diff --git a/.gitignore b/.gitignore index 921df63..fe44eb5 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ ############################ *.crt *.key +__pycache__ diff --git a/.travis.yml b/.travis.yml index e8eb31a..0234618 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,215 +1,13 @@ --- sudo: required +language: python services: - docker -matrix: - include: - - env: - distribution: centos - version: 6 - playbook: basic - - env: - distribution: centos - version: 6 - playbook: http-template - - env: - distribution: centos - version: 6 - playbook: modules - - env: - distribution: centos - version: 6 - playbook: push - - env: - distribution: centos - version: 6 - playbook: stable - - env: - distribution: centos - version: 6 - playbook: stream-template - - env: - distribution: centos - version: 6 - playbook: unit - - env: - distribution: centos - version: 7 - playbook: basic - - env: - distribution: centos - version: 7 - playbook: http-template - - env: - distribution: centos - version: 7 - playbook: modules - - env: - distribution: centos - version: 7 - playbook: push - - env: - distribution: centos - version: 7 - playbook: stable - - env: - distribution: centos - version: 7 - playbook: stream-template - - env: - distribution: centos - version: 7 - playbook: unit - - env: - distribution: debian - version: jessie - playbook: basic - - env: - distribution: debian - version: jessie - playbook: http-template - - env: - distribution: debian - version: jessie - playbook: modules - - env: - distribution: debian - version: jessie - playbook: push - - env: - distribution: debian - version: jessie - playbook: stable - - env: - distribution: debian - version: jessie - playbook: stream-template - - env: - distribution: debian - version: jessie - playbook: unit - - env: - distribution: debian - version: stretch - playbook: basic - - env: - distribution: debian - version: stretch - playbook: http-template - - env: - distribution: debian - version: stretch - playbook: modules - - env: - distribution: debian - version: stretch - playbook: push - - env: - distribution: debian - version: stretch - playbook: stable - - env: - distribution: debian - version: stretch - playbook: stream-template - - env: - distribution: debian - version: stretch - playbook: unit - - env: - distribution: ubuntu - version: trusty - playbook: basic - - env: - distribution: ubuntu - version: trusty - playbook: http-template - - env: - distribution: ubuntu - version: trusty - playbook: modules - - env: - distribution: ubuntu - version: trusty - playbook: push - - env: - distribution: ubuntu - version: trusty - playbook: stable - - env: - distribution: ubuntu - version: trusty - playbook: stream-template - - env: - distribution: ubuntu - version: xenial - playbook: basic - - env: - distribution: ubuntu - version: xenial - playbook: http-template - - env: - distribution: ubuntu - version: xenial - playbook: modules - - env: - distribution: ubuntu - version: xenial - playbook: push - - env: - distribution: ubuntu - version: xenial - playbook: stable - - env: - distribution: ubuntu - version: xenial - playbook: stream-template - - env: - distribution: ubuntu - version: xenial - playbook: unit - - env: - distribution: ubuntu - version: bionic - playbook: basic - - env: - distribution: ubuntu - version: bionic - playbook: http-template - - env: - distribution: ubuntu - version: bionic - playbook: modules - - env: - distribution: ubuntu - version: bionic - playbook: push - - env: - distribution: ubuntu - version: bionic - playbook: stable - - env: - distribution: ubuntu - version: bionic - playbook: stream-template - - env: - distribution: ubuntu - version: bionic - playbook: unit before_install: - - 'sudo docker pull ${distribution}:${version}' - - 'sudo docker build --no-cache --rm --file=tests/dockerfiles/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + - sudo apt-get -qq update +install: + - pip install molecule[docker] script: - - container_id=$(mktemp) - - 'sudo docker run --detach --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro --volume="${PWD}":/etc/ansible/roles/ansible-role-nginx:ro ${distribution}-${version}:ansible > "${container_id}"' - - 'sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/ansible-role-nginx/tests/playbooks/nginx-${playbook}.yml --syntax-check' - - 'sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/ansible-role-nginx/tests/playbooks/nginx-${playbook}.yml' - - > - sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/ansible-role-nginx/tests/playbooks/nginx-${playbook}.yml - | grep -q 'changed=0.