sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use Molecule for testing (#158)

Browse Source 
* Ported test playbooks to Molecule scenarios

* Update Travis integration

* Delete legacy tests
This commit is contained in:
Zeno Grandi 2019-08-03 12:53:21 +02:00 committed by Alessandro Fael Garcia
parent ea1a3626db
commit 487a2d0c07
44 changed files with 680 additions and 453 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -2,3 +2,4 @@
############################
*.crt
*.key
__pycache__

212
.travis.yml
View File

@ -1,215 +1,13 @@
---
sudo: required
language: python
services:
- docker
matrix:
include:
- env:
distribution: centos
version: 6
playbook: basic
- env:
distribution: centos
version: 6
playbook: http-template
- env:
distribution: centos
version: 6
playbook: modules
- env:
distribution: centos
version: 6
playbook: push
- env:
distribution: centos
version: 6
playbook: stable
- env:
distribution: centos
version: 6
playbook: stream-template
- env:
distribution: centos
version: 6
playbook: unit
- env:
distribution: centos
version: 7
playbook: basic
- env:
distribution: centos
version: 7
playbook: http-template
- env:
distribution: centos
version: 7
playbook: modules
- env:
distribution: centos
version: 7
playbook: push
- env:
distribution: centos
version: 7
playbook: stable
- env:
distribution: centos
version: 7
playbook: stream-template
- env:
distribution: centos
version: 7
playbook: unit
- env:
distribution: debian
version: jessie
playbook: basic
- env:
distribution: debian
version: jessie
playbook: http-template
- env:
distribution: debian
version: jessie
playbook: modules
- env:
distribution: debian
version: jessie
playbook: push
- env:
distribution: debian
version: jessie
playbook: stable
- env:
distribution: debian
version: jessie
playbook: stream-template
- env:
distribution: debian
version: jessie
playbook: unit
- env:
distribution: debian
version: stretch
playbook: basic
- env:
distribution: debian
version: stretch
playbook: http-template
- env:
distribution: debian
version: stretch
playbook: modules
- env:
distribution: debian
version: stretch
playbook: push
- env:
distribution: debian
version: stretch
playbook: stable
- env:
distribution: debian
version: stretch
playbook: stream-template
- env:
distribution: debian
version: stretch
playbook: unit
- env:
distribution: ubuntu
version: trusty
playbook: basic
- env:
distribution: ubuntu
version: trusty
playbook: http-template
- env:
distribution: ubuntu
version: trusty
playbook: modules
- env:
distribution: ubuntu
version: trusty
playbook: push
- env:
distribution: ubuntu
version: trusty
playbook: stable
- env:
distribution: ubuntu
version: trusty
playbook: stream-template
- env:
distribution: ubuntu
version: xenial
playbook: basic
- env:
distribution: ubuntu
version: xenial
playbook: http-template
- env:
distribution: ubuntu
version: xenial
playbook: modules
- env:
distribution: ubuntu
version: xenial
playbook: push
- env:
distribution: ubuntu
version: xenial
playbook: stable
- env:
distribution: ubuntu
version: xenial
playbook: stream-template
- env:
distribution: ubuntu
version: xenial
playbook: unit
- env:
distribution: ubuntu
version: bionic
playbook: basic
- env:
distribution: ubuntu
version: bionic
playbook: http-template
- env:
distribution: ubuntu
version: bionic
playbook: modules
- env:
distribution: ubuntu
version: bionic
playbook: push
- env:
distribution: ubuntu
version: bionic
playbook: stable
- env:
distribution: ubuntu
version: bionic
playbook: stream-template
- env:
distribution: ubuntu
version: bionic
playbook: unit
before_install:
- 'sudo docker pull ${distribution}:${version}'
- 'sudo docker build --no-cache --rm --file=tests/dockerfiles/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests'
- sudo apt-get -qq update
install:
- pip install molecule[docker]
script:
- container_id=$(mktemp)
- 'sudo docker run --detach --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro --volume="${PWD}":/etc/ansible/roles/ansible-role-nginx:ro ${distribution}-${version}:ansible > "${container_id}"'
- 'sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/ansible-role-nginx/tests/playbooks/nginx-${playbook}.yml --syntax-check'
- 'sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/ansible-role-nginx/tests/playbooks/nginx-${playbook}.yml'
- >
sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/ansible-role-nginx/tests/playbooks/nginx-${playbook}.yml
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
- 'if [${playbook} != "unit"]; then sudo docker exec "$(cat ${container_id})" curl http://localhost/; fi'
- 'sudo docker rm -f "$(cat ${container_id})"'
- molecule test --all
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

