644 tasks/prerequisites/setup-freebsd.yml delete mode 100644 tasks/prerequisites/setup-redhat.yml delete mode 100644 tasks/prerequisites/setup-suse.yml diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 6d30a9a..7a63863 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -20,7 +20,7 @@ Steps to reproduce the behavior: A clear and concise description of what you expected to happen. **Your environment:** -- Version of the NGINX Role or specific commit +- Version of the NGINX role or specific commit - Version of Ansible - Target deployment platform diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 7ba7694..f07653a 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -4,7 +4,7 @@ Describe the use case and detail of the change. If this PR addresses an issue on ### Checklist Before creating a PR, run through this checklist and mark each as complete. -- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx/blob/master/CONTRIBUTING.md) document +- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx/blob/main/CONTRIBUTING.md) document - [ ] I have added Molecule tests that prove my fix is effective or that my feature works - [ ] I have checked that all Molecule tests pass after adding my changes - [ ] I have updated any relevant documentation (`defaults/main/*.yml`, `README.md` and `CHANGELOG.md`) diff --git a/.travis.yml b/.travis.yml index 34f55ab..b7ba2db 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,7 +6,7 @@ jobs: - name: "(Debian/Ubuntu) Install Specific Version" env: scenario: default - - name: "(Alpine) Install Specific Version" + - name: "(Alpine Linux) Install Specific Version" env: scenario: default_alpine - name: "(CentOS) Install Specific Version" @@ -15,7 +15,7 @@ jobs: - name: "(Debian/Ubuntu) Install Modules" env: scenario: module - - name: "(Alpine) Install Modules" + - name: "(Alpine Linux) Install Modules" env: scenario: module_alpine - name: "(CentOS) Install Modules" @@ -24,7 +24,7 @@ jobs: - name: "(Debian/Ubuntu) Install Stable Branch and Push Configuration" env: scenario: stable_push - - name: "(Alpine) Install Stable Branch and Push Configuration" + - name: "(Alpine Linux) Install Stable Branch and Push Configuration" env: scenario: stable_push_alpine - name: "(CentOS) Install Stable Branch and Push Configuration" @@ -33,7 +33,7 @@ jobs: - name: "(Debian/Ubuntu) Use Template Setting" env: scenario: template - - name: "(Alpine) Use Template Setting" + - name: "(Alpine Linux) Use Template Setting" env: scenario: template_alpine - name: "(CentOS) Use Template Setting" @@ -42,7 +42,7 @@ jobs: - name: "(Debian/Ubuntu) Install NGINX Unit" env: scenario: unit - - name: "(Alpine) Install NGINX Unit" + - name: "(Alpine Linux) Install NGINX Unit" env: scenario: unit_alpine - name: "(CentOS) Install NGINX Unit" @@ -51,7 +51,7 @@ jobs: - name: "(Debian/Ubuntu) Install from Source" env: scenario: source - - name: "(Alpine) Install from Source" + - name: "(Alpine Linux) Install from Source" env: scenario: source_alpine - name: "(CentOS) Install from Source" diff --git a/CHANGELOG.md b/CHANGELOG.md index f89f5d7..68f5801 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,21 +4,32 @@ BREAKING CHANGES: -* The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/master/vars/main.yml). +* The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml). * Modules can no longer be added to your NGINX config using this role. Please use the [`nginx_config`](https://github.com/nginxinc/ansible-role-nginx-config) role instead. +* Changed `nginx_configure` default value from `true` to `false` to further promote the adoption of the [NGINX config](https://github.com/nginxinc/ansible-role-nginx-config) role. FEATURES: -* Add Alpine 3.12 to the list of supported platforms -* Remove Alpine 3.8 from the list of supported platforms +* Two new variables have been introduced: + * `nginx_setup_license` -- Determine whether you want to use this role to upload your NGINX license to your target host. + * `nginx_debug_tasks` -- Print task related information to give you a better insight into the current progress of the role. +* The role will now fail automatically if you try to deploy NGINX from an official repository in an unsupported distribution. You can find a list of supported distributions for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml) +* Three new tags have been introduced -- `nginx_setup_license`, `nginx_install` and `nginx_check_support`. +* Add Alpine 3.12 to the list of supported platforms. +* Remove Alpine 3.8 from the list of supported platforms. ENHANCEMENTS: +* Major backend refactoring to reduce the number of files and tasks. +* You can now specify an `nginx_repository` for NGINX Plus too. +* Moved "constant" variables to `vars/main.yml`. +* Included deprecation warnings in task names and files. +* Improved tasks naming conventions. * Update Ansible to `2.9.13` and Ansible Lint to `4.3.4`. BUG FIXES: -* NGINX Plus repository data for RedHat based distros is now appropriately set. +* NGINX Plus repository data for RHEL based distros is now appropriately set. ## 0.16.0 (August 28, 2020) @@ -47,7 +58,7 @@ DEPRECATION WARNING: With the advent of Ansible collections and to reduce the overhead of this role, the decision has been made to split this role into three smaller roles: * The NGINX Ansible role will keep working as is and be used to install and setup NGINX. * There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release. -* NGINX Unit has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release. +* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release. BREAKING CHANGES: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2315310..c3f7cb1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,25 +14,26 @@ The following is a set of guidelines for contributing to the NGINX Ansible role. * [Git Guidelines](#git-guidelines) * [Ansible Guidelines](#ansible-guidelines) -[Code of Conduct](https://github.com/nginxinc/ansible-role-nginx/blob/master/CODE_OF_CONDUCT.md) +[Code of Conduct](https://github.com/nginxinc/ansible-role-nginx/blob/main/CODE_OF_CONDUCT.md) ## Ask a Question -Don't know how something works? Curious if the role can achieve your desired functionality. Please open an Issue on GitHub with the label `question`. +Don't know how something works? Curious if the role can achieve your desired functionality? Please open an Issue on GitHub with the label `question`. ## Getting Started -Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx/blob/master/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Ansible role. +Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx/blob/main/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Ansible role. ### Project Structure * The NGINX Ansible role is written in `yaml` and supports NGINX Open Source, NGINX Plus, NGINX Amplify, and NGINX Unit. -* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html) - * The main code is found in `tasks/` - * The main variables can be found in `defaults/main/*.yml` - * Configuration templates for NGINX can be found in `templates/` +* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html): + * The main code is found in `tasks/`. + * Variables can be found in `defaults/main/*.yml`. + * "Constant" variables can be found in `vars/main.yml`. + * Configuration templates for NGINX can be found in `templates/`. * [Molecule](https://molecule.readthedocs.io/) tests can be found in `molecule/`. - * CI/CD is done via Travis using `.travis.yml` deployment yaml files + * CI/CD is done via Travis using `.travis.yml` deployment `yaml` files. ## Contributing @@ -46,8 +47,8 @@ To suggest an enhancement, please create an issue on GitHub with the label `enha ### Open a Pull Request -* Fork the repo, create a branch, submit a PR when your changes are **tested** (ideally using Molecule) and ready for review -* Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx/blob/master/.github/PULL_REQUEST_TEMPLATE.md) +* Fork the repo, create a branch, submit a PR when your changes are **tested** (ideally using Molecule) and ready for review. +* Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx/blob/main/.github/PULL_REQUEST_TEMPLATE.md). Note: if you’d like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature. @@ -63,10 +64,10 @@ Note: if you’d like to implement a new feature, please consider creating a fea ### Git Guidelines -* Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR -* Follow the guidelines of writing a good commit message as described here and summarised in the next few points - * In the subject line, use the present tense ("Add feature" not "Added feature") - * In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...") - * Limit the subject line to 72 characters or less - * Reference issues and pull requests liberally after the subject line - * Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`) +* Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR. +* Follow the guidelines of writing a good commit message as described here and summarised in the next few points: + * In the subject line, use the present tense ("Add feature" not "Added feature"). + * In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to..."). + * Limit the subject line to 72 characters or less. + * Reference issues and pull requests liberally after the subject line. + * Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`). diff --git a/README.md b/README.md index 70da1a4..efa1fbb 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,10 @@ This role installs NGINX Open Source, NGINX Plus, the NGINX Amplify agent, or NG **Deprecation Warnings:** -* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX configuration functionalities included in this role will be removed in an upcoming release. -* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX Unit functionalities included in this role will be removed in an upcoming release. +With the advent of Ansible collections and to reduce the overhead of this role, the decision has been made to split this role into three smaller roles: +* The NGINX Ansible role will keep working as is and be used to install and setup NGINX. +* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release. +* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release. Requirements ------------ @@ -42,7 +44,7 @@ Use `git clone https://github.com/nginxinc/ansible-role-nginx.git` to pull the l Platforms --------- -The NGINX Ansible role supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html#mainline), [NGINX Plus](https://www.nginx.com/products/technical-specs/), the [NGINX Amplify agent](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-faq.md#21-what-operating-systems-are-supported), and [NGINX Unit](https://unit.nginx.org/installation/#official-packages): +The NGINX Ansible role supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html), [NGINX Plus](https://docs.nginx.com/nginx/technical-specs/), the [NGINX Amplify agent](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-faq.md#21-what-operating-systems-are-supported), and [NGINX Unit](https://unit.nginx.org/installation/#official-packages) (you can also use this role to compile NGINX Open Source from source or install it on BSD systems at your own risk): **NGINX Open Source** @@ -54,15 +56,12 @@ Alpine: - 3.12 CentOS: - 6 - - 7 + - 7.4+ - 8 Debian: - stretch - buster -FreeBSD: - - 11.2+ - - 12 -RedHat: +Red Hat: - 6 - 7.4+ - 8 @@ -72,6 +71,7 @@ SUSE/SLES: Ubuntu: - xenial - bionic + - eoan - focal ``` @@ -82,7 +82,6 @@ Alpine: - 3.9 - 3.10 - 3.11 - - 3.12 Amazon Linux: - 2018.03 Amazon Linux 2: @@ -100,7 +99,7 @@ FreeBSD: Oracle Linux: - 6.5+ - 7.4+ -RedHat: +Red Hat: - 6.5+ - 7.4+ - 8 @@ -110,6 +109,7 @@ SUSE/SLES: Ubuntu: - xenial - bionic + - eoan - focal ``` @@ -124,7 +124,7 @@ CentOS: Debian: - jessie - stretch -RedHat: +Red Hat: - 6 - 7 Ubuntu: @@ -147,7 +147,7 @@ CentOS: Debian: - stretch - buster -RedHat: +Red Hat: - 6 - 7 - 8 @@ -160,7 +160,7 @@ Ubuntu: Role Variables -------------- -This role has multiple variables. The descriptions and defaults for all these variables can be found in the **`defaults/main`** directory in the following files: +This role has multiple variables. The descriptions and defaults for all these variables can be found in the **`defaults/main/`** directory in the following files: - **[defaults/main/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/main.yml):** NGINX installation variables - **[defaults/main/amplify.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/amplify.yml):** NGINX Amplify agent installation variables @@ -170,14 +170,14 @@ This role has multiple variables. The descriptions and defaults for all these va - **[defaults/main/bsd.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/bsd.yml):** BSD installation variables - **[defaults/main/unit.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/unit.yml):** NGINX Unit installation variables -Similarly, descriptions and defaults for preset variables can be found in the **`vars`** directory: +Similarly, descriptions and defaults for preset variables can be found in the **`vars/`** directory in the following files: -- **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml):** NGINX supported modules +- **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml):** List of supported NGINX platforms and modules Example Playbooks ----------------- -Working functional playbook examples can be found in the **`molecule/common`** directory in the following files: +Working functional playbook examples can be found in the **`molecule/common/`** directory in the following files: - **[molecule/common/playbooks/default_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/default_converge.yml):** Install a specific version of NGINX and set up logrotate - **[molecule/common/playbooks/module_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/module_converge.yml):** Install various NGINX supported modules diff --git a/defaults/main/bsd.yml b/defaults/main/bsd.yml index 0fa68c9..be7c5fb 100644 --- a/defaults/main/bsd.yml +++ b/defaults/main/bsd.yml @@ -1,11 +1,4 @@ --- -# Supported distributions -nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD'] - -# Supported distributions NGINX Plus -# https://docs.nginx.com/nginx/technical-specs/ -nginx_plus_bsd_systems: ['FreeBSD'] - # Choose to install BSD packages or ports. # Options are true for packages or false for ports. # Default is true. @@ -21,6 +14,3 @@ nginx_bsd_update_ports: true # Options are true for use packages or false for do not use packages. # Default is true. nginx_bsd_portinstall_use_packages: true - -# FreeBSD extra packages -nginx_freebsd_extra_packages: ['security/ca_root_nss'] diff --git a/defaults/main/linux.yml b/defaults/main/linux.yml deleted file mode 100644 index 53f7f29..0000000 --- a/defaults/main/linux.