From 2289b6a070d27a9aa150e04944608bb33f99338c Mon Sep 17 00:00:00 2001 From: Tom Gamull Date: Wed, 25 Mar 2020 13:43:32 -0400 Subject: [PATCH] Buildfromsource (#233) * Add build from source option * Update to Molecule 3.0 * Add service manager to Debian images * Add .gitignore entry for Ansible retry files Co-authored-by: Alessandro Fael Garcia --- .gitignore | 8 + .travis.yml | 64 ++- .yamllint | 1 + README.md | 4 +- defaults/main/linux.yml | 5 + defaults/main/main.yml | 18 +- files/services/nginx.conf.upstart | 16 + files/services/nginx.openrc | 70 +++ files/services/nginx.systemd | 15 + files/services/nginx.sysvinit | 196 ++++++++ files/services/nginx.upstart | 196 ++++++++ files/www/index.html | 25 + molecule/common/Dockerfile.j2 | 16 +- {files => molecule/common/files}/www/.gitkeep | 0 molecule/common/playbook_default.yml | 6 +- molecule/common/playbook_source.yml | 19 + molecule/common/playbook_stable_push.yml | 2 + molecule/common/test_module/test_default.py | 3 +- molecule/common/test_source/test_default.py | 25 + .../common/test_stable_push/test_default.py | 3 +- molecule/common/test_template/test_default.py | 3 +- molecule/default/molecule.yml | 27 +- molecule/default_alpine/molecule.yml | 24 +- molecule/default_centos/molecule.yml | 15 +- molecule/module/molecule.yml | 27 +- molecule/module_alpine/molecule.yml | 24 +- molecule/module_centos/molecule.yml | 15 +- molecule/source/molecule.yml | 44 ++ molecule/source_alpine/molecule.yml | 44 ++ molecule/source_centos/molecule.yml | 30 ++ molecule/stable_push/molecule.yml | 27 +- molecule/stable_push_alpine/molecule.yml | 24 +- molecule/stable_push_centos/molecule.yml | 15 +- molecule/template/molecule.yml | 27 +- molecule/template_alpine/molecule.yml | 24 +- molecule/template_centos/molecule.yml | 15 +- molecule/unit/molecule.yml | 25 +- molecule/unit_alpine/molecule.yml | 22 +- molecule/unit_centos/molecule.yml | 13 +- tasks/opensource/install-oss-linux.yml | 4 + tasks/opensource/setup-source.yml | 437 ++++++++++++++++++ tasks/prerequisites/setup-debian.yml | 1 + 42 files changed, 1432 insertions(+), 147 deletions(-) create mode 100644 files/services/nginx.conf.upstart create mode 100644 files/services/nginx.openrc create mode 100644 files/services/nginx.systemd create mode 100644 files/services/nginx.sysvinit create mode 100644 files/services/nginx.upstart create mode 100644 files/www/index.html rename {files => molecule/common/files}/www/.gitkeep (100%) create mode 100644 molecule/common/playbook_source.yml create mode 100644 molecule/common/test_source/test_default.py create mode 100644 molecule/source/molecule.yml create mode 100644 molecule/source_alpine/molecule.yml create mode 100644 molecule/source_centos/molecule.yml create mode 100644 tasks/opensource/setup-source.yml diff --git a/.gitignore b/.gitignore index e4cb37b..489ae98 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,11 @@ __pycache__ *~ \#* + +# OS Specific +Thumbs.db +.DS_Store +.vscode + +# Ansible specific +*.retry \ No newline at end of file diff --git a/.travis.yml b/.travis.yml index 86da836..3a3dfd5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,30 +1,56 @@ --- -sudo: required language: python services: - docker -env: - - scenario: default - - scenario: default_alpine - - scenario: default_centos - - scenario: module - - scenario: module_alpine - - scenario: module_centos - - scenario: stable_push - - scenario: stable_push_alpine - - scenario: stable_push_centos - - scenario: template - - scenario: template_alpine - - scenario: template_centos - - scenario: unit - - scenario: unit_alpine - - scenario: unit_centos +jobs: + include: + - name: "Install Specific Version Test - Debian" + env: scenario=default + - name: "Install Specific Version Test - Alpine" + env: scenario=default_alpine + - name: "Install Specific Version Test - CentOS" + env: scenario=default_centos + - name: "Install Modules Test - Debian" + env: scenario=module + - name: "Install Modules Test - Alpine" + env: scenario=module_alpine + - name: "Install Modules Test - CentOS" + env: scenario=module_centos + - name: "Install Stable Branch and Push Configuration Test - Debian" + env: scenario=stable_push + - name: "Install Stable Branch and Push Configuration Test - Alpine" + env: scenario=stable_push_alpine + - name: "Install Stable Branch and Push Configuration Test - CentOS" + env: scenario=stable_push_centos + - name: "Use Template Setting Test - Debian" + env: scenario=template + - name: "Use Template Setting Test - Alpine" + env: scenario=template_alpine + - name: "Use Template Setting Test - CentOS" + env: scenario=template_centos + - name: "Install Unit Test - Debian" + env: scenario=unit + - name: "Install Unit Test - Alpine" + env: scenario=unit_alpine + - name: "Install Unit Test - CentOS" + env: scenario=unit_centos + - name: "Install from Source Test - Debian" + env: scenario=source + - name: "Install from Source Test - Alpine" + env: scenario=source_alpine + - name: "Install from Source Test - CentOS" + env: scenario=source_centos before_install: - sudo apt-get -qq update install: - - pip install ansible==2.9.4 - - pip install molecule[docker]==2.22 + - pip install ansible==2.9.6 + - pip install molecule[docker]>=3.0.0 + - pip install testinfra + - pip install ansible-lint + - pip install flake8 script: + - molecule --version + - ansible --version - travis_wait 50 molecule test -s $scenario notifications: webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/.yamllint b/.yamllint index cfab5e4..99e8630 100644 --- a/.yamllint +++ b/.yamllint @@ -1,3 +1,4 @@ +--- extends: default rules: diff --git a/README.md b/README.md index 15a7fc6..5cc122b 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ Instructions on how to install Ansible can be found in the [Ansible website](htt **Molecule** -Molecule is used to test the various functionailities of the role. Instructions on how to install Molecule can be found in the [Molecule website](https://molecule.readthedocs.io/en/stable/installation.html). +Molecule is used to test the various functionailities of the role. Instructions on how to install Molecule can be found in the [Molecule website](https://molecule.readthedocs.io/en/latest/installation.html). Installation ------------ @@ -45,6 +45,7 @@ Alpine: - 3.8 - 3.9 - 3.10 + - 3.11 CentOS: versions: - 6 @@ -81,6 +82,7 @@ Alpine: - 3.8 - 3.9 - 3.10 + - 3.11 Amazon Linux: versions: - 2018.03 diff --git