13
.yamllint Normal file
View File

@ -0,0 +1,13 @@
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
comments: disable
comments-indentation: disable
line-length: disable
truthy: disable

44
handlers/main.yml
View File

@ -13,26 +13,26 @@
name: nginx
state: reloaded
- name: "(Handler: All OSs) Start NGINX Amplify Agent"
service:
name: amplify-agent
state: started
- name: "(Handler: All OSs) Start NGINX Controller Agent"
service:
name: controller-agent
state: started
- name: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit"
service:
name: unit
state: started
enabled: yes
- name: "(Handler: FreeBSD) Start NGINX Unit"
service:
name: unitd
state: started
enabled: yes
when: nginx_start | bool
- name: "(Handler: All OSs) Start NGINX Amplify Agent"
service:
name: amplify-agent
state: started
- name: "(Handler: All OSs) Start NGINX Controller Agent"
service:
name: controller-agent
state: started
- name: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit"
service:
name: unit
state: started
enabled: yes
- name: "(Handler: FreeBSD) Start NGINX Unit"
service:
name: unitd
state: started
enabled: yes

14
molecule/default/Dockerfile.j2 Normal file
View File

@ -0,0 +1,14 @@
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y curl python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y epel-release python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi

30
molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,30 @@
---
driver:
name: docker
lint:
name: yamllint
platforms:
- name: centos-6
image: centos:6
- name: centos-7
image: centos/systemd
privileged: True
volume_mounts:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-jessie
image: debian:jessie
- name: debian-stretch
image: debian:stretch
- name: ubuntu-xenial
image: ubuntu:xenial
- name: ubuntu-bionic
image: ubuntu:bionic
provisioner:
name: ansible
lint:
name: ansible-lint
verifier:
name: testinfra
lint:
name: flake8

5
molecule/default/playbook.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: Converge
hosts: all
roles:
- role: ansible-role-nginx

30
molecule/default/tests/test_default.py Normal file
View File

@ -0,0 +1,30 @@
import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def test_nginx_is_installed(host):
ngx = host.package("nginx")
assert ngx.is_installed
def test_nginx_running_and_enabled(host):
ngx = host.service("nginx")
assert ngx.is_running
assert ngx.is_enabled
def test_hosts_file(host):
ngx = host.file('/etc/hosts')
assert ngx.exists
assert ngx.user == 'root'
assert ngx.group == 'root'
def test_endpoint(host):
command = """curl -I http://localhost/"""
cmd = host.run(command)
assert '200 OK' in cmd.stdout

14
molecule/stable_push/Dockerfile.j2 Normal file
View File

@ -0,0 +1,14 @@
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y curl python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y epel-release python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi

2
tests/files/http/default.conf → molecule/stable_push/files/http/default.conf Normal file → Executable file
View File

@ -1,5 +1,5 @@
server {
listen 8080;
listen 80;
server_name localhost;
#charset koi8-r;

0
tests/files/nginx.conf → molecule/stable_push/files/nginx.conf Normal file → Executable file
View File

33
molecule/stable_push/molecule.yml Normal file
View File

@ -0,0 +1,33 @@
---
dependency:
name: shell
command: pip install python-nginx
driver:
name: docker
lint:
name: yamllint
platforms:
- name: centos-6
image: centos:6
- name: centos-7
image: centos/systemd
privileged: True
volume_mounts:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-jessie
image: debian:jessie
- name: debian-stretch
image: debian:stretch
- name: ubuntu-xenial
image: ubuntu:xenial
- name: ubuntu-bionic
image: ubuntu:bionic
provisioner:
name: ansible
lint:
name: ansible-lint
verifier:
name: testinfra
lint:
name: flake8

