Fix NGINX Plus license removal option (#340)

This commit is contained in:
Alessandro Fael Garcia 2020-11-05 15:37:40 +01:00 committed by GitHub
parent ab76f7a797
commit 3fb69de2b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 38 additions and 38 deletions

View File

@ -7,12 +7,16 @@ ENHANCEMENTS:
* Add survey to README. * Add survey to README.
* Improve README structure and use tables where relevant. * Improve README structure and use tables where relevant.
* Update Ansible (now Ansible base) to `2.10.2`, Ansible (now Ansible Community Distribution) to `2.10.0`, and yamllint to `1.25.0`. * Update Ansible (now Ansible base) to `2.10.2`, Ansible (now Ansible Community Distribution) to `2.10.0`, and yamllint to `1.25.0`.
* Optimize NGINX Plus install/remove tasks.
BUG FIXES: BUG FIXES:
* Prevent TravisCI from trying to build (and failing) NGINX Plus images on external PRs. * Prevent TravisCI from trying to build (and failing) NGINX Plus images on external PRs.
* Fix naming for SELinux facts dict. * Fix naming for SELinux facts dictionary.
* Role now runs correctly when using Ansible's check mode. * Role now runs correctly when using Ansible's check mode.
* Removing the NGINX Plus license in RHEL based distros should no longer return a repository not found error.
* Fix issue when removing NGINX Plus license on some distributions.
* Fix Amazon Linux NGINX Plus install while at it.
## 0.17.2 (September 24, 2020) ## 0.17.2 (September 24, 2020)

View File

@ -38,7 +38,7 @@
tags: nginx_setup_license tags: nginx_setup_license
- name: Install NGINX Plus - name: Install NGINX Plus
include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml" include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml"
when: nginx_type == "plus" when: nginx_type == "plus"
tags: nginx_install_plus tags: nginx_install_plus

View File

@ -1,15 +1,16 @@
--- ---
- name: (Alpine Linux) Configure NGINX Plus repository - name: (Alpine Linux) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository
lineinfile: lineinfile:
path: /etc/apk/repositories path: /etc/apk/repositories
insertafter: EOF insertafter: EOF
line: "{{ repository }}" line: "{{ nginx_repository | default(nginx_plus_default_repository_alpine) }}"
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default ('present') }}"
- name: (Alpine Linux) Install NGINX Plus - name: (Alpine Linux) Install NGINX Plus
apk: apk:
name: "nginx-plus{{ nginx_version | default('') }}" name: "nginx-plus{{ nginx_version | default('') }}"
repository: "{{ repository }}" repository: "{{ nginx_repository | default(nginx_plus_default_repository_alpine) }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: "{{ ansible_check_mode }}"
when: nginx_license_status is not defined
notify: (Handler) Run NGINX notify: (Handler) Run NGINX

View File

@ -1,5 +1,5 @@
--- ---
- name: (Debian/Ubuntu) Set up NGINX Plus license verification - name: (Debian/Ubuntu) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus license verification
blockinfile: blockinfile:
path: /etc/apt/apt.conf.d/90nginx path: /etc/apt/apt.conf.d/90nginx
create: yes create: yes
@ -11,10 +11,10 @@
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default ('present') }}"
mode: 0444 mode: 0444
- name: (Debian/Ubuntu) Configure NGINX Plus repository - name: (Debian/Ubuntu) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository
apt_repository: apt_repository:
filename: nginx-plus filename: nginx-plus
repo: "{{ repository }}" repo: "{{ nginx_repository | default(nginx_plus_default_repository_debian) }}"
update_cache: no update_cache: no
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default ('present') }}"
mode: 0644 mode: 0644
@ -25,4 +25,5 @@
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
update_cache: yes update_cache: yes
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: "{{ ansible_check_mode }}"
when: nginx_license_status is not defined
notify: (Handler) Run NGINX notify: (Handler) Run NGINX

View File

@ -1,5 +1,5 @@
--- ---
- name: (FreeBSD) Set up NGINX Plus license verification - name: (FreeBSD) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus license verification
blockinfile: blockinfile:
path: /usr/local/etc/pkg.conf path: /usr/local/etc/pkg.conf
block: | block: |
@ -8,13 +8,13 @@
SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" } SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" }
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default ('present') }}"
- name: (FreeBSD) Configure NGINX Plus repository - name: (FreeBSD) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository
blockinfile: blockinfile:
path: /etc/pkg/nginx-plus.conf path: /etc/pkg/nginx-plus.conf
create: yes create: yes
block: | block: |
nginx-plus: { nginx-plus: {
URL: {{ repository }} URL: {{ nginx_repository | default(nginx_plus_default_repository_freebsd) }}
ENABLED: yes ENABLED: yes
MIRROR_TYPE: SRV MIRROR_TYPE: SRV
} }
@ -25,4 +25,5 @@
pkgng: pkgng:
name: "nginx-plus{{ nginx_version | default('') }}" name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
when: nginx_license_status is not defined
notify: (Handler) Run NGINX notify: (Handler) Run NGINX

