Switch dictionaries to individual variables (#349)

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 0.18.1 (November 17, 2020)
+
+ENHANCEMENTS:
+
+Switch NGINX keysites and OSS default repository data from a dictionary to individual variables to prevent potential issues arisen from Jinja2 dictionary run-time evaluations.
+
 ## 0.18.0 (November 13, 2020)
 
 BREAKING CHANGES:

tasks/keys/setup-keys.yml

@@ -3,7 +3,7 @@
   block:
     - name: (Alpine Linux) Set up NGINX signing key URL
       set_fact:
-        keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['rsa_pub']) }}"
+        keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_rsa_pub) }}"
 
     - name: (Alpine Linux) Download NGINX signing key
       get_url:
@@ -14,7 +14,7 @@
 
 - name: (Debian/Red Hat/SLES OSs) Set up NGINX signing key URL
   set_fact:
-    keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['pgp']) }}"
+    keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_pgp) }}"
   when: ansible_facts['os_family'] != "Alpine"
 
 - name: (Debian/Ubuntu) Add NGINX signing key

tasks/opensource/install-alpine.yml

@@ -3,12 +3,12 @@
   lineinfile:
     path: /etc/apk/repositories
     insertafter: EOF
-    line: "{{ repository }}"
+    line: "{{ nginx_repository | default(nginx_default_repository_alpine) }}"
 
 - name: (Alpine Linux) Install NGINX
   apk:
     name: "nginx{{ nginx_version | default('') }}"
-    repository: "{{ repository }}"
+    repository: "{{ nginx_repository | default(nginx_default_repository_alpine) }}"
     state: "{{ nginx_state }}"
     update_cache: yes
   ignore_errors: "{{ ansible_check_mode }}"

tasks/opensource/install-debian.yml

@@ -5,7 +5,7 @@
     repo: "{{ item }}"
     update_cache: yes
     mode: 0644
-  loop: "{{ repository }}"
+  loop: "{{ nginx_repository | default(nginx_default_repository_debian) }}"
 
 - name: (Debian/Ubuntu) Install NGINX
   apt:

tasks/opensource/install-oss.yml

@@ -1,12 +1,6 @@
 ---
 - name: Install NGINX in Linux systems
   block:
-    - name: Install NGINX from repository
-      block:
-        - name: Set NGINX repository
-          set_fact:
-            repository: "{{ nginx_repository | default(nginx_default_repository[ansible_facts['os_family'] | lower]) }}"
-
     - name: Install NGINX from repository
       include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml"
       when: nginx_install_from == "nginx_repository"

tasks/opensource/install-redhat.yml

@@ -2,7 +2,7 @@
 - name: (CentOS/RHEL 6/7) Configure NGINX repository
   yum_repository:
     name: nginx
-    baseurl: "{{ repository }}"
+    baseurl: "{{ nginx_repository | default(nginx_default_repository_redhat) }}"
     description: NGINX Repository
     enabled: yes
     gpgcheck: yes
@@ -15,7 +15,7 @@
     create: yes
     block: |
       [nginx]
-      baseurl = {{ repository }}
+      baseurl = {{ nginx_repository | default(nginx_default_repository_redhat) }}
       enabled = 1
       gpgcheck = 1
       name = NGINX Repository

tasks/opensource/install-suse.yml

@@ -2,7 +2,7 @@
 - name: (SLES) Configure NGINX repository
   zypper_repository:
     name: "nginx-{{ nginx_branch }}"
-    repo: "{{ repository }}"
+    repo: "{{ nginx_repository | default(nginx_default_repository_suse) }}"
 
 - name: (SLES) Install NGINX
   zypper:

tasks/plus/install-suse.yml

@@ -9,7 +9,7 @@
 - name: (SLES) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository
   zypper_repository:
     name: nginx-plus
-    repo: "{{ nginx_repository | default(nginx_plus_default_repository_sles) }}"
+    repo: "{{ nginx_repository | default(nginx_plus_default_repository_suse) }}"
     state: "{{ nginx_license_status | default ('present') }}"
 
 - name: (SLES) Install NGINX Plus

vars/main.yml

@@ -13,34 +13,32 @@ nginx_plus_distributions: [
 ]
 
 # Default NGINX signing key
-nginx_default_signing_key:
+nginx_default_signing_key_rsa_pub: https://nginx.org/keys/nginx_signing.rsa.pub
-  rsa_pub: https://nginx.org/keys/nginx_signing.rsa.pub
+nginx_default_signing_key_pgp: https://nginx.org/keys/nginx_signing.key
-  pgp: https://nginx.org/keys/nginx_signing.key
 
 # Default NGINX Open Source repositories
-nginx_default_repository:
+nginx_default_repository_alpine: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
-  alpine: "https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+                                  alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
-          | ternary('mainline/', '') }}alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
+nginx_default_repository_debian:
-  debian:
+  - "deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
-    - "deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+    {{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx"
-      | ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx"
+  - "deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
-    - "deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+    {{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx"
-      | ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx"
+nginx_default_repository_redhat: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
-  redhat: "https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+                                  {{ (ansible_facts['distribution'] == 'CentOS') | ternary('centos', 'rhel') }}/\
-          | ternary('mainline/', '') }}{{ (ansible_facts['distribution'] == 'CentOS')
+                                  {{ ansible_facts['distribution_major_version'] }}/$basearch/"
-          | ternary('centos', 'rhel') }}/{{ ansible_facts['distribution_major_version'] }}/$basearch/"
+nginx_default_repository_suse: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
-  suse: "https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+                                sles/{{ ansible_facts['distribution_major_version'] }}"
-        | ternary('mainline/', '') }}sles/{{ ansible_facts['distribution_major_version'] }}"
 
 # Default NGINX Plus repositories
 nginx_plus_default_repository_alpine: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
 nginx_plus_default_repository_amazon: "https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch"
 nginx_plus_default_repository_debian: "deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus"
 nginx_plus_default_repository_freebsd: "https://plus-pkgs.nginx.com/freebsd/${ABI}/latest"
-nginx_plus_default_repository_redhat: "https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == 'CentOS')
+nginx_plus_default_repository_redhat: "https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == 'CentOS') | ternary('centos', 'rhel') }}/\
-                                      | ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
+                                      {{ (ansible_facts['distribution_version'] is version('7.4', '>=')
                                       and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/"
-nginx_plus_default_repository_sles: "https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}\
+nginx_plus_default_repository_suse: "https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}\
                                     ?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=peer"
 
 # Alpine dependencies