Improve uninstalling NGINX capabilities (#472)

This commit is contained in:
Alessandro Fael Garcia 2021-12-07 02:47:13 +01:00 committed by GitHub
parent c24e9d5438
commit 5f1fc18917
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
35 changed files with 565 additions and 121 deletions

View File

@ -23,6 +23,9 @@ jobs:
- module - module
- plus - plus
- source - source
- uninstall
- uninstall_plus
- upgrade
steps: steps:
- name: Check out the codebase - name: Check out the codebase
if: "!(contains(matrix.scenario, 'plus') && github.event.pull_request.head.repo.full_name != github.repository)" if: "!(contains(matrix.scenario, 'plus') && github.event.pull_request.head.repo.full_name != github.repository)"

4
.gitignore vendored
View File

@ -19,3 +19,7 @@ Thumbs.db
# Python specific # # Python specific #
################### ###################
__pycache__ __pycache__
# Logs #
########
*.log

View File

@ -1,6 +1,11 @@
# Changelog # Changelog
## 0.21.4 (Unreleased) ## 0.22.0 (Unreleased)
BREAKING CHANGES:
* The `nginx_state` variable has been replaced with `nginx_setup` and instead of using `present`, `absent`, `latest` you should now use `install`, `uninstall` and `upgrade`.
* `nginx_install` variable is no more. Use `nginx_enable` instead.
FEATURES: FEATURES:
@ -12,7 +17,8 @@ Add Alpine Linux 3.15 to list of tested and supported platforms.
BUG FIXES: BUG FIXES:
When building NGINX from source, the original source FTP repository `ftp.pcre.org` is not available anymore, according to <http://pcre.org>. The FTP repository has been updated to use `ftp.exim.org` instead. * When building NGINX from source, the original source FTP repository `ftp.pcre.org` is not available anymore, according to <http://pcre.org>. The FTP repository has been updated to use `ftp.exim.org` instead.
* Uninstalling NGINX should now work correctly under most scenarios.
## 0.21.3 (October 25, 2021) ## 0.21.3 (October 25, 2021)
@ -217,7 +223,7 @@ FEATURES:
* A new variable has been introduced: * A new variable has been introduced:
* `nginx_setup_license` -- Determine whether you want to use this role to upload your NGINX license to your target host. * `nginx_setup_license` -- Determine whether you want to use this role to upload your NGINX license to your target host.
* The role will now fail automatically if you try to deploy NGINX from an official repository in an unsupported distribution. You can find a list of supported distributions for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml) * The role will now fail automatically if you try to deploy NGINX from an official repository in an unsupported distribution. You can find a list of supported distributions for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml)
* Three new tags have been introduced -- `nginx_setup_license`, `nginx_install` and `nginx_check_support`. * Three new tags have been introduced -- `nginx_setup_license`, `nginx_enable` and `nginx_check_support`.
* Add Alpine 3.12 to the list of supported platforms. * Add Alpine 3.12 to the list of supported platforms.
* Remove Alpine 3.8 from the list of supported platforms. * Remove Alpine 3.8 from the list of supported platforms.
* Add NGINX Plus tests to TravisCI * Add NGINX Plus tests to TravisCI
@ -301,7 +307,7 @@ FEATURES:
* Add support to configure logrotate. * Add support to configure logrotate.
* Add support for Ubuntu Focal. * Add support for Ubuntu Focal.
* Add support to configure SELinux. * Add support to configure SELinux.
* Two new variables have been introduced -- `nginx_install` and `nginx_configure` -- to let you choose whether you want to install NGINX, configure NGINX, or both. * Two new variables have been introduced -- `nginx_enable` and `nginx_configure` -- to let you choose whether you want to install NGINX, configure NGINX, or both.
ENHANCEMENTS: ENHANCEMENTS:

View File

@ -1,16 +1,8 @@
--- ---
# Enable NGINX options -- `nginx_install` and `nginx_configure`. # Enable NGINX and NGINX modules.
# Default is true.
nginx_enable: true
# Install NGINX and NGINX modules.
# Variables for these options can be found below. # Variables for these options can be found below.
# Default is true. # Default is true.
nginx_install: true nginx_enable: true
# Start NGINX service.
# Default is true.
nginx_start: true
# Print NGINX configuration file to terminal after executing playbook. # Print NGINX configuration file to terminal after executing playbook.
nginx_debug_output: false nginx_debug_output: false
@ -26,13 +18,17 @@ nginx_type: opensource
# For NGINX Plus and modules you'll need a wilcard like below (which installs plus-20 and modules) # For NGINX Plus and modules you'll need a wilcard like below (which installs plus-20 and modules)
# nginx_version: "-20*" # nginx_version: "-20*"
# Start NGINX service.
# Default is true.
nginx_start: true
# Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX. # Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX.
# Can be used with `nginx_version` to fine tune control on which version of NGINX is installed/used on each playbook execution. # Can be used with `nginx_version` to fine tune control which version of NGINX is installed/used on each playbook execution.
# Using 'present' will install the latest version (or 'nginx_version') of NGINX on a fresh install. # Using 'install' will install the latest version (or 'nginx_version') of NGINX on a fresh install.
# Using 'latest' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution. # Using 'upgrade' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution. Does not work on Alpine Linux.
# Using 'absent' will remove NGINX from your system. # Using 'uninstall' will remove NGINX from your system.
# Default is present. # Default is install.
nginx_state: present nginx_setup: install
# Specify whether or not you want to manage the NGINX repositories. # Specify whether or not you want to manage the NGINX repositories.
# Using 'true' will manage NGINX repositories. # Using 'true' will manage NGINX repositories.

View File

@ -1,12 +1,15 @@
--- ---
# Set SELinux enforcing for NGINX (CentOS/Red Hat only) - you may need to open ports on your own # Set SELinux enforcing for NGINX (CentOS/Red Hat only) - you may need to open ports on your own
nginx_selinux: false nginx_selinux: false
# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true) # Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
nginx_selinux_enforcing: true nginx_selinux_enforcing: true
# List of TCP ports to add to http_port_t type (80 and 443 have this type already) # List of TCP ports to add to http_port_t type (80 and 443 have this type already)
# nginx_selinux_tcp_ports: # nginx_selinux_tcp_ports:
# - 80 # - 80
# - 443 # - 443
# List of UDP ports to add to http_port_t type # List of UDP ports to add to http_port_t type
# nginx_selinux_udp_ports: # nginx_selinux_udp_ports:
# - 80 # - 80

View File

@ -10,6 +10,7 @@
enabled: true enabled: true
when: when:
- nginx_start | bool - nginx_start | bool
- nginx_state != "absent"
- not ansible_check_mode | bool - not ansible_check_mode | bool
listen: (Handler) Run NGINX listen: (Handler) Run NGINX
@ -21,6 +22,7 @@
ignore_errors: true ignore_errors: true
check_mode: false check_mode: false
changed_when: false changed_when: false
when: nginx_state != "absent"
listen: (Handler) Run NGINX listen: (Handler) Run NGINX
- name: (Handler) Print NGINX error if syntax check fails - name: (Handler) Print NGINX error if syntax check fails
@ -30,6 +32,7 @@
when: when:
- config_check.stderr_lines is defined - config_check.stderr_lines is defined
- config_check.rc != 0 - config_check.rc != 0
- nginx_state != "absent"
listen: (Handler) Run NGINX listen: (Handler) Run NGINX
- name: (Handler) Start NGINX Amplify agent - name: (Handler) Start NGINX Amplify agent

View File

@ -32,7 +32,6 @@
- 80 - 80
- 443 - 443
nginx_version: "{{ version }}" nginx_version: "{{ version }}"
nginx_configure: false
nginx_logrotate_conf_enable: true nginx_logrotate_conf_enable: true
nginx_logrotate_conf: nginx_logrotate_conf:
paths: paths:

View File

@ -23,3 +23,11 @@
uri: uri:
url: http://localhost url: http://localhost
status_code: 200 status_code: 200
- name: Verify correct version of NGINX has been installed
command: nginx -v
args:
chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}"
changed_when: false
register: version
failed_when: version is not search('1.21.4')

View File

@ -0,0 +1,9 @@
---
- name: Converge
hosts: all
tasks:
- name: Uninstall NGINX
include_role:
name: ansible-role-nginx
vars:
nginx_setup: uninstall

