Delete NGINX Plus repository when license is deleted (#204)
This fixes a bug when only the license is deleted, making system updates fail since the NGINX Plus repository is still within the repositories list yet there is no license to authenticate to the repository
This commit is contained in:
parent
905d6c7531
commit
3b6c744166
@ -19,10 +19,11 @@ nginx_type: opensource
|
||||
# Default is empty.
|
||||
# nginx_version: =19-1~bionic
|
||||
|
||||
# Specify whether you want to maintain your version of NGINX or upgrade to the latest version.
|
||||
# Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX.
|
||||
# Can be used with `nginx_version` to achieve fine tune control on which version of NGINX is installed/used on each playbook execution.
|
||||
# Using 'present' will install the latest version (or 'nginx_version') of NGINX on a fresh install.
|
||||
# Using 'latest' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution.
|
||||
# Using 'absent' will remove NGINX from your system.
|
||||
# Default is present.
|
||||
nginx_state: present
|
||||
|
||||
@ -53,7 +54,7 @@ nginx_license:
|
||||
certificate: license/nginx-repo.crt
|
||||
key: license/nginx-repo.key
|
||||
|
||||
# Delete NGINX Plus license after installation for security purposes.
|
||||
# Remove NGINX Plus license and repository after installation for security purposes.
|
||||
# Default is false.
|
||||
nginx_delete_license: false
|
||||
|
||||
|
@ -68,7 +68,9 @@
|
||||
tags: nginx_debug_output
|
||||
|
||||
- import_tasks: plus/delete-license.yml
|
||||
when: nginx_type == "plus" and nginx_delete_license
|
||||
when:
|
||||
- nginx_type == "plus"
|
||||
- nginx_delete_license
|
||||
tags: nginx_delete_license
|
||||
|
||||
when: nginx_enable | bool
|
||||
|
@ -1,5 +1,34 @@
|
||||
---
|
||||
- name: "(All OSs) Delete NGINX Plus License"
|
||||
- name: "(Setup: All OSs) Set NGINX Plus License State"
|
||||
set_fact:
|
||||
nginx_license_status: absent
|
||||
|
||||
- name: "(Setup: All OSs Besides Alpine Linux) Delete NGINX Plus License"
|
||||
file:
|
||||
path: /etc/ssl/nginx
|
||||
state: absent
|
||||
when: ansible_distribution != "Alpine"
|
||||
|
||||
- name: "(Setup: Alpine Linux) Delete NGINX Plus License"
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- /etc/apk/cert.key
|
||||
- /etc/apk/cert.pem
|
||||
when: ansible_distribution == "Alpine"
|
||||
|
||||
- import_tasks: setup-alpine.yml
|
||||
when: ansible_os_family == "Alpine"
|
||||
|
||||
- import_tasks: setup-bsd.yml
|
||||
when: ansible_os_family == "FreeBSD"
|
||||
|
||||
- import_tasks: setup-debian.yml
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- import_tasks: setup-redhat.yml
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- import_tasks: setup-suse.yml
|
||||
when: ansible_os_family == "Suse"
|
||||
|
@ -1,30 +1,9 @@
|
||||
---
|
||||
- name: "(Install: FreeBSD)"
|
||||
block:
|
||||
- import_tasks: setup-bsd.yml
|
||||
when: ansible_os_family == "FreeBSD"
|
||||
|
||||
- name: "(Install: FreeBSD) Add NGINX Plus Repository"
|
||||
blockinfile:
|
||||
path: /etc/pkg/nginx-plus.conf
|
||||
create: yes
|
||||
block: |
|
||||
nginx-plus: {
|
||||
URL: pkg+https://plus-pkgs.nginx.com/freebsd/${ABI}/latest
|
||||
ENABLED: yes
|
||||
MIRROR_TYPE: SRV
|
||||
}
|
||||
|
||||
- name: "(Install: FreeBSD) Verify NGINX Plus License"
|
||||
blockinfile:
|
||||
path: /usr/local/etc/pkg.conf
|
||||
block: |
|
||||
PKG_ENV: { SSL_NO_VERIFY_PEER: "1",
|
||||
SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt",
|
||||
SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" }
|
||||
|
||||
- name: "(Install: FreeBSD) Install nginx-plus{{ nginx_version | default('') }}"
|
||||
pkgng:
|
||||
name: "nginx-plus{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
when: ansible_system == "FreeBSD"
|
||||
- name: "(Install: FreeBSD) Install NGINX Plus"
|
||||
pkgng:
|
||||
name: "nginx-plus{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
@ -1,4 +1,7 @@
|
||||
---
|
||||
- import_tasks: setup-alpine.yml
|
||||
when: ansible_os_family == "Alpine"
|
||||
|
||||
- import_tasks: setup-debian.yml
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
@ -8,9 +11,6 @@
|
||||
- import_tasks: setup-suse.yml
|
||||
when: ansible_os_family == "Suse"
|
||||
|
||||
- import_tasks: setup-alpine.yml
|
||||
when: ansible_os_family == "Alpine"
|
||||
|
||||
- name: "(Install: Linux) Install NGINX Plus"
|
||||
package:
|
||||
name: "nginx-plus{{ nginx_version | default('') }}"
|
||||
|
@ -1,6 +1,7 @@
|
||||
---
|
||||
- name: "(Install: Alpine Linux) Add NGINX Plus Repository"
|
||||
- name: "(Setup: Alpine Linux) Setup NGINX Plus Repository"
|
||||
lineinfile:
|
||||
path: /etc/apk/repositories
|
||||
insertafter: EOF
|
||||
line: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main"