*failed=0' - && (echo 'Idempotence test: pass' && exit 0) - || (echo 'Idempotence test: fail' && exit 1) - - 'if [${playbook} != "unit"]; then sudo docker exec "$(cat ${container_id})" curl http://localhost/; fi' - - 'sudo docker rm -f "$(cat ${container_id})"' + - molecule test --all notifications: webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..e8f0190 --- /dev/null +++ b/.yamllint @@ -0,0 +1,13 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + comments: disable + comments-indentation: disable + line-length: disable + truthy: disable diff --git a/handlers/main.yml b/handlers/main.yml index 35aa4d0..a8148d2 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -13,26 +13,26 @@ name: nginx state: reloaded - - name: "(Handler: All OSs) Start NGINX Amplify Agent" - service: - name: amplify-agent - state: started - - - name: "(Handler: All OSs) Start NGINX Controller Agent" - service: - name: controller-agent - state: started - - - name: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit" - service: - name: unit - state: started - enabled: yes - - - name: "(Handler: FreeBSD) Start NGINX Unit" - service: - name: unitd - state: started - enabled: yes - when: nginx_start | bool + +- name: "(Handler: All OSs) Start NGINX Amplify Agent" + service: + name: amplify-agent + state: started + +- name: "(Handler: All OSs) Start NGINX Controller Agent" + service: + name: controller-agent + state: started + +- name: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit" + service: + name: unit + state: started + enabled: yes + +- name: "(Handler: FreeBSD) Start NGINX Unit" + service: + name: unitd + state: started + enabled: yes diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 new file mode 100644 index 0000000..b3519e9 --- /dev/null +++ b/molecule/default/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y curl python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y epel-release python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..19423c1 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,30 @@ +--- +driver: + name: docker +lint: + name: yamllint +platforms: + - name: centos-6 + image: centos:6 + - name: centos-7 + image: centos/systemd + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: debian-jessie + image: debian:jessie + - name: debian-stretch + image: debian:stretch + - name: ubuntu-xenial + image: ubuntu:xenial + - name: ubuntu-bionic + image: ubuntu:bionic +provisioner: + name: ansible + lint: + name: ansible-lint +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml new file mode 100644 index 0000000..aa4b937 --- /dev/null +++ b/molecule/default/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: ansible-role-nginx diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py new file mode 100644 index 0000000..8d12025 --- /dev/null +++ b/molecule/default/tests/test_default.py @@ -0,0 +1,30 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_nginx_is_installed(host): + ngx = host.package("nginx") + assert ngx.is_installed + + +def test_nginx_running_and_enabled(host): + ngx = host.service("nginx") + assert ngx.is_running + assert ngx.is_enabled + + +def test_hosts_file(host): + ngx = host.file('/etc/hosts') + assert ngx.exists + assert ngx.user == 'root' + assert ngx.group == 'root' + + +def test_endpoint(host): + command = """curl -I http://localhost/""" + cmd = host.run(command) + assert '200 OK' in cmd.stdout diff --git a/molecule/stable_push/Dockerfile.j2 b/molecule/stable_push/Dockerfile.j2 new file mode 100644 index 0000000..b3519e9 --- /dev/null +++ b/molecule/stable_push/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y curl python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y epel-release python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/tests/files/http/default.conf b/molecule/stable_push/files/http/default.conf old mode 100644 new mode 100755 similarity index 97% rename from tests/files/http/default.conf rename to molecule/stable_push/files/http/default.conf index cb80625..4559b82 --- a/tests/files/http/default.conf +++ b/molecule/stable_push/files/http/default.conf @@ -1,5 +1,5 @@ server { - listen 