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Supported distributions -nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse'] - -# Supported distributions NGINX Plus -# https://docs.nginx.com/nginx/technical-specs/ -# RedHat={Amazon,CentOS,OracleLinux,RHEL} Debian={Ubuntu,Debian} -nginx_plus_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse'] - -# Default locations and versions when 'nginx_install_from; is set to 'source' -pcre_version: pcre-8.44 -zlib_version: zlib-1.2.11 -openssl_version: openssl-1.1.1g diff --git a/defaults/main/main.yml b/defaults/main/main.yml index 493a1f0..c4dae20 100644 --- a/defaults/main/main.yml +++ b/defaults/main/main.yml @@ -8,15 +8,18 @@ nginx_enable: true # Default is true. nginx_install: true +## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) # Enable NGINX configuration options. # Variables for these options can be found in `./template.yml` and `./upload.yml`. -# Default is true. -nginx_configure: true +# Default is false. +nginx_configure: false # Start NGINX service. # Default is true. nginx_start: true +# Print NGINX task information to terminal during playbook execution. +nginx_debug_tasks: false # Print NGINX configuration file to terminal after executing playbook. nginx_debug_output: false @@ -28,7 +31,7 @@ nginx_type: opensource # Specify which version of NGINX you want to install. # Default is empty. # nginx_version: "=19-1~bionic" -# For Plus and modules you'll need a wilcard like below (which installs plus-20 and modules) +# For NGINX Plus and modules you'll need a wilcard like below (which installs plus-20 and modules) # nginx_version: "-20*" # Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX. @@ -60,10 +63,10 @@ nginx_install_source_zlib: false # Default is the official NGINX signing key host. # nginx_signing_key: http://nginx.org/keys/nginx_signing.key -# Specify source repository for NGINX Open Source. -# Only works if 'install_from' is set to 'nginx_repository'. +# Specify repository for NGINX Open Source or NGINX Plus. +# Only works if 'install_from' is set to 'nginx_repository' when installing NGINX Open Source. # Defaults are the official NGINX repositories. -# nginx_repository: deb https://nginx.org/packages/mainline/debian/ stretch nginx +# nginx_repository: deb [arch=amd64] https://nginx.org/packages/mainline/debian/ buster nginx # Specify which branch of NGINX Open Source you want to install. # Options are 'mainline' or 'stable'. @@ -77,9 +80,13 @@ nginx_license: certificate: license/nginx-repo.crt key: license/nginx-repo.key +# Set up NGINX Plus license before installation. +# Default is true. +nginx_setup_license: true + # Remove NGINX Plus license and repository after installation for security purposes. # Default is false. -nginx_delete_license: false +nginx_remove_license: false # Install NGINX Modules. # You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked). @@ -104,6 +111,7 @@ nginx_modules: [] # - waf # NGINX Plus # - xslt +## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) # Remove previously existing NGINX configuration files. # You can specify a list of paths you wish to remove. # You can also choose whether to recurse through the paths specified. @@ -116,18 +124,3 @@ nginx_cleanup_config_paths: recurse: false # nginx_cleanup_config_files: # - /etc/nginx/conf.d/default.conf - -# Set SELinux enforcing for NGINX (Centos/Redhat only) - you may need to open ports on your own -nginx_selinux: false -# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true) -nginx_selinux_enforcing: true -# List of TCP ports to add to http_port_t type (80 and 443 have this type already) -# nginx_selinux_tcp_ports: -# - 80 -# - 443 -# List of UDP ports to add to http_port_t type -# nginx_selinux_udp_ports: -# - 80 -# - 443 -# Temporary directory to hold selinux modules -nginx_tempdir: /tmp diff --git a/defaults/main/selinux.yml b/defaults/main/selinux.yml new file mode 100644 index 0000000..5c6afb5 --- /dev/null +++ b/defaults/main/selinux.yml @@ -0,0 +1,15 @@ +--- +# Set SELinux enforcing for NGINX (CentOS/Red Hat only) - you may need to open ports on your own +nginx_selinux: false +# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true) +nginx_selinux_enforcing: true +# List of TCP ports to add to http_port_t type (80 and 443 have this type already) +# nginx_selinux_tcp_ports: +# - 80 +# - 443 +# List of UDP ports to add to http_port_t type +# nginx_selinux_udp_ports: +# - 80 +# - 443 +# Temporary directory to hold selinux modules +nginx_selinux_tempdir: /tmp diff --git a/defaults/main/template.yml b/defaults/main/template.yml index 80125d1..5df7892 100644 --- a/defaults/main/template.yml +++ b/defaults/main/template.yml @@ -1,3 +1,4 @@ +## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) --- # Enable creating dynamic templated NGINX HTML demo websites. nginx_html_demo_template_enable: false diff --git a/defaults/main/unit.yml b/defaults/main/unit.yml index 6d7e992..0506b72 100644 --- a/defaults/main/unit.yml +++ b/defaults/main/unit.yml @@ -1,3 +1,4 @@ +## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit) --- # Install NGINX Unit and NGINX Unit modules. # Use a list of supported NGINX Unit modules. diff --git a/defaults/main/upload.yml b/defaults/main/upload.yml index d6aca77..f19f332 100644 --- a/defaults/main/upload.yml +++ b/defaults/main/upload.yml @@ -1,3 +1,4 @@ +## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) --- # Enable uploading NGINX configuration files to your system. # Default for uploading files is false. diff --git a/handlers/main.yml b/handlers/main.yml index 7acb8a7..3ae7f56 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,30 +1,30 @@ --- -- name: "(Handler: All OSs) Check NGINX" +- name: "(Handler) Check NGINX" command: "nginx -t" changed_when: false -- name: "(Handler: All OSs) Systemd Daemon-Reload" +- name: "(Handler) Systemd Daemon-Reload" systemd: daemon_reload: yes - notify: "(Handler: All OSs) Start NGINX" + notify: "(Handler) Start NGINX" -- name: "(Handler: All OSs) Run NGINX" +- name: "(Handler) Run NGINX" block: - - name: "(Handler: All OSs) Start NGINX" + - name: "(Handler) Start NGINX" service: name: nginx state: started enabled: yes - notify: "(Handler: All OSs) Check NGINX" + notify: "(Handler) Check NGINX" - - name: "(Handler: All OSs) Reload NGINX" + - name: "(Handler) Reload NGINX" command: "nginx -s reload" changed_when: false when: - nginx_start | bool - not ansible_check_mode | bool -- name: "(Handler: All OSs) Start NGINX Amplify Agent" +- name: "(Handler) Start NGINX Amplify agent" service: name: amplify-agent state: started @@ -41,5 +41,5 @@ state: started enabled: yes -- name: "(Config: All OSs) Run Logrotate" +- name: "(Handler) Run logrotate" command: logrotate -f /etc/logrotate.d/nginx diff --git a/molecule/common/Dockerfile.j2 b/molecule/common/Dockerfile.j2 index 0f4a8a7..d5a90a7 100644 --- a/molecule/common/Dockerfile.j2 +++ b/molecule/common/Dockerfile.j2 @@ -17,27 +17,27 @@ ENV {{ var }} {{ value }} RUN \ if [ $(command -v apt-get) ]; then \ apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get install -y python3 sudo bash ca-certificates iproute2 python3-apt aptitude systemd systemd-sysv procps curl \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y aptitude bash ca-certificates curl iproute2 python-apt python3 python3-apt procps sudo systemd systemd-sysv vim \ && apt-get clean; \ elif [ $(command -v dnf) ]; then \ dnf makecache \ - && dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 bash iproute \ + && dnf --assumeyes install bash iproute /usr/bin/dnf-3 /usr/bin/python3 /usr/bin/python3-config vim \ && dnf clean all; \ elif [ $(command -v yum) ]; then \ yum makecache fast \ - && yum install -y /usr/bin/python /usr/bin/python2-config sudo yum-plugin-ovl bash iproute \ + && yum install -y bash iproute /usr/bin/python /usr/bin/python2-config sudo vim yum-plugin-ovl \ && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \ && yum clean all; \ elif [ $(command -v zypper) ]; then \ zypper refresh \ - && zypper install -y python3 sudo bash iproute2 \ + && zypper install -y bash iproute2 python3 sudo vim \ && zypper clean -a; \ elif [ $(command -v apk) ]; then \ apk update \ - && apk add --no-cache python3 sudo bash ca-certificates curl openrc; \ + && apk add --no-cache bash ca-certificates curl openrc python3 sudo vim; \ echo 'rc_provide="loopback net"' >> /etc/rc.conf; \ elif [ $(command -v xbps-install) ]; then \ xbps-install -Syu \ - && xbps-install -y python3 sudo bash ca-certificates iproute2 \ + && xbps-install -y bash ca-certificates iproute2 python3 sudo vim \ && xbps-remove -O; \ fi diff --git a/molecule/common/playbooks/default_converge.yml b/molecule/common/playbooks/default_converge.yml index 2e4d8aa..50c53ef 100644 --- a/molecule/common/playbooks/default_converge.yml +++ b/molecule/common/playbooks/default_converge.yml @@ -5,22 +5,22 @@ - name: Set repo if Alpine set_fact: version: "=1.19.1-r1" - when: ansible_os_family == "Alpine" + when: ansible_facts['os_family'] == "Alpine" - name: Set repo if Debian set_fact: - version: "=1.19.1-1~{{ ansible_distribution_release }}" - when: ansible_os_family == "Debian" - - name: Set repo if RedHat + version: "=1.19.1-1~{{ ansible_facts['distribution_release'] }}" + when: ansible_facts['os_family'] == "Debian" + - name: Set repo if Red Hat set_fact: - version: "-1.19.1-1.el{{ ansible_distribution_major_version }}.ngx" - when: ansible_os_family == "RedHat" + version: "-1.19.1-1.el{{ ansible_facts['distribution_major_version'] }}.ngx" + when: ansible_facts['os_family'] == "RedHat" - name: Enable NGINX @CentOS-AppStream dnf modules shell: args: cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa 204 303 register: dnf_module_enable changed_when: dnf_module_enable.stdout != 'ENABLED' - when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8" + when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==') tasks: - name: Install NGINX include_role: diff --git a/molecule/common/playbooks/module_converge.yml b/molecule/common/playbooks/module_converge.yml index 904979a..c04775e 100644 --- a/molecule/common/playbooks/module_converge.yml +++ b/molecule/common/playbooks/module_converge.yml @@ -15,6 +15,7 @@ - 80 - 443 + nginx_configure: true nginx_cleanup_config: true nginx_cleanup_config_paths: - directory: diff --git a/molecule/common/playbooks/template_converge.yml b/molecule/common/playbooks/template_converge.yml index b2467f1..06763e9 100644 --- a/molecule/common/playbooks/template_converge.yml +++ b/molecule/common/playbooks/template_converge.yml @@ -8,6 +8,7 @@ vars: nginx_debug_output: true + nginx_configure: true nginx_main_template_enable: true nginx_main_template: template_file: nginx.conf.j2 diff --git a/molecule/common/playbooks/unit_converge.yml b/molecule/common/playbooks/unit_converge.yml index 46715d4..60a9673 100644 --- a/molecule/common/playbooks/unit_converge.yml +++ b/molecule/common/playbooks/unit_converge.yml @@ -8,20 +8,20 @@ - unit-perl - unit-php7 - unit-python3 - when: ansible_os_family == "Alpine" - - name: Set module if Debian/RedHat + when: ansible_facts['os_family'] == "Alpine" + - name: Set module if Debian set_fact: module: - unit-perl - unit-php - unit-ruby - when: ansible_os_family == "Debian" - - name: Set module if RedHat + when: ansible_facts['os_family'] == "Debian" + - name: Set module if Red Hat set_fact: module: - unit-php - unit-go - when: ansible_os_family == "RedHat" + when: ansible_facts['os_family'] == "RedHat" tasks: - name: Install NGINX Unit include_role: diff --git a/molecule/plus_alpine/molecule.yml b/molecule/plus_alpine/molecule.yml index 08b8e83..9f5622f 100644 --- a/molecule/plus_alpine/molecule.yml +++ b/molecule/plus_alpine/molecule.yml @@ -6,13 +6,6 @@ lint: | yamllint . ansible-lint --force-color platforms: - - name: alpine-3.8 - image: alpine:3.8 - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" - name: alpine-3.9 image: alpine:3.9 dockerfile: ../common/Dockerfile.j2 diff --git a/tasks/amplify/install-amplify.yml b/tasks/amplify/install-amplify.yml index a33fdcb..e442a28 100644 --- a/tasks/amplify/install-amplify.yml +++ b/tasks/amplify/install-amplify.yml @@ -1,24 +1,24 @@ --- -- name: "(Setup: All OSs) Configure NGINX Amplify Agent Repository" - include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_os_family | lower }}.yml" - when: ansible_os_family == "Debian" - or ansible_os_family == "Redhat" +- name: "Configure NGINX Amplify agent repository" + include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_facts['os_family'] | lower }}.yml" + when: ansible_facts['os_family'] == "Debian" + or ansible_facts['os_family'] == "Redhat" -- name: "(Install: All OSs) Install NGINX Amplify Agent" +- name: "Install NGINX Amplify agent" package: name: nginx-amplify-agent state: present -- name: "(Setup: All OSs) Copy NGINX Configurator Agent Configuration Template" +- name: "Copy NGINX configurator agent configuration template" copy: remote_src: yes src: /etc/amplify-agent/agent.conf.default dest: /etc/amplify-agent/agent.conf mode: 0644 -- name: "(Setup: All OSs) Configure NGINX Amplify Agent API Key" +- name: "Configure NGINX Amplify agent API key" lineinfile: dest: /etc/amplify-agent/agent.conf regexp: api_key =.* line: "api_key = {{ nginx_amplify_api_key }}" - notify: "(Handler: All OSs) Start NGINX Amplify Agent" + notify: "(Handler) Start NGINX Amplify agent" diff --git a/tasks/amplify/setup-debian.yml b/tasks/amplify/setup-debian.yml index abe6923..78b68c6 100644 --- a/tasks/amplify/setup-debian.yml +++ b/tasks/amplify/setup-debian.yml @@ -1,16 +1,18 @@ --- -- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository" +- name: "(Debian/Ubuntu) Add NGINX Amplify agent repository" apt_repository: filename: nginx-amplify - repo: deb [arch=amd64] http://packages.amplify.nginx.com/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} amplify-agent + repo: >- + deb [arch=amd64] https://packages.amplify.nginx.com/ + {{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] | lower }} amplify-agent update_cache: yes mode: 0644 - when: ansible_distribution_release != "focal" + when: ansible_facts['distribution_release'] != "focal" -- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository" +- name: "(Ubuntu 20.04) Add NGINX Amplify agent repository" apt_repository: filename: nginx-amplify repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent update_cache: yes mode: 0644 - when: ansible_distribution_release == "focal" + when: ansible_facts['distribution_release'] == "focal" diff --git a/tasks/amplify/setup-redhat.yml b/tasks/amplify/setup-redhat.yml index bea8a20..3659375 100644 --- a/tasks/amplify/setup-redhat.yml +++ b/tasks/amplify/setup-redhat.yml @@ -1,8 +1,8 @@ --- -- name: "(Install: CentOS/RedHat/Amazon Linux) Add NGINX Amplify Agent Repository" +- name: "(Amazon Linux/CentOS/RHEL) Add NGINX Amplify agent repository" yum_repository: name: nginx-amplify - baseurl: http://packages.amplify.nginx.com/{{ (ansible_distribution == "Amazon") | ternary('amzn/', 'centos/') }}/$releasever/$basearch/ + baseurl: http://packages.amplify.nginx.com/{{ (ansible_facts['distribution'] == "Amazon") | ternary('amzn/', 'centos/') }}/$releasever/$basearch/ description: NGINX Amplify Agent enabled: yes gpgcheck: yes diff --git a/tasks/conf/debug-output.yml b/tasks/conf/debug-output.yml deleted file mode 100644 index 6ad7ba1..0000000 --- a/tasks/conf/debug-output.