a/defaults/main/linux.yml b/defaults/main/linux.yml index afb4fba..0be7b2f 100644 --- a/defaults/main/linux.yml +++ b/defaults/main/linux.yml @@ -6,3 +6,8 @@ nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse'] # https://docs.nginx.com/nginx/technical-specs/ # RedHat={Amazon,CentOS,OracleLinux,RHEL} Debian={Ubuntu,Debian} nginx_plus_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse'] + +# Default locations and versions for install from source +pcre_version: pcre-8.43 +zlib_version: zlib-1.2.11 +openssl_version: openssl-1.1.1c diff --git a/defaults/main/main.yml b/defaults/main/main.yml index 2b88566..98d827c 100644 --- a/defaults/main/main.yml +++ b/defaults/main/main.yml @@ -28,11 +28,25 @@ nginx_type: opensource nginx_state: present # Specify repository origin for NGINX Open Source. -# Options are 'nginx_repository' or 'os_repository'. +# Options are 'nginx_repository', 'source' or 'os_repository'. # Only works if 'nginx_type' is set to 'opensource'. # Default is nginx_repository. nginx_install_from: nginx_repository +# Specify source install options for NGINX Open Source. +# Options represent whether to install from source also +# or to install from packages (default). These only apply +# if 'nginx_install_from' is set to 'source' +# For the tools, true means we will isntall from a package +# and false means install from source. +# 'nginx_install_source_build_tools' will install compiler +# and build tools from packages. If false, you need to have +# these present. +nginx_install_source_build_tools: true +nginx_install_source_pcre: false +nginx_install_source_openssl: true +nginx_install_source_zlib: false + # Choose where to fetch the NGINX signing key from. # Default is the official NGINX signing key host. # nginx_signing_key: http://nginx.org/keys/nginx_signing.key @@ -44,7 +58,7 @@ nginx_install_from: nginx_repository # Specify which branch of NGINX Open Source you want to install. # Options are 'mainline' or 'stable'. -# Only works if 'install_from' is set to 'nginx_repository'. +# Only works if 'install_from' is set to 'nginx_repository' or 'source'. # Default is mainline. nginx_branch: mainline diff --git a/files/services/nginx.conf.upstart b/files/services/nginx.conf.upstart new file mode 100644 index 0000000..da562ab --- /dev/null +++ b/files/services/nginx.conf.upstart @@ -0,0 +1,16 @@ +description "nginx - small, powerful, scalable web/proxy server" + +start on filesystem and static-network-up +stop on runlevel [016] + +expect fork +respawn + +pre-start script + [ -x /usr/sbin/nginx ] || { stop; exit 0; } + /usr/sbin/nginx -q -t -g 'daemon on; master_process on;' || { stop; exit 0; } +end script + +exec /usr/sbin/nginx -g 'daemon on; master_process on;' + +pre-stop exec /usr/sbin/nginx -s quit \ No newline at end of file diff --git a/files/services/nginx.openrc b/files/services/nginx.openrc new file mode 100644 index 0000000..d8a1231 --- /dev/null +++ b/files/services/nginx.openrc @@ -0,0 +1,70 @@ +#!/sbin/openrc-run + +description="Nginx http and reverse proxy server" +extra_commands="checkconfig" +extra_started_commands="reload reopen upgrade" + +cfgfile=${cfgfile:-/etc/nginx/nginx.conf} +pidfile=/var/run/nginx.pid +command=/usr/sbin/nginx +command_args="-c $cfgfile" +required_files="$cfgfile" + +depend() { + need net + use dns logger netmount +} + +start_pre() { + $command $command_args -t -q +} + +checkconfig() { + ebegin "Checking $RC_SVCNAME configuration" + start_pre + eend $? +} + +reload() { + ebegin "Reloading $RC_SVCNAME configuration" + start_pre && start-stop-daemon --signal HUP --pidfile $pidfile + eend $? +} + +reopen() { + ebegin "Reopening $RC_SVCNAME log files" + start-stop-daemon --signal USR1 --pidfile $pidfile + eend $? +} + +upgrade() { + start_pre || return 1 + + ebegin "Upgrading $RC_SVCNAME binary" + + einfo "Sending USR2 to old binary" + start-stop-daemon --signal USR2 --pidfile $pidfile + + einfo "Sleeping 3 seconds before pid-files checking" + sleep 3 + + if [ ! -f $pidfile.oldbin ]; then + eerror "File with old pid ($pidfile.oldbin) not found" + return 1 + fi + + if [ ! -f $pidfile ]; then + eerror "New binary failed to start" + return 1 + fi + + einfo "Sleeping 3 seconds before WINCH" + sleep 3 ; start-stop-daemon --signal 28 --pidfile $pidfile.oldbin + + einfo "Sending QUIT to old binary" + start-stop-daemon --signal QUIT --pidfile $pidfile.oldbin + + einfo "Upgrade completed" + + eend $? "Upgrade failed" +} \ No newline at end of file diff --git a/files/services/nginx.systemd b/files/services/nginx.systemd new file mode 100644 index 0000000..23eb0ed --- /dev/null +++ b/files/services/nginx.systemd @@ -0,0 +1,15 @@ +[Unit] +Description=nginx - high performance web server +Documentation=http://nginx.org/en/docs/ +After=network-online.target remote-fs.target nss-lookup.target +Wants=network-online.target + +[Service] +Type=forking +PIDFile=/var/run/nginx.pid +ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf +ExecReload=/bin/kill -s HUP $MAINPID +ExecStop=/bin/kill -s TERM $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/files/services/nginx.sysvinit b/files/services/nginx.sysvinit new file mode 100644 index 0000000..9d0b09c --- /dev/null +++ b/files/services/nginx.sysvinit @@ -0,0 +1,196 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: nginx +# Required-Start: $local_fs $remote_fs $network $syslog $named +# Required-Stop: $local_fs $remote_fs $network $syslog $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: starts the nginx web server +# Description: starts nginx using start-stop-daemon +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/nginx +NAME=nginx +DESC=nginx + +# Include nginx defaults if available +if [ -r /etc/default/nginx ]; then + . /etc/default/nginx +fi + +STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}" + +test -x $DAEMON || exit 0 + +. /lib/init/vars.sh +. /lib/lsb/init-functions + +# Try to extract nginx pidfile +PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1) +if [ -z "$PID" ]; then + PID=/run/nginx.pid +fi + +if [ -n "$ULIMIT" ]; then + # Set ulimit if it is set in /etc/default/nginx + ulimit $ULIMIT +fi + +start_nginx() { + # Start the daemon/service + # + # Returns: + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \ + $DAEMON_OPTS 2>/dev/null \ + || return 2 +} + +test_config() { + # Test the nginx configuration + $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1 +} + +stop_nginx() { + # Stops the daemon/service + # + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME + RETVAL="$?" + sleep 1 + return "$RETVAL" +} + +reload_nginx() { + # Function that sends a SIGHUP to the daemon/service + start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME + return 0 +} + +rotate_logs() { + # Rotate log files + start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME + return 0 +} + +upgrade_nginx() { + # Online upgrade nginx executable + # http://nginx.org/en/docs/control.html + # + # Return + # 0 if nginx has been successfully upgraded + # 1 if nginx is not running + # 2 if the pid files were not created on time + # 3 if the old master could not be killed + if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then + # Wait for both old and new master to write their pid file + while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do + cnt=`expr $cnt + 1` + if [ $cnt -gt 10 ]; then + return 2 + fi + sleep 1 + done + # Everything is ready, gracefully stop the old master + if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then + return 0 + else + return 3 + fi + else + return 1 + fi +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + start_nginx + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + stop_nginx + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + + # Check configuration before stopping nginx + if ! test_config; then + log_end_msg 1 # Configuration error + exit $? + fi + + stop_nginx + case "$?" in + 0|1) + start_nginx + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC configuration" "$NAME" + + # Check configuration before stopping nginx + # + # This is not entirely correct since the on-disk nginx binary + # may differ from the in-memory one, but that's not common. + # We prefer to check the configuration and return an error + # to the administrator. + if ! test_config; then + log_end_msg 1 # Configuration error + exit $? + fi + + reload_nginx + log_end_msg $? + ;; + configtest|testconfig) + log_daemon_msg "Testing $DESC configuration" + test_config + log_end_msg $? + ;; + status) + status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + upgrade) + log_daemon_msg "Upgrading binary" "$NAME" + upgrade_nginx + log_end_msg $? + ;; + rotate) + log_daemon_msg "Re-opening $DESC log files" "$NAME" + rotate_logs + log_end_msg $? + ;; + *) + echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2 + exit 3 + ;; +esac \ No newline at end of file diff --git a/files/services/nginx.upstart b/files/services/nginx.upstart new file mode 100644 index 0000000..9d0b09c --- /dev/null +++ b/files/services/nginx.upstart @@ -0,0 +1,196 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: nginx +# Required-Start: $local_fs $remote_fs $network $syslog $named +# Required-Stop: $local_fs $remote_fs $network $syslog $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: starts the nginx web server +# Description: starts nginx using start-stop-daemon +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/nginx +NAME=nginx +DESC=nginx + +# Include nginx defaults if available +if [ -r /etc/default/nginx ]; then + . /etc/default/nginx +fi + +STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}" + +test -x $DAEMON || exit 0 + +. /lib/init/vars.sh +. /lib/lsb/init-functions + +# Try to extract nginx pidfile +PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1) +if [ -z "$PID" ]; then + PID=/run/nginx.pid +fi + +if [ -n "$ULIMIT" ]; then + # Set ulimit if it is set in /etc/default/nginx + ulimit $ULIMIT +fi + +start_nginx() { + # Start the daemon/service + # + # Returns: + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \ + $DAEMON_OPTS 2>/dev/null \ + || return 2 +} + +test_config() { + # Test the nginx configuration + $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1 +} + +stop_nginx() { + # Stops the daemon/service + # + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME + RETVAL="$?" + sleep 1 + return "$RETVAL" +} + +reload_nginx() { + # Function that sends a SIGHUP to the daemon/service + start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME + return 0 +} + +rotate_logs() { + # Rotate log files + start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME + return 0 +} + +upgrade_nginx() { + # Online upgrade nginx executable + # http://nginx.org/en/docs/control.html + # + # Return + # 0 if nginx has been successfully upgraded + # 1 if nginx is not running + # 2 if the pid files were not created on time + # 3 if the old master could not be killed + if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then + # Wait for both old and new master to write their pid file + while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do + cnt=`expr $cnt + 1` + if [ $cnt -gt 10 ]; then + return 2 + fi + sleep 1 + done + # Everything is ready, gracefully stop the old master + if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then + return 0 + else + return 3 + fi + else + return 1 + fi +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + start_nginx + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + stop_nginx + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + + # Check configuration before stopping nginx + if ! test_config; then + log_end_msg 1 # Configuration error + exit $? + fi + + stop_nginx + case "$?" in + 0|1) + start_nginx + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC configuration" "$NAME" + + # Check configuration before stopping nginx + # + # This is not entirely correct since the on-disk nginx binary + # may differ from the in-memory one, but that's not common. + # We prefer to check the configuration and return an error + # to the administrator. + if ! test_config; then + log_end_msg 1 # Configuration error + exit $? + fi + + reload_nginx + log_end_msg $? + ;; + configtest|testconfig) + log_daemon_msg "Testing $DESC configuration" + test_config + log_end_msg $? + ;; + status) + status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + upgrade) + log_daemon_msg "Upgrading binary" "$NAME" + upgrade_nginx + log_end_msg $? + ;; + rotate) + log_daemon_msg "Re-opening $DESC log files" "$NAME" + rotate_logs + log_end_msg $? + ;; + *) + echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2 + exit 3 + ;; +esac \ No newline at end of file diff --git a/files/www/index.html b/files/www/index.html new file mode 100644 index 0000000..77dc0b6 --- /dev/null +++ b/files/www/index.html @@ -0,0 +1,25 @@ + + + +Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.