View File

@ -0,0 +1,91 @@
---
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint --force-color
platforms:
- name: alpine-3.12
image: alpine:3.12
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.13
image: alpine:3.13
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.14
image: alpine:3.14
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.15
image: alpine:3.15
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: amazonlinux-2
image: amazonlinux:2
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: centos-7
image: centos:7
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: centos-8
image: centos:8
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: debian-bullseye
image: debian:bullseye-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-bionic
image: ubuntu:bionic
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-focal
image: ubuntu:focal
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
provisioner:
name: ansible
playbooks:
prepare: prepare.yml
converge: converge.yml
verify: verify.yml

View File

@ -0,0 +1,7 @@
---
- name: Prepare
hosts: all
tasks:
- name: Install NGINX
include_role:
name: ansible-role-nginx

View File

@ -0,0 +1,11 @@
---
- name: Verify
hosts: all
tasks:
- name: Check if NGINX is installed
package:
name: nginx
state: absent
check_mode: true
register: install
failed_when: (install is changed) or (install is failed)

View File

@ -0,0 +1,11 @@
---
- name: Converge
hosts: all
tasks:
- name: Uninstall NGINX
include_role:
name: ansible-role-nginx
vars:
nginx_setup: uninstall
nginx_type: plus
nginx_setup_license: false

View File

@ -0,0 +1,91 @@
---
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint --force-color
platforms:
- name: alpine-3.11
image: alpine:3.11
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.12
image: alpine:3.12
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.13
image: alpine:3.13
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.14
image: alpine:3.14
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: amazonlinux-2
image: amazonlinux:2
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: centos-7
image: centos:7
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: centos-8
image: centos:8
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: debian-bullseye
image: debian:bullseye-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-bionic
image: ubuntu:bionic
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-focal
image: ubuntu:focal
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
provisioner:
name: ansible
playbooks:
prepare: prepare.yml
converge: converge.yml
verify: verify.yml

View File

@ -0,0 +1,30 @@
---
- name: Prepare license
hosts: localhost
gather_facts: false
tasks:
- name: Create ephemeral license certificate file from b64 decoded env var
copy:
content: "{{ lookup('env','NGINX_CRT') | b64decode }}"
dest: ../../files/license/nginx-repo.crt
force: false
mode: 0444
- name: Create ephemeral license key file from b64 decoded env var
copy:
content: "{{ lookup('env','NGINX_KEY') | b64decode }}"
dest: ../../files/license/nginx-repo.key
force: false
mode: 0444
- name: Prepare NGINX
hosts: all
tasks:
- name: Install NGINX
include_role:
name: ansible-role-nginx
vars:
nginx_type: plus
nginx_license:
certificate: license/nginx-repo.crt
key: license/nginx-repo.key

View File

@ -0,0 +1,11 @@
---
- name: Verify
hosts: all
tasks:
- name: Check if NGINX is installed
package:
name: nginx-plus
state: absent
check_mode: true
register: install
failed_when: (install is changed) or (install is failed)

View File

@ -0,0 +1,9 @@
---
- name: Converge
hosts: all
tasks:
- name: Install NGINX
include_role:
name: ansible-role-nginx
vars:
nginx_setup: upgrade

View File

@ -0,0 +1,62 @@
---
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint --force-color
platforms:
- name: amazonlinux-2
image: amazonlinux:2
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: centos-7
image: centos:7
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: centos-8
image: centos:8
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: debian-bullseye
image: debian:bullseye-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-bionic
image: ubuntu:bionic
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-focal
image: ubuntu:focal
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
provisioner:
name: ansible
playbooks:
converge: converge.yml
verify: verify.yml

View File

@ -0,0 +1,29 @@
---
- name: Prepare
hosts: all
pre_tasks:
- name: Set repo if Alpine
set_fact:
version: "=1.21.3-r1"
when: ansible_facts['os_family'] == "Alpine"
- name: Set repo if Debian
set_fact:
version: "=1.21.3-1~{{ ansible_facts['distribution_release'] }}"
when: ansible_facts['os_family'] == "Debian"
- name: Set repo if Red Hat
set_fact:
version: "-1.21.3-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
when: ansible_facts['os_family'] == "RedHat"
- name: Enable NGINX @CentOS-AppStream dnf modules
shell:
args:
cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa command-instead-of-module
register: dnf_module_enable
changed_when: dnf_module_enable.stdout != 'ENABLED'
when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')
tasks:
- name: Install NGINX
include_role:
name: ansible-role-nginx
vars:
nginx_version: "{{ version }}"