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: "(Setup: All OSs) Register NGINX configuration" - command: nginx -T - changed_when: false - register: nginx_configuration - -- name: "(Setup: All OSs) Print NGINX configuration" - debug: - var: nginx_configuration.stdout_lines diff --git a/tasks/conf/logrotate.yml b/tasks/conf/logrotate.yml deleted file mode 100644 index 990d4c9..0000000 --- a/tasks/conf/logrotate.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- name: "(Config: Alpine) Install Logrotate" - apk: - name: logrotate - when: ansible_os_family == "Alpine" - -- name: "(Config: Ubuntu/Debian) Install Logrotate" - apt: - name: logrotate - state: present - when: ansible_os_family == "Debian" - -- name: "(Config: CentOS/RedHat) Install Logrotate" - yum: - name: logrotate - state: present - when: ansible_os_family == "RedHat" - -- name: "(Config: SUSE) Add Logrotate Repo" - zypper_repository: - repo: https://download.opensuse.org/repositories/openSUSE:Leap:42.1/standard/openSUSE:Leap:42.1.repo - when: ansible_os_family == "Suse" - -- name: "(Config: SUSE) Install Logrotate" - zypper: - name: logrotate - state: present - when: ansible_os_family == "Suse" - -- name: "(Config: All OSs) Create Logrotate Config" - template: - src: "logrotate/nginx.j2" - dest: "/etc/logrotate.d/nginx" - mode: 0644 - notify: "(Config: All OSs) Run Logrotate" diff --git a/tasks/conf/cleanup-config.yml b/tasks/config/cleanup-config.yml similarity index 54% rename from tasks/conf/cleanup-config.yml rename to tasks/config/cleanup-config.yml index ef9ee9e..3724d88 100644 --- a/tasks/conf/cleanup-config.yml +++ b/tasks/config/cleanup-config.yml @@ -1,5 +1,10 @@ +## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) --- -- name: "(Setup: All OSs) Find NGINX Configuration Files" +- name: "Deprecation warning" + debug: + msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)" + +- name: "(DEPRECATED) Find NGINX Configuration Files" find: paths: "{{ item.directory }}" patterns: "*.conf" @@ -8,7 +13,7 @@ when: nginx_cleanup_config_paths is defined register: nginx_config_files -- name: "(Setup: All OSs) Remove NGINX Configuration Files" +- name: "(DEPRECATED) Remove NGINX Configuration Files" file: path: "{{ item }}" state: absent diff --git a/tasks/config/debug-output.yml b/tasks/config/debug-output.yml new file mode 100644 index 0000000..b05bcab --- /dev/null +++ b/tasks/config/debug-output.yml @@ -0,0 +1,14 @@ +--- +- name: "Print NGINX config" + debug: + msg: "Printing NGINX config" + when: nginx_debug_tasks | bool + +- name: "Register NGINX configuration" + command: nginx -T + changed_when: false + register: config + +- name: "Print NGINX config" + debug: + var: config.stdout_lines diff --git a/tasks/prerequisites/setup-systemd.yml b/tasks/config/modify-systemd.yml similarity index 57% rename from tasks/prerequisites/setup-systemd.yml rename to tasks/config/modify-systemd.yml index 43d9a86..10742e5 100644 --- a/tasks/prerequisites/setup-systemd.yml +++ b/tasks/config/modify-systemd.yml @@ -1,11 +1,16 @@ --- -- name: "(Setup: Linux) Create Override Directory For NGINX Systemd Service" +- name: "Modify systemd" + debug: + msg: "Modifying systemd" + when: nginx_debug_tasks | bool + +- name: "Create override directory for NGINX systemd service" file: path: "{{ nginx_service_overridepath }}" state: directory mode: 0755 -- name: "(Setup: Linux) Create Override For NGINX Systemd Service" +- name: "Create override for NGINX systemd service" template: src: "{{ role_path }}/templates/services/nginx.service.override.conf.j2" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" @@ -15,9 +20,9 @@ when: - not nginx_service_custom | bool - not nginx_service_clean | bool - notify: "(Handler: All OSs) Systemd Daemon-Reload" + notify: "(Handler) Systemd Daemon-Reload" -- name: "(Setup: Linux) Customize Override For NGINX Systemd Service" +- name: "Customize override for NGINX systemd service" copy: src: "{{ nginx_service_custom_file }}" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" @@ -27,11 +32,16 @@ when: - nginx_service_custom | bool - not nginx_service_clean | bool - notify: "(Handler: All OSs) Systemd Daemon-Reload" + notify: "(Handler) Systemd Daemon-Reload" -- name: "(Setup: Linux) Remove Override For NGINX Systemd Service" +- name: "Remove override for NGINX systemd service" file: path: "{{ nginx_service_overridepath }}" state: absent when: nginx_service_clean | bool - notify: "(Handler: All OSs) Systemd Daemon-Reload" + notify: "(Handler) Systemd Daemon-Reload" + +- name: "Modify systemd" + debug: + msg: "Done modifying systemd" + when: nginx_debug_tasks | bool diff --git a/tasks/config/setup-logrotate.yml b/tasks/config/setup-logrotate.yml new file mode 100644 index 0000000..966edb7 --- /dev/null +++ b/tasks/config/setup-logrotate.yml @@ -0,0 +1,46 @@ +--- +- name: "Set up logrotate" + debug: + msg: "Setting up logrotate" + when: nginx_debug_tasks | bool + +- name: "(Alpine Linux OSs) Install logrotate" + apk: + name: logrotate + when: ansible_facts['os_family'] == "Alpine" + +- name: "(Debian OSs) Install logrotate" + apt: + name: logrotate + state: present + when: ansible_facts['os_family'] == "Debian" + +- name: "(Red Hat OSs) Install logrotate" + yum: + name: logrotate + state: present + when: ansible_facts['os_family'] == "RedHat" + +- name: "(SLES OSs) Set up logrotate" + block: + - name: "(SLES OSs) Configure logrotate repository" + zypper_repository: + repo: https://download.opensuse.org/repositories/openSUSE:Leap:42.1/standard/openSUSE:Leap:42.1.repo + + - name: "(SLES OSs) Install Logrotate" + zypper: + name: logrotate + state: present + when: ansible_facts['os_family'] == "Suse" + +- name: "Create logrotate config" + template: + src: "logrotate/nginx.j2" + dest: "/etc/logrotate.d/nginx" + mode: 0644 + notify: "(Handler) Run logrotate" + +- name: "Set up logrotate" + debug: + msg: "Done setting up logrotate" + when: nginx_debug_tasks | bool diff --git a/tasks/conf/template-config.yml b/tasks/config/template-config.yml similarity index 70% rename from tasks/conf/template-config.yml rename to tasks/config/template-config.yml index d1c7a65..043d153 100644 --- a/tasks/conf/template-config.yml +++ b/tasks/config/template-config.yml @@ -1,5 +1,10 @@ +## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) --- -- name: "(Setup: All NGINX) Ensure HTML Directory Exists" +- name: "Deprecation warning" + debug: + msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)" + +- name: "(DEPRECATED) Ensure HTML Directory Exists" file: path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}" state: directory @@ -7,7 +12,7 @@ with_dict: "{{ nginx_html_demo_template }}" when: nginx_html_demo_template_enable | bool -- name: "(Setup: All NGINX) Dynamically Generate HTML Files" +- name: "(DEPRECATED) Dynamically Generate HTML Files" template: src: "{{ item.value.template_file | default('www/index.html.j2') }}" dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}" @@ -16,23 +21,23 @@ with_dict: "{{ nginx_html_demo_template }}" when: nginx_html_demo_template_enable | bool -- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists" +- name: "(DEPRECATED) Ensure NGINX Main Directory Exists" file: path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}" state: directory mode: 0755 when: nginx_main_template_enable | bool -- name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File" +- name: "(DEPRECATED) Dynamically Generate NGINX Main Configuration File" template: src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}" dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}" backup: yes mode: 0644 when: nginx_main_template_enable | bool - notify: "(Handler: All OSs) Reload NGINX" + notify: "(Handler) Reload NGINX" -- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists" +- name: "(DEPRECATED) Ensure NGINX HTTP Directory Exists" file: path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}" state: directory @@ -40,7 +45,7 @@ with_dict: "{{ nginx_http_template }}" when: nginx_http_template_enable | bool -- name: "(Setup: All NGINX) Ensure NGINX Proxy Cache Directories Exist" +- name: "(DEPRECATED) Ensure NGINX Proxy Cache Directories Exist" file: path: "{{ item.1.path }}" state: directory @@ -49,10 +54,10 @@ with_subelements: - "{{ nginx_http_template }}" - proxy_cache.proxy_cache_path - - skip_missing: true + - skip_missing: yes when: nginx_http_template_enable | bool -- name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files" +- name: "(DEPRECATED) Dynamically Generate NGINX HTTP Configuration Files" template: src: "{{ item.value.template_file | default('http/default.conf.j2') }}" dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}" @@ -60,27 +65,27 @@ mode: 0644 with_dict: "{{ nginx_http_template }}" when: nginx_http_template_enable | bool - notify: "(Handler: All OSs) Reload NGINX" + notify: "(Handler) Reload NGINX" -- name: "(Setup: All NGINX) Dynamically Generate NGINX Stub Status Configuration File" +- name: "(DEPRECATED) Dynamically Generate NGINX Stub Status Configuration File" template: src: "{{ nginx_status_template_file | default('http/status.conf.j2') }}" dest: "{{ nginx_status_file_location | default('/etc/nginx/conf.d/status.conf') }}" backup: yes mode: 0644 when: nginx_status_enable | bool - notify: "(Handler: All OSs) Reload NGINX" + notify: "(Handler) Reload NGINX" -- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File" +- name: "(DEPRECATED) Dynamically Generate NGINX API Configuration File" template: src: "{{ nginx_rest_api_template_file | default('http/api.conf.j2') }}" dest: "{{ nginx_rest_api_file_location | default('/etc/nginx/conf.d/api.conf') }}" backup: yes mode: 0644 when: nginx_rest_api_enable | bool - notify: "(Handler: All OSs) Reload NGINX" + notify: "(Handler) Reload NGINX" -- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists" +- name: "(DEPRECATED) Ensure NGINX Stream Directory Exists" file: path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}" state: directory @@ -88,7 +93,7 @@ with_dict: "{{ nginx_stream_template }}" when: nginx_stream_template_enable | bool -- name: "(Setup: All NGINX) Dynamically Generate NGINX Stream Configuration Files" +- name: "(DEPRECATED) Dynamically Generate NGINX Stream Configuration Files" template: src: "{{ item.value.template_file | default('stream/default.conf.j2') }}" dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}" @@ -96,4 +101,4 @@ mode: 0644 with_dict: "{{ nginx_stream_template }}" when: nginx_stream_template_enable | bool - notify: "(Handler: All OSs) Reload NGINX" + notify: "(Handler) Reload NGINX" diff --git a/tasks/conf/upload-config.yml b/tasks/config/upload-config.yml similarity index 68% rename from tasks/conf/upload-config.yml rename to tasks/config/upload-config.yml index f3c3782..dd7f393 100644 --- a/tasks/conf/upload-config.yml +++ b/tasks/config/upload-config.yml @@ -1,12 +1,17 @@ +## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) --- -- name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists" +- name: "Deprecation warning" + debug: + msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)" + +- name: "(DEPRECATED) Ensure NGINX HTML Directory Exists" file: path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}" state: directory mode: 0755 when: nginx_html_upload_enable | bool -- name: "(Setup: All NGINX) Upload NGINX HTML Files" +- name: "(DEPRECATED) Upload NGINX HTML Files" copy: src: "{{ item }}" dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}" @@ -14,32 +19,32 @@ mode: 0644 with_fileglob: "{{ nginx_html_upload_src }}" when: nginx_html_upload_enable | bool - notify: "(Handler: All OSs) Reload NGINX" + notify: "(Handler) Reload NGINX" -- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists" +- name: "(DEPRECATED) Ensure NGINX Main Directory Exists" file: path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}" state: directory mode: 0755 when: nginx_main_upload_enable | bool -- name: "(Setup: All NGINX) Upload NGINX Main Configuration File" +- name: "(DEPRECATED) Upload NGINX Main Configuration File" copy: src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}" dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}" backup: yes mode: 0644 when: nginx_main_upload_enable | bool - notify: "(Handler: All OSs) Reload NGINX" + notify: "(Handler) Reload NGINX" -- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists" +- name: "(DEPRECATED) Ensure NGINX HTTP Directory Exists" file: path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}" state: directory mode: 0755 when: nginx_http_upload_enable | bool -- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files" +- name: "(DEPRECATED) Upload NGINX HTTP Configuration Files" copy: src: "{{ item }}" dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}" @@ -47,16 +52,16 @@ mode: 0644 with_fileglob: "{{ nginx_http_upload_src }}" when: nginx_http_upload_enable | bool - notify: "(Handler: All OSs) Reload NGINX" + notify: "(Handler) Reload NGINX" -- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists" +- name: "(DEPRECATED) Ensure NGINX Stream Directory Exists" file: path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}" state: directory mode: 0755 when: nginx_stream_upload_enable | bool -- name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files" +- name: "(DEPRECATED) Upload NGINX Stream Configuration Files" copy: src: "{{ item }}" dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}" @@ -64,23 +69,23 @@ mode: 0644 with_fileglob: "{{ nginx_stream_upload_src }}" when: nginx_stream_upload_enable | bool - notify: "(Handler: All OSs) Reload NGINX" + notify: "(Handler) Reload NGINX" -- name: "(Setup: All NGINX) Ensure SSL Certificate Directory Exists" +- name: "(DEPRECATED) Ensure SSL Certificate Directory Exists" file: path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}" state: directory mode: 0755 when: nginx_ssl_upload_enable | bool -- name: "(Setup: All NGINX) Ensure SSL Key Directory Exists" +- name: "(DEPRECATED) Ensure SSL Key Directory Exists" file: path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}" state: directory mode: 0755 when: nginx_ssl_upload_enable | bool -- name: "(Setup: All NGINX) Upload NGINX SSL Certificates" +- name: "(DEPRECATED) Upload NGINX SSL Certificates" copy: src: "{{ item }}" dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}" @@ -90,7 +95,7 @@ with_fileglob: "{{ nginx_ssl_crt_upload_src }}" when: nginx_ssl_upload_enable | bool -- name: "(Setup: All NGINX) Upload NGINX SSL Keys" +- name: "(DEPRECATED) Upload NGINX SSL Keys" copy: src: "{{ item }}" dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}" diff --git a/tasks/keys/apk-key.yml b/tasks/keys/apk-key.yml deleted file mode 100644 index b74dc2a..0000000 --- a/tasks/keys/apk-key.