+ +

For online documentation and support please refer to +nginx.org.
+Commercial support is available at +nginx.com.

+ +

Thank you for using nginx.

+ + \ No newline at end of file diff --git a/molecule/common/Dockerfile.j2 b/molecule/common/Dockerfile.j2 index f815648..c268a5b 100644 --- a/molecule/common/Dockerfile.j2 +++ b/molecule/common/Dockerfile.j2 @@ -17,31 +17,27 @@ ENV {{ var }} {{ value }} RUN \ if [ $(command -v apt-get) ]; then \ apt-get update \ - && apt-get install -y python sudo bash ca-certificates iproute2 curl \ + && apt-get install -y python3 sudo bash ca-certificates iproute2 python3-apt aptitude systemd systemd-sysv procps curl \ && apt-get clean; \ - elif [ $(command -v dnf) ] && [ $(rpm -E %{rhel}) -eq 8 ]; then \ - dnf makecache \ - && dnf --assumeyes install python3 python3-devel python3-dnf python3-pip bash iproute \ - && dnf clean all; \ elif [ $(command -v dnf) ]; then \ dnf makecache \ - && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute \ + && dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 bash iproute \ && dnf clean all; \ elif [ $(command -v yum) ]; then \ yum makecache fast \ - && yum install -y python sudo yum-plugin-ovl bash iproute \ + && yum install -y /usr/bin/python /usr/bin/python2-config sudo yum-plugin-ovl bash iproute \ && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \ && yum clean all; \ elif [ $(command -v zypper) ]; then \ zypper refresh \ - && zypper install -y python sudo bash python-xml iproute2 \ + && zypper install -y python3 sudo bash iproute2 \ && zypper clean -a; \ elif [ $(command -v apk) ]; then \ apk update \ - && apk add --no-cache python sudo bash ca-certificates curl openrc; \ + && apk add --no-cache python3 sudo bash ca-certificates curl openrc; \ echo 'rc_provide="loopback net"' >> /etc/rc.conf; \ elif [ $(command -v xbps-install) ]; then \ xbps-install -Syu \ - && xbps-install -y python sudo bash ca-certificates iproute2 \ + && xbps-install -y python3 sudo bash ca-certificates iproute2 \ && xbps-remove -O; \ fi diff --git a/files/www/.gitkeep b/molecule/common/files/www/.gitkeep similarity index 100% rename from files/www/.gitkeep rename to molecule/common/files/www/.gitkeep diff --git a/molecule/common/playbook_default.yml b/molecule/common/playbook_default.yml index 1f060b8..aa04765 100644 --- a/molecule/common/playbook_default.yml +++ b/molecule/common/playbook_default.yml @@ -4,15 +4,15 @@ pre_tasks: - name: "Set repo if Alpine" set_fact: - version: "=1.17.6-r1" + version: "=1.17.8-r1" when: ansible_os_family == "Alpine" - name: "Set repo if Debian" set_fact: - version: "=1.17.6-1~{{ ansible_distribution_release }}" + version: "=1.17.8-1~{{ ansible_distribution_release }}" when: ansible_os_family == "Debian" - name: "Set repo if RedHat" set_fact: - version: "-1.17.6-1.el{{ ansible_distribution_major_version }}.ngx" + version: "-1.17.8-1.el{{ ansible_distribution_major_version }}.ngx" when: ansible_os_family == "RedHat" roles: - role: ansible-role-nginx diff --git a/molecule/common/playbook_source.yml b/molecule/common/playbook_source.yml new file mode 100644 index 0000000..808fd2f --- /dev/null +++ b/molecule/common/playbook_source.yml @@ -0,0 +1,19 @@ +--- +- name: Converge + hosts: all + roles: + - role: ansible-role-nginx + vars: + nginx_debug_output: true + + nginx_install_from: source + nginx_branch: mainline + nginx_install_source_build_tools: true + nginx_install_source_pcre: false + nginx_install_source_openssl: true + nginx_install_source_zlib: false + + nginx_main_upload_enable: true + nginx_main_upload_src: files/nginx.conf + nginx_http_upload_enable: true + nginx_http_upload_src: files/http/*.conf diff --git a/molecule/common/playbook_stable_push.yml b/molecule/common/playbook_stable_push.yml index 3b92b12..c4841ae 100644 --- a/molecule/common/playbook_stable_push.yml +++ b/molecule/common/playbook_stable_push.yml @@ -4,6 +4,8 @@ roles: - role: ansible-role-nginx vars: + nginx_debug_output: true + nginx_branch: stable nginx_main_upload_enable: true nginx_main_upload_src: files/nginx.conf diff --git a/molecule/common/test_module/test_default.py b/molecule/common/test_module/test_default.py index 4b2d109..8d12025 100644 --- a/molecule/common/test_module/test_default.py +++ b/molecule/common/test_module/test_default.py @@ -2,7 +2,8 @@ import os import testinfra.utils.ansible_runner -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') # noqa E501 +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') def test_nginx_is_installed(host): diff --git a/molecule/common/test_source/test_default.py b/molecule/common/test_source/test_default.py new file mode 100644 index 0000000..24fcbab --- /dev/null +++ b/molecule/common/test_source/test_default.py @@ -0,0 +1,25 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_nginx_running_and_enabled(host): + ngx = host.service("nginx") + assert ngx.is_running + assert ngx.is_enabled + + +def test_hosts_file(host): + ngx = host.file('/etc/hosts') + assert ngx.exists + assert ngx.user == 'root' + assert ngx.group == 'root' + + +def test_endpoint(host): + command = """curl -I http://localhost/""" + cmd = host.run(command) + assert '200 OK' in cmd.stdout diff --git a/molecule/common/test_stable_push/test_default.py b/molecule/common/test_stable_push/test_default.py index a41e9e0..c695962 100644 --- a/molecule/common/test_stable_push/test_default.py +++ b/molecule/common/test_stable_push/test_default.py @@ -3,7 +3,8 @@ import os import testinfra.utils.ansible_runner -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') # noqa E501 +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') def