View File

@ -0,0 +1,33 @@
---
- name: Verify
hosts: all
tasks:
- name: Check if NGINX is installed
package:
name: nginx
state: present
check_mode: true
register: install
failed_when: (install is changed) or (install is failed)
- name: Check if NGINX service is running
service:
name: nginx
state: started
enabled: true
check_mode: true
register: service
failed_when: (service is changed) or (service is failed)
- name: Verify NGINX is up and running
uri:
url: http://localhost
status_code: 200
- name: Verify NGINX has been upgraded
command: nginx -v
args:
chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}"
changed_when: false
register: version
failed_when: version is not search('1.21.4')

View File

@ -6,26 +6,33 @@
success_msg: "Your OS, {{ ansible_facts['distribution'] }} is supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}" success_msg: "Your OS, {{ ansible_facts['distribution'] }} is supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}"
fail_msg: "Your OS, {{ ansible_facts['distribution'] }} is not supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}" fail_msg: "Your OS, {{ ansible_facts['distribution'] }} is not supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}"
when: when:
- nginx_install | bool - nginx_enable | bool
- (nginx_install_from == "nginx_repository" or nginx_type == "plus") - (nginx_install_from == "nginx_repository" or nginx_type == "plus")
ignore_errors: true # noqa ignore-errors ignore_errors: true # noqa ignore-errors
tags: nginx_check_support tags: nginx_check_support
- name: Check that NGINX setup is an allowed value
assert:
that: nginx_setup in nginx_setup_vars
fail_msg: The value {{ nginx_setup }} you used for `nginx_setup` is not allowed. Try one of {{ nginx_setup_vars | join(', ') }}.
when: nginx_enable | bool
ignore_errors: true # noqa ignore-errors
tags: nginx_check_support
- name: Set up prerequisites - name: Set up prerequisites
include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml" include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml"
when: nginx_state != "absent"
tags: nginx_prerequisites tags: nginx_prerequisites
- name: Set up signing keys - name: Set up signing keys
include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml" include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml"
when: (nginx_install | bool and nginx_install_from == "nginx_repository") when: (nginx_enable | bool and nginx_install_from == "nginx_repository")
or nginx_amplify_enable | bool or nginx_amplify_enable | bool
tags: nginx_key tags: nginx_key
- name: Install and Configure NGINX - name: "{{ nginx_setup | capitalize }} NGINX"
block: block:
- name: Install NGINX - name: "{{ nginx_setup | capitalize }} NGINX Open Source"
block:
- name: Install NGINX Open Source
include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml" include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml"
when: nginx_type == "opensource" when: nginx_type == "opensource"
tags: nginx_install_oss tags: nginx_install_oss
@ -37,12 +44,12 @@
- nginx_setup_license | bool - nginx_setup_license | bool
tags: nginx_setup_license tags: nginx_setup_license
- name: Install NGINX Plus - name: "{{ nginx_setup | capitalize }} NGINX Plus"
include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml" include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml"
when: nginx_type == "plus" when: nginx_type == "plus"
tags: nginx_install_plus tags: nginx_install_plus
- name: Install NGINX dynamic modules - name: "{{ nginx_setup | capitalize }} NGINX dynamic modules"
include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml" include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml"
when: when:
- nginx_modules is defined - nginx_modules is defined
@ -62,22 +69,25 @@
- ansible_facts['service_mgr'] == "systemd" - ansible_facts['service_mgr'] == "systemd"
- nginx_service_modify | bool - nginx_service_modify | bool
tags: nginx_modify_systemd tags: nginx_modify_systemd
when: nginx_install | bool when: nginx_enable | bool
tags: nginx_install tags: nginx_enable
- name: Ensure NGINX is running - name: Trigger handlers if necessary
meta: flush_handlers meta: flush_handlers
- name: Debug NGINX output - name: Debug NGINX output
include_tasks: "{{ role_path }}/tasks/config/debug-output.yml" include_tasks: "{{ role_path }}/tasks/config/debug-output.yml"
when: nginx_debug_output | bool when:
- nginx_debug_output | bool
- nginx_state != "absent"
tags: nginx_debug_output tags: nginx_debug_output
- name: Configure logrotate for NGINX - name: Configure logrotate for NGINX
include_tasks: "{{ role_path }}/tasks/config/setup-logrotate.yml" include_tasks: "{{ role_path }}/tasks/config/setup-logrotate.yml"
when: nginx_logrotate_conf_enable | bool when:
- nginx_logrotate_conf_enable | bool
- nginx_state != "absent"
tags: nginx_logrotate_config tags: nginx_logrotate_config
when: nginx_enable | bool
- name: Install NGINX Amplify - name: Install NGINX Amplify
include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml" include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml"

