Add custom logrotate config (#251)

2020-05-20 01:21:08 +04:30 · 2020-05-20 01:21:08 +04:30 · 3db516413e
commit 3db516413e
parent 5a7731735b
6 changed files with 147 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -362,6 +362,60 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
 ```


+This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and changes logs permission with custom logrotate config.
+
+```yaml
+---
+- hosts: localhost
+  become: true
+  roles:
+    - role: nginxinc.nginx
+  vars:
+    nginx_http_template_enable: true
+    nginx_http_template:
+      default:
+        template_file: http/default.conf.j2
+        conf_file_name: default.conf
+        conf_file_location: /etc/nginx/conf.d/
+        servers:
+          server1:
+            listen:
+              listen_localhost:
+                # ip: 0.0.0.0
+                port: 80
+            server_name: localhost
+            error_page: /usr/share/nginx/html
+            access_log:
+              - name: main
+                location: /var/log/nginx/access.log
+            error_log:
+              location: /var/log/nginx/error.log
+              level: warn
+            autoindex: false
+            web_server:
+              locations:
+                default:
+                  location: /
+                  html_file_location: /usr/share/nginx/html
+                  html_file_name: index.html
+                  autoindex: false
+              http_demo_conf: false
+    nginx_logrotate_conf_enable: true
+    nginx_logrotate_conf:
+      paths:
+        - "/var/log/nginx/*.log"
+      options:
+        - daily
+        - missingok
+        - rotate 14
+        - compress
+        - delaycompress
+        - notifempty
+        - create 0644 www-data adm # Changes nginx logs permissions
+        - sharedscripts
+```
+
+
 This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and installing NGINX Plus.

 ```yaml
--- a/defaults/main/logrotate.yml
+++ b/defaults/main/logrotate.yml
@ -0,0 +1,15 @@
+---
+# Create custom logrotate config
+nginx_logrotate_conf_enable: false
+nginx_logrotate_conf:
+  paths:
+    - "/var/log/nginx/*.log"
+  options:
+    - daily
+    - missingok
+    - rotate 14
+    - compress
+    - delaycompress
+    - notifempty
+    - create 0644 www-data adm  # Changes nginx logs permissions
+    - sharedscripts
--- a/molecule/common/playbook_template.yml
+++ b/molecule/common/playbook_template.yml
@ -351,3 +351,16 @@
                port: 8091
                weight: 1
                health_check: max_fails=1 fail_timeout=10s
+
+    nginx_logrotate_conf_enable: true
+    nginx_logrotate_conf:
+      paths:
+        - "/var/log/nginx/*.log"
+      options:
+        - daily
+        - missingok
+        - rotate 14
+        - compress
+        - delaycompress
+        - notifempty
+        - sharedscripts
--- a/tasks/conf/logrotate.yml
+++ b/tasks/conf/logrotate.yml
@ -0,0 +1,41 @@
+---
+- name: "(Config: Alpine) Install Logrotate"
+  apk:
+    name: logrotate
+  when: ansible_os_family == "Alpine"
+
+- name: "(Config: Ubuntu/Debian) Install Logrotate"
+  apt:
+    name: logrotate
+    state: present
+  when: ansible_os_family == "Debian"
+
+- name: "(Config: CentOS/RedHat) Install Logrotate"
+  yum:
+    name: logrotate
+    state: present
+  when: ansible_os_family == "RedHat"
+
+- name: "(Config: SUSE) Add Logrotate Repo"
+  zypper_repository:
+    repo: https://download.opensuse.org/repositories/openSUSE:Leap:42.1/standard/openSUSE:Leap:42.1.repo
+  when: ansible_os_family == "Suse"
+
+- name: "(Config: SUSE) Install Logrotate"
+  zypper:
+    name: logrotate
+    state: present
+  when: ansible_os_family == "Suse"
+
+- name: "(Config: All OSs) Create Logrotate Config"
+  template:
+    src: "logrotate/nginx.j2"
+    dest: "/etc/logrotate.d/nginx"
+  register: nginx_logrotate_result
+
+- name: "(Config: All OSs) Ensure NGINX is Running"
+  meta: flush_handlers
+
+- name: "(Config: All OSs) Run Logrotate"
+  command: logrotate -f /etc/logrotate.d/nginx
+  changed_when: nginx_logrotate_result.changed
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -83,3 +83,7 @@
 - import_tasks: unit/install-unit.yml
  when: nginx_unit_enable | bool
  tags: nginx_install_unit
+
+- import_tasks: conf/logrotate.yml
+  when: nginx_logrotate_conf_enable | bool
+  tags: nginx_logrotate_config
--- a/templates/logrotate/nginx.j2
+++ b/templates/logrotate/nginx.j2
@ -0,0 +1,20 @@
+{% for path in nginx_logrotate_conf.paths %}
+{{ path }}
+{% endfor %}
+{
+{% for option in nginx_logrotate_conf.options %}
+    {{ option }}
+{% endfor %}
+    prerotate
+        if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
+            run-parts /etc/logrotate.d/httpd-prerotate; \
+        fi \
+    endscript
+    postrotate
+{% if ansible_os_family == "Debian" %}
+        invoke-rc.d nginx rotate >/dev/null 2>&1
+{% else %}
+        nginx -s reopen
+{% endif %}
+    endscript
+}