8080; + listen 80; server_name localhost; #charset koi8-r; diff --git a/tests/files/nginx.conf b/molecule/stable_push/files/nginx.conf old mode 100644 new mode 100755 similarity index 100% rename from tests/files/nginx.conf rename to molecule/stable_push/files/nginx.conf diff --git a/molecule/stable_push/molecule.yml b/molecule/stable_push/molecule.yml new file mode 100644 index 0000000..1433456 --- /dev/null +++ b/molecule/stable_push/molecule.yml @@ -0,0 +1,33 @@ +--- +dependency: + name: shell + command: pip install python-nginx +driver: + name: docker +lint: + name: yamllint +platforms: + - name: centos-6 + image: centos:6 + - name: centos-7 + image: centos/systemd + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: debian-jessie + image: debian:jessie + - name: debian-stretch + image: debian:stretch + - name: ubuntu-xenial + image: ubuntu:xenial + - name: ubuntu-bionic + image: ubuntu:bionic +provisioner: + name: ansible + lint: + name: ansible-lint +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/stable_push/playbook.yml b/molecule/stable_push/playbook.yml new file mode 100644 index 0000000..3b92b12 --- /dev/null +++ b/molecule/stable_push/playbook.yml @@ -0,0 +1,11 @@ +--- +- name: Converge + hosts: all + roles: + - role: ansible-role-nginx + vars: + nginx_branch: stable + nginx_main_upload_enable: true + nginx_main_upload_src: files/nginx.conf + nginx_http_upload_enable: true + nginx_http_upload_src: files/http/*.conf diff --git a/molecule/stable_push/tests/test_default.py b/molecule/stable_push/tests/test_default.py new file mode 100644 index 0000000..a41e9e0 --- /dev/null +++ b/molecule/stable_push/tests/test_default.py @@ -0,0 +1,41 @@ +import nginx +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') # noqa E501 + + +def test_nginx_is_installed(host): + ngx = host.package("nginx") + assert ngx.is_installed + + +def test_nginx_running_and_enabled(host): + ngx = host.service("nginx") + assert ngx.is_running + assert ngx.is_enabled + + +def test_hosts_file(host): + ngx = host.file('/etc/hosts') + assert ngx.exists + assert ngx.user == 'root' + assert ngx.group == 'root' + + +def test_endpoint(host): + command = """curl -I http://localhost/""" + cmd = host.run(command) + assert '200 OK' in cmd.stdout + + +def test_generated_files(host): + assert host.file('/etc/nginx/conf.d/default.conf').exists + + +def test_default_server(host): + f = host.file('/etc/nginx/conf.d/default.conf') + c = nginx.loads(f.content_string) + lf = c.server.filter('Location', '/') + assert len(lf) == 1 diff --git a/molecule/template_module/Dockerfile.j2 b/molecule/template_module/Dockerfile.j2 new file mode 100644 index 0000000..b3519e9 --- /dev/null +++ b/molecule/template_module/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y curl python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y epel-release python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/template_module/molecule.yml b/molecule/template_module/molecule.yml new file mode 100644 index 0000000..1433456 --- /dev/null +++ b/molecule/template_module/molecule.yml @@ -0,0 +1,33 @@ +--- +dependency: + name: shell + command: pip install python-nginx +driver: + name: docker +lint: + name: yamllint +platforms: + - name: centos-6 + image: centos:6 + - name: centos-7 + image: centos/systemd + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: debian-jessie + image: debian:jessie + - name: debian-stretch + image: debian:stretch + - name: ubuntu-xenial + image: ubuntu:xenial + - name: ubuntu-bionic + image: ubuntu:bionic +provisioner: + name: ansible + lint: + name: ansible-lint +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/template_module/playbook.yml b/molecule/template_module/playbook.yml new file mode 100644 index 0000000..fc6380b --- /dev/null +++ b/molecule/template_module/playbook.yml @@ -0,0 +1,270 @@ +--- +- name: Converge + hosts: all + roles: + - role: ansible-role-nginx + vars: + nginx_debug_output: true + + nginx_main_template_enable: true + nginx_main_template: + template_file: nginx.conf.j2 + conf_file_name: nginx.conf + conf_file_location: /etc/nginx/ + user: nginx + worker_processes: auto + error_level: warn + worker_connections: 1024 + http_enable: true + http_settings: + keepalive_timeout: 65 + cache: false + rate_limit: false + keyval: false + stream_enable: true + http_global_autoindex: false + + nginx_http_template_enable: true + nginx_http_template: + app: + template_file: http/default.conf.j2 + conf_file_name: default.conf + conf_file_location: /etc/nginx/conf.d/ + listen: + listen_localhost: + ip: 0.0.0.0 + port: 80 + opts: + - default_server + server_name: localhost + error_page: /usr/share/nginx/html + client_max_body_size: 512k + proxy_hide_headers: + - X-Powered-By + add_headers: + strict_transport_security: + name: Strict-Transport-Security + value: max-age=15768000; includeSubDomains + always: true + reverse_proxy: + proxy_cache_path: + - path: /var/cache/nginx/proxy/frontend + keys_zone: + name: frontend_proxy_cache + size: 5m + levels: "1:2" + max_size: 5g + inactive: 30m + use_temp_path: true + - path: /var/cache/nginx/proxy/backend + keys_zone: + name: backend_proxy_cache + size: 10m + levels: "1:2" + max_size: 10g + inactive: 60m + use_temp_path: true + proxy_temp_path: + path: /var/cache/nginx/proxy/temp + proxy_cache_lock: true + proxy_cache_min_uses: 5 + proxy_cache_revalidate: true + proxy_cache_use_stale: + - error + - timeout + proxy_ignore_headers: + - Expires + locations: + frontend: + location: / + proxy_hide_headers: + - X-Powered-By + add_headers: + strict_transport_security: + name: Strict-Transport-Security + value: max-age=15768000; includeSubDomains + always: true + another_header: + name: Fancy-New-Header-To-Test + value: testing=true + always: false + proxy_pass: http://frontend_servers/ + proxy_cache: frontend_proxy_cache + proxy_temp_path: + path: /var/cache/nginx/proxy/frontend/temp + proxy_cache_lock: false + proxy_cache_min_uses: 3 + proxy_cache_revalidate: false + proxy_cache_use_stale: + - http_403 + - http_404 + proxy_ignore_headers: + - Vary + - Cache-Control + proxy_redirect: false + proxy_set_header: + header_host: + name: Host + value: $host + header_x_real_ip: + name: X-Real-IP + value: $remote_addr + header_x_forwarded_for: + name: X-Forwarded-For + value: $proxy_add_x_forwarded_for + header_x_forwarded_proto: + name: X-Forwarded-Proto + value: $scheme + proxy_buffering: false + client_max_body_size: 5m + backend: + location: /backend + proxy_pass: http://backend_servers/ + proxy_cache: backend_proxy_cache + proxy_temp_path: + path: /var/cache/nginx/proxy/backend/temp + proxy_cache_lock: true + proxy_cache_min_uses: 2 + proxy_cache_revalidate: true + proxy_cache_use_stale: + - http_500 + - http_502 + - http_503 + proxy_redirect: default + proxy_set_header: + header_host: + name: Host + value: $host + header_x_real_ip: + name: X-Real-IP + value: $remote_addr + header_x_forwarded_for: + name: X-Forwarded-For + value: $proxy_add_x_forwarded_for + header_x_forwarded_proto: + name: X-Forwarded-Proto + value: $scheme + proxy_cookie_path: + path: /web/ + replacement: / + upstreams: + frontend_upstream: + name: frontend_servers + lb_method: least_conn + zone_name: frontend_mem_zone + zone_size: 64k + sticky_cookie: false + servers: + frontend_server_1: + address: 0.0.0.0 + port: 8081 + weight: 1 + health_check: max_fails=3 fail_timeout=5s + backend_upstream: + name: backend_servers + lb_method: least_conn + zone_name: backend_mem_zone + zone_size: 64k + sticky_cookie: false + servers: + backend_server_1: + address: 0.0.0.0 + port: 8082 + weight: 1 + health_check: max_fails=3 fail_timeout=5s + returns: + return301: + location: ^~ /old-path + code: 301 + value: http://$host/new-path + frontend: + template_file: http/default.conf.j2 + conf_file_name: frontend_default.conf + conf_file_location: /etc/nginx/conf.d/ + listen: + listen_localhost: + port: 8081 + opts: [] + server_name: localhost + error_page: /usr/share/nginx/html + autoindex: false + web_server: + locations: + frontend_site: + location: / + proxy_hide_headers: + - X-Powered-By + html_file_location: /usr/share/nginx/html + html_file_name: frontend_index.html + autoindex: false + http_demo_conf: true + backend: + template_file: http/default.conf.j2 + conf_file_name: backend_default.conf + conf_file_location: /etc/nginx/conf.d/ + listen: + listen_localhost: + port: 8082 + opts: [] + server_name: localhost + error_page: /usr/share/nginx/html + autoindex: false + web_server: + locations: + backend_site: + location: / + html_file_location: /usr/share/nginx/html + html_file_name: backend_index.html + autoindex: false + http_demo_conf: true + nginx_html_demo_template_enable: true + nginx_html_demo_template: + frontend: + template_file: www/index.html.j2 + html_file_name: frontend_index.html + html_file_location: /usr/share/nginx/html + web_server_name: Frontend + backend: + template_file: www/index.html.j2 + html_file_name: backend_index.html + html_file_location: /usr/share/nginx/html + web_server_name: Backend + + nginx_stream_template_enable: true + nginx_stream_template: + default: + template_file: stream/default.conf.j2 + conf_file_name: default.conf + conf_file_location: /etc/nginx/conf.d/stream + network_streams: + app: + listen_address: 0.0.0.0 + listen_port: 8090 + udp_enable: false + proxy_pass: backend + proxy_timeout: 3s + proxy_connect_timeout: 1s + proxy_protocol: false + health_check_plus: false + upstreams: + backend_upstream: + name: backend + lb_method: least_conn + zone_name: backend + zone_size: 64k + sticky_cookie: false + servers: + backend_server_1: + address: 0.0.0.0 + port: 8091 + weight: 1 + health_check: max_fails=1 fail_timeout=10s + + nginx_modules: + njs: true + perl: true + waf: false + geoip: true + image_filter: true + rtmp: true + xslt: true diff --git a/molecule/template_module/tests/test_default.py b/molecule/template_module/tests/test_default.py new file mode 100644 index 0000000..3838cb1 --- /dev/null +++ b/molecule/template_module/tests/test_default.py @@ -0,0 +1,57 @@ +import nginx +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') # noqa E501 + + +def test_nginx_is_installed(host): + ngx = host.package("nginx") + assert ngx.is_installed + + +def test_nginx_running_and_enabled(host): + ngx = host.service("nginx") + assert ngx.is_running + assert ngx.is_enabled + + +def test_hosts_file(host): + ngx = host.file('/etc/hosts') + assert ngx.exists + assert ngx.user == 'root' + assert ngx.group == 'root' + + +def test_endpoint(host): + command = """curl -I http://localhost/""" + cmd = host.run(command) + assert '200 OK' in cmd.stdout + + +def test_generated_files(host): + assert host.file('/etc/nginx/conf.d/default.conf').exists + assert host.file('/etc/nginx/conf.d/frontend_default.conf').exists + assert host.file('/etc/nginx/conf.d/backend_default.conf').exists + + +def test_default_server(host): + f = host.file('/etc/nginx/conf.d/default.conf') + c = nginx.loads(f.content_string) + lf = c.server.filter('Location', '/') + assert len(lf) == 1 + lb = c.server.filter('Location', '/backend') + assert len(lb) == 1 + + +def test_client_max_body_size(host): + f = host.file('/etc/nginx/conf.d/default.conf') + c = nginx.loads(f.content_string) + vs = c.server.filter('Key', 'client_max_body_size') + assert len(vs) == 1 + assert vs[0].value == '512k' + lc = c.server.filter('Location', '/') + vl = lc[0].filter('Key', 'client_max_body_size') + assert len(vl) == 1 + assert vl[0].value == '5m' diff --git a/molecule/unit/Dockerfile.j2 b/molecule/unit/Dockerfile.j2 new file mode 100644 index 0000000..b3519e9 --- /dev/null +++ b/molecule/unit/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y curl python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y epel-release python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/unit/molecule.yml b/molecule/unit/molecule.yml new file mode 100644 index 0000000..49a8301 --- /dev/null +++ b/molecule/unit/molecule.yml @@ -0,0 +1,26 @@ +--- +driver: + name: docker +lint: + name: yamllint +platforms: + - name: centos-6 + image: centos:6 + - name: centos-7 + image: centos/systemd + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: debian-jessie + image: debian:jessie + - name: debian-stretch + image: debian:stretch + - name: ubuntu-xenial + image: ubuntu:xenial + - name: ubuntu-bionic + image: ubuntu:bionic +provisioner: + name: ansible + lint: + name: ansible-lint diff --git a/tests/playbooks/nginx-unit.yml b/molecule/unit/playbook.yml similarity index 59% rename from tests/playbooks/nginx-unit.yml rename to molecule/unit/playbook.yml index bedd0a6..f92f804 100644 --- a/tests/playbooks/nginx-unit.yml +++ b/molecule/unit/playbook.yml @@ -1,9 +1,8 @@ --- -- hosts: localhost - become: true - remote_user: root +- name: Converge + hosts: all roles: - - ansible-role-nginx + - role: ansible-role-nginx vars: nginx_enable: false nginx_unit_enable: true diff --git a/tasks/main.yml b/tasks/main.yml index f7ebdd9..f9e6393 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -33,9 +33,6 @@ - import_tasks: conf/cleanup-config.yml