View File

@ -7,7 +7,7 @@
- '"geoip" in nginx_modules' - '"geoip" in nginx_modules'
- nginx_install_epel_release | bool - nginx_install_epel_release | bool
- name: Install NGINX modules - name: Setup NGINX modules
package: package:
name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item.name | default(item) }}\ name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item.name | default(item) }}\
{{ item.version | default(nginx_version) | default('') }}{{ (nginx_repository is not defined and ansible_facts['os_family'] == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}" {{ item.version | default(nginx_version) | default('') }}{{ (nginx_repository is not defined and ansible_facts['os_family'] == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}"

View File

@ -1,14 +1,15 @@
--- ---
- name: (Alpine Linux) Configure NGINX repository - name: (Alpine Linux) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository
lineinfile: lineinfile:
path: /etc/apk/repositories path: /etc/apk/repositories
insertafter: EOF insertafter: EOF
line: "{{ nginx_repository | default(nginx_default_repository_alpine) }}" line: "{{ nginx_repository | default(nginx_default_repository_alpine) }}"
state: "{{ (nginx_state == 'uninstall') | ternary('absent', 'present') }}"
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (Alpine Linux) Install NGINX - name: (Alpine Linux) {{ nginx_setup | capitalize }} NGINX
apk: apk:
name: "nginx{{ nginx_repository is not defined | ternary('@nginx', '') }}{{ nginx_version | default('') }}" name: "nginx{{ (nginx_repository is not defined and nginx_setup != 'uninstall') | ternary('@nginx', '') }}{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
update_cache: true update_cache: true
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: "{{ ansible_check_mode }}"