View File

@ -1,8 +0,0 @@
---
- name: Set NGINX Plus repository
set_fact:
repository: "{{ nginx_repository |
default(nginx_plus_default_repository[(ansible_facts['distribution'] == 'Amazon') | ternary('amazon', ansible_facts['os_family'] | lower)]) }}"
- name: Install NGINX from repository
include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml"

View File

@ -1,8 +1,9 @@
--- ---
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Configure NGINX Plus repository - name: (Amazon Linux/CentOS/Oracle Linux/RHEL) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository
yum_repository: yum_repository:
name: nginx-plus name: nginx-plus
baseurl: "{{ repository }}" baseurl: "{{ nginx_repository |
default(lookup('vars', 'nginx_plus_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) }}"
description: NGINX Plus Repository description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt sslclientcert: /etc/ssl/nginx/nginx-repo.crt
sslclientkey: /etc/ssl/nginx/nginx-repo.key sslclientkey: /etc/ssl/nginx/nginx-repo.key
@ -15,8 +16,7 @@
yum: yum:
name: "nginx-plus{{ nginx_version | default('') }}" name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
disablerepo: "*"
enablerepo: "nginx-plus"
update_cache: yes update_cache: yes
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: "{{ ansible_check_mode }}"
when: nginx_license_status is not defined
notify: (Handler) Run NGINX notify: (Handler) Run NGINX

View File

@ -4,11 +4,12 @@
src: /etc/ssl/nginx src: /etc/ssl/nginx
dest: /etc/ssl/nginx/nginx-repo-bundle.crt dest: /etc/ssl/nginx/nginx-repo-bundle.crt
mode: 0444 mode: 0444
when: nginx_license_status is not defined
- name: (SLES) Configure NGINX Plus repository - name: (SLES) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository
zypper_repository: zypper_repository:
name: nginx-plus name: nginx-plus
repo: "{{ repository }}" repo: "{{ nginx_repository | default(nginx_plus_default_repository_sles) }}"
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default ('present') }}"
- name: (SLES) Install NGINX Plus - name: (SLES) Install NGINX Plus
@ -17,4 +18,5 @@
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
update_cache: yes update_cache: yes
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: "{{ ansible_check_mode }}"
when: nginx_license_status is not defined
notify: (Handler) Run NGINX notify: (Handler) Run NGINX

View File

@ -1,5 +1,5 @@
--- ---
- name: Set NGINX Plus license state - name: Set NGINX Plus license state to absent
set_fact: set_fact:
nginx_license_status: absent nginx_license_status: absent
@ -18,5 +18,5 @@
- /etc/apk/cert.pem - /etc/apk/cert.pem
when: ansible_facts['distribution'] == "Alpine" when: ansible_facts['distribution'] == "Alpine"
- name: Delete NGINX Plus repository data - name: Remove NGINX Plus repository data
include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml" include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml"

View File

@ -33,16 +33,15 @@ nginx_default_repository:
| ternary('mainline/', '') }}sles/{{ ansible_facts['distribution_major_version'] }}" | ternary('mainline/', '') }}sles/{{ ansible_facts['distribution_major_version'] }}"
# Default NGINX Plus repositories # Default NGINX Plus repositories
nginx_plus_default_repository: nginx_plus_default_repository_alpine: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
alpine: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main" nginx_plus_default_repository_amazon: "https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch"
amazon: "https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch" nginx_plus_default_repository_debian: "deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus"
debian: "deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus" nginx_plus_default_repository_freebsd: "https://plus-pkgs.nginx.com/freebsd/${ABI}/latest"
freebsd: "https://plus-pkgs.nginx.com/freebsd/${ABI}/latest" nginx_plus_default_repository_redhat: "https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == 'CentOS')
redhat: "https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == 'CentOS') | ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
| ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=') and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/"
and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/" nginx_plus_default_repository_sles: "https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}\
suse: "https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}\ ?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=peer"
?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host"
# Alpine dependencies # Alpine dependencies
nginx_alpine_dependencies: [ nginx_alpine_dependencies: [