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: "(Install: APK OSs) Set Default APK NGINX Signing Key URL" - set_fact: - default_keysite: https://nginx.org/keys/nginx_signing.rsa.pub - -- name: "(Install: APK OSs) Set APK NGINX Signing Key URL" - set_fact: - keysite: "{{ nginx_signing_key | default(default_keysite) }}" - -- name: "(Install: APK OSs) Download NGINX Signing Key" - get_url: - url: "{{ keysite }}" - dest: /etc/apk/keys/nginx_signing.rsa.pub - mode: 0400 diff --git a/tasks/keys/apt-key.yml b/tasks/keys/apt-key.yml deleted file mode 100644 index ef7f140..0000000 --- a/tasks/keys/apt-key.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: "(Install: APT OSs) Set Default APT NGINX Signing Key URL" - set_fact: - default_keysite: https://nginx.org/keys/nginx_signing.key - -- name: "(Install: APT OSs) Set APT NGINX Signing Key URL" - set_fact: - keysite: "{{ nginx_signing_key | default(default_keysite) }}" - -- name: "(Install: APT OSs) Add APT NGINX Signing Key" - apt_key: - url: "{{ keysite }}" diff --git a/tasks/keys/rpm-key.yml b/tasks/keys/rpm-key.yml deleted file mode 100644 index 0323d56..0000000 --- a/tasks/keys/rpm-key.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: "(Install: RPM OSs) Set Default RPM NGINX Signing Key" - set_fact: - default_keysite: >- - {{ (ansible_distribution_major_version|int == 6) - | ternary('http://nginx.org/keys/nginx_signing.key', 'https://nginx.org/keys/nginx_signing.key') }} - -- name: "(Install: RPM OSs) Set RPM NGINX Signing Key URL" - set_fact: - keysite: "{{ nginx_signing_key | default(default_keysite) }}" - -- name: "(Install: RPM OSs) Add RPM NGINX Signing Key" - rpm_key: - key: "{{ keysite }}" diff --git a/tasks/keys/setup-keys.yml b/tasks/keys/setup-keys.yml index 4b4a0f8..82bf8ff 100644 --- a/tasks/keys/setup-keys.yml +++ b/tasks/keys/setup-keys.yml @@ -1,16 +1,41 @@ --- -- name: "(Setup: Keys) Alpine" - include_tasks: "{{ role_path }}/tasks/keys/apk-key.yml" - when: ansible_os_family == "Alpine" - tags: nginx_apkkey +- name: "Set up signing keys" + debug: + msg: "Setting up signing keys" + when: nginx_debug_tasks | bool -- name: "(Setup: Keys) Debian/Ubuntu" - include_tasks: "{{ role_path }}/tasks/keys/apt-key.yml" - when: ansible_os_family == "Debian" - tags: nginx_aptkey +- name: "(Alpine Linux) Set up signing key" + block: + - name: "(Alpine Linux) Set up NGINX signing key URL" + set_fact: + keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['rsa_pub']) }}" -- name: "(Setup: Keys) CentOS/RedHat/SUSE" - include_tasks: "{{ role_path }}/tasks/keys/rpm-key.yml" - when: ansible_os_family == "RedHat" - or ansible_os_family == "Suse" - tags: nginx_rpmkey + - name: "(Alpine Linux) Download NGINX signing key" + get_url: + url: "{{ keysite }}" + dest: /etc/apk/keys/nginx_signing.rsa.pub + mode: 0400 + when: ansible_facts['os_family'] == "Alpine" + +- name: "(Debian/Red Hat/SLES OSs) Set up NGINX signing key URL" + set_fact: + keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['pgp']) }}" + when: ansible_facts['os_family'] != "Alpine" + +- name: "(Debian/Ubuntu) Add NGINX signing key" + apt_key: + id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 + url: "{{ keysite }}" + when: ansible_facts['os_family'] == "Debian" + +- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL/SLES) Add NGINX signing key" + rpm_key: + fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 + key: "{{ keysite }}" + validate_certs: "{{ (ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}" + when: ansible_facts['os_family'] in ['RedHat', 'Suse'] + +- name: "Set up signing keys" + debug: + msg: "Done setting up signing keys" + when: nginx_debug_tasks | bool diff --git a/tasks/main.yml b/tasks/main.yml index af55ef7..b7eb7c7 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,58 +1,78 @@ --- -- name: "(Setup: All OSs) Setup Prerequisites" - include_tasks: "{{ role_path }}/tasks/prerequisites/setup-{{ ansible_os_family | lower }}.yml" +- name: "Check whether you are using a supported NGINX distribution" + assert: + that: (nginx_type == "opensource" and ansible_facts['distribution'] in nginx_distributions) + or (nginx_type == "plus" and ansible_facts['distribution'] in nginx_plus_distributions) + success_msg: "Your OS, {{ ansible_facts['distribution'] }} is supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}" + fail_msg: "Your OS, {{ ansible_facts['distribution'] }} is not supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}" + when: + - nginx_install | bool + - (nginx_install_from == "nginx_repository" or nginx_type == "plus") + tags: nginx_check_support + +- name: "Set up prerequisites" + include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml" tags: nginx_prerequisites -- name: "(Setup: All OSs) Setup Keys" - import_tasks: keys/setup-keys.yml - when: - - ansible_os_family == "Alpine" - or ansible_os_family == "Debian" - or ansible_os_family == "RedHat" - or ansible_os_family == "Suse" - - nginx_install_from == "nginx_repository" - or nginx_amplify_enable | bool - or nginx_unit_enable | bool +- name: "Set up signing keys" + include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml" + when: (nginx_install | bool and nginx_install_from == "nginx_repository") + or nginx_amplify_enable | bool or nginx_unit_enable | bool tags: nginx_key -- name: "(Install/Config: All OSs) Install and Configure NGINX" +- name: "Install and Configure NGINX" block: - - name: "(Install: All OSs) Install NGINX" + - name: "Install NGINX" block: - - name: "(Install: All OSs) Install NGINX Open Source" + - name: "Install NGINX Open Source" include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml" when: nginx_type == "opensource" tags: nginx_install_oss - - name: "(Install: All OSs) Install NGINX Plus" + - name: "Set up NGINX Plus license" + include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml" + when: + - nginx_type == "plus" + - nginx_setup_license | bool + tags: nginx_setup_license + + - name: "Install NGINX Plus" include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml" when: nginx_type == "plus" tags: nginx_install_plus - - name: "(Install: All OSs) Install NGINX Modules" + - name: "Install NGINX modules" include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml" when: - nginx_modules is defined - nginx_modules | length > 0 tags: nginx_install_modules - - name: "(Install: All OSs) Delete NGINX Plus License" - include_tasks: "{{ role_path }}/tasks/plus/delete-license.yml" + - name: "Remove NGINX Plus license" + include_tasks: "{{ role_path }}/tasks/plus/remove-license.yml" when: - nginx_type == "plus" - - nginx_delete_license | bool - tags: nginx_delete_license - when: nginx_install | bool + - nginx_remove_license | bool + tags: nginx_remove_license - - name: "(Config: All OSs) Configure NGINX" + - name: "Modify Service For Systemd" + include_tasks: "{{ role_path }}/tasks/config/modify-systemd.yml" + when: + - ansible_facts['service_mgr'] == "systemd" + - nginx_service_modify | bool + tags: nginx_modify_systemd + when: nginx_install | bool + tags: nginx_install + + - name: "(DEPRECATED) Configure NGINX" block: - - name: "(Config: All OSs) Cleanup NGINX Config" - include_tasks: "{{ role_path }}/tasks/conf/cleanup-config.yml" + - name: "(DEPRECATED) Cleanup NGINX Config" + include_tasks: "{{ role_path }}/tasks/config/cleanup-config.yml" when: nginx_cleanup_config | bool tags: nginx_cleanup_config - - name: "(Config: All OSs) Upload NGINX Config" - include_tasks: "{{ role_path }}/tasks/conf/upload-config.yml" + - name: "(DEPRECATED) Upload NGINX Config" + include_tasks: "{{ role_path }}/tasks/config/upload-config.yml" when: nginx_main_upload_enable | bool or nginx_http_upload_enable | bool or nginx_stream_upload_enable | bool @@ -60,8 +80,8 @@ or nginx_ssl_upload_enable | bool tags: nginx_upload_config - - name: "(Config: All OSs) Create NGINX Config" - include_tasks: "{{ role_path }}/tasks/conf/template-config.yml" + - name: "(DEPRECATED) Create NGINX Config" + include_tasks: "{{ role_path }}/tasks/config/template-config.yml" when: nginx_main_template_enable | bool or nginx_http_template_enable | bool or nginx_stream_template_enable | bool @@ -69,21 +89,21 @@ tags: nginx_template_config when: nginx_configure | bool - - name: "(Config: All OSs) Ensure NGINX is Running" + - name: "Ensure NGINX is running" meta: flush_handlers - - name: "(Config: All OSs) Debug Output" - include_tasks: "{{ role_path }}/tasks/conf/debug-output.yml" + - name: "Debug NGINX output" + include_tasks: "{{ role_path }}/tasks/config/debug-output.yml" when: nginx_debug_output | bool tags: nginx_debug_output - - name: "(Config: All OSs): Configure Logrotate" - include_tasks: "{{ role_path }}/tasks/conf/logrotate.yml" + - name: "Configure logrotate for NGINX" + include_tasks: "{{ role_path }}/tasks/config/setup-logrotate.yml" when: nginx_logrotate_conf_enable | bool tags: nginx_logrotate_config when: nginx_enable | bool -- name: "(Install: All OSs) Install NGINX Amplify" +- name: "Install NGINX Amplify" include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml" when: - nginx_amplify_enable | bool @@ -91,7 +111,7 @@ - nginx_amplify_api_key | length > 0 tags: nginx_install_amplify -- name: "(Install: All OSs) Install NGINX Unit" +- name: "(DEPRECATED) Install NGINX Unit" include_tasks: "{{ role_path }}/tasks/unit/install-unit.yml" when: nginx_unit_enable | bool tags: nginx_install_unit diff --git a/tasks/modules/install-modules.yml b/tasks/modules/install-modules.yml index b10cc4d..0fb4259 100644 --- a/tasks/modules/install-modules.yml +++ b/tasks/modules/install-modules.yml @@ -1,12 +1,12 @@ --- -- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies" +- name: "(CentOS) Install GeoIP dependencies" yum: name: epel-release when: - - ansible_distribution == "CentOS" + - ansible_facts['distribution'] == "CentOS" - '"geoip" in nginx_modules' -- name: "(Install: All OSs) Install NGINX Modules" +- name: "Install NGINX Modules" package: name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item }}{{ nginx_version | default('') }}" state: present @@ -15,18 +15,18 @@ - (item in nginx_modules_list and nginx_type == 'opensource') or (item in nginx_plus_modules_list and nginx_type == 'plus') - not (item == "auth-spnego") - or not (ansible_os_family == "Alpine" and (ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') == "3.8")) + or not (ansible_facts['os_family'] == "Alpine" and (ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') is version('3.8', '=='))) - not (item == "geoip") - or not ((ansible_os_family == "RedHat" and ansible_distribution_major_version == "8") - or (ansible_os_family == "FreeBSD")) + or not ((ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')) + or (ansible_facts['os_family'] == "FreeBSD")) - not (item == "brotli") - or not ((ansible_os_family == "Alpine") - or (ansible_os_family == "RedHat" and ansible_distribution_major_version < "8") - or (ansible_os_family == "Debian" and ansible_distribution_major_version == "9") - or (ansible_os_family == "Suse" and ansible_distribution_major_version == "12") - or (ansible_distribution == "Amazon") - or (ansible_distribution == "OracleLinux")) - - not (item == "geoip2") or not (ansible_os_family == "Suse") + or not ((ansible_facts['os_family'] == "Alpine") + or (ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '<')) + or (ansible_facts['os_family'] == "Debian" and ansible_facts['distribution_major_version'] is version('9', '==')) + or (ansible_facts['os_family'] == "Suse" and ansible_facts['distribution_major_version'] is version('12', '<')) + or (ansible_facts['distribution'] == "Amazon") + or (ansible_facts['distribution'] == "OracleLinux")) + - not (item == "geoip2") or not (ansible_facts['os_family'] == "Suse") - not (item == "opentracing") - or not ((ansible_os_family == "Suse" and ansible_distribution_major_version == "12") - or (ansible_os_family == "RedHat" and ansible_distribution_major_version == "6")) + or not ((ansible_facts['os_family'] == "Suse" and ansible_facts['distribution_major_version'] is version('12', '==')) + or (ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('6', '=='))) diff --git a/tasks/opensource/install-alpine.yml b/tasks/opensource/install-alpine.yml new file mode 100644 index 0000000..d77ee92 --- /dev/null +++ b/tasks/opensource/install-alpine.yml @@ -0,0 +1,14 @@ +--- +- name: "(Alpine Linux) Configure NGINX repository" + lineinfile: + path: /etc/apk/repositories + insertafter: EOF + line: "{{ repository }}" + +- name: "(Alpine Linux) Install NGINX" + apk: + name: "nginx{{ nginx_version | default('') }}" + repository: "{{ repository }}" + state: "{{ nginx_state }}" + update_cache: yes + notify: "(Handler) Start NGINX" diff --git a/tasks/opensource/install-bsd.yml b/tasks/opensource/install-bsd.yml new file mode 100644 index 0000000..bced3af --- /dev/null +++ b/tasks/opensource/install-bsd.yml @@ -0,0 +1,78 @@ +--- +- name: "(FreeBSD) Update ports" + block: + - name: "(FreeBSD) Fetch ports" + command: portsnap fetch --interactive + args: + creates: /var/db/portsnap/INDEX + + - name: "(FreeBSD) Extract ports" + command: portsnap extract + args: + creates: /usr/ports + when: + - ansible_facts['system'] == "FreeBSD" + - nginx_bsd_update_ports | bool + +- name: "(FreeBSD) Install NGINX" + block: + - name: "(FreeBSD) Install NGINX package" + pkgng: + name: "www/nginx{{ nginx_version | default('') }}" + state: "{{ nginx_state }}" + when: nginx_bsd_install_packages | bool + notify: "(Handler) Start NGINX" + + - name: "(FreeBSD) Install NGINX port" + portinstall: + name: "www/nginx{{ nginx_version | default('') }}" + use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}" + state: "{{ nginx_state }}" + when: not nginx_bsd_install_packages | bool + notify: "(Handler) Start NGINX" + when: ansible_facts['system'] == "FreeBSD" + +- name: "(OpenBSD) Install NGINX" + block: + - name: "(OpenBSD) Install NGINX package" + openbsd_pkg: + name: "nginx{{ nginx_version | default('') }}" + build: no + state: "{{ nginx_state }}" + when: nginx_bsd_install_packages | bool + notify: "(Handler) Start NGINX" + + - name: "(OpenBSD) Install NGINX port" + openbsd_pkg: + name: "nginx{{ nginx_version | default('') }}" + build: yes + state: "{{ nginx_state }}" + when: not nginx_bsd_install_packages | bool + notify: "(Handler) Start NGINX" + when: ansible_facts['system'] == "OpenBSD" + +- name: "(NetBSD) Install NGINX" + block: + - name: "NetBSD) Install NGINX package" + command: "pkg_add www/nginx{{ nginx_version | default('') }}" + when: nginx_bsd_install_packages | bool + notify: "(Handler) Start NGINX" + + - name: "(NetBSD) Install NGINX port" + fail: + msg: "{{ ansible_facts['system'] }} Install NGINX port not implemented." + when: not nginx_bsd_install_packages | bool + when: ansible_facts['system'] == "NetBSD" + +- name: "(DragonFlyBSD/HardenedBSD) Install NGINX" + block: + - name: "Install NGINX package" + command: "pkg install www/nginx{{ nginx_version | default('') }}" + when: nginx_bsd_install_packages | bool + notify: "(Handler) Start NGINX" + + - name: "Install NGINX port" + fail: + msg: "{{ ansible_facts['system'] }} Install NGINX port not implemented." + when: not nginx_bsd_install_packages | bool + when: ansible_facts['system'] in ['DragonFlyBSD', 'HardenedBSD'] diff --git a/tasks/opensource/install-debian.yml b/tasks/opensource/install-debian.yml new file mode 100644 index 0000000..2a67e7f --- /dev/null +++ b/tasks/opensource/install-debian.yml @@ -0,0 +1,14 @@ +--- +- name: "(Debian/Ubuntu) Configure NGINX repository" + apt_repository: + filename: nginx + repo: "{{ item }}" + update_cache: yes + mode: 0644 + loop: "{{ repository }}" + +- name: "(Debian/Ubuntu) Install NGINX" + apt: + name: "nginx{{ nginx_version | default('') }}" + state: "{{ nginx_state }}" + notify: "(Handler) Start NGINX" diff --git a/tasks/opensource/install-oss-bsd.yml b/tasks/opensource/install-oss-bsd.yml deleted file mode 100644 index 3ae8c8f..0000000 --- a/tasks/opensource/install-oss-bsd.yml +++ /dev/null @@ -1,91 +0,0 @@ ---- -- name: "(Install: FreeBSD) Update Ports" - block: - - name: "(Install: FreeBSD) Fetch Ports" - command: portsnap fetch --interactive - args: - creates: /var/db/portsnap/INDEX - - - name: "(Install: FreeBSD) Extract Ports" - command: portsnap extract - args: - creates: /usr/ports - when: - - ansible_system == "FreeBSD" - - nginx_bsd_update_ports | bool - -- name: "(Install: FreeBSD)" - block: - - name: "(Install: FreeBSD) Install NGINX Package" - pkgng: - name: "www/nginx{{ nginx_version | default('') }}" - state: "{{ nginx_state }}" - when: nginx_bsd_install_packages | bool - notify: "(Handler: All OSs) Start NGINX" - - - name: "(Install: FreeBSD) Install NGINX Port" - portinstall: - name: "www/nginx{{ nginx_version | default('') }}" - use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}" - state: "{{ nginx_state }}" - when: not nginx_bsd_install_packages | bool - notify: "(Handler: All OSs) Start NGINX" - when: ansible_system == "FreeBSD" - -- name: "(Install: OpenBSD)" - block: - - name: "(Install: OpenBSD) Install NGINX Package" - openbsd_pkg: - name: "nginx{{ nginx_version | default('') }}" - build: no - state: "{{ nginx_state }}" - when: nginx_bsd_install_packages | bool - notify: "(Handler: All OSs) Start NGINX" - - - name: "(Install: OpenBSD) Install NGINX Port" - openbsd_pkg: - name: "nginx{{ nginx_version | default('') }}" - build: yes - state: "{{ nginx_state }}" - when: not nginx_bsd_install_packages | bool - notify: "(Handler: All OSs) Start NGINX" - when: ansible_system == "OpenBSD" - -- name: "(Install: NetBSD)" - block: - - name: "(Install: NetBSD) Install NGINX Package" - command: "pkg_add www/nginx{{ nginx_version | default('') }}" - when: nginx_bsd_install_packages | bool - notify: "(Handler: All OSs) Start NGINX" - - - name: "(Install: NetBSD) Install NGINX Port" - fail: - msg: "{{ ansible_system }} Install NGINX port not implemented." - when: not nginx_bsd_install_packages | bool - when: ansible_system == "NetBSD" - -- name: "(Install: DragonFlyBSD)" - block: - - name: "(Install: DragonFlyBSD) Install NGINX Package" - command: "pkg install www/nginx{{ nginx_version | default('') }}" - when: nginx_bsd_install_packages | bool - notify: "(Handler: All OSs) Start NGINX" - - - name: "(Install: DragonFlyBSD) Install NGINX port" - fail: - msg: "{{ ansible_system }} Install NGINX port not implemented." - when: not nginx_bsd_install_packages | bool - when: ansible_system == "DragonFlyBSD" - -- name: "(Install: HardenedBSD)" - block: - - name: "(Install: HardenedBSD) Install NGINX package" - command: "pkg install www/nginx{{ nginx_version | default('') }}" - when: nginx_bsd_install_packages | bool - notify: "(Handler: All OSs) Start NGINX" - - - name: "(Install: HardenedBSD) Install NGINX port" - fail: - msg: "{{ ansible_system }} Install NGINX port not implemented." - when: not nginx_bsd_install_packages | bool - when: ansible_system == "HardenedBSD" diff --git a/tasks/opensource/install-oss-linux.yml b/tasks/opensource/install-oss-linux.yml deleted file mode 100644 index ca4845c..0000000 --- a/tasks/opensource/install-oss-linux.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: "(Install: Linux) Configure NGINX Repository" - include_tasks: "{{ role_path }}/tasks/opensource/setup-{{ ansible_os_family | lower }}.yml" - when: - - ansible_os_family == "Alpine" - or ansible_os_family == "Debian" - or ansible_os_family == "RedHat" - or ansible_os_family == "Suse" - - nginx_install_from == "nginx_repository" - -- name: "(Install: Linux) Modify Service For Systemd" - include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml" - when: - - ansible_service_mgr == "systemd" - - nginx_service_modify | bool - -- name: "(Install: Linux) Install NGINX From Source" - include_tasks: "{{ role_path }}/tasks/opensource/setup-source.yml" - when: nginx_install_from == "source" - -- name: "(Install: Linux) Install NGINX Package" - package: - name: "nginx{{ nginx_version | default('') }}" - state: "{{ nginx_state }}" - when: nginx_install_from == "os_repository" - notify: "(Handler: All OSs) Start NGINX" diff --git a/tasks/opensource/install-oss.yml b/tasks/opensource/install-oss.yml index 8139d55..35c7f20 100644 --- a/tasks/opensource/install-oss.yml +++ b/tasks/opensource/install-oss.yml @@ -1,8 +1,38 @@ --- -- name: "(Install: OSS Linux)" - include_tasks: "{{ role_path }}/tasks/opensource/install-oss-linux.yml" - when: ansible_os_family in nginx_linux_families +- name: "Install NGINX" + debug: + msg: "Installing NGINX" + when: nginx_debug_tasks | bool -- name: "(Install: OSS BSD)" - include_tasks: "{{ role_path }}/tasks/opensource/install-oss-bsd.yml" - when: ansible_system in nginx_bsd_systems +- name: "Install NGINX in Linux systems" + block: + - name: "Install NGINX from repository" + block: + - name: "Set NGINX repository" + set_fact: + repository: "{{ nginx_repository | default(nginx_default_repository[ansible_facts['os_family'] | lower]) }}" + + - name: "Install NGINX from repository" + include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml" + when: nginx_install_from == "nginx_repository" + + - name: "Install NGINX from source" + include_tasks: "{{ role_path }}/tasks/opensource/install-source.yml" + when: nginx_install_from == "source" + + - name: "Install NGINX from package" + package: + name: "nginx{{ nginx_version | default('') }}" + state: "{{ nginx_state }}" + when: nginx_install_from == "os_repository" + notify: "(Handler) Start NGINX" + when: ansible_facts['system'] | lower is not search('bsd') + +- name: "Install NGINX in Unix systems" + include_tasks: "{{ role_path }}/tasks/opensource/install-bsd.yml" + when: ansible_facts['system'] | lower is search('bsd') + +- name: "Install NGINX" + debug: + msg: "Done installing NGINX" + when: nginx_debug_tasks | bool diff --git a/tasks/opensource/install-redhat.yml b/tasks/opensource/install-redhat.yml new file mode 100644 index 0000000..fa45b97 --- /dev/null +++ b/tasks/opensource/install-redhat.yml @@ -0,0 +1,33 @@ +--- +- name: "(CentOS/RHEL 6/7) Configure NGINX repository" + yum_repository: + name: nginx + baseurl: "{{ repository }}" + description: NGINX Repository + enabled: yes + gpgcheck: yes + mode: 0644 + when: ansible_facts['distribution_major_version'] is version('8', '<') + +- name: "(CentOS/RHEL 8) Configure NGINX repository" + blockinfile: + path: /etc/yum.repos.d/nginx.repo + create: yes + block: | + [nginx] + baseurl = {{ repository }} + enabled = 1 + gpgcheck = 1 + name = NGINX Repository + module_hotfixes = true + mode: 0644 + when: ansible_facts['distribution_major_version'] is version('8', '==') + +- name: "(CentOS/RHEL) Install NGINX" + yum: + name: "nginx{{ nginx_version | default('') }}" + state: "{{ nginx_state }}" + disablerepo: "*" + enablerepo: "nginx" + update_cache: yes + notify: "(Handler) Start NGINX" diff --git a/tasks/opensource/setup-source.yml b/tasks/opensource/install-source.yml similarity index 58% rename from tasks/opensource/setup-source.yml rename to tasks/opensource/install-source.yml index 42af2fa..d672fac 100644 --- a/tasks/opensource/setup-source.yml +++ b/tasks/opensource/install-source.yml @@ -1,9 +1,9 @@ --- -- name: "(Install: Linux) Check For Build Tools" +- name: "Check for build tools" block: - - name: "(Install: Centos/RHEL) Setup Python 3" + - name: "(CentOS/RHEL 8) Setup python 3" block: - - name: "(Install: Centos/RHEL) Install Python 3" + - name: "(CentOS/RHEL 8) Install python 3" yum: name: - python3 @@ -11,144 +11,144 @@ - python3-devel update_cache: yes - - name: "(Install: Centos/RHEL) Set Python 3 Default" + - name: "(Centos/RHEL 8) Set python 3 as default" alternatives: name: python path: /usr/bin/python3 link: /usr/bin/python when: - - ansible_os_family == "RedHat" - - ansible_distribution_major_version == "8" + - ansible_facts['os_family'] == "RedHat" + - ansible_facts['distribution_major_version'] is version('8', '==') - - name: "(Install: Centos/RHEL) Install Build Tools" + - name: "(Centos/RHEL) Install build tools" yum: name: - "@Development tools" + - ca-certificates - gcc - - glibc - - glibc-common - gd - gd-devel + - glibc + - glibc-common - perl-core - wget - - ca-certificates - zlib-devel update_cache: yes - when: ansible_os_family == "RedHat" + when: ansible_facts['os_family'] == "RedHat" - - name: "(Install: Debian) Install Backports Repo For Buster" + - name: "(Debian) Install backports repo for buster" apt_repository: filename: buster-backports repo: deb http://ftp.us.debian.org/debian buster-backports main update_cache: yes mode: 0644 - when: ansible_distribution_release == "buster" + when: ansible_facts['distribution_release'] == "buster" - - name: "(Install: Debian/Ubuntu) Install Build Tools" + - name: "(Debian/Ubuntu) Install build tools" apt: name: - - python3-minimal - build-essential + - checkinstall + - libtemplate-perl + - python3-minimal - perl - tar - - checkinstall - zlib1g-dev - - libtemplate-perl update_cache: yes - when: ansible_os_family == "Debian" + when: ansible_facts['os_family'] == "Debian" - - name: "(Install: Alpine) Install Build Tools" + - name: "(Alpine Linux) Install build tools" apk: name: - - python3 - alpine-sdk - build-base - git - - wget + - openrc - perl + - python3 - linux-headers - tar - - openrc + - wget update_cache: yes - when: ansible_os_family == "Alpine" + when: ansible_facts['os_family'] == "Alpine" - - name: "(Install: Alpine) Enable OpenRC" + - name: "(Alpine Linux) Enable OpenRC" copy: content: "" dest: /run/openrc/softlevel force: no owner: root mode: 0644 - when: ansible_os_family == "Alpine" + when: ansible_facts['os_family'] == "Alpine" when: nginx_install_source_build_tools | bool -- name: "(Install: Linux) Check For Source Installs" +- name: "Check for source installs" block: - - name: "(Install: Linux) Check For PCRE Install" + - name: "Check for PCRE install" stat: path: /tmp/{{ pcre_version }} register: pcre_result - - name: "(Install: Linux) Check For ZLib Install" + - name: "Check for ZLib install" stat: path: /tmp/{{ zlib_version }} register: zlib_result - - name: "(Install: Linux) Check For OpenSSL Install" + - name: "Check for OpenSSL install" stat: path: /tmp/{{ openssl_version }} register: openssl_result -- name: "(Install: Centos/RHEL) Install PCRE Dependency From Package" +- name: "(CentOS/RHEL) Install PCRE dependency from package" yum: name: pcre-devel update_cache: yes when: - nginx_install_source_pcre | bool - - ansible_os_family == "RedHat" + - ansible_facts['os_family'] == "RedHat" -- name: "(Install: Debian/Ubuntu) Install PCRE Dependency From Package" +- name: "(Debian/Ubuntu) Install PCRE dependency from package" apt: name: libpcre3-dev update_cache: yes when: - nginx_install_source_pcre | bool - - ansible_os_family == "Debian" + - ansible_facts['os_family'] == "Debian" -- name: "(Install: Alpine) Install PCRE Dependency From Package" +- name: "(Alpine Linux) Install PCRE dependency from package" apk: name: pcre-dev update_cache: yes when: - nginx_install_source_pcre | bool - - ansible_os_family == "Alpine" + - ansible_facts['os_family'] == "Alpine" -- name: "(Install: Linux) Install PCRE Dependence From Source" +- name: "Install PCRE dependence from source" block: - - name: "(Install: Linux) Download PCRE Dependency" + - name: "Download PCRE dependency" get_url: - url: "http://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz" + url: "https://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz" dest: "/tmp/{{ pcre_version }}.tar.gz" mode: 0600 register: pcre_source - - name: "(Install: Linux) Unpack PCRE Dependency" + - name: "Unpack PCRE dependency" unarchive: copy: no dest: /tmp/ src: "{{ pcre_source.dest }}" mode: 0700 - - name: "(Install: Linux) Configure PCRE Dependency" + - name: "Configure PCRE dependency" command: "./configure" args: chdir: "/tmp/{{ pcre_version }}" - - name: "(Install: Linux) Make PCRE Dependency" + - name: "Make PCRE dependency" make: chdir: "/tmp/{{ pcre_version }}" - - name: "(Install: Linux) Install PCRE Dependency" + - name: "Install PCRE dependency" make: chdir: "/tmp/{{ pcre_version }}" target: install @@ -156,56 +156,56 @@ - not pcre_result.stat.exists | bool - not nginx_install_source_pcre | bool -- name: "(Install: Centos/RHEL) Install ZLib Dependency From Package" +- name: "(Centos/RHEL) Install ZLib dependency from package" yum: name: zlib-devel update_cache: yes when: - nginx_install_source_zlib | bool - - ansible_os_family == "RedHat" + - ansible_facts['os_family'] == "RedHat" -- name: "(Install: Debian/Ubuntu) Install ZLib Dependency From Package" +- name: "(Debian/Ubuntu) Install ZLib dependency from package" apt: name: zlib1g-dev update_cache: true when: - nginx_install_source_zlib | bool - - ansible_os_family == "Debian" + - ansible_facts['os_family'] == "Debian" -- name: "(Install: Alpine) Install ZLib Dependency From Package" +- name: "(Alpine Linux) Install ZLib dependency from package" apk: name: zlib-dev update_cache: yes when: - nginx_install_source_zlib | bool - - ansible_os_family == "Alpine" + - ansible_facts['os_family'] == "Alpine" -- name: "(Install: Linux) Install ZLib Dependency From Source" +- name: "Install ZLib dependency from source" block: - - name: "(Install: Linux) Download ZLib Dependency" + - name: "Download ZLib dependency" get_url: - url: "http://zlib.net/{{ zlib_version }}.tar.gz" + url: "https://zlib.net/{{ zlib_version }}.tar.gz" dest: "/tmp/{{ zlib_version }}.tar.gz" mode: 0600 register: zlib_source - - name: "(Install: Linux) Unpack ZLib Dependency" + - name: "Unpack ZLib dependency" unarchive: copy: no dest: /tmp/ src: "{{ zlib_source.dest }}" mode: 0700 - - name: "(Install: Linux) Configure zlib Dependency" + - name: "Configure ZLib dependency" command: "./configure" args: chdir: "/tmp/{{ zlib_version }}" - - name: "(Install: Linux) Make ZLib Dependency" + - name: "Make ZLib dependency" make: chdir: "/tmp/{{ zlib_version }}" - - name: "(Install: Linux) Install ZLib Dependency" + - name: "Install ZLib dependency" make: chdir: "/tmp/{{ zlib_version }}" target: install @@ -213,56 +213,56 @@ - not zlib_result.stat.exists | bool - not nginx_install_source_zlib | bool -- name: "(Install: Centos/RHEL) Install OpenSSL Dependency From Package" +- name: "(CentOS/RHEL) Install OpenSSL