11
molecule/stable_push/playbook.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: Converge
hosts: all
roles:
- role: ansible-role-nginx
vars:
nginx_branch: stable
nginx_main_upload_enable: true
nginx_main_upload_src: files/nginx.conf
nginx_http_upload_enable: true
nginx_http_upload_src: files/http/*.conf

41
molecule/stable_push/tests/test_default.py Normal file
View File

@ -0,0 +1,41 @@
import nginx
import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') # noqa E501
def test_nginx_is_installed(host):
ngx = host.package("nginx")
assert ngx.is_installed
def test_nginx_running_and_enabled(host):
ngx = host.service("nginx")
assert ngx.is_running
assert ngx.is_enabled
def test_hosts_file(host):
ngx = host.file('/etc/hosts')
assert ngx.exists
assert ngx.user == 'root'
assert ngx.group == 'root'
def test_endpoint(host):
command = """curl -I http://localhost/"""
cmd = host.run(command)
assert '200 OK' in cmd.stdout
def test_generated_files(host):
assert host.file('/etc/nginx/conf.d/default.conf').exists
def test_default_server(host):
f = host.file('/etc/nginx/conf.d/default.conf')
c = nginx.loads(f.content_string)
lf = c.server.filter('Location', '/')
assert len(lf) == 1

14
molecule/template_module/Dockerfile.j2 Normal file
View File

@ -0,0 +1,14 @@
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y curl python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y epel-release python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi

33
molecule/template_module/molecule.yml Normal file
View File

@ -0,0 +1,33 @@
---
dependency:
name: shell
command: pip install python-nginx
driver:
name: docker
lint:
name: yamllint
platforms:
- name: centos-6
image: centos:6
- name: centos-7
image: centos/systemd
privileged: True
volume_mounts:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-jessie
image: debian:jessie
- name: debian-stretch
image: debian:stretch
- name: ubuntu-xenial
image: ubuntu:xenial
- name: ubuntu-bionic
image: ubuntu:bionic
provisioner:
name: ansible
lint:
name: ansible-lint
verifier:
name: testinfra
lint:
name: flake8