when: nginx_cleanup_config | bool - - import_tasks: modules/install-modules.yml - when: true in nginx_modules.values() - - import_tasks: conf/upload-config.yml when: nginx_main_upload_enable or nginx_http_upload_enable @@ -52,6 +49,9 @@ - import_tasks: conf/setup-status.yml when: nginx_status_enable | bool + - import_tasks: modules/install-modules.yml + when: true in nginx_modules.values() + - import_tasks: conf/debug-output.yml when: nginx_debug_output | bool diff --git a/tasks/modules/install-geoip.yml b/tasks/modules/install-geoip.yml index 89b9ca7..739fc5d 100644 --- a/tasks/modules/install-geoip.yml +++ b/tasks/modules/install-geoip.yml @@ -19,4 +19,5 @@ with_items: - load_module modules/ngx_http_geoip_module.so; - load_module modules/ngx_stream_geoip_module.so; + when: not nginx_main_template_enable notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/modules/install-image-filter.yml b/tasks/modules/install-image-filter.yml index bb4cf13..c87c832 100644 --- a/tasks/modules/install-image-filter.yml +++ b/tasks/modules/install-image-filter.yml @@ -16,4 +16,5 @@ path: /etc/nginx/nginx.conf insertbefore: BOF line: load_module modules/ngx_http_image_filter_module.so; + when: not nginx_main_template_enable notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/modules/install-modules.yml b/tasks/modules/install-modules.yml index c86f7d2..7179d6d 100644 --- a/tasks/modules/install-modules.yml +++ b/tasks/modules/install-modules.yml @@ -18,4 +18,4 @@ when: nginx_modules.xslt | default(false) - import_tasks: install-waf.yml - when: nginx_modules.waf | default(false) and nginx_type == "plus" \ No newline at end of file + when: nginx_modules.waf | default(false) and nginx_type == "plus" diff --git a/tasks/modules/install-njs.yml b/tasks/modules/install-njs.yml index 15c951a..1f92254 100644 --- a/tasks/modules/install-njs.yml +++ b/tasks/modules/install-njs.yml @@ -19,4 +19,5 @@ with_items: - load_module modules/ngx_http_js_module.so; - load_module modules/ngx_stream_js_module.so; + when: not nginx_main_template_enable notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/modules/install-perl.yml b/tasks/modules/install-perl.yml index dc47e26..e76d8ac 100644 --- a/tasks/modules/install-perl.yml +++ b/tasks/modules/install-perl.yml @@ -16,4 +16,5 @@ path: /etc/nginx/nginx.conf insertbefore: BOF line: load_module modules/ngx_http_perl_module.so; + when: not nginx_main_template_enable notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/modules/install-rtmp.yml b/tasks/modules/install-rtmp.yml index a50d987..5d1bc61 100644 --- a/tasks/modules/install-rtmp.yml +++ b/tasks/modules/install-rtmp.yml @@ -9,4 +9,5 @@ path: /etc/nginx/nginx.conf insertbefore: BOF line: load_module modules/ngx_rtmp_module.so; + when: not nginx_main_template_enable notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/modules/install-waf.yml b/tasks/modules/install-waf.yml index 650e1ea..fea2e79 100644 --- a/tasks/modules/install-waf.yml +++ b/tasks/modules/install-waf.yml @@ -9,4 +9,5 @@ path: /etc/nginx/nginx.conf insertbefore: BOF line: load_module modules/ngx_http_modsecurity_module.so; + when: not nginx_main_template_enable notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/modules/install-xslt.yml b/tasks/modules/install-xslt.yml index e383c1c..8dc5083 100644 --- a/tasks/modules/install-xslt.yml +++ b/tasks/modules/install-xslt.yml @@ -16,4 +16,5 @@ path: /etc/nginx/nginx.conf insertbefore: BOF line: load_module modules/ngx_http_xslt_filter_module.so; + when: not nginx_main_template_enable notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/plus/setup-redhat.yml b/tasks/plus/setup-redhat.yml index a37032b..e3a2d87 100644 --- a/tasks/plus/setup-redhat.yml +++ b/tasks/plus/setup-redhat.yml @@ -3,7 +3,7 @@ yum_repository: name: nginx-plus baseurl: >- - https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0) + https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0) | ternary(ansible_distribution_major_version | int, 7.4) }}/$basearch/ description: NGINX Plus Repository sslclientcert: /etc/ssl/nginx/nginx-repo.crt diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index f81ee89..00f30c0 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -1,5 +1,36 @@ {{ ansible_managed | comment }} +{% if nginx_modules.njs %} +{% if nginx_http_template_enable %} +load_module modules/ngx_http_js_module.so; +{% endif %} +{% if nginx_stream_template_enable %} +load_module modules/ngx_stream_js_module.so; +{% endif %} +{% endif %} +{% if nginx_modules.perl %} +load_module modules/ngx_http_perl_module.so; +{% endif %} +{% if nginx_modules.geoip %} +{% if nginx_http_template_enable %} +load_module modules/ngx_http_geoip_module.so; +{% endif %} +{% if nginx_stream_template_enable %} +load_module modules/ngx_stream_geoip_module.so; +{% endif %} +{% endif %} +{% if nginx_modules.image_filter %} +load_module modules/ngx_http_image_filter_module.so; +{% endif %} +{% if nginx_modules.rtmp and nginx_type == "plus" %} +load_module modules/ngx_rtmp_module.so; +{% endif %} +{% if nginx_modules.xslt %} +load_module modules/ngx_http_xslt_filter_module.so; +{% endif %} +{% if nginx_modules.waf and nginx_type == "plus" %} +load_module modules/ngx_http_modsecurity_module.so; +{% endif %} user {{ nginx_main_template.user }}; worker_processes {{ nginx_main_template.worker_processes }}; diff --git a/tests/dockerfiles/Dockerfile.centos-6 b/tests/dockerfiles/Dockerfile.centos-6 deleted file mode 100644 index fef4a5e..0000000 --- a/tests/dockerfiles/Dockerfile.centos-6 +++ /dev/null @@ -1,12 +0,0 @@ -FROM centos:6 - -RUN yum -y install epel-release -RUN yum -y install git ansible sudo - -RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers - -RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts - -VOLUME ["/sys/fs/cgroup"] - -CMD ["/sbin/init"] diff --git a/tests/dockerfiles/Dockerfile.centos-7 b/tests/dockerfiles/Dockerfile.centos-7 deleted file mode 100644 index b7c1e90..0000000 --- a/tests/dockerfiles/Dockerfile.centos-7 +++ /dev/null @@ -1,24 +0,0 @@ -FROM centos:7 - -# Install systemd -- See https://hub.docker.com/_/centos/ -RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs -RUN yum -y update; \ -(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ -rm -f /lib/systemd/system/multi-user.target.wants/*; \ -rm -f /etc/systemd/system/*.wants/*; \ -rm -f /lib/systemd/system/local-fs.target.wants/*; \ -rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ -rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ -rm -f /lib/systemd/system/basic.target.wants/*; \ -rm -f /lib/systemd/system/anaconda.target.wants/*; - -RUN yum -y install epel-release -RUN yum -y install git ansible sudo - -RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers - -RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts - -VOLUME ["/sys/fs/cgroup"] - -CMD ["/usr/sbin/init"] diff --git a/tests/dockerfiles/Dockerfile.debian-jessie b/tests/dockerfiles/Dockerfile.debian-jessie deleted file mode 100644 index eafadf5..0000000 --- a/tests/dockerfiles/Dockerfile.debian-jessie +++ /dev/null @@ -1,19 +0,0 @@ -FROM debian:jessie - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - software-properties-common \ - build-essential \ - libffi-dev \ - libssl-dev \ - python-dev \ - python-pip \ - git \ - apt-transport-https \ - curl \ - && rm -rf /var/lib/apt/lists/* - -RUN pip install --upgrade setuptools && pip install ansible - -RUN mkdir -p /etc/ansible && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts - -ENTRYPOINT ["/sbin/init"] diff --git a/tests/dockerfiles/Dockerfile.debian-stretch b/tests/dockerfiles/Dockerfile.debian-stretch deleted file mode 100644 index 1a0e1e3..0000000 --- a/tests/dockerfiles/Dockerfile.debian-stretch +++ /dev/null @@ -1,22 +0,0 @@ -FROM debian:stretch - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - software-properties-common \ - build-essential \ - libffi-dev \ - libssl-dev \ - python-dev \ - python-pip \ - git \ - systemd \ - apt-transport-https \ - curl \ - gnupg2 \ - dirmngr \ - && rm -rf /var/lib/apt/lists/* - -RUN pip install --upgrade setuptools && pip install ansible - -RUN mkdir -p /etc/ansible && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts - -ENTRYPOINT ["/bin/systemd"] diff --git a/tests/dockerfiles/Dockerfile.ubuntu-bionic b/tests/dockerfiles/Dockerfile.ubuntu-bionic deleted file mode 100644 index bbad82a..0000000 --- a/tests/dockerfiles/Dockerfile.ubuntu-bionic +++ /dev/null @@ -1,15 +0,0 @@ -FROM ubuntu:bionic - -RUN apt-get update && apt-get dist-upgrade -y && apt-get install -y software-properties-common && rm -rf /var/lib/apt/lists/* - -RUN apt-add-repository -y ppa:ansible/ansible && apt-get update && apt-get install -y \ - git \ - ansible \ - apt-transport-https \ - curl \ - init \ - && rm -rf /var/lib/apt/lists/* - -RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts - -ENTRYPOINT ["/sbin/init"] diff --git a/tests/dockerfiles/Dockerfile.ubuntu-trusty b/tests/dockerfiles/Dockerfile.ubuntu-trusty deleted file mode 100644 index c36e55e..0000000 --- a/tests/dockerfiles/Dockerfile.ubuntu-trusty +++ /dev/null @@ -1,14 +0,0 @@ -FROM ubuntu:trusty - -RUN apt-get update && apt-get dist-upgrade -y && apt-get install -y software-properties-common && rm -rf /var/lib/apt/lists/* - -RUN apt-add-repository -y ppa:ansible/ansible && apt-get update && apt-get install -y \ - git \ - ansible \ - apt-transport-https \ - curl \ - && rm -rf /var/lib/apt/lists/* - -RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts - -ENTRYPOINT ["/sbin/init"] diff --git a/tests/dockerfiles/Dockerfile.ubuntu-xenial b/tests/dockerfiles/Dockerfile.ubuntu-xenial deleted file mode 100644 index f8ad055..0000000 --- a/tests/dockerfiles/Dockerfile.ubuntu-xenial +++ /dev/null @@ -1,14 +0,0 @@ -FROM ubuntu:xenial - -RUN apt-get update && apt-get dist-upgrade -y && apt-get install -y software-properties-common && rm -rf /var/lib/apt/lists/* - -RUN apt-add-repository -y ppa:ansible/ansible && apt-get update && apt-get install -y \ - git \ - ansible \ - apt-transport-https \ - curl \ - && rm -rf /var/lib/apt/lists/* - -RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts - -ENTRYPOINT ["/sbin/init"] diff --git a/tests/playbooks/nginx-basic.yml b/tests/playbooks/nginx-basic.yml deleted file mode 100644 index 25ce5e7..0000000 --- a/tests/playbooks/nginx-basic.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - become: true - remote_user: root - roles: - - ansible-role-nginx diff --git a/tests/playbooks/nginx-modules.yml b/tests/playbooks/nginx-modules.yml deleted file mode 100644 index 1f99662..0000000 --- a/tests/playbooks/nginx-modules.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- hosts: localhost - become: true - remote_user: root - roles: - - ansible-role-nginx - vars: - nginx_modules: - njs: true - perl: true - waf: false - geoip: true - image_filter: true - rtmp: true - xslt: true diff --git a/tests/playbooks/nginx-push.yml b/tests/playbooks/nginx-push.yml deleted file mode 100644 index b1d2672..0000000 --- a/tests/playbooks/nginx-push.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- hosts: localhost - become: true - remote_user: root - roles: - - ansible-role-nginx - vars: - nginx_main_upload_enable: true - nginx_main_upload_src: ../files/nginx.conf - nginx_http_upload_enable: true - nginx_http_upload_src: ../files/http/*.conf diff --git a/tests/playbooks/nginx-stable.yml b/tests/playbooks/nginx-stable.yml deleted file mode 100644 index a6967a2..0000000 --- a/tests/playbooks/nginx-stable.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- hosts: localhost - become: true - remote_user: root - roles: - - ansible-role-nginx - vars: - nginx_branch: stable diff --git a/tests/playbooks/nginx-stream-template.yml b/tests/playbooks/nginx-stream-template.yml deleted file mode 100644 index e244e7e..0000000 --- a/tests/playbooks/nginx-stream-template.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- hosts: localhost - become: true - remote_user: root - roles: - - ansible-role-nginx - vars: - nginx_debug_output: true - nginx_main_template_enable: true - nginx_main_template: - template_file: nginx.conf.j2 - conf_file_name: nginx.conf - conf_file_location: /etc/nginx/ - user: nginx - worker_processes: auto - error_level: warn - worker_connections: 1024 - http_enable: false - http_settings: - keepalive_timeout: 65 - cache: false - rate_limit: false - keyval: false - stream_enable: true - http_global_autoindex: false - nginx_stream_template_enable: true - nginx_stream_template: - default: - template_file: stream/default.conf.j2 - conf_file_name: default.conf - conf_file_location: /etc/nginx/conf.d/stream - network_streams: - app: - listen_address: localhost - listen_port: 80 - udp_enable: false - proxy_pass: backend - proxy_timeout: 3s - proxy_connect_timeout: 1s - proxy_protocol: false - health_check_plus: false - upstreams: - backend_upstream: - name: backend - lb_method: least_conn - zone_name: backend - zone_size: 64k - sticky_cookie: false - servers: - backend_server_1: - address: localhost - port: 8080 - weight: 1 - health_check: max_fails=1 fail_timeout=10s