dependency from package" yum: name: openssl-devel update_cache: yes when: - nginx_install_source_openssl | bool - - ansible_os_family == "RedHat" + - ansible_facts['os_family'] == "RedHat" -- name: "(Install: Debian/Ubuntu) Install OpenSSL Dependency From Package" +- name: "(Debian/Ubuntu) Install OpenSSL dependency from package" apt: name: libssl-dev update_cache: yes when: - nginx_install_source_openssl | bool - - ansible_os_family == "Debian" + - ansible_facts['os_family'] == "Debian" -- name: "(Install: Alpine) Install OpenSSL Dependency From Package" +- name: "(Alpine Linux) Install OpenSSL dependency from package" apk: name: openssl-dev update_cache: yes when: - nginx_install_source_openssl | bool - - ansible_os_family == "Alpine" + - ansible_facts['os_family'] == "Alpine" -- name: "(Install: Linux) Install OpenSSL Dependency From Source" +- name: "Install OpenSSL dependency from source" block: - - name: "(Install: Linux) Download OpenSSL Dependency" + - name: "Download OpenSSL dependency" get_url: - url: "http://www.openssl.org/source/{{ openssl_version }}.tar.gz" + url: "https://www.openssl.org/source/{{ openssl_version }}.tar.gz" dest: "/tmp/{{ openssl_version }}.tar.gz" mode: 0600 register: openssl_source - - name: "(Install: Linux) Unpack OpenSSL Dependency" + - name: "Unpack OpenSSL dependency" unarchive: copy: no dest: /tmp/ src: "{{ openssl_source.dest }}" mode: 0700 - - name: "(Install: Linux) Configure OpenSSL Dependency" + - name: "Configure OpenSSL dependency" command: "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib" args: chdir: "/tmp/{{ openssl_version }}" - - name: "(Install: Linux) Make OpenSSL Dependency" + - name: "Make OpenSSL dependency" make: chdir: "/tmp/{{ openssl_version }}" - - name: "(Install: Linux) Install OpenSSL Dependency" + - name: "Install OpenSSL dependency" make: chdir: "/tmp/{{ openssl_version }}" target: install @@ -270,72 +270,72 @@ - not openssl_result.stat.exists | bool - not nginx_install_source_openssl | bool -- name: "(Install: Linux) Get NGINX Version" +- name: "Get NGINX version" block: - - name: "(Install: Linux) Fetch NGINX Version" + - name: "Fetch NGINX version" uri: url: https://trac.nginx.org/nginx/browser return_content: yes register: nginx_versions - - name: "(Install: Linux) Set NGINX Mainline Version" + - name: "Set NGINX mainline version" set_fact: nginx_version: "{{ nginx_versions.content | regex_search('release[^<]*') | regex_replace('release', 'nginx') }}" when: nginx_branch == "mainline" - - name: "(Install: Linux) Set NGINX Stable Version 1/2" + - name: "Set NGINX stable version 1/2" set_fact: nginx_version: "{{ nginx_versions.content | regex_search('stable[^<]*') | regex_replace('stable', 'release') }}" when: nginx_branch == "stable" - - name: "(Install: Linux) Set NGINX Stable Version 2/2" + - name: "Set NGINX stable version 2/2" set_fact: nginx_version: "{{ nginx_versions.content | regex_search(nginx_version + '[^<]*') | regex_replace('release', 'nginx') }}" when: nginx_branch == "stable" - - name: "(Install: Linux) Set NGINX Download Filename" + - name: "Set NGINX download filename" set_fact: nginx_download_name: "{{ nginx_version }}" - - name: "(Install: Linux) Check For NGINX Install" + - name: "Check for NGINX install" stat: path: /usr/sbin/nginx follow: yes register: nginx_result -- name: "(Install: Linux) Add NGINX User" +- name: "Add NGINX user" user: name: nginx -- name: "(Install: Linux) Install NGINX" +- name: "Install NGINX" block: - - name: "(Install: Linux) Download NGINX" + - name: "Download NGINX" get_url: - url: "http://nginx.org/download/{{ nginx_download_name }}.tar.gz" + url: "https://nginx.org/download/{{ nginx_download_name }}.tar.gz" dest: "/tmp/{{ nginx_download_name }}.tar.gz" mode: 0600 register: nginx_source - - name: "(Install: Linux) Unpack NGINX" + - name: "Unpack NGINX" unarchive: copy: no dest: /tmp/ src: "{{ nginx_source.dest }}" mode: 0755 - - name: "(Install: Linux) Configure NGINX" + - name: "Configure NGINX" command: >- ./configure - --prefix=/usr - --pid-path=/var/run/nginx.pid --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --modules-path=/usr/lib/nginx/modules + --prefix=/usr + --pid-path=/var/run/nginx.pid --with-http_ssl_module - --with-stream --with-mail=dynamic + --with-stream {{ nginx_install_source_pcre | ternary('', '--with-pcre=../' + pcre_version) }} {{ nginx_install_source_zlib | ternary('', '--with-zlib=../' + zlib_version) }} {{ nginx_install_source_openssl | ternary('', '--with-openssl=../' + openssl_version) }} @@ -343,86 +343,86 @@ chdir: "/tmp/{{ nginx_version }}" register: nginx_configure - - name: "(Install: Linux) Make NGINX" + - name: "Make NGINX" make: chdir: "/tmp/{{ nginx_version }}" - - name: "(Install: Linux) Install NGINX" + - name: "Install NGINX" make: chdir: "/tmp/{{ nginx_version }}" target: install - - name: "(Install: Linux) Upload systemd NGINX Service File" + - name: "Upload systemd NGINX service file" copy: src: services/nginx.systemd dest: /lib/systemd/system/nginx.service owner: root group: root mode: 0644 - when: ansible_service_mgr == "systemd" + when: ansible_facts['service_mgr'] == "systemd" - - name: "(Install: Linux) Enable systemd NGINX Service File" + - name: "Enable systemd NGINX service file" systemd: daemon_reload: yes name: nginx state: restarted enabled: yes - when: ansible_service_mgr == "systemd" - notify: "(Handler: All OSs) Start NGINX" + when: ansible_facts['service_mgr'] == "systemd" + notify: "(Handler) Start NGINX" - - name: "(Install: Linux) Upload upstart NGINX Service File" + - name: "Upload upstart NGINX service file" copy: src: services/nginx.upstart dest: /etc/init.d/nginx owner: root group: root mode: 0755 - when: ansible_service_mgr == "upstart" + when: ansible_facts['service_mgr'] == "upstart" - - name: "(Install: Linux) Upload upstart NGINX Service Conf File" + - name: "Upload upstart NGINX service conf file" copy: src: services/nginx.conf.upstart dest: /etc/init/nginx.conf owner: root group: root mode: 0644 - when: ansible_service_mgr == "upstart" + when: ansible_facts['service_mgr'] == "upstart" - - name: "(Install: Linux) Enable upstart NGINX Service Reload" + - name: "Enable upstart NGINX service reload" command: "initctl reload-configuration" - when: ansible_service_mgr == "upstart" + when: ansible_facts['service_mgr'] == "upstart" - - name: "(Install: Linux) Start upstart NGINX Service Reload" + - name: "Start upstart NGINX service reload" command: "nginx" - when: ansible_service_mgr == "upstart" - notify: "(Handler: All OSs) Start NGINX" + when: ansible_facts['service_mgr'] == "upstart" + notify: "(Handler) Start NGINX" - - name: "(Install: Linux) Upload sysvinit NGINX Service File" + - name: "Upload sysvinit NGINX service file" copy: src: services/nginx.sysvinit dest: /etc/init.d/nginx owner: root group: root mode: 0755 - when: ansible_service_mgr == "sysvinit" - notify: "(Handler: All OSs) Start NGINX" + when: ansible_facts['service_mgr'] == "sysvinit" + notify: "(Handler) Start NGINX" - - name: "(Install: Linux) Upload openrc NGINX Service File" + - name: "Upload openrc NGINX service file" copy: src: services/nginx.openrc dest: /etc/init.d/nginx owner: root group: root mode: 0755 - when: ansible_service_mgr == "openrc" + when: ansible_facts['service_mgr'] == "openrc" - - name: "(Install: Linux) Enable openrc NGINX Service" + - name: "Enable openrc NGINX service" command: rc-update add nginx default - notify: "(Handler: All OSs) Start NGINX" - when: ansible_service_mgr == "openrc" + when: ansible_facts['service_mgr'] == "openrc" + notify: "(Handler) Start NGINX" when: not nginx_result.stat.exists -- name: "(Install: Linux) Cleanup Downloads" +- name: "Cleanup downloads" file: path: "{{ item }}" state: absent diff --git a/tasks/opensource/install-suse.yml b/tasks/opensource/install-suse.yml new file mode 100644 index 0000000..7544969 --- /dev/null +++ b/tasks/opensource/install-suse.yml @@ -0,0 +1,13 @@ +--- +- name: "(SLES) Configure NGINX repository" + zypper_repository: + name: "nginx-{{ nginx_branch }}" + repo: "{{ repository }}" + +- name: "(SLES) Install NGINX" + zypper: + name: "nginx{{ nginx_version | default('') }}" + state: "{{ nginx_state }}" + disable_recommends: no + update_cache: yes + notify: "(Handler) Start NGINX" diff --git a/tasks/opensource/setup-alpine.yml b/tasks/opensource/setup-alpine.yml deleted file mode 100644 index f5aa5b9..0000000 --- a/tasks/opensource/setup-alpine.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: "(Install: Alpine) Set Default APK NGINX Repository" - set_fact: - default_repository: >- - https://nginx.org/packages/{{ (nginx_branch == 'mainline') - | ternary('mainline/', '') }}alpine/v{{ ansible_distribution_version.split('.')[0] }}.{{ ansible_distribution_version.split('.')[1] }}/main - -- name: "(Install: Alpine) Set APK NGINX Repository" - set_fact: - repository: "{{ nginx_repository | default(default_repository) }}" - -- name: "(Install: Alpine) Add NGINX Repository" - lineinfile: - path: /etc/apk/repositories - insertafter: EOF - line: "{{ repository }}" - -- name: "(Install: Alpine) Install Required Alpine Dependencies" - apk: - name: - - openssl - - pcre - -- name: "(Install: Alpine) Install NGINX" - apk: - name: "nginx{{ nginx_version | default('') }}" - repository: "{{ repository }}" - state: "{{ nginx_state }}" - notify: "(Handler: All OSs) Start NGINX" diff --git a/tasks/opensource/setup-debian.yml b/tasks/opensource/setup-debian.yml deleted file mode 100644 index 5e26c9b..0000000 --- a/tasks/opensource/setup-debian.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: "(Install: Debian/Ubuntu) Set Default APT NGINX Repository" - set_fact: - default_repository: - - >- - deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline') - | ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx - - >- - deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline') - | ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx - -- name: "(Install: Debian/Ubuntu) Set APT NGINX Repository" - set_fact: - repository: "{{ nginx_repository | default(default_repository) }}" - -- name: "(Install: Debian/Ubuntu) Add NGINX Repository" - apt_repository: - filename: nginx - repo: "{{ item }}" - update_cache: yes - mode: 0644 - loop: "{{ repository }}" - -- name: "(Install: Debian/Ubuntu) Install NGINX" - apt: - name: "nginx{{ nginx_version | default('') }}" - state: "{{ nginx_state }}" - notify: "(Handler: All OSs) Start NGINX" diff --git a/tasks/opensource/setup-redhat.yml b/tasks/opensource/setup-redhat.yml deleted file mode 100644 index ff8394e..0000000 --- a/tasks/opensource/setup-redhat.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- name: "(Install: CentOS/RedHat) Set Default YUM NGINX Repository" - set_fact: - default_repository: >- - https://nginx.org/packages/{{ (nginx_branch == 'mainline') - | ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat") - | ternary('rhel', 'centos') }}/{{ ansible_distribution_major_version }}/$basearch/ - -- name: "(Install: CentOS/RedHat) Set YUM NGINX Repository" - set_fact: - repository: "{{ nginx_repository | default(default_repository) }}" - -- name: "(Install: CentOS/RedHat) Add NGINX Repository for CentOS/RHEL 6/7" - yum_repository: - name: nginx - baseurl: "{{ repository }}" - description: NGINX Repository - enabled: yes - gpgcheck: yes - mode: 0644 - when: ansible_distribution_major_version < "8" - -- name: "(Install: CentOS/RedHat) Add NGINX Repository for CentOS/RHEL 8" - blockinfile: - path: /etc/yum.repos.d/nginx.repo - create: yes - block: | - [nginx] - baseurl = {{ repository }} - enabled = 1 - gpgcheck = 1 - name = NGINX Repository - module_hotfixes = true - mode: 0644 - when: ansible_distribution_major_version == "8" - -- name: "(Install: CentOS/RedHat) Install Required CentOS/RedHat Dependencies" - yum: - name: openssl - -- name: "(Install: CentOS/RedHat) Install NGINX" - yum: - name: "nginx{{ nginx_version | default('') }}" - state: "{{ nginx_state }}" - disablerepo: "*" - enablerepo: "nginx" - notify: "(Handler: All OSs) Start NGINX" diff --git a/tasks/opensource/setup-suse.yml b/tasks/opensource/setup-suse.yml deleted file mode 100644 index cc7bef1..0000000 --- a/tasks/opensource/setup-suse.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: "(Install: SUSE) Set Default SUSE NGINX Repository" - set_fact: - default_repository: >- - https://nginx.org/packages/{{ (nginx_branch == 'mainline') - | ternary('mainline/', '') }}sles/{{ ansible_distribution_major_version }} - -- name: "(Install: SUSE) Set SUSE NGINX Repository" - set_fact: - repository: "{{ nginx_repository | default(default_repository) }}" - -- name: "(Install: SUSE) Add NGINX Repository" - zypper_repository: - name: "nginx-{{ nginx_branch }}" - repo: "{{ repository }}" - -- name: "(Install: SUSE) Install NGINX" - zypper: - name: "nginx{{ nginx_version | default('') }}" - state: "{{ nginx_state }}" - notify: "(Handler: All OSs) Start NGINX" diff --git a/tasks/plus/delete-license.yml b/tasks/plus/delete-license.yml deleted file mode 100644 index c07c981..0000000 --- a/tasks/plus/delete-license.