270
molecule/template_module/playbook.yml Normal file
View File

@ -0,0 +1,270 @@
---
- name: Converge
hosts: all
roles:
- role: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_main_template_enable: true
nginx_main_template:
template_file: nginx.conf.j2
conf_file_name: nginx.conf
conf_file_location: /etc/nginx/
user: nginx
worker_processes: auto
error_level: warn
worker_connections: 1024
http_enable: true
http_settings:
keepalive_timeout: 65
cache: false
rate_limit: false
keyval: false
stream_enable: true
http_global_autoindex: false
nginx_http_template_enable: true
nginx_http_template:
app:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
listen:
listen_localhost:
ip: 0.0.0.0
port: 80
opts:
- default_server
server_name: localhost
error_page: /usr/share/nginx/html
client_max_body_size: 512k
proxy_hide_headers:
- X-Powered-By
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
reverse_proxy:
proxy_cache_path:
- path: /var/cache/nginx/proxy/frontend
keys_zone:
name: frontend_proxy_cache
size: 5m
levels: "1:2"
max_size: 5g
inactive: 30m
use_temp_path: true
- path: /var/cache/nginx/proxy/backend
keys_zone:
name: backend_proxy_cache
size: 10m
levels: "1:2"
max_size: 10g
inactive: 60m
use_temp_path: true
proxy_temp_path:
path: /var/cache/nginx/proxy/temp
proxy_cache_lock: true
proxy_cache_min_uses: 5
proxy_cache_revalidate: true
proxy_cache_use_stale:
- error
- timeout
proxy_ignore_headers:
- Expires
locations:
frontend:
location: /
proxy_hide_headers:
- X-Powered-By
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
another_header:
name: Fancy-New-Header-To-Test
value: testing=true
always: false
proxy_pass: http://frontend_servers/
proxy_cache: frontend_proxy_cache
proxy_temp_path:
path: /var/cache/nginx/proxy/frontend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
proxy_redirect: false
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_buffering: false
client_max_body_size: 5m
backend:
location: /backend
proxy_pass: http://backend_servers/
proxy_cache: backend_proxy_cache
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: true
proxy_cache_min_uses: 2
proxy_cache_revalidate: true
proxy_cache_use_stale:
- http_500
- http_502
- http_503
proxy_redirect: default
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_cookie_path:
path: /web/
replacement: /
upstreams:
frontend_upstream:
name: frontend_servers
lb_method: least_conn
zone_name: frontend_mem_zone
zone_size: 64k
sticky_cookie: false
servers:
frontend_server_1:
address: 0.0.0.0
port: 8081
weight: 1
health_check: max_fails=3 fail_timeout=5s
backend_upstream:
name: backend_servers
lb_method: least_conn
zone_name: backend_mem_zone
zone_size: 64k
sticky_cookie: false
servers:
backend_server_1:
address: 0.0.0.0
port: 8082
weight: 1
health_check: max_fails=3 fail_timeout=5s
returns:
return301:
location: ^~ /old-path
code: 301
value: http://$host/new-path
frontend:
template_file: http/default.conf.j2
conf_file_name: frontend_default.conf
conf_file_location: /etc/nginx/conf.d/
listen:
listen_localhost:
port: 8081
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
web_server:
locations:
frontend_site:
location: /
proxy_hide_headers:
- X-Powered-By
html_file_location: /usr/share/nginx/html
html_file_name: frontend_index.html
autoindex: false
http_demo_conf: true
backend:
template_file: http/default.conf.j2
conf_file_name: backend_default.conf
conf_file_location: /etc/nginx/conf.d/
listen:
listen_localhost:
port: 8082
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
web_server:
locations:
backend_site:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: backend_index.html
autoindex: false
http_demo_conf: true
nginx_html_demo_template_enable: true
nginx_html_demo_template:
frontend:
template_file: www/index.html.j2
html_file_name: frontend_index.html
html_file_location: /usr/share/nginx/html
web_server_name: Frontend
backend:
template_file: www/index.html.j2
html_file_name: backend_index.html
html_file_location: /usr/share/nginx/html
web_server_name: Backend
nginx_stream_template_enable: true
nginx_stream_template:
default:
template_file: stream/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/stream
network_streams:
app:
listen_address: 0.0.0.0
listen_port: 8090
udp_enable: false
proxy_pass: backend
proxy_timeout: 3s
proxy_connect_timeout: 1s
proxy_protocol: false
health_check_plus: false
upstreams:
backend_upstream:
name: backend
lb_method: least_conn
zone_name: backend
zone_size: 64k
sticky_cookie: false
servers:
backend_server_1:
address: 0.0.0.0
port: 8091
weight: 1
health_check: max_fails=1 fail_timeout=10s
nginx_modules:
njs: true
perl: true
waf: false
geoip: true
image_filter: true
rtmp: true
xslt: true

57
molecule/template_module/tests/test_default.py Normal file
View File

@ -0,0 +1,57 @@
import nginx
import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') # noqa E501
def test_nginx_is_installed(host):
ngx = host.package("nginx")
assert ngx.is_installed
def test_nginx_running_and_enabled(host):
ngx = host.service("nginx")
assert ngx.is_running
assert ngx.is_enabled
def test_hosts_file(host):
ngx = host.file('/etc/hosts')
assert ngx.exists
assert ngx.user == 'root'
assert ngx.group == 'root'
def test_endpoint(host):
command = """curl -I http://localhost/"""
cmd = host.run(command)
assert '200 OK' in cmd.stdout
def test_generated_files(host):
assert host.file('/etc/nginx/conf.d/default.conf').exists
assert host.file('/etc/nginx/conf.d/frontend_default.conf').exists
assert host.file('/etc/nginx/conf.d/backend_default.conf').exists
def test_default_server(host):
f = host.file('/etc/nginx/conf.d/default.conf')
c = nginx.loads(f.content_string)
lf = c.server.filter('Location', '/')
assert len(lf) == 1
lb = c.server.filter('Location', '/backend')
assert len(lb) == 1
def test_client_max_body_size(host):
f = host.file('/etc/nginx/conf.d/default.conf')
c = nginx.loads(f.content_string)
vs = c.server.filter('Key', 'client_max_body_size')
assert len(vs) == 1
assert vs[0].value == '512k'
lc = c.server.filter('Location', '/')
vl = lc[0].filter('Key', 'client_max_body_size')
assert len(vl) == 1
assert vl[0].value == '5m'