View File

@ -14,16 +14,16 @@
- ansible_facts['system'] == "FreeBSD" - ansible_facts['system'] == "FreeBSD"
- nginx_bsd_update_ports | bool - nginx_bsd_update_ports | bool
- name: (FreeBSD) Install NGINX - name: (FreeBSD) {{ nginx_setup | capitalize }} NGINX
block: block:
- name: (FreeBSD) Install NGINX package - name: (FreeBSD) {{ nginx_setup | capitalize }} NGINX package
pkgng: pkgng:
name: "www/nginx{{ nginx_version | default('') }}" name: "www/nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
when: nginx_bsd_install_packages | bool when: nginx_bsd_install_packages | bool
notify: (Handler) Run NGINX notify: (Handler) Run NGINX
- name: (FreeBSD) Install NGINX port - name: (FreeBSD) {{ nginx_setup | capitalize }} NGINX port
portinstall: portinstall:
name: "www/nginx{{ nginx_version | default('') }}" name: "www/nginx{{ nginx_version | default('') }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}" use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
@ -32,9 +32,9 @@
notify: (Handler) Run NGINX notify: (Handler) Run NGINX
when: ansible_facts['system'] == "FreeBSD" when: ansible_facts['system'] == "FreeBSD"
- name: (OpenBSD) Install NGINX - name: (OpenBSD) {{ nginx_setup | capitalize }} NGINX
block: block:
- name: (OpenBSD) Install NGINX package - name: (OpenBSD) {{ nginx_setup | capitalize }} NGINX package
openbsd_pkg: openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
build: false build: false
@ -42,7 +42,7 @@
when: nginx_bsd_install_packages | bool when: nginx_bsd_install_packages | bool
notify: (Handler) Run NGINX notify: (Handler) Run NGINX
- name: (OpenBSD) Install NGINX port - name: (OpenBSD) {{ nginx_setup | capitalize }} NGINX port
openbsd_pkg: openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
build: true build: true
@ -51,28 +51,28 @@
notify: (Handler) Run NGINX notify: (Handler) Run NGINX
when: ansible_facts['system'] == "OpenBSD" when: ansible_facts['system'] == "OpenBSD"
- name: (NetBSD) Install NGINX - name: (NetBSD) {{ nginx_setup | capitalize }} NGINX
block: block:
- name: (NetBSD) Install NGINX package - name: (NetBSD) {{ nginx_setup | capitalize }} NGINX package
command: "pkg_add www/nginx{{ nginx_version | default('') }}" command: "pkg_add www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool when: nginx_bsd_install_packages | bool
notify: (Handler) Run NGINX notify: (Handler) Run NGINX
- name: (NetBSD) Install NGINX port - name: (NetBSD) {{ nginx_setup | capitalize }} NGINX port
fail: fail:
msg: "{{ ansible_facts['system'] }} Install NGINX port not implemented." msg: "{{ ansible_facts['system'] }} {{ nginx_setup | capitalize }} NGINX port not implemented."
when: not nginx_bsd_install_packages | bool when: not nginx_bsd_install_packages | bool
when: ansible_facts['system'] == "NetBSD" when: ansible_facts['system'] == "NetBSD"
- name: (DragonFlyBSD/HardenedBSD) Install NGINX - name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX
block: block:
- name: (DragonFlyBSD/HardenedBSD) Install NGINX package - name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX package
command: "pkg install www/nginx{{ nginx_version | default('') }}" command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool when: nginx_bsd_install_packages | bool
notify: (Handler) Run NGINX notify: (Handler) Run NGINX
- name: (DragonFlyBSD/HardenedBSD) Install NGINX port - name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX port
fail: fail:
msg: "{{ ansible_facts['system'] }} Install NGINX port not implemented." msg: "{{ ansible_facts['system'] }} {{ nginx_setup | capitalize }} NGINX port not implemented."
when: not nginx_bsd_install_packages | bool when: not nginx_bsd_install_packages | bool
when: ansible_facts['system'] in ['DragonFlyBSD', 'HardenedBSD'] when: ansible_facts['system'] in ['DragonFlyBSD', 'HardenedBSD']

View File

@ -1,14 +1,15 @@
--- ---
- name: (Debian/Ubuntu) Configure NGINX repository - name: (Debian/Ubuntu) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository
apt_repository: apt_repository:
filename: nginx filename: nginx
repo: "{{ item }}" repo: "{{ item }}"
update_cache: true update_cache: true
mode: 0644 mode: 0644
state: "{{ (nginx_state == 'uninstall') | ternary('absent', 'present') }}"
loop: "{{ nginx_repository | default(nginx_default_repository_debian) }}" loop: "{{ nginx_repository | default(nginx_default_repository_debian) }}"
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (Debian/Ubuntu) Pin NGINX repository - name: (Debian/Ubuntu) {{ (nginx_setup == 'uninstall') | ternary('Unpin', 'Pin') }} NGINX repository
blockinfile: blockinfile:
path: /etc/apt/preferences.d/99nginx path: /etc/apt/preferences.d/99nginx
create: true create: true
@ -18,9 +19,10 @@
Pin: release o=nginx Pin: release o=nginx
Pin-Priority: 900 Pin-Priority: 900
mode: 0644 mode: 0644
state: "{{ (nginx_state == 'uninstall') | ternary('absent', 'present') }}"
when: nginx_repository is not defined when: nginx_repository is not defined
- name: (Debian/Ubuntu) Install NGINX - name: (Debian/Ubuntu) {{ nginx_setup | capitalize }} NGINX
apt: apt:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"

