Always update NGINX dependencies to the latest available version (#452)
This commit is contained in:
Alessandro Fael Garcia
GitHub
parent
f2b8785508
commit
5dbbe39ca4
11
CHANGELOG.md
11
CHANGELOG.md
@ -1,5 +1,16 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## 0.21.2 (Unreleased)
|
||||||
|
|
||||||
|
ENHANCEMENTS:
|
||||||
|
|
||||||
|
* Change Ansible Lint exceptions from using an ID identifier to a text identifier.
|
||||||
|
* Move non NGINX specific dependencies from the role into the Molecule Dockerfile.
|
||||||
|
|
||||||
|
BUG FIXES:
|
||||||
|
|
||||||
|
Always update NGINX dependencies to the latest available version to avoid outdated dependency issues (e.g. outdated CA certificates).
|
||||||
|
|
||||||
## 0.21.1 (September 29, 2021)
|
## 0.21.1 (September 29, 2021)
|
||||||
|
|
||||||
FEATURES:
|
FEATURES:
|
||||||
|
|||||||
@ -17,7 +17,7 @@ ENV {{ var }} {{ value }}
|
|||||||
RUN \
|
RUN \
|
||||||
if [ $(command -v apt-get) ]; then \
|
if [ $(command -v apt-get) ]; then \
|
||||||
apt-get update \
|
apt-get update \
|
||||||
&& DEBIAN_FRONTEND=noninteractive apt-get install -y aptitude bash ca-certificates curl iproute2 python3 python3-apt procps sudo systemd systemd-sysv vim \
|
&& DEBIAN_FRONTEND=noninteractive apt-get install -y aptitude bash curl dirmngr iproute2 python3 python3-apt procps sudo systemd systemd-sysv vim \
|
||||||
&& apt-get clean; \
|
&& apt-get clean; \
|
||||||
elif [ $(command -v dnf) ]; then \
|
elif [ $(command -v dnf) ]; then \
|
||||||
dnf makecache \
|
dnf makecache \
|
||||||
@ -34,10 +34,10 @@ RUN \
|
|||||||
&& zypper clean -a; \
|
&& zypper clean -a; \
|
||||||
elif [ $(command -v apk) ]; then \
|
elif [ $(command -v apk) ]; then \
|
||||||
apk update \
|
apk update \
|
||||||
&& apk add --no-cache bash ca-certificates curl openrc python3 sudo vim; \
|
&& apk add --no-cache bash curl openrc python3 sudo vim; \
|
||||||
echo 'rc_provide="loopback net"' >> /etc/rc.conf; \
|
echo 'rc_provide="loopback net"' >> /etc/rc.conf; \
|
||||||
elif [ $(command -v xbps-install) ]; then \
|
elif [ $(command -v xbps-install) ]; then \
|
||||||
xbps-install -Syu \
|
xbps-install -Syu \
|
||||||
&& xbps-install -y bash ca-certificates iproute2 python3 sudo vim \
|
&& xbps-install -y bash iproute2 python3 sudo vim \
|
||||||
&& xbps-remove -O; \
|
&& xbps-remove -O; \
|
||||||
fi
|
fi
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
- name: Enable NGINX @CentOS-AppStream dnf modules
|
- name: Enable NGINX @CentOS-AppStream dnf modules
|
||||||
shell:
|
shell:
|
||||||
args:
|
args:
|
||||||
cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa 204 303
|
cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa command-instead-of-module
|
||||||
register: dnf_module_enable
|
register: dnf_module_enable
|
||||||
changed_when: dnf_module_enable.stdout != 'ENABLED'
|
changed_when: dnf_module_enable.stdout != 'ENABLED'
|
||||||
when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')
|
when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')
|
||||||
|
|||||||
@ -3,22 +3,28 @@
|
|||||||
apk:
|
apk:
|
||||||
name: "{{ nginx_alpine_dependencies }}"
|
name: "{{ nginx_alpine_dependencies }}"
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
state: latest # noqa package-latest
|
||||||
when: ansible_facts['os_family'] == "Alpine"
|
when: ansible_facts['os_family'] == "Alpine"
|
||||||
|
|
||||||
- name: (Debian/Ubuntu) Install dependencies
|
- name: (Debian/Ubuntu) Install dependencies
|
||||||
apt:
|
apt:
|
||||||
name: "{{ nginx_debian_dependencies }}"
|
name: "{{ nginx_debian_dependencies }}"