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: "(Setup: All OSs) Set NGINX Plus License State" - set_fact: - nginx_license_status: absent - -- name: "(Setup: All OSs Besides Alpine Linux) Delete NGINX Plus License" - file: - path: /etc/ssl/nginx - state: absent - when: ansible_distribution != "Alpine" - -- name: "(Setup: Alpine Linux) Delete NGINX Plus License" - file: - path: "{{ item }}" - state: absent - loop: - - /etc/apk/cert.key - - /etc/apk/cert.pem - when: ansible_distribution == "Alpine" - -- include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml" - when: ansible_os_family == "Alpine" - or ansible_os_family == "FreeBSD" - or ansible_os_family == "Debian" - or ansible_os_family == "RedHat" - or ansible_os_family == "Suse" diff --git a/tasks/plus/install-alpine.yml b/tasks/plus/install-alpine.yml new file mode 100644 index 0000000..0e96dd7 --- /dev/null +++ b/tasks/plus/install-alpine.yml @@ -0,0 +1,14 @@ +--- +- name: "(Alpine Linux) Configure NGINX Plus repository" + lineinfile: + path: /etc/apk/repositories + insertafter: EOF + line: "{{ repository }}" + state: "{{ nginx_license_status | default ('present') }}" + +- name: "(Alpine Linux) Install NGINX Plus" + apk: + name: "nginx-plus{{ nginx_version | default('') }}" + repository: "{{ repository }}" + state: "{{ nginx_state }}" + notify: "(Handler) Start NGINX" diff --git a/tasks/plus/setup-debian.yml b/tasks/plus/install-debian.yml similarity index 65% rename from tasks/plus/setup-debian.yml rename to tasks/plus/install-debian.yml index 680f6bc..4edbff4 100644 --- a/tasks/plus/setup-debian.yml +++ b/tasks/plus/install-debian.yml @@ -1,5 +1,5 @@ --- -- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus License" +- name: "(Debian/Ubuntu) Set up NGINX Plus license verification" blockinfile: path: /etc/apt/apt.conf.d/90nginx create: yes @@ -11,10 +11,16 @@ state: "{{ nginx_license_status | default ('present') }}" mode: 0444 -- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus Repository" +- name: "(Debian/Ubuntu) Configure NGINX Plus repository" apt_repository: filename: nginx-plus - repo: deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus + repo: "{{ repository }}" update_cache: yes state: "{{ nginx_license_status | default ('present') }}" mode: 0644 + +- name: "(Debian/Ubuntu) Install NGINX Plus" + apt: + name: "nginx-plus{{ nginx_version | default('') }}" + state: "{{ nginx_state }}" + notify: "(Handler) Start NGINX" diff --git a/tasks/plus/setup-bsd.yml b/tasks/plus/install-freebsd.yml similarity index 62% rename from tasks/plus/setup-bsd.yml rename to tasks/plus/install-freebsd.yml index 2620312..d35e6b6 100644 --- a/tasks/plus/setup-bsd.yml +++ b/tasks/plus/install-freebsd.yml @@ -1,18 +1,5 @@ --- -- name: "(Setup: FreeBSD) Setup NGINX Plus Repository" - blockinfile: - path: /etc/pkg/nginx-plus.conf - create: yes - block: | - nginx-plus: { - URL: pkg+https://plus-pkgs.nginx.com/freebsd/${ABI}/latest - ENABLED: yes - MIRROR_TYPE: SRV - } - state: "{{ nginx_license_status | default ('present') }}" - mode: 0644 - -- name: "(Setup: FreeBSD) Setup NGINX Plus License" +- name: "(FreeBSD) Set up NGINX Plus license verification" blockinfile: path: /usr/local/etc/pkg.conf block: | @@ -20,3 +7,22 @@ SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt", SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" } state: "{{ nginx_license_status | default ('present') }}" + +- name: "(FreeBSD) Configure NGINX Plus repository" + blockinfile: + path: /etc/pkg/nginx-plus.conf + create: yes + block: | + nginx-plus: { + URL: {{ repository }} + ENABLED: yes + MIRROR_TYPE: SRV + } + state: "{{ nginx_license_status | default ('present') }}" + mode: 0644 + +- name: "(FreeBSD) Install NGINX Plus" + pkgng: + name: "nginx-plus{{ nginx_version | default('') }}" + state: "{{ nginx_state }}" + notify: "(Handler) Start NGINX" diff --git a/tasks/plus/install-plus-bsd.yml b/tasks/plus/install-plus-bsd.yml deleted file mode 100644 index 753bf94..0000000 --- a/tasks/plus/install-plus-bsd.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- include_tasks: "{{ role_path }}/tasks/plus/setup-bsd.yml" - when: ansible_os_family == "FreeBSD" - -- name: "(Install: FreeBSD) Install NGINX Plus" - pkgng: - name: "nginx-plus{{ nginx_version | default('') }}" - state: "{{ nginx_state }}" - notify: "(Handler: All OSs) Start NGINX" diff --git a/tasks/plus/install-plus-linux.yml b/tasks/plus/install-plus-linux.yml deleted file mode 100644 index 9d6250d..0000000 --- a/tasks/plus/install-plus-linux.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: "(Setup: Linux) Setup NGINX Plus Repository" - include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml" - when: ansible_os_family == "Alpine" - or ansible_os_family == "Debian" - or ansible_os_family == "RedHat" - or ansible_os_family == "Suse" - -- name: "(Install: Linux) Modify Service for Systemd" - include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml" - when: - - ansible_service_mgr == "systemd" - - nginx_service_modify | bool - -- name: "(Install: Linux) Install NGINX Plus" - package: - name: "nginx-plus{{ nginx_version | default('') }}" - state: "{{ nginx_state }}" - notify: "(Handler: All OSs) Start NGINX" diff --git a/tasks/plus/install-plus.yml b/tasks/plus/install-plus.yml index 28dd4f3..a4c99d7 100644 --- a/tasks/plus/install-plus.yml +++ b/tasks/plus/install-plus.yml @@ -1,11 +1,19 @@ --- -- name: "(Install: All OSs) Setup license" - include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml" +- name: "Install NGINX Plus" + debug: + msg: "Installing NGINX Plus" + when: nginx_debug_tasks | bool -- name: "(Install: Linux) Install NGINX Plus" - include_tasks: "{{ role_path }}/tasks/plus/install-plus-linux.yml" - when: ansible_os_family in nginx_plus_linux_families +- name: "Set NGINX Plus repository" + set_fact: + repository: >- + {{ nginx_repository | + default(nginx_plus_default_repository[(ansible_facts['distribution'] == 'Amazon') | ternary('amazon', ansible_facts['os_family'] | lower)]) }} -- name: "(Install: FreeBSD) Install NGINX Plus" - include_tasks: "{{ role_path }}/tasks/plus/install-plus-bsd.yml" - when: ansible_system in nginx_plus_bsd_systems +- name: "Install NGINX from repository" + include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml" + +- name: "Install NGINX Plus" + debug: + msg: "Done installing NGINX Plus" + when: nginx_debug_tasks | bool diff --git a/tasks/plus/install-redhat.yml b/tasks/plus/install-redhat.yml new file mode 100644 index 0000000..39b2a38 --- /dev/null +++ b/tasks/plus/install-redhat.yml @@ -0,0 +1,21 @@ +--- +- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Configure NGINX Plus repository" + yum_repository: + name: nginx-plus + baseurl: "{{ repository }}" + description: NGINX Plus Repository + sslclientcert: /etc/ssl/nginx/nginx-repo.crt + sslclientkey: /etc/ssl/nginx/nginx-repo.key + enabled: yes + gpgcheck: yes + state: "{{ nginx_license_status | default ('present') }}" + mode: 0644 + +- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Install NGINX Plus" + yum: + name: "nginx-plus{{ nginx_version | default('') }}" + state: "{{ nginx_state }}" + disablerepo: "*" + enablerepo: "nginx-plus" + update_cache: yes + notify: "(Handler) Start NGINX" diff --git a/tasks/plus/install-suse.yml b/tasks/plus/install-suse.yml new file mode 100644 index 0000000..a2abfe4 --- /dev/null +++ b/tasks/plus/install-suse.yml @@ -0,0 +1,19 @@ +--- +- name: "(SLES) Combine NGINX Plus certificate and license key" + assemble: + src: /etc/ssl/nginx + dest: /etc/ssl/nginx/nginx-repo-bundle.crt + mode: 0444 + +- name: "(SLES) Configure NGINX Plus repository" + zypper_repository: + name: nginx-plus + repo: "{{ repository }}" + state: "{{ nginx_license_status | default ('present') }}" + +- name: "(SLES) Install NGINX Plus" + zypper: + name: "nginx-plus{{ nginx_version | default('') }}" + state: "{{ nginx_state }}" + update_cache: yes + notify: "(Handler) Start NGINX" diff --git a/tasks/plus/remove-license.yml b/tasks/plus/remove-license.yml new file mode 100644 index 0000000..84f057f --- /dev/null +++ b/tasks/plus/remove-license.yml @@ -0,0 +1,22 @@ +--- +- name: "Set NGINX Plus license state" + set_fact: + nginx_license_status: absent + +- name: "(Debian/Red Hat/SLES OSs) Delete NGINX Plus license" + file: + path: /etc/ssl/nginx + state: absent + when: ansible_facts['distribution'] != "Alpine" + +- name: "(Alpine Linux) Delete NGINX Plus license" + file: + path: "{{ item }}" + state: absent + loop: + - /etc/apk/cert.key + - /etc/apk/cert.pem + when: ansible_facts['distribution'] == "Alpine" + +- name: "Delete NGINX Plus repository data" + include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml" diff --git a/tasks/plus/setup-alpine.yml b/tasks/plus/setup-alpine.yml deleted file mode 100644 index 3bdc336..0000000 --- a/tasks/plus/setup-alpine.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: "(Setup: Alpine Linux) Setup NGINX Plus Repository" - lineinfile: - path: /etc/apk/repositories - insertafter: EOF - line: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main" - state: "{{ nginx_license_status | default ('present') }}" diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml index 8c2b5ef..6c49cb7 100644 --- a/tasks/plus/setup-license.yml +++ b/tasks/plus/setup-license.yml @@ -1,13 +1,18 @@ --- -- name: "(Setup: All OSs Besides Alpine Linux) Setup NGINX Plus License" +- name: "Set up NGINX Plus license" + debug: + msg: "Setting up NGINX Plus license" + when: nginx_debug_tasks | bool + +- name: "(Debian/Red Hat/SLES OSs) Set up NGINX Plus license" block: - - name: "(Setup: All OSs Besides Alpine Linux) Create SSL Directory" + - name: "(Debian/Red Hat/SLES OSs) Create SSL directory" file: path: /etc/ssl/nginx state: directory mode: 0755 - - name: "(Setup: All OSs Besides Alpine Linux) Copy NGINX Plus Certificate and License Key" + - name: "(Debian/Red Hat/SLES OSs) Copy NGINX Plus certificate and license key" copy: src: "{{ item }}" dest: /etc/ssl/nginx @@ -16,27 +21,32 @@ loop: - "{{ nginx_license.certificate }}" - "{{ nginx_license.key }}" - when: ansible_distribution != "Alpine" + when: ansible_facts['os_family'] != "Alpine" -- name: "(Setup: Alpine Linux) Setup NGINX Plus License" +- name: "(Alpine Linux) Set up NGINX Plus license" block: - - name: "(Setup: Alpine Linux) Create APK Directory" + - name: "(Alpine Linux) Create APK directory" file: path: /etc/apk state: directory mode: 0755 - - name: "(Setup: Alpine Linux) Copy NGINX Plus Key" + - name: "(Alpine Linux) Copy NGINX Plus key" copy: src: "{{ nginx_license.key }}" dest: /etc/apk/cert.key decrypt: yes mode: 0444 - - name: "(Setup: Alpine Linux) Copy NGINX Plus Certificate" + - name: "(Alpine Linux) Copy NGINX Plus certificate" copy: src: "{{ nginx_license.certificate }}" dest: /etc/apk/cert.pem decrypt: yes mode: 0444 - when: ansible_distribution == "Alpine" + when: ansible_facts['os_family'] == "Alpine" + +- name: "Set up NGINX Plus license" + debug: + msg: "Done setting up NGINX Plus license" + when: nginx_debug_tasks | bool diff --git a/tasks/plus/setup-redhat.yml b/tasks/plus/setup-redhat.yml deleted file mode 100644 index 8dbb968..0000000 --- a/tasks/plus/setup-redhat.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: "(Setup: CentOS/RedHat/Oracle Linux) Setup NGINX Plus Repository" - yum_repository: - name: nginx-plus - baseurl: >- - https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0) - | ternary('7.4', ansible_distribution_major_version | int) }}/$basearch/ - description: NGINX Plus Repository - sslclientcert: /etc/ssl/nginx/nginx-repo.crt - sslclientkey: /etc/ssl/nginx/nginx-repo.key - enabled: yes - gpgcheck: yes - state: "{{ nginx_license_status | default ('present') }}" - mode: 0644 - when: ansible_distribution != "Amazon" - -- name: "(Setup: Amazon Linux) Setup NGINX Plus Repository" - yum_repository: - name: nginx-plus - baseurl: >- - https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == '2') - | ternary('2', '') }}/$releasever/$basearch - description: NGINX Plus Repository - sslclientcert: /etc/ssl/nginx/nginx-repo.crt - sslclientkey: /etc/ssl/nginx/nginx-repo.key - enabled: yes - gpgcheck: yes - state: "{{ nginx_license_status | default ('present') }}" - mode: 0644 - when: ansible_distribution == "Amazon" diff --git a/tasks/plus/setup-suse.yml b/tasks/plus/setup-suse.yml deleted file mode 100644 index 4377ac0..0000000 --- a/tasks/plus/setup-suse.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: "(Setup: SUSE) Setup NGINX Plus Certificate and License Keys" - assemble: - src: /etc/ssl/nginx - dest: /etc/ssl/nginx/nginx-repo-bundle.crt - mode: 0444 - -- name: "(Setup: SUSE) Setup NGINX Plus Repository" - zypper_repository: - name: nginx-plus - repo: "https://plus-pkgs.nginx.com/sles/{{ ansible_distribution_major_version }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host" - state: "{{ nginx_license_status | default ('present') }}" diff --git a/tasks/prerequisites/install-dependencies.yml b/tasks/prerequisites/install-dependencies.yml new file mode 100644 index 0000000..e6f9e4d --- /dev/null +++ b/tasks/prerequisites/install-dependencies.yml @@ -0,0 +1,37 @@ +--- +- name: "(Alpine Linux) Install dependencies" + apk: + name: "{{ nginx_alpine_dependencies }}" + update_cache: yes + when: ansible_facts['os_family'] == "Alpine" + +- name: "(Debian/Ubuntu) Install dependencies" + apt: + name: "{{ nginx_debian_dependencies }}" + update_cache: yes + when: ansible_facts['os_family'] == "Debian" + +- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies" + yum: + name: "{{ nginx_redhat_dependencies }}" + when: ansible_facts['os_family'] == "RedHat" + +- name: "(SLES) Install dependencies" + zypper: + name: "{{ nginx_sles_dependencies }}" + when: ansible_facts['os_family'] == "Suse" + +- name: "(FreeBSD) Install dependencies" + block: + - name: "(FreeBSD) Install dependencies using package(s)" + pkgng: + name: "{{ nginx_freebsd_dependencies }}" + when: nginx_bsd_install_packages | bool + + - name: "(FreeBSD) Install dependencies using port(s)" + portinstall: + name: "{{ item }}" + use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}" + loop: "{{ nginx_freebsd_dependencies }}" + when: not nginx_bsd_install_packages | bool + when: ansible_facts['distribution'] == "FreeBSD" diff --git a/tasks/prerequisites/prerequisites.yml b/tasks/prerequisites/prerequisites.yml new file mode 100644 index 0000000..36ae9bb --- /dev/null +++ b/tasks/prerequisites/prerequisites.yml @@ -0,0 +1,38 @@ +--- +- name: "Install dependencies" + debug: + msg: "Installing dependencies" + when: nginx_debug_tasks | bool + +- name: "Install dependencies" + include_tasks: "{{ role_path }}/tasks/prerequisites/install-dependencies.yml" + +- name: "Install dependencies" + debug: + msg: "Done installing dependencies" + when: nginx_debug_tasks | bool + +- name: "Set up SELinux" + block: + - name: "Set up SELinux" + debug: + msg: "Setting up SELinux" + when: nginx_debug_tasks | bool + + - name: "Check if SELinux is enabled" + debug: + msg: "You need to enable SELinux, if it was disabled you need to reboot" + when: ansible_facts['selinux'] is undefined + + - name: "Configure SELinux" + include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml" + when: ansible_facts['selinux.mode'] is defined + + - name: "Set up SELinux" + debug: + msg: "Done setting up SELinux" + when: nginx_debug_tasks | bool + when: + - nginx_selinux | bool + - ansible_facts['os_family'] in ['RedHat', 'Suse'] + - ansible_facts['distribution'] not in ['Amazon', 'OracleLinux'] diff --git a/tasks/prerequisites/setup-alpine.yml b/tasks/prerequisites/setup-alpine.yml deleted file mode 100644 index ed97d53..0000000 --- a/tasks/prerequisites/setup-alpine.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/tasks/prerequisites/setup-debian.yml b/tasks/prerequisites/setup-debian.yml deleted file mode 100644 index 6f1c0f2..0000000 --- a/tasks/prerequisites/setup-debian.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: "(Setup: Debian/Ubuntu) Install Required Debian and Ubuntu Dependencies" - apt: - name: - - apt-transport-https - - dirmngr - update_cache: yes diff --git a/tasks/prerequisites/setup-freebsd.yml b/tasks/prerequisites/setup-freebsd.yml deleted file mode 100644 index 472b1ae..0000000 --- a/tasks/prerequisites/setup-freebsd.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: "(Setup: FreeBSD) Install Required Dependencies" - block: - - name: "(Setup: FreeBSD) Install Extra Package(s)" - pkgng: - name: "{{ nginx_freebsd_extra_packages }}" - when: nginx_bsd_install_packages | bool - - - name: "(Setup: FreeBSD) Install Extra Port(s)" - portinstall: - name: "{{ item }}" - use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}" - loop: "{{ nginx_freebsd_extra_packages }}" - when: not nginx_bsd_install_packages | bool diff --git a/tasks/prerequisites/setup-redhat.yml b/tasks/prerequisites/setup-redhat.yml deleted file mode 100644 index 886d5eb..0000000 --- a/tasks/prerequisites/setup-redhat.