14
molecule/unit/Dockerfile.j2 Normal file
View File

@ -0,0 +1,14 @@
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y curl python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y epel-release python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi

26
molecule/unit/molecule.yml Normal file
View File

@ -0,0 +1,26 @@
---
driver:
name: docker
lint:
name: yamllint
platforms:
- name: centos-6
image: centos:6
- name: centos-7
image: centos/systemd
privileged: True
volume_mounts:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-jessie
image: debian:jessie
- name: debian-stretch
image: debian:stretch
- name: ubuntu-xenial
image: ubuntu:xenial
- name: ubuntu-bionic
image: ubuntu:bionic
provisioner:
name: ansible
lint:
name: ansible-lint

7
tests/playbooks/nginx-unit.yml → molecule/unit/playbook.yml
View File

@ -1,9 +1,8 @@
---
- hosts: localhost
become: true
remote_user: root
- name: Converge
hosts: all
roles:
- ansible-role-nginx
- role: ansible-role-nginx
vars:
nginx_enable: false
nginx_unit_enable: true

6
tasks/main.yml
View File

@ -33,9 +33,6 @@
- import_tasks: conf/cleanup-config.yml
when: nginx_cleanup_config | bool
- import_tasks: modules/install-modules.yml
when: true in nginx_modules.values()
- import_tasks: conf/upload-config.yml
when: nginx_main_upload_enable
or nginx_http_upload_enable
@ -52,6 +49,9 @@
- import_tasks: conf/setup-status.yml
when: nginx_status_enable | bool
- import_tasks: modules/install-modules.yml
when: true in nginx_modules.values()
- import_tasks: conf/debug-output.yml
when: nginx_debug_output | bool

1
tasks/modules/install-geoip.yml
View File

@ -19,4 +19,5 @@
with_items:
- load_module modules/ngx_http_geoip_module.so;
- load_module modules/ngx_stream_geoip_module.so;
when: not nginx_main_template_enable
notify: "(Handler: All OSs) Reload NGINX"

1
tasks/modules/install-image-filter.yml
View File

@ -16,4 +16,5 @@
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_image_filter_module.so;
when: not nginx_main_template_enable
notify: "(Handler: All OSs) Reload NGINX"

2
tasks/modules/install-modules.yml
View File

@ -18,4 +18,4 @@
when: nginx_modules.xslt | default(false)
- import_tasks: install-waf.yml
when: nginx_modules.waf | default(false) and nginx_type == "plus"
when: nginx_modules.waf | default(false) and nginx_type == "plus"

1
tasks/modules/install-njs.yml
View File

@ -19,4 +19,5 @@
with_items:
- load_module modules/ngx_http_js_module.so;
- load_module modules/ngx_stream_js_module.so;
when: not nginx_main_template_enable
notify: "(Handler: All OSs) Reload NGINX"

1
tasks/modules/install-perl.yml
View File

@ -16,4 +16,5 @@
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_perl_module.so;
when: not nginx_main_template_enable
notify: "(Handler: All OSs) Reload NGINX"

1
tasks/modules/install-rtmp.yml
View File

@ -9,4 +9,5 @@
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_rtmp_module.so;
when: not nginx_main_template_enable
notify: "(Handler: All OSs) Reload NGINX"