View File

@ -1,15 +1,15 @@
--- ---
- name: Install NGINX in Linux systems - name: "{{ nginx_setup | capitalize }} NGINX in Linux systems"
block: block:
- name: Install NGINX from repository - name: "{{ nginx_setup | capitalize }} NGINX from repository"
include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml" include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml"
when: nginx_install_from == "nginx_repository" when: nginx_install_from == "nginx_repository"
- name: Install NGINX from source - name: "{{ nginx_setup | capitalize }} NGINX from source"
include_tasks: "{{ role_path }}/tasks/opensource/install-source.yml" include_tasks: "{{ role_path }}/tasks/opensource/install-source.yml"
when: nginx_install_from == "source" when: nginx_install_from == "source"
- name: Install NGINX from package - name: "{{ nginx_setup | capitalize }} NGINX from package"
package: package:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
@ -17,6 +17,6 @@
notify: (Handler) Run NGINX notify: (Handler) Run NGINX
when: ansible_facts['system'] | lower is not search('bsd') when: ansible_facts['system'] | lower is not search('bsd')
- name: Install NGINX in Unix systems - name: "{{ nginx_setup | capitalize }} NGINX in Unix systems"
include_tasks: "{{ role_path }}/tasks/opensource/install-bsd.yml" include_tasks: "{{ role_path }}/tasks/opensource/install-bsd.yml"
when: ansible_facts['system'] | lower is search('bsd') when: ansible_facts['system'] | lower is search('bsd')

View File

@ -1,5 +1,5 @@
--- ---
- name: (Amazon Linux/CentOS/RHEL) Configure NGINX repository - name: (Amazon Linux/CentOS/RHEL) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository
yum_repository: yum_repository:
name: nginx name: nginx
baseurl: "{{ nginx_repository | baseurl: "{{ nginx_repository |
@ -9,9 +9,10 @@
gpgcheck: true gpgcheck: true
mode: 0644 mode: 0644
module_hotfixes: true module_hotfixes: true
state: "{{ (nginx_state == 'uninstall') | ternary('absent', 'present') }}"
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (Amazon Linux/CentOS/RHEL) Install NGINX - name: (Amazon Linux/CentOS/RHEL) {{ nginx_setup | capitalize }} NGINX
yum: yum:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"

View File

@ -1,11 +1,12 @@
--- ---
- name: (SLES) Configure NGINX repository - name: (SLES) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository
zypper_repository: zypper_repository:
name: "nginx-{{ nginx_branch }}" name: "nginx-{{ nginx_branch }}"
repo: "{{ nginx_repository | default(nginx_default_repository_suse) }}" repo: "{{ nginx_repository | default(nginx_default_repository_suse) }}"
state: "{{ (nginx_state == 'uninstall') | ternary('absent', 'present') }}"
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (SLES) Install NGINX - name: (SLES) {{ nginx_setup | capitalize }} NGINX
zypper: zypper:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"

View File

@ -4,10 +4,10 @@
path: /etc/apk/repositories path: /etc/apk/repositories
insertafter: EOF insertafter: EOF
line: "{{ nginx_repository | default(nginx_plus_default_repository_alpine) }}" line: "{{ nginx_repository | default(nginx_plus_default_repository_alpine) }}"
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default((nginx_setup == 'uninstall') | ternary('absent', 'present')) }}"
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (Alpine Linux) Install NGINX Plus - name: (Alpine Linux) {{ nginx_setup | capitalize }} NGINX Plus
apk: apk:
name: "nginx-plus{{ nginx_version | default('') }}" name: "nginx-plus{{ nginx_version | default('') }}"
repository: "{{ nginx_repository | default(nginx_plus_default_repository_alpine) }}" repository: "{{ nginx_repository | default(nginx_plus_default_repository_alpine) }}"