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: "(Setup: RedHat/CentOS) Setup SELinux" - include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml" - when: - - nginx_selinux | bool - - ansible_selinux.mode is defined diff --git a/tasks/prerequisites/setup-selinux.yml b/tasks/prerequisites/setup-selinux.yml index 4c45b65..247be30 100644 --- a/tasks/prerequisites/setup-selinux.yml +++ b/tasks/prerequisites/setup-selinux.yml @@ -1,50 +1,42 @@ --- -- name: "(Setup: SELinux) Install Required CentOS/RHEL 6/7 Dependencies" - package: - name: - - policycoreutils-python - - setools - state: present - when: - - ansible_os_family == "RedHat" - - ansible_distribution_major_version != "8" +- name: "(CentOS/RHEL) Install dependencies" + block: + - name: "(CentOS/RHEL 6/7) Install dependencies" + yum: + name: + - policycoreutils-python + - setools + when: ansible_facts['distribution_major_version'] is version('8', '!=') -- name: "(Setup: SELinux) Install Required CentOS/RHEL 8 Dependencies" - package: - name: - - selinux-policy-targeted - - libselinux-utils - - policycoreutils - state: present - when: - - ansible_os_family == "RedHat" - - ansible_distribution_major_version == "8" + - name: "(CentOS/RHEL 8) Install dependencies" + yum: + name: + - libselinux-utils + - policycoreutils + - selinux-policy-targeted + when: ansible_facts['distribution_major_version'] is version('8', '==') + when: ansible_facts['os_family'] == "RedHat" -- name: "(Setup: SELinux) Check if SELinux is Enabled" - debug: - msg: "You need to enable selinux, if it was disabled you need to reboot" - when: ansible_selinux is undefined - -- name: "(Setup: SELinux) Setup Permissive SELinux" +- name: "Set SELinux mode to permissive" selinux: state: permissive policy: targeted changed_when: false - when: ansible_selinux.mode == "enforcing" + when: ansible_facts['selinux.mode'] == "enforcing" -- name: "(Setup: SELinux) Allow HTTP Network Connection" +- name: "Allow SELinux HTTP network connections" seboolean: name: httpd_can_network_connect state: yes persistent: yes -- name: "(Setup: SELinux) Allow HTTP Relay Connection" +- name: "Allow SELinux HTTP network connections" seboolean: name: httpd_can_network_relay state: yes persistent: yes -- name: "(Setup: SELinux) Allow Status Ports" +- name: "Allow SELinux TCP connections on status ports" seport: ports: "{{ nginx_status_port }}" proto: tcp @@ -52,7 +44,7 @@ state: present when: nginx_status_port is defined -- name: "(Setup: SELinux) Allow Rest API Ports" +- name: "Allow SELinux TCP connections on Rest API ports" seport: ports: "{{ nginx_rest_api_port }}" proto: tcp @@ -60,7 +52,7 @@ state: present when: nginx_rest_api_port is defined -- name: "(Setup: SELinux) Allow Specific TCP Ports" +- name: "Allow SELinux TCP connections on specific ports" seport: ports: "{{ nginx_selinux_tcp_ports }}" proto: tcp @@ -68,7 +60,7 @@ state: present when: nginx_selinux_tcp_ports is defined -- name: "(Setup: SELinux) Allow Specific UDP Ports" +- name: "Allow SELinux UDP connections on specific ports" seport: ports: "{{ nginx_selinux_udp_ports }}" proto: udp @@ -76,35 +68,35 @@ state: present when: nginx_selinux_udp_ports is defined -- name: "(Setup: SELinux) Create NGINX Plus Module" +- name: "Create SELinux NGINX Plus Module" template: src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2" - dest: "{{ nginx_tempdir }}/nginx-plus-module.te" + dest: "{{ nginx_selinux_tempdir }}/nginx-plus-module.te" mode: 0644 register: nginx_selinux_module -- name: "(Setup: SELinux) Check NGINX Plus Module" - command: "checkmodule -M -m -o {{ nginx_tempdir }}/nginx-plus-module.mod {{ nginx_tempdir }}/nginx-plus-module.te" +- name: "Check SELinux NGINX Plus Module" + command: "checkmodule -M -m -o {{ nginx_selinux_tempdir }}/nginx-plus-module.mod {{ nginx_selinux_tempdir }}/nginx-plus-module.te" args: - creates: "{{ nginx_tempdir }}/nginx-plus-module.mod" + creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.mod" changed_when: false -- name: "(Setup: SELinux) Compile NGINX Plus Module" - command: "semodule_package -o {{ nginx_tempdir }}/nginx-plus-module.pp -m {{ nginx_tempdir }}/nginx-plus-module.mod" +- name: "Compile SELinux NGINX Plus Module" + command: "semodule_package -o {{ nginx_selinux_tempdir }}/nginx-plus-module.pp -m {{ nginx_selinux_tempdir }}/nginx-plus-module.mod" args: - creates: "{{ nginx_tempdir }}/nginx-plus-module.pp" + creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.pp" changed_when: false -- name: "(Setup: SELinux) Import NGINX Plus Module" - command: "semodule -i {{ nginx_tempdir }}/nginx-plus-module.pp" # noqa 503 +- name: "Import SELinux NGINX Plus Module" + command: "semodule -i {{ nginx_selinux_tempdir }}/nginx-plus-module.pp" # noqa 503 changed_when: false - when: nginx_selinux_module.changed + when: nginx_selinux_module.changed | bool -- name: "(Setup: SELinux) Enforce SELinux" +- name: "Set SELinux mode to enforcing" selinux: state: enforcing policy: targeted changed_when: false when: - - nginx_selinux_enforcing - - ansible_selinux.mode == "permissive" + - nginx_selinux_enforcing | bool + - ansible_facts['selinux.mode'] == "permissive" diff --git a/tasks/prerequisites/setup-suse.yml b/tasks/prerequisites/setup-suse.yml deleted file mode 100644 index 7940a1a..0000000 --- a/tasks/prerequisites/setup-suse.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: "(Setup: SUSE) Setup SELinux" - include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml" - when: - - nginx_selinux | bool - - ansible_selinux.mode is defined diff --git a/tasks/unit/install-modules.yml b/tasks/unit/install-modules.yml index ae2f711..ffdf113 100644 --- a/tasks/unit/install-modules.yml +++ b/tasks/unit/install-modules.yml @@ -1,16 +1,17 @@ +## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit) --- -- name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit Modules" +- name: "(Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit Modules" package: name: "{{ item }}" state: present loop: "{{ nginx_unit_modules }}" - when: ansible_os_family != "FreeBSD" + when: ansible_facts['os_family'] != "FreeBSD" notify: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit" -- name: "(Install: FreeBSD) Install NGINX Unit Modules" +- name: "(FreeBSD) Install NGINX Unit Modules" portinstall: name: "{{ item }}" state: present loop: "{{ nginx_unit_modules }}" - when: ansible_os_family == "FreeBSD" + when: ansible_facts['os_family'] == "FreeBSD" notify: "(Handler: FreeBSD) Start NGINX Unit" diff --git a/tasks/unit/install-unit.yml b/tasks/unit/install-unit.yml index ff06604..559b378 100644 --- a/tasks/unit/install-unit.yml +++ b/tasks/unit/install-unit.yml @@ -1,24 +1,29 @@ +## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit) --- -- name: "(Setup: All OSs) Configure NGINX Unit Repository" - include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_os_family | lower }}.yml" - when: ansible_os_family == "Debian" - or ansible_os_family == "RedHat" - or ansible_os_family == "FreeBSD" +- name: "Deprecation warning" + debug: + msg: "DEPRECATED TASKS -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)" -- name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit" +- name: "(DEPRECATED) Configure NGINX Unit Repository" + include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_facts['os_family'] | lower }}.yml" + when: ansible_facts['os_family'] == "Debian" + or ansible_facts['os_family'] == "RedHat" + or ansible_facts['os_family'] == "FreeBSD" + +- name: "(DEPRECATED) Install NGINX Unit" package: name: unit state: present - when: ansible_os_family != "FreeBSD" + when: ansible_facts['os_family'] != "FreeBSD" notify: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit" -- name: "(Install: FreeBSD) Install NGINX Unit" +- name: "(DEPRECATED) Install NGINX Unit" portinstall: name: unit state: present - when: ansible_os_family == "FreeBSD" + when: ansible_facts['os_family'] == "FreeBSD" notify: "(Handler: FreeBSD) Start NGINX Unit" -- name: "(Install: All OSs) Install NGINX Unit modules" +- name: "(DEPRECATED) Install NGINX Unit modules" include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml" when: nginx_unit_modules is defined diff --git a/tasks/unit/setup-debian.yml b/tasks/unit/setup-debian.yml index fc14a2d..1204af3 100644 --- a/tasks/unit/setup-debian.yml +++ b/tasks/unit/setup-debian.yml @@ -1,8 +1,9 @@ +## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit) --- -- name: "(Install: Debian/Ubuntu) Add NGINX Unit Repository" +- name: "(DEPRECATED) Add NGINX Unit Repository" apt_repository: repo: "{{ item }}" mode: 0644 loop: - - deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit - - deb-src https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit + - deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_facts['distribution']|lower }}/ {{ ansible_facts['distribution_release'] }} unit + - deb-src https://packages.nginx.org/unit/{{ ansible_facts['distribution']|lower }}/ {{ ansible_facts['distribution_release'] }} unit diff --git a/tasks/unit/setup-freebsd.yml b/tasks/unit/setup-freebsd.yml index fdc1ae5..cfb4674 100644 --- a/tasks/unit/setup-freebsd.yml +++ b/tasks/unit/setup-freebsd.yml @@ -1,10 +1,11 @@ +## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit) --- -- name: "(Install: FreeBSD) Fetch Ports" +- name: "(DEPRECATED) Fetch Ports" command: portsnap fetch --interactive args: creates: /var/db/portsnap/INDEX -- name: "(Install: FreeBSD) Extract Ports" +- name: "(DEPRECATED) Extract Ports" command: portsnap extract args: creates: /usr/ports diff --git a/tasks/unit/setup-redhat.yml b/tasks/unit/setup-redhat.yml index 8c61f4e..b21c97e 100644 --- a/tasks/unit/setup-redhat.yml +++ b/tasks/unit/setup-redhat.yml @@ -1,20 +1,21 @@ +## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit) --- -- name: "(Install: CentOS/RedHat) Add NGINX Unit Repository" +- name: "(DEPRECATED) Add NGINX Unit Repository" yum_repository: name: unit - baseurl: https://packages.nginx.org/unit/{{ (ansible_distribution == "RedHat") | ternary('rhel/', 'centos/') }}$releasever/$basearch/ + baseurl: https://packages.nginx.org/unit/{{ (ansible_facts['distribution'] == "RedHat") | ternary('rhel/', 'centos/') }}$releasever/$basearch/ description: NGINX Unit Repository enabled: yes gpgcheck: yes mode: 0644 - when: ansible_distribution != "Amazon" + when: ansible_facts['distribution'] != "Amazon" -- name: "(Install: Amazon Linux) Add NGINX Unit Repository" +- name: "(DEPRECATED) Add NGINX Unit Repository" yum_repository: name: unit - baseurl: https://packages.nginx.org/unit/amzn{{ (ansible_distribution_version == "2") | ternary('2', '') }}/$releasever/$basearch/ + baseurl: https://packages.nginx.org/unit/amzn{{ (ansible_facts['distribution_version'] == "2") | ternary('2', '') }}/$releasever/$basearch/ description: NGINX Unit Repository enabled: yes gpgcheck: yes mode: 0644 - when: ansible_distribution == "Amazon" + when: ansible_facts['distribution'] == "Amazon" diff --git a/templates/logrotate/nginx.j2 b/templates/logrotate/nginx.j2 index 78ab547..22594e7 100644 --- a/templates/logrotate/nginx.j2 +++ b/templates/logrotate/nginx.j2 @@ -6,7 +6,7 @@ {{ option }} {% endfor %} postrotate -{% if ansible_os_family == "Debian" %} +{% if ansible_facts['os_family'] == "Debian" %} if [ -f /var/run/nginx.pid ]; then kill -USR1 `cat /var/run/nginx.pid` fi diff --git a/vars/main.yml b/vars/main.yml index a4f6e14..fc0d9d7 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,27 +1,97 @@ --- -nginx_modules_list: - - geoip - - image-filter - - njs - - perl - - xslt +# Supported NGINX Open Source distributions +# https://nginx.org/en/docs/install.html +nginx_distributions: [ + 'Alpine', 'CentOS', 'Debian', 'FreeBSD', 'RedHat', 'SLES', 'Ubuntu', + 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD', +] -nginx_plus_modules_list: - - auth-spnego - - brotli - - cookie-flag - - encrypted-session - - geoip - - geoip2 - - headers-more - - image-filter - - lua - - modsecurity - - njs - - opentracing - - passenger - - perl - - prometheus - - rtmp - - subs-filter - - xslt +# Supported NGINX Plus distributions +# https://docs.nginx.com/nginx/technical-specs/ +nginx_plus_distributions: [ + 'Alpine', 'Amazon', 'CentOS', 'Debian', 'FreeBSD', 'OracleLinux', 'RedHat', 'SLES', 'Ubuntu', +] + +# Default NGINX signing key +nginx_default_signing_key: + rsa_pub: https://nginx.org/keys/nginx_signing.rsa.pub + pgp: https://nginx.org/keys/nginx_signing.key + +# Default NGINX Open Source repositories +nginx_default_repository: + alpine: >- + https://nginx.org/packages/{{ (nginx_branch == 'mainline') + | ternary('mainline/', '') }}alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main + debian: + - >- + deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline') + | ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx + - >- + deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline') + | ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx + redhat: >- + https://nginx.org/packages/{{ (nginx_branch == 'mainline') + | ternary('mainline/', '') }}{{ (ansible_facts['distribution'] == "CentOS") + | ternary('centos', 'rhel') }}/{{ ansible_facts['distribution_major_version'] }}/$basearch/ + suse: >- + https://nginx.org/packages/{{ (nginx_branch == 'mainline') + | ternary('mainline/', '') }}sles/{{ ansible_facts['distribution_major_version'] }} + +# Default NGINX Plus repositories +nginx_plus_default_repository: + alpine: >- + https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main + amazon: >- + https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '==')) + | ternary('2', '') }}/$releasever/$basearch + debian: >- + deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus + freebsd: >- + https://plus-pkgs.nginx.com/freebsd/${ABI}/latest + redhat: >- + https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == "CentOS") + | ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=') + and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/ + suse: >- + https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host + +# Alpine dependencies +nginx_alpine_dependencies: [ + 'coreutils', 'openssl', 'pcre', +] + +# Debian dependencies +nginx_debian_dependencies: [ + 'apt-transport-https', 'ca-certificates', 'dirmngr', +] + +# Red Hat dependencies +nginx_redhat_dependencies: [ + 'ca-certificates', 'openssl', +] + +# SLES dependencies +nginx_sles_dependencies: [ + 'ca-certificates', +] + +# FreeBSD dependencies +nginx_freebsd_dependencies: [ + 'security/ca_root_nss' +] + +# Default locations and versions when 'nginx_install_from' is set to 'source' +pcre_version: pcre-8.44 +zlib_version: zlib-1.2.11 +openssl_version: openssl-1.1.1g + +# Supported NGINX Open Source modules +nginx_modules_list: [ + 'geoip', 'image-filter', 'njs', 'perl', 'xslt', +] + +# Supported NGINX Plus modules +nginx_plus_modules_list: [ + 'auth-spnego', 'brotli', 'cookie-flag', 'encrypted-session', 'geoip', 'geoip2', 'headers-more', 'image-filter', 'lua', + 'modsecurity', 'njs', 'opentracing', 'passenger', 'perl', 'prometheus', 'rtmp', 'subs-filter', 'xslt', +]