1
tasks/modules/install-waf.yml
View File

@ -9,4 +9,5 @@
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_modsecurity_module.so;
when: not nginx_main_template_enable
notify: "(Handler: All OSs) Reload NGINX"

1
tasks/modules/install-xslt.yml
View File

@ -16,4 +16,5 @@
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_xslt_filter_module.so;
when: not nginx_main_template_enable
notify: "(Handler: All OSs) Reload NGINX"

2
tasks/plus/setup-redhat.yml
View File

@ -3,7 +3,7 @@
yum_repository:
name: nginx-plus
baseurl: >-
https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0)
https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0)
| ternary(ansible_distribution_major_version | int, 7.4) }}/$basearch/
description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt

31
templates/nginx.conf.j2
View File

@ -1,5 +1,36 @@
{{ ansible_managed | comment }}
{% if nginx_modules.njs %}
{% if nginx_http_template_enable %}
load_module modules/ngx_http_js_module.so;
{% endif %}
{% if nginx_stream_template_enable %}
load_module modules/ngx_stream_js_module.so;
{% endif %}
{% endif %}
{% if nginx_modules.perl %}
load_module modules/ngx_http_perl_module.so;
{% endif %}
{% if nginx_modules.geoip %}
{% if nginx_http_template_enable %}
load_module modules/ngx_http_geoip_module.so;
{% endif %}
{% if nginx_stream_template_enable %}
load_module modules/ngx_stream_geoip_module.so;
{% endif %}
{% endif %}
{% if nginx_modules.image_filter %}
load_module modules/ngx_http_image_filter_module.so;
{% endif %}
{% if nginx_modules.rtmp and nginx_type == "plus" %}
load_module modules/ngx_rtmp_module.so;
{% endif %}
{% if nginx_modules.xslt %}
load_module modules/ngx_http_xslt_filter_module.so;
{% endif %}
{% if nginx_modules.waf and nginx_type == "plus" %}
load_module modules/ngx_http_modsecurity_module.so;
{% endif %}
user {{ nginx_main_template.user }};
worker_processes {{ nginx_main_template.worker_processes }};

12
tests/dockerfiles/Dockerfile.centos-6
View File

@ -1,12 +0,0 @@
FROM centos:6
RUN yum -y install epel-release
RUN yum -y install git ansible sudo
RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
VOLUME ["/sys/fs/cgroup"]
CMD ["/sbin/init"]

24
tests/dockerfiles/Dockerfile.centos-7
View File

@ -1,24 +0,0 @@
FROM centos:7
# Install systemd -- See https://hub.docker.com/_/centos/
RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs
RUN yum -y update; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*; \
rm -f /etc/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*; \
rm -f /lib/systemd/system/anaconda.target.wants/*;
RUN yum -y install epel-release
RUN yum -y install git ansible sudo
RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
VOLUME ["/sys/fs/cgroup"]
CMD ["/usr/sbin/init"]

19
tests/dockerfiles/Dockerfile.debian-jessie
View File

@ -1,19 +0,0 @@
FROM debian:jessie
RUN apt-get update -y && apt-get install -y --no-install-recommends \
software-properties-common \
build-essential \
libffi-dev \
libssl-dev \
python-dev \
python-pip \
git \
apt-transport-https \
curl \
&& rm -rf /var/lib/apt/lists/*
RUN pip install --upgrade setuptools && pip install ansible
RUN mkdir -p /etc/ansible && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
ENTRYPOINT ["/sbin/init"]

22
tests/dockerfiles/Dockerfile.debian-stretch
View File

@ -1,22 +0,0 @@
FROM debian:stretch
RUN apt-get update -y && apt-get install -y --no-install-recommends \
software-properties-common \
build-essential \
libffi-dev \
libssl-dev \
python-dev \
python-pip \
git \
systemd \
apt-transport-https \
curl \
gnupg2 \
dirmngr \
&& rm -rf /var/lib/apt/lists/*
RUN pip install --upgrade setuptools && pip install ansible
RUN mkdir -p /etc/ansible && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
ENTRYPOINT ["/bin/systemd"]