test_nginx_is_installed(host): diff --git a/molecule/common/test_template/test_default.py b/molecule/common/test_template/test_default.py index 3838cb1..0b79c97 100644 --- a/molecule/common/test_template/test_default.py +++ b/molecule/common/test_template/test_default.py @@ -3,7 +3,8 @@ import os import testinfra.utils.ansible_runner -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') # noqa E501 +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') def test_nginx_is_installed(host): diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 6440eef..9a5c3a6 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -1,29 +1,44 @@ --- driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: debian-stretch image: debian:stretch-slim dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: debian-buster image: debian:buster-slim dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: ubuntu-xenial image: ubuntu:xenial dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: ubuntu-bionic image: ubuntu:bionic dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" provisioner: name: ansible playbooks: converge: ../common/playbook_default.yml - lint: - name: ansible-lint verifier: name: testinfra directory: ../common/test_default - lint: - name: flake8 diff --git a/molecule/default_alpine/molecule.yml b/molecule/default_alpine/molecule.yml index 1736825..8fea6a0 100644 --- a/molecule/default_alpine/molecule.yml +++ b/molecule/default_alpine/molecule.yml @@ -1,27 +1,37 @@ --- driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: alpine-3.8 image: alpine:3.8 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" - name: alpine-3.9 image: alpine:3.9 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" - name: alpine-3.10 image: alpine:3.10 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: alpine-3.11 + image: alpine:3.11 + dockerfile: ../common/Dockerfile.j2 + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" @@ -29,10 +39,6 @@ provisioner: name: ansible playbooks: converge: ../common/playbook_default.yml - lint: - name: ansible-lint verifier: name: testinfra directory: ../common/test_default - lint: - name: flake8 diff --git a/molecule/default_centos/molecule.yml b/molecule/default_centos/molecule.yml index 6767a98..11b030f 100644 --- a/molecule/default_centos/molecule.yml +++ b/molecule/default_centos/molecule.yml @@ -1,8 +1,11 @@ --- driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: centos-6 image: centos:6 @@ -10,14 +13,14 @@ platforms: - name: centos-7 image: centos:7 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" - name: centos-8 image: centos:8 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" @@ -25,10 +28,6 @@ provisioner: name: ansible playbooks: converge: ../common/playbook_default.yml - lint: - name: ansible-lint verifier: name: testinfra directory: ../common/test_default - lint: - name: flake8 diff --git a/molecule/module/molecule.yml b/molecule/module/molecule.yml index 7810f7f..2e12f7e 100644 --- a/molecule/module/molecule.yml +++ b/molecule/module/molecule.yml @@ -1,29 +1,44 @@ --- driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: debian-stretch image: debian:stretch-slim dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: debian-buster image: debian:buster-slim dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: ubuntu-xenial image: ubuntu:xenial dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: ubuntu-bionic image: ubuntu:bionic dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" provisioner: name: ansible playbooks: converge: ../common/playbook_module.yml - lint: - name: ansible-lint verifier: name: testinfra directory: ../common/test_module - lint: - name: flake8 diff --git a/molecule/module_alpine/molecule.yml b/molecule/module_alpine/molecule.yml index 5d5338c..8de545e 100644 --- a/molecule/module_alpine/molecule.yml +++ b/molecule/module_alpine/molecule.yml @@ -1,27 +1,37 @@ --- driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: alpine-3.8 image: alpine:3.8 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" - name: alpine-3.9 image: alpine:3.9 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" - name: alpine-3.10 image: alpine:3.10 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: alpine-3.11 + image: alpine:3.11 + dockerfile: ../common/Dockerfile.j2 + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" @@ -29,10 +39,6 @@ provisioner: name: ansible playbooks: converge: ../common/playbook_module.yml - lint: - name: ansible-lint verifier: name: testinfra directory: ../common/test_module - lint: - name: flake8 diff --git a/molecule/module_centos/molecule.yml b/molecule/module_centos/molecule.yml index 5aad329..0b09e78 100644 --- a/molecule/module_centos/molecule.yml +++ b/molecule/module_centos/molecule.yml @@ -1,8 +1,11 @@ --- driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: centos-6 image: centos:6 @@ -10,14 +13,14 @@ platforms: - name: centos-7 image: centos:7 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" - name: centos-8 image: centos:8 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" @@ -25,10 +28,6 @@ provisioner: name: ansible playbooks: converge: ../common/playbook_module.yml - lint: - name: ansible-lint verifier: name: testinfra directory: ../common/test_module - lint: - name: flake8 diff --git a/molecule/source/molecule.yml b/molecule/source/molecule.yml new file mode 100644 index 0000000..a2028ed --- /dev/null +++ b/molecule/source/molecule.yml @@ -0,0 +1,44 @@ +--- +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint + flake8 +platforms: + - name: debian-stretch + image: debian:stretch-slim + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: debian-buster + image: debian:buster-slim + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: ubuntu-xenial + image: ubuntu:xenial + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: ubuntu-bionic + image: ubuntu:bionic + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" +provisioner: + name: ansible + playbooks: + converge: ../common/playbook_source.yml +verifier: + name: testinfra + directory: ../common/test_source diff --git a/molecule/source_alpine/molecule.yml b/molecule/source_alpine/molecule.yml new file mode 100644 index 0000000..a5b2919 --- /dev/null +++ b/molecule/source_alpine/molecule.yml @@ -0,0 +1,44 @@ +--- +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint + flake8 +platforms: + - name: alpine-3.8 + image: alpine:3.8 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: alpine-3.9 + image: alpine:3.9 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: alpine-3.10 + image: python:alpine3.10 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: alpine-3.11 + image: python:alpine3.11 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" +provisioner: + name: ansible + playbooks: + converge: ../common/playbook_source.yml +verifier: + name: testinfra + directory: ../common/test_source diff --git a/molecule/source_centos/molecule.yml b/molecule/source_centos/molecule.yml new file mode 100644 index 0000000..1fff5be --- /dev/null +++ b/molecule/source_centos/molecule.yml @@ -0,0 +1,30 @@ +--- +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint + flake8 +platforms: + - name: centos-7 + image: centos:7 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: centos-8 + image: centos:8 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" +provisioner: + name: ansible + playbooks: + converge: ../common/playbook_source.yml +verifier: + name: testinfra + directory: ../common/test_source diff --git a/molecule/stable_push/molecule.yml b/molecule/stable_push/molecule.yml index 7d6e4b3..40c6990 100644 --- a/molecule/stable_push/molecule.yml +++ b/molecule/stable_push/molecule.yml @@ -4,29 +4,44 @@ dependency: command: pip install python-nginx driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: debian-stretch image: debian:stretch-slim dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: debian-buster image: debian:buster-slim dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: ubuntu-xenial image: ubuntu:xenial dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: ubuntu-bionic image: ubuntu:bionic dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" provisioner: name: ansible playbooks: converge: ../common/playbook_stable_push.yml - lint: - name: ansible-lint verifier: name: testinfra directory: ../common/test_stable_push - lint: - name: flake8 diff --git a/molecule/stable_push_alpine/molecule.yml b/molecule/stable_push_alpine/molecule.yml index afe6e59..c2753f3 100644 --- a/molecule/stable_push_alpine/molecule.yml +++ b/molecule/stable_push_alpine/molecule.yml @@ -4,27 +4,37 @@ dependency: command: pip install python-nginx driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: alpine-3.8 image: alpine:3.8 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" - name: alpine-3.9 image: alpine:3.9 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" - name: alpine-3.10 image: alpine:3.10 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: alpine-3.11 + image: alpine:3.11 + dockerfile: ../common/Dockerfile.j2 + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" @@ -32,10 +42,6 @@ provisioner: name: ansible playbooks: converge: ../common/playbook_stable_push.yml - lint: - name: ansible-lint verifier: name: testinfra directory: ../common/test_stable_push - lint: - name: flake8 diff --git a/molecule/stable_push_centos/molecule.yml b/molecule/stable_push_centos/molecule.yml index b9e1dd7..c5f1884 100644 --- a/molecule/stable_push_centos/molecule.yml +++ b/molecule/stable_push_centos/molecule.yml @@ -4,8 +4,11 @@ dependency: command: pip install python-nginx driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: centos-6 image: centos:6 @@ -13,14 +16,14 @@ platforms: - name: centos-7 image: centos:7 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" - name: centos-8 image: centos:8 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" @@ -28,10 +31,6 @@ provisioner: name: ansible playbooks: converge: ../common/playbook_stable_push.yml - lint: - name: ansible-lint verifier: name: testinfra directory: ../common/test_stable_push - lint: - name: flake8 diff --git a/molecule/template/molecule.yml b/molecule/template/molecule.yml index 479e813..541fee0 100644 --- a/molecule/template/molecule.yml +++ b/molecule/template/molecule.yml @@ -4,29 +4,44 @@ dependency: command: pip install python-nginx driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: debian-stretch image: debian:stretch-slim dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: debian-buster image: debian:buster-slim dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: ubuntu-xenial image: ubuntu:xenial dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: ubuntu-bionic image: ubuntu:bionic dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" provisioner: name: ansible playbooks: converge: ../common/playbook_template.yml - lint: - name: ansible-lint verifier: name: testinfra directory: ../common/test_template - lint: - name: flake8 diff --git a/molecule/template_alpine/molecule.yml b/molecule/template_alpine/molecule.yml index 1dc586e..a646a5b 100644 --- a/molecule/template_alpine/molecule.yml +++ b/molecule/template_alpine/molecule.yml @@ -4,27 +4,37 @@ dependency: command: pip install python-nginx driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: alpine-3.8 image: alpine:3.8 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" - name: alpine-3.9 image: alpine:3.9 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" - name: alpine-3.10 image: alpine:3.10 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: alpine-3.11 + image: alpine:3.11 + dockerfile: ../common/Dockerfile.j2 + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" @@ -32,10 +42,6 @@ provisioner: name: ansible playbooks: converge: ../common/playbook_template.yml - lint: - name: ansible-lint verifier: name: testinfra directory: ../common/test_template - lint: - name: flake8 diff --git a/molecule/template_centos/molecule.yml b/molecule/template_centos/molecule.yml index 8926d27..3b0f745 100644 --- a/molecule/template_centos/molecule.yml +++ b/molecule/template_centos/molecule.yml @@ -4,8 +4,11 @@ dependency: command: pip install python-nginx driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: centos-6 image: centos:6 @@ -13,14 +16,14 @@ platforms: - name: centos-7 image: centos:7 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" - name: centos-8 image: centos:8 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" @@ -28,10 +31,6 @@ provisioner: name: ansible playbooks: converge: ../common/playbook_template.yml - lint: - name: ansible-lint verifier: name: testinfra directory: ../common/test_template - lint: - name: flake8 diff --git a/molecule/unit/molecule.yml b/molecule/unit/molecule.yml index 8727894..71585a8 100644 --- a/molecule/unit/molecule.yml +++ b/molecule/unit/molecule.yml @@ -1,24 +1,41 @@ --- driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: debian-stretch image: debian:stretch-slim dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: debian-buster image: debian:buster-slim dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: ubuntu-xenial image: ubuntu:xenial dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: ubuntu-bionic image: ubuntu:bionic dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" provisioner: name: ansible playbooks: converge: ../common/playbook_unit.yml - lint: - name: ansible-lint diff --git a/molecule/unit_alpine/molecule.yml b/molecule/unit_alpine/molecule.yml index fc951d0..cd02977 100644 --- a/molecule/unit_alpine/molecule.yml +++ b/molecule/unit_alpine/molecule.yml @@ -1,27 +1,37 @@ --- driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: alpine-3.8 image: alpine:3.8 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" - name: alpine-3.9 image: alpine:3.9 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" - name: alpine-3.10 image: alpine:3.10 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: alpine-3.11 + image: alpine:3.11 + dockerfile: ../common/Dockerfile.j2 + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" @@ -29,5 +39,3 @@ provisioner: name: ansible playbooks: converge: ../common/playbook_unit.yml - lint: - name: ansible-lint diff --git a/molecule/unit_centos/molecule.yml b/molecule/unit_centos/molecule.yml index ca68187..bd73ca0 100644 --- a/molecule/unit_centos/molecule.yml +++ b/molecule/unit_centos/molecule.yml @@ -1,8 +1,11 @@ --- driver: name: docker -lint: - name: yamllint +lint: | + set -e + yamllint . + ansible-lint + flake8 platforms: - name: centos-6 image: centos:6 @@ -10,14 +13,14 @@ platforms: - name: centos-7 image: centos:7 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" - name: centos-8 image: centos:8 dockerfile: ../common/Dockerfile.j2 - privileged: True + privileged: true volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" @@ -25,5 +28,3 @@ provisioner: name: ansible playbooks: converge: ../common/playbook_unit.yml - lint: - name: ansible-lint diff --git a/tasks/opensource/install-oss-linux.yml b/tasks/opensource/install-oss-linux.yml index a705c80..3525e63 100644 --- a/tasks/opensource/install-oss-linux.yml +++ b/tasks/opensource/install-oss-linux.yml @@ -16,6 +16,10 @@ when: nginx_install_from == "nginx_repository" +- name: "(Install: Linux) Install NGINX from source" + import_tasks: setup-source.yml + when: nginx_install_from == "source" + - name: "(Install: Linux) Install NGINX package" package: name: "nginx{{ nginx_version | default('') }}" diff --git a/tasks/opensource/setup-source.yml b/tasks/opensource/setup-source.yml new file mode 100644 index 0000000..f194daf --- /dev/null +++ b/tasks/opensource/setup-source.yml @@ -0,0 +1,437 @@ +--- +- name: "(Install: Linux) Check for build tools" + when: nginx_install_source_build_tools + block: + + - name: "(Install: Linux) Install Python - Centos/RHEL" + package: + name: + - python3 + - python3-pip + - python3-devel + state: present + when: ansible_os_family == "RedHat" + + - name: "(Install: Linux) Set Python3 default - Centos/RHEL" + alternatives: + name: python + path: /usr/bin/python3 + link: /usr/bin/python + when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8" + + - name: "(Install: Linux) Install Build Tools - Centos/RHEL" + package: + name: + - "@Development tools" + - gcc + - glibc + - glibc-common + - gd + - gd-devel + - perl-core + - wget + - ca-certificates + - zlib-devel + state: present + when: ansible_os_family == "RedHat" + + - name: "(Install: Linux) Install backports repo for Buster" + apt_repository: + repo: deb http://ftp.us.debian.org/debian buster-backports main + when: ansible_distribution_release == "buster" + + - name: "(Install: Linux) Install Build Tools - Debian/Ubuntu" + package: + name: + - python-minimal + - build-essential + - perl + - tar + - checkinstall + - zlib1g-dev + - libtemplate-perl + state: present + when: ansible_os_family == "Debian" + + - name: "(Install: Linux) Install Build Tools - Alpine" + package: + name: + - python + - alpine-sdk + - build-base + - git + - wget + - perl + - linux-headers + - tar + - openrc + state: present + when: ansible_os_family == "Alpine" + + - name: "(Install: Linux) Enable openrc - Alpine" + copy: + content: "" + dest: /run/openrc/softlevel + force: no + owner: root + mode: 0644 + when: ansible_os_family == "Alpine" + +- name: "(Install: Linux) Check for Source Installs" + block: + + - name: "(Install: Linux) Check for PCRE Install" + stat: + path: /tmp/{{ pcre_version }} + register: pcre_result + + - name: "(Install: Linux) Check for zlib Install" + stat: + path: /tmp/{{ zlib_version }} + register: zlib_result + + - name: "(Install: Linux) Check for openssl Install" + stat: + path: /tmp/{{ openssl_version }} + register: openssl_result + +- name: "(Install: Linux) Install PCRE Dependency: Package: Centos/RHEL" + when: nginx_install_source_pcre and ansible_os_family == "RedHat" + package: + name: pcre-devel + state: present + +- name: "(Install: Linux) Install PCRE Dependency: Package: Debian/Ubuntu" + when: nginx_install_source_pcre and ansible_os_family == "Debian" + package: + name: libpcre3–dev + state: present + +- name: "(Install: Linux) Install PCRE Dependency: Package: Alpine" + when: nginx_install_source_pcre and ansible_os_family == "Alpine" + package: + name: pcre-dev + state: present + +- name: "(Install: Linux) Install PCRE Dependency: Source" + when: not pcre_result.stat.exists and not nginx_install_source_pcre + block: + + - name: "(Install: Linux) Install PCRE Dependency: Download" + get_url: + url: "http://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz" + dest: "/tmp/{{ pcre_version }}.tar.gz" + register: pcre_source + + - name: "(Install: Linux) Install PCRE Dependency: Unpack" + unarchive: + copy: no + dest: /tmp/ + src: "{{ pcre_source.dest }}" + register: pcre_source_unpack + + - name: "(Install: Linux) Install PCRE Dependency: Configure" + command: "./configure" + args: + chdir: "/tmp/{{ pcre_version }}" + register: pcre_configure + + - name: "(Install: Linux) Install PCRE Dependency: Install" + make: + chdir: "/tmp/{{ pcre_version }}" + + - name: "(Install: Linux) Install PCRE Dependency: Install" + make: + chdir: "/tmp/{{ pcre_version }}" + target: install + +- name: "(Install: Linux) Install zlib Dependency: Package: Centos/RHEL" + when: nginx_install_source_zlib and ansible_os_family == "RedHat" + package: + name: zlib-devel + state: present + +- name: "(Install: Linux) Install zlib Dependency: Package: Debian/Ubuntu" + when: nginx_install_source_zlib and ansible_os_family == "Debian" + package: + name: zlib1g-dev + state: present + +- name: "(Install: Linux) Install zlib Dependency: Package: Alpine" + when: nginx_install_source_zlib and ansible_os_family == "Alpine" + package: + name: zlib-dev + state: present + +- name: "(Install: Linux) Install zlib Dependency: Source" + when: not zlib_result.stat.exists and not nginx_install_source_zlib + block: + + - name: "(Install: Linux) Install zlib Dependency: Download" + get_url: + url: "http://zlib.net/{{ zlib_version }}.tar.gz" + dest: "/tmp/{{ zlib_version }}.tar.gz" + register: zlib_source + + - name: "(Install: Linux) Install zlib Dependency: Unpack" + unarchive: + copy: no + dest: /tmp/ + src: "{{ zlib_source.dest }}" + register: zlib_source_unpack + + - name: "(Install: Linux) Install zlib Dependency: Configure" + command: "./configure" + args: + chdir: "/tmp/{{ zlib_version }}" + register: zlib_configure + + - name: "(Install: Linux) Install zlib Dependency: Install" + make: + chdir: "/tmp/{{ zlib_version }}" + + - name: "(Install: Linux) Install zlib Dependency: Install" + make: + chdir: "/tmp/{{ zlib_version }}" + target: install + +- name: "(Install: Linux) Install OpenSSL Dependency: Package: Centos/RHEL" + when: nginx_install_source_openssl and ansible_os_family == "RedHat" + package: + name: openssl-devel + state: present + +- name: "(Install: Linux) Install OpenSSL Dependency: Package: Debian/Ubuntu" + when: nginx_install_source_openssl and ansible_os_family == "Debian" + package: + name: libssl-dev + state: present + +- name: "(Install: Linux) Install OpenSSL Dependency: Package: Alpine" + when: nginx_install_source_openssl and ansible_os_family == "Alpine" + package: + name: openssl-dev + state: present + +- name: "(Install: Linux) Install OpenSSL Dependency: Source" + when: not openssl_result.stat.exists and not nginx_install_source_openssl + block: + + - name: "(Install: Linux) Install OpenSSL Dependency: Download" + get_url: + url: "http://www.openssl.org/source/{{ openssl_version }}.tar.gz" + dest: "/tmp/{{ openssl_version }}.tar.gz" + register: openssl_source + + - name: "(Install: Linux) Install OpenSSL Dependency: Unpack" + unarchive: + copy: no + dest: /tmp/ + src: "{{ openssl_source.dest }}" + register: openssl_source_unpack + + - name: "(Install: Linux) Install OpenSSL Dependency: Configure" + command: "./config --prefix=/usr" + args: + chdir: "/tmp/{{ openssl_version }}" + register: openssl_configure + + - name: "(Install: Linux) Install OpenSSL Dependency: Make" + make: + chdir: "/tmp/{{ openssl_version }}" + + - name: "(Install: Linux) Install OpenSSL Dependency: Install" + make: + chdir: "/tmp/{{ openssl_version }}" + target: install + +- name: "(Install: Linux) Install NGINX: Get NGINX version" + block: + + - name: "(Install: Linux) Install NGINX: Get NGINX mainline version" + shell: + args: + cmd: curl --stderr - https://trac.nginx.org/nginx/browser | grep release | head -1 | sed -e 's:.*