View File

@ -8,7 +8,7 @@
Acquire::https::{{ (nginx_repository | default(nginx_plus_default_repository_debian)) | regex_search('(?<=https://)[^/]*') }}::Verify-Host "true"; Acquire::https::{{ (nginx_repository | default(nginx_plus_default_repository_debian)) | regex_search('(?<=https://)[^/]*') }}::Verify-Host "true";
Acquire::https::{{ (nginx_repository | default(nginx_plus_default_repository_debian)) | regex_search('(?<=https://)[^/]*') }}::SslCert "/etc/ssl/nginx/nginx-repo.crt"; Acquire::https::{{ (nginx_repository | default(nginx_plus_default_repository_debian)) | regex_search('(?<=https://)[^/]*') }}::SslCert "/etc/ssl/nginx/nginx-repo.crt";
Acquire::https::{{ (nginx_repository | default(nginx_plus_default_repository_debian)) | regex_search('(?<=https://)[^/]*') }}::SslKey "/etc/ssl/nginx/nginx-repo.key"; Acquire::https::{{ (nginx_repository | default(nginx_plus_default_repository_debian)) | regex_search('(?<=https://)[^/]*') }}::SslKey "/etc/ssl/nginx/nginx-repo.key";
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default((nginx_setup == 'uninstall') | ternary('absent', 'present')) }}"
mode: 0444 mode: 0444
- name: (Debian/Ubuntu) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository - name: (Debian/Ubuntu) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository
@ -16,11 +16,11 @@
filename: nginx-plus filename: nginx-plus
repo: "{{ nginx_repository | default(nginx_plus_default_repository_debian) }}" repo: "{{ nginx_repository | default(nginx_plus_default_repository_debian) }}"
update_cache: false update_cache: false
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default((nginx_setup == 'uninstall') | ternary('absent', 'present')) }}"
mode: 0644 mode: 0644
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (Debian/Ubuntu) Install NGINX Plus - name: (Debian/Ubuntu) {{ nginx_setup | capitalize }} NGINX Plus
apt: apt:
name: "nginx-plus{{ nginx_version | default('') }}" name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"

View File

@ -22,7 +22,7 @@
mode: 0644 mode: 0644
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (FreeBSD) Install NGINX Plus - name: (FreeBSD) {{ nginx_setup | capitalize }} NGINX Plus
pkgng: pkgng:
name: "nginx-plus{{ nginx_version | default('') }}" name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"

View File

@ -1,5 +1,5 @@
--- ---
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository - name: (Amazon Linux/CentOS/Oracle Linux/RHEL) {{ (nginx_license_status is defined or nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX Plus repository
yum_repository: yum_repository:
name: nginx-plus name: nginx-plus
baseurl: "{{ nginx_repository | baseurl: "{{ nginx_repository |
@ -9,11 +9,11 @@
sslclientkey: /etc/ssl/nginx/nginx-repo.key sslclientkey: /etc/ssl/nginx/nginx-repo.key
enabled: true enabled: true
gpgcheck: true gpgcheck: true
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default((nginx_setup == 'uninstall') | ternary('absent', 'present')) }}"
mode: 0644 mode: 0644
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Install NGINX Plus - name: (Amazon Linux/CentOS/Oracle Linux/RHEL) {{ nginx_setup | capitalize }} NGINX Plus
yum: yum:
name: "nginx-plus{{ nginx_version | default('') }}" name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"

View File

@ -1,19 +1,12 @@
--- ---
- name: (SLES) Combine NGINX Plus certificate and license key
assemble:
src: /etc/ssl/nginx
dest: /etc/ssl/nginx/nginx-repo-bundle.crt
mode: 0444
when: nginx_license_status is not defined
- name: (SLES) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository - name: (SLES) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository
zypper_repository: zypper_repository:
name: nginx-plus name: nginx-plus
repo: "{{ nginx_repository | default(nginx_plus_default_repository_suse) }}" repo: "{{ nginx_repository | default(nginx_plus_default_repository_suse) }}"
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default((nginx_setup == 'uninstall') | ternary('absent', 'present')) }}"
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (SLES) Install NGINX Plus - name: (SLES) {{ nginx_setup | capitalize }} NGINX Plus
zypper: zypper:
name: "nginx-plus{{ nginx_version | default('') }}" name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"

View File

@ -40,3 +40,10 @@
decrypt: true decrypt: true
mode: 0444 mode: 0444
when: ansible_facts['os_family'] == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: (SLES) Combine NGINX Plus certificate and license key
assemble:
src: /etc/ssl/nginx
dest: /etc/ssl/nginx/nginx-repo-bundle.crt
mode: 0444
when: ansible_facts['os_family'] == "Suse"

View File

@ -1,4 +1,17 @@
--- ---
nginx_setup_vars: [
'install', 'uninstall', 'upgrade',
]
nginx_default_setup: install
nginx_state_vals:
install: present
uninstall: absent
upgrade: latest
nginx_state: "{{ nginx_state_vals[nginx_setup] | default(nginx_state_vals[nginx_default_setup]) }}"
# Supported NGINX Open Source distributions # Supported NGINX Open Source distributions
# https://nginx.org/en/docs/install.html # https://nginx.org/en/docs/install.html
nginx_distributions: [ nginx_distributions: [