15
tests/dockerfiles/Dockerfile.ubuntu-bionic
View File

@ -1,15 +0,0 @@
FROM ubuntu:bionic
RUN apt-get update && apt-get dist-upgrade -y && apt-get install -y software-properties-common && rm -rf /var/lib/apt/lists/*
RUN apt-add-repository -y ppa:ansible/ansible && apt-get update && apt-get install -y \
git \
ansible \
apt-transport-https \
curl \
init \
&& rm -rf /var/lib/apt/lists/*
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
ENTRYPOINT ["/sbin/init"]

14
tests/dockerfiles/Dockerfile.ubuntu-trusty
View File

@ -1,14 +0,0 @@
FROM ubuntu:trusty
RUN apt-get update && apt-get dist-upgrade -y && apt-get install -y software-properties-common && rm -rf /var/lib/apt/lists/*
RUN apt-add-repository -y ppa:ansible/ansible && apt-get update && apt-get install -y \
git \
ansible \
apt-transport-https \
curl \
&& rm -rf /var/lib/apt/lists/*
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
ENTRYPOINT ["/sbin/init"]

14
tests/dockerfiles/Dockerfile.ubuntu-xenial
View File

@ -1,14 +0,0 @@
FROM ubuntu:xenial
RUN apt-get update && apt-get dist-upgrade -y && apt-get install -y software-properties-common && rm -rf /var/lib/apt/lists/*
RUN apt-add-repository -y ppa:ansible/ansible && apt-get update && apt-get install -y \
git \
ansible \
apt-transport-https \
curl \
&& rm -rf /var/lib/apt/lists/*
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
ENTRYPOINT ["/sbin/init"]

6
tests/playbooks/nginx-basic.yml
View File

@ -1,6 +0,0 @@
---
- hosts: localhost
become: true
remote_user: root
roles:
- ansible-role-nginx

15
tests/playbooks/nginx-modules.yml
View File

@ -1,15 +0,0 @@
---
- hosts: localhost
become: true
remote_user: root
roles:
- ansible-role-nginx
vars:
nginx_modules:
njs: true
perl: true
waf: false
geoip: true
image_filter: true
rtmp: true
xslt: true

11
tests/playbooks/nginx-push.yml
View File

@ -1,11 +0,0 @@
---
- hosts: localhost
become: true
remote_user: root
roles:
- ansible-role-nginx
vars:
nginx_main_upload_enable: true
nginx_main_upload_src: ../files/nginx.conf
nginx_http_upload_enable: true
nginx_http_upload_src: ../files/http/*.conf

8
tests/playbooks/nginx-stable.yml
View File

@ -1,8 +0,0 @@
---
- hosts: localhost
become: true
remote_user: root
roles:
- ansible-role-nginx
vars:
nginx_branch: stable

54
tests/playbooks/nginx-stream-template.yml
View File

@ -1,54 +0,0 @@
---
- hosts: localhost
become: true
remote_user: root
roles:
- ansible-role-nginx
vars:
nginx_debug_output: true
nginx_main_template_enable: true
nginx_main_template:
template_file: nginx.conf.j2
conf_file_name: nginx.conf
conf_file_location: /etc/nginx/
user: nginx
worker_processes: auto
error_level: warn
worker_connections: 1024
http_enable: false
http_settings:
keepalive_timeout: 65
cache: false
rate_limit: false
keyval: false
stream_enable: true
http_global_autoindex: false
nginx_stream_template_enable: true
nginx_stream_template:
default:
template_file: stream/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/stream
network_streams:
app:
listen_address: localhost
listen_port: 80
udp_enable: false
proxy_pass: backend
proxy_timeout: 3s
proxy_connect_timeout: 1s
proxy_protocol: false
health_check_plus: false
upstreams:
backend_upstream:
name: backend
lb_method: least_conn
zone_name: backend
zone_size: 64k
sticky_cookie: false
servers:
backend_server_1:
address: localhost
port: 8080
weight: 1
health_check: max_fails=1 fail_timeout=10s