diff --git a/defaults/main/main.yml b/defaults/main/main.yml index 8ad925b..2b88566 100644 --- a/defaults/main/main.yml +++ b/defaults/main/main.yml @@ -19,10 +19,11 @@ nginx_type: opensource # Default is empty. # nginx_version: =19-1~bionic -# Specify whether you want to maintain your version of NGINX or upgrade to the latest version. +# Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX. # Can be used with `nginx_version` to achieve fine tune control on which version of NGINX is installed/used on each playbook execution. # Using 'present' will install the latest version (or 'nginx_version') of NGINX on a fresh install. # Using 'latest' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution. +# Using 'absent' will remove NGINX from your system. # Default is present. nginx_state: present @@ -53,7 +54,7 @@ nginx_license: certificate: license/nginx-repo.crt key: license/nginx-repo.key -# Delete NGINX Plus license after installation for security purposes. +# Remove NGINX Plus license and repository after installation for security purposes. # Default is false. nginx_delete_license: false diff --git a/tasks/main.yml b/tasks/main.yml index 7461428..0b6cf3e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -68,7 +68,9 @@ tags: nginx_debug_output - import_tasks: plus/delete-license.yml - when: nginx_type == "plus" and nginx_delete_license + when: + - nginx_type == "plus" + - nginx_delete_license tags: nginx_delete_license when: nginx_enable | bool diff --git a/tasks/plus/delete-license.yml b/tasks/plus/delete-license.yml index ff4e4ad..8fc1946 100644 --- a/tasks/plus/delete-license.yml +++ b/tasks/plus/delete-license.yml @@ -1,5 +1,34 @@ --- -- name: "(All OSs) Delete NGINX Plus License" +- name: "(Setup: All OSs) Set NGINX Plus License State" + set_fact: + nginx_license_status: absent + +- name: "(Setup: All OSs Besides Alpine Linux) Delete NGINX Plus License" file: path: /etc/ssl/nginx state: absent + when: ansible_distribution != "Alpine" + +- name: "(Setup: Alpine Linux) Delete NGINX Plus License" + file: + path: "{{ item }}" + state: absent + loop: + - /etc/apk/cert.key + - /etc/apk/cert.pem + when: ansible_distribution == "Alpine" + +- import_tasks: setup-alpine.yml + when: ansible_os_family == "Alpine" + +- import_tasks: setup-bsd.yml + when: ansible_os_family == "FreeBSD" + +- import_tasks: setup-debian.yml + when: ansible_os_family == "Debian" + +- import_tasks: setup-redhat.yml + when: ansible_os_family == "RedHat" + +- import_tasks: setup-suse.yml + when: ansible_os_family == "Suse" diff --git a/tasks/plus/install-plus-bsd.yml b/tasks/plus/install-plus-bsd.yml index bc78b64..a85eb66 100644 --- a/tasks/plus/install-plus-bsd.yml +++ b/tasks/plus/install-plus-bsd.yml @@ -1,30 +1,9 @@ --- -- name: "(Install: FreeBSD)" - block: +- import_tasks: setup-bsd.yml + when: ansible_os_family == "FreeBSD" - - name: "(Install: FreeBSD) Add NGINX Plus Repository" - blockinfile: - path: /etc/pkg/nginx-plus.conf - create: yes - block: | - nginx-plus: { - URL: pkg+https://plus-pkgs.nginx.com/freebsd/${ABI}/latest - ENABLED: yes - MIRROR_TYPE: SRV - } - - - name: "(Install: FreeBSD) Verify NGINX Plus License" - blockinfile: - path: /usr/local/etc/pkg.conf - block: | - PKG_ENV: { SSL_NO_VERIFY_PEER: "1", - SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt", - SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" } - - - name: "(Install: FreeBSD) Install nginx-plus{{ nginx_version | default('') }}" - pkgng: - name: "nginx-plus{{ nginx_version | default('') }}" - state: "{{ nginx_state }}" - notify: "(Handler: All OSs) Start NGINX" - - when: ansible_system == "FreeBSD" +- name: "(Install: FreeBSD) Install NGINX Plus" + pkgng: + name: "nginx-plus{{ nginx_version | default('') }}" + state: "{{ nginx_state }}" + notify: "(Handler: All OSs) Start NGINX" diff --git a/tasks/plus/install-plus-linux.yml b/tasks/plus/install-plus-linux.yml index 413cbfd..f2cb686 100644 --- a/tasks/plus/install-plus-linux.yml +++ b/tasks/plus/install-plus-linux.yml @@ -1,4 +1,7 @@ --- +- import_tasks: setup-alpine.yml + when: ansible_os_family == "Alpine" + - import_tasks: setup-debian.yml when: ansible_os_family == "Debian" @@ -8,9 +11,6 @@ - import_tasks: setup-suse.yml when: ansible_os_family == "Suse" -- import_tasks: setup-alpine.yml - when: ansible_os_family == "Alpine" - - name: "(Install: Linux) Install NGINX Plus" package: name: "nginx-plus{{ nginx_version | default('') }}" diff --git a/tasks/plus/setup-alpine.yml b/tasks/plus/setup-alpine.yml index 0f3a2eb..3bdc336 100644 --- a/tasks/plus/setup-alpine.yml +++ b/tasks/plus/setup-alpine.yml @@ -1,6 +1,7 @@ --- -- name: "(Install: Alpine Linux) Add NGINX Plus Repository" +- name: "(Setup: Alpine Linux) Setup NGINX Plus Repository" lineinfile: path: /etc/apk/repositories insertafter: EOF line: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main" + state: "{{ nginx_license_status | default ('present') }}" diff --git a/tasks/plus/setup-bsd.yml b/tasks/plus/setup-bsd.yml new file mode 100644 index 0000000..d28375a --- /dev/null +++ b/tasks/plus/setup-bsd.yml @@ -0,0 +1,21 @@ +--- +- name: "(Setup: FreeBSD) Setup NGINX Plus Repository" + blockinfile: + path: /etc/pkg/nginx-plus.conf + create: yes + block: | + nginx-plus: { + URL: pkg+https://plus-pkgs.nginx.com/freebsd/${ABI}/latest + ENABLED: yes + MIRROR_TYPE: SRV + } + state: "{{ nginx_license_status | default ('present') }}" + +- name: "(Setup: FreeBSD) Setup NGINX Plus License" + blockinfile: + path: /usr/local/etc/pkg.conf + block: | + PKG_ENV: { SSL_NO_VERIFY_PEER: "1", + SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt", + SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" } + state: "{{ nginx_license_status | default ('present') }}" diff --git a/tasks/plus/setup-debian.yml b/tasks/plus/setup-debian.yml index 3c57ec6..e1e1db7 100644 --- a/tasks/plus/setup-debian.yml +++ b/tasks/plus/setup-debian.yml @@ -1,11 +1,12 @@ --- -- name: "(Install: Debian/Ubuntu) Add NGINX Plus Repository" +- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus Repository" apt_repository: repo: deb https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus filename: nginx-plus update_cache: no + state: "{{ nginx_license_status | default ('present') }}" -- name: "(Install: Debian/Ubuntu) Verify NGINX Plus License" +- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus License" blockinfile: path: /etc/apt/apt.conf.d/90nginx create: yes @@ -14,7 +15,8 @@ Acquire::https::plus-pkgs.nginx.com::Verify-Host "true"; Acquire::https::plus-pkgs.nginx.com::SslCert "/etc/ssl/nginx/nginx-repo.crt"; Acquire::https::plus-pkgs.nginx.com::SslKey "/etc/ssl/nginx/nginx-repo.key"; + state: "{{ nginx_license_status | default ('present') }}" -- name: "(Install: Debian/Ubuntu) Update APT Cache" +- name: "(Setup: Debian/Ubuntu) Update APT Cache" apt: update_cache: yes diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml index 496945b..851014e 100644 --- a/tasks/plus/setup-license.yml +++ b/tasks/plus/setup-license.yml @@ -1,13 +1,13 @@ --- -- name: "(All OSs) Setup NGINX Plus License" +- name: "(Setup: All OSs Besides Alpine Linux) Setup NGINX Plus License" block: - - name: "(All OSs) Create SSL Directory" + - name: "(Setup: All OSs Besides Alpine Linux) Create SSL Directory" file: path: /etc/ssl/nginx state: directory - - name: "(All OSs) Copy NGINX Plus Certificate and License Key" + - name: "(Setup: All OSs Besides Alpine Linux) Copy NGINX Plus Certificate and License Key" copy: src: "{{ item }}" dest: /etc/ssl/nginx @@ -18,21 +18,21 @@ when: ansible_distribution != "Alpine" -- name: "(Alpine Linux) Setup NGINX Plus License" +- name: "(Setup: Alpine Linux) Setup NGINX Plus License" block: - - name: "(Alpine Linux) Create APK Directory" + - name: "(Setup: Alpine Linux) Create APK Directory" file: path: /etc/apk state: directory - - name: "(Alpine Linux) Copy NGINX Plus Key" + - name: "(Setup: Alpine Linux) Copy NGINX Plus Key" copy: src: "{{ nginx_license.key }}" dest: /etc/apk/cert.key decrypt: yes - - name: "(Alpine Linux) Copy NGINX Plus Certificate" + - name: "(Setup: Alpine Linux) Copy NGINX Plus Certificate" copy: src: "{{ nginx_license.certificate }}" dest: /etc/apk/cert.pem diff --git a/tasks/plus/setup-redhat.yml b/tasks/plus/setup-redhat.yml index e3a2d87..e2ccca0 100644 --- a/tasks/plus/setup-redhat.yml +++ b/tasks/plus/setup-redhat.yml @@ -1,5 +1,5 @@ --- -- name: "(Install: CentOS/RedHat/Oracle Linux) Add NGINX Plus Repository" +- name: "(Setup: CentOS/RedHat/Oracle Linux) Setup NGINX Plus Repository" yum_repository: name: nginx-plus baseurl: >- @@ -10,9 +10,10 @@ sslclientkey: /etc/ssl/nginx/nginx-repo.key enabled: yes gpgcheck: yes + state: "{{ nginx_license_status | default ('present') }}" when: ansible_distribution != "Amazon" -- name: "(Install: Amazon Linux) Add NGINX Plus Repository" +- name: "(Setup: Amazon Linux) Setup NGINX Plus Repository" yum_repository: name: nginx-plus baseurl: >- @@ -23,4 +24,5 @@ sslclientkey: /etc/ssl/nginx/nginx-repo.key enabled: yes gpgcheck: yes + state: "{{ nginx_license_status | default ('present') }}" when: ansible_distribution == "Amazon" diff --git a/tasks/plus/setup-suse.yml b/tasks/plus/setup-suse.yml index f694e10..be92564 100644 --- a/tasks/plus/setup-suse.yml +++ b/tasks/plus/setup-suse.yml @@ -1,10 +1,11 @@ --- -- name: "(Install: SUSE) Combine NGINX Plus Certificate and License Keys" +- name: "(Setup: SUSE) Setup NGINX Plus Certificate and License Keys" assemble: src: /etc/ssl/nginx dest: /etc/ssl/nginx/nginx-repo-bundle.crt -- name: "(Install: SUSE) Add NGINX Plus Repository" +- name: "(Setup: SUSE) Setup NGINX Plus Repository" zypper_repository: name: nginx-plus repo: "https://plus-pkgs.nginx.com/sles/{{ ansible_distribution_major_version }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host" + state: "{{ nginx_license_status | default ('present') }}"