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
state: latest # noqa package-latest
|
||||||
when: ansible_facts['os_family'] == "Debian"
|
when: ansible_facts['os_family'] == "Debian"
|
||||||
|
|
||||||
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies
|
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies
|
||||||
yum:
|
yum:
|
||||||
name: "{{ nginx_redhat_dependencies }}"
|
name: "{{ nginx_redhat_dependencies }}"
|
||||||
|
update_cache: true
|
||||||
|
state: latest # noqa package-latest
|
||||||
when: ansible_facts['os_family'] == "RedHat"
|
when: ansible_facts['os_family'] == "RedHat"
|
||||||
|
|
||||||
- name: (SLES) Install dependencies
|
- name: (SLES) Install dependencies
|
||||||
zypper:
|
zypper:
|
||||||
name: "{{ nginx_sles_dependencies }}"
|
name: "{{ nginx_sles_dependencies }}"
|
||||||
|
update_cache: true
|
||||||
|
state: latest # noqa package-latest
|
||||||
when: ansible_facts['os_family'] == "Suse"
|
when: ansible_facts['os_family'] == "Suse"
|
||||||
|
|
||||||
- name: (FreeBSD) Install dependencies
|
- name: (FreeBSD) Install dependencies
|
||||||
@ -26,12 +32,14 @@
|
|||||||
- name: (FreeBSD) Install dependencies using package(s)
|
- name: (FreeBSD) Install dependencies using package(s)
|
||||||
pkgng:
|
pkgng:
|
||||||
name: "{{ nginx_freebsd_dependencies }}"
|
name: "{{ nginx_freebsd_dependencies }}"
|
||||||
|
state: latest # noqa package-latest
|
||||||
when: nginx_bsd_install_packages | bool
|
when: nginx_bsd_install_packages | bool
|
||||||
|
|
||||||
- name: (FreeBSD) Install dependencies using port(s)
|
- name: (FreeBSD) Install dependencies using port(s)
|
||||||
portinstall:
|
portinstall:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
|
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
|
||||||
|
state: latest # noqa package-latest
|
||||||
loop: "{{ nginx_freebsd_dependencies }}"
|
loop: "{{ nginx_freebsd_dependencies }}"
|
||||||
when: not nginx_bsd_install_packages | bool
|
when: not nginx_bsd_install_packages | bool
|
||||||
when: ansible_facts['distribution'] == "FreeBSD"
|
when: ansible_facts['distribution'] == "FreeBSD"
|
||||||
|
|||||||
@ -86,7 +86,7 @@
|
|||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: Import SELinux NGINX Plus module
|
- name: Import SELinux NGINX Plus module
|
||||||
command: "semodule -i {{ nginx_selinux_tempdir }}/nginx-plus-module.pp" # noqa 503
|
command: "semodule -i {{ nginx_selinux_tempdir }}/nginx-plus-module.pp" # noqa no-handler
|
||||||
changed_when: false
|
changed_when: false
|
||||||
when: nginx_selinux_module.changed | bool
|
when: nginx_selinux_module.changed | bool
|
||||||
|
|
||||||
|
|||||||
@ -44,17 +44,17 @@ nginx_plus_default_repository_suse: "https://pkgs.nginx.com/plus/sles/{{ ansible
|
|||||||
|
|
||||||
# Alpine dependencies
|
# Alpine dependencies
|
||||||
nginx_alpine_dependencies: [
|
nginx_alpine_dependencies: [
|
||||||
'coreutils', 'openssl', 'pcre',
|
'ca-certificates', 'coreutils', 'openssl', 'pcre',
|
||||||
]
|
]
|
||||||
|
|
||||||
# Debian dependencies
|
# Debian dependencies
|
||||||
nginx_debian_dependencies: [
|
nginx_debian_dependencies: [
|
||||||
'apt-transport-https', 'ca-certificates', 'dirmngr',
|
'apt-transport-https', 'ca-certificates',
|
||||||
]
|
]
|
||||||
|
|
||||||
# Red Hat dependencies
|
# Red Hat dependencies
|
||||||
nginx_redhat_dependencies: [
|
nginx_redhat_dependencies: [
|
||||||
'ca-certificates', 'openssl', 'yum-utils',
|
'ca-certificates',
|
||||||
]
|
]
|
||||||
|
|
||||||
# SLES dependencies
|
# SLES dependencies
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user