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
|
21
tasks/plus/setup-bsd.yml
Normal file
21
tasks/plus/setup-bsd.yml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
- name: "(Setup: FreeBSD) Setup NGINX Plus Repository"
|
||||
blockinfile:
|
||||
path: /etc/pkg/nginx-plus.conf
|
||||
create: yes
|
||||
block: |
|
||||
nginx-plus: {
|
||||
URL: pkg+https://plus-pkgs.nginx.com/freebsd/${ABI}/latest
|
||||
ENABLED: yes
|
||||
MIRROR_TYPE: SRV
|
||||
}
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
|
||||
- name: "(Setup: FreeBSD) Setup NGINX Plus License"
|
||||
blockinfile:
|
||||
path: /usr/local/etc/pkg.conf
|
||||
block: |
|
||||
PKG_ENV: { SSL_NO_VERIFY_PEER: "1",
|
||||
SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt",
|
||||
SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" }
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
@ -1,11 +1,12 @@
|
||||
---
|
||||
- name: "(Install: Debian/Ubuntu) Add NGINX Plus Repository"
|
||||
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus Repository"
|
||||
apt_repository:
|
||||
repo: deb https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus
|
||||
filename: nginx-plus
|
||||
update_cache: no
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Verify NGINX Plus License"
|
||||
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus License"
|
||||
blockinfile:
|
||||
path: /etc/apt/apt.conf.d/90nginx
|
||||
create: yes
|
||||
@ -14,7 +15,8 @@
|
||||
Acquire::https::plus-pkgs.nginx.com::Verify-Host "true";
|
||||
Acquire::https::plus-pkgs.nginx.com::SslCert "/etc/ssl/nginx/nginx-repo.crt";
|
||||
Acquire::https::plus-pkgs.nginx.com::SslKey "/etc/ssl/nginx/nginx-repo.key";
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Update APT Cache"
|
||||
- name: "(Setup: Debian/Ubuntu) Update APT Cache"
|
||||
apt:
|
||||
update_cache: yes
|
||||
|
@ -1,13 +1,13 @@
|
||||
---
|
||||
- name: "(All OSs) Setup NGINX Plus License"
|
||||
- name: "(Setup: All OSs Besides Alpine Linux) Setup NGINX Plus License"
|
||||
block:
|
||||
|
||||
- name: "(All OSs) Create SSL Directory"
|
||||
- name: "(Setup: All OSs Besides Alpine Linux) Create SSL Directory"
|
||||
file:
|
||||
path: /etc/ssl/nginx
|
||||
state: directory
|
||||
|
||||
- name: "(All OSs) Copy NGINX Plus Certificate and License Key"
|
||||
- name: "(Setup: All OSs Besides Alpine Linux) Copy NGINX Plus Certificate and License Key"
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: /etc/ssl/nginx
|
||||
@ -18,21 +18,21 @@
|
||||
|
||||
when: ansible_distribution != "Alpine"
|
||||
|
||||
- name: "(Alpine Linux) Setup NGINX Plus License"
|
||||
- name: "(Setup: Alpine Linux) Setup NGINX Plus License"
|
||||
block:
|
||||
|
||||
- name: "(Alpine Linux) Create APK Directory"
|
||||
- name: "(Setup: Alpine Linux) Create APK Directory"
|
||||
file:
|
||||
path: /etc/apk
|
||||
state: directory
|
||||
|
||||
- name: "(Alpine Linux) Copy NGINX Plus Key"
|
||||
- name: "(Setup: Alpine Linux) Copy NGINX Plus Key"
|
||||
copy:
|
||||
src: "{{ nginx_license.key }}"
|
||||
dest: /etc/apk/cert.key
|
||||
decrypt: yes
|
||||
|
||||
- name: "(Alpine Linux) Copy NGINX Plus Certificate"
|
||||
- name: "(Setup: Alpine Linux) Copy NGINX Plus Certificate"
|
||||
copy:
|
||||
src: "{{ nginx_license.certificate }}"
|
||||
dest: /etc/apk/cert.pem
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
- name: "(Install: CentOS/RedHat/Oracle Linux) Add NGINX Plus Repository"
|
||||
- name: "(Setup: CentOS/RedHat/Oracle Linux) Setup NGINX Plus Repository"
|
||||
yum_repository:
|
||||
name: nginx-plus
|
||||
baseurl: >-
|
||||
@ -10,9 +10,10 @@
|
||||
sslclientkey: /etc/ssl/nginx/nginx-repo.key
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
when: ansible_distribution != "Amazon"
|
||||
|
||||
- name: "(Install: Amazon Linux) Add NGINX Plus Repository"
|
||||
- name: "(Setup: Amazon Linux) Setup NGINX Plus Repository"
|
||||
yum_repository:
|
||||
name: nginx-plus
|
||||
baseurl: >-
|
||||
@ -23,4 +24,5 @@
|
||||
sslclientkey: /etc/ssl/nginx/nginx-repo.key
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
when: ansible_distribution == "Amazon"
|
||||
|
@ -1,10 +1,11 @@
|
||||
---
|
||||
- name: "(Install: SUSE) Combine NGINX Plus Certificate and License Keys"
|
||||
- name: "(Setup: SUSE) Setup NGINX Plus Certificate and License Keys"
|
||||
assemble:
|
||||
src: /etc/ssl/nginx
|
||||
dest: /etc/ssl/nginx/nginx-repo-bundle.crt
|
||||
|
||||
- name: "(Install: SUSE) Add NGINX Plus Repository"
|
||||
- name: "(Setup: SUSE) Setup NGINX Plus Repository"
|
||||
zypper_repository:
|
||||
name: nginx-plus
|
||||
repo: "https://plus-pkgs.nginx.com/sles/{{ ansible_distribution_major_version }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host"
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
|
Loading…
Reference in New Issue
Block a user