From 78a7e3efeba72c03047dfe4ca5f2cf2d310d5417 Mon Sep 17 00:00:00 2001
From: Alessandro Fael Garcia <alessfg@hotmail.com>
Date: Fri, 19 Jan 2018 10:27:47 -0800
Subject: [PATCH] Multiple changes

* Add option to enable REST API
* Add option to enable live dashboard
* Add option to install WAF module
* Load modules in nginx.conf
* Improve version check for RedHat distros
---
 defaults/main.yml                             | 16 ++++++++----
 tasks/amplify/install-amplify.yml             |  2 +-
 tasks/conf/setup-api.yml                      |  6 +++++
 .../{nginx-status.yml => setup-status.yml}    | 26 +++++++++----------
 tasks/main.yml                                | 14 +++++++++-
 tasks/modules/install-njs.yml                 | 21 +++++++++++++++
 tasks/modules/install-perl.yml                | 19 ++++++++++++++
 tasks/modules/install-waf.yml                 | 13 ++++++++++
 tasks/opensource/install-oss.yml              | 12 ---------
 tasks/plus/install-plus.yml                   | 12 ---------
 tasks/plus/setup-redhat.yml                   |  4 +--
 templates/.gitkeep                            |  0
 templates/api.j2                              | 15 +++++++++++
 13 files changed, 113 insertions(+), 47 deletions(-)
 create mode 100644 tasks/conf/setup-api.yml
 rename tasks/conf/{nginx-status.yml => setup-status.yml} (55%)
 create mode 100644 tasks/modules/install-njs.yml
 create mode 100644 tasks/modules/install-perl.yml
 create mode 100644 tasks/modules/install-waf.yml
 delete mode 100644 templates/.gitkeep
 create mode 100644 templates/api.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index 658a0f8..51b448d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -7,12 +7,12 @@ type: opensource
 # Options are 'mainline' or 'stable'.
 # Default is stable.
 branch: mainline
-# Install nginscript module.
+# Install nginscript, perl and/or waf modules.
 # Default is false.
-njs: false
-# Install Perl module.
-# Default is false.
-perl: false
+modules:
+  njs: false
+  perl: false
+  waf: false
 # Install NGINX Amplify.
 # Use your NGINX Amplify API key.
 # Default is null.
@@ -21,6 +21,12 @@ amplify: null
 # Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus.
 # Default is false.
 status: false
+# Enable NGINX Plus REST API and dashboard.
+# Default is false.
+api:
+  enable: false
+  write: false
+  dashboard: false
 # Location of your NGINX Plus license in your local machine.
 # Default is the files folder within the NGINX Ansible role.
 license:
diff --git a/tasks/amplify/install-amplify.yml b/tasks/amplify/install-amplify.yml
index 153c354..7a362d6 100644
--- a/tasks/amplify/install-amplify.yml
+++ b/tasks/amplify/install-amplify.yml
@@ -1,5 +1,5 @@
 ---
-- import_tasks: ../conf/nginx-status.yml
+- import_tasks: ../conf/setup-status.yml
 
 - name: "(All OSs) Download NGINX Amplify Script"
   get_url:
diff --git a/tasks/conf/setup-api.yml b/tasks/conf/setup-api.yml
new file mode 100644
index 0000000..87b9663
--- /dev/null
+++ b/tasks/conf/setup-api.yml
@@ -0,0 +1,6 @@
+---
+- name: "(All OSs) Setup NGINX Plus API"
+  template:
+    src: api.j2
+    dest: /etc/nginx/conf.d/api.conf
+  notify: "(All OSs) Reload NGINX"
diff --git a/tasks/conf/nginx-status.yml b/tasks/conf/setup-status.yml
similarity index 55%
rename from tasks/conf/nginx-status.yml
rename to tasks/conf/setup-status.yml
index 9c1d3c4..c22c60a 100644
--- a/tasks/conf/nginx-status.yml
+++ b/tasks/conf/setup-status.yml
@@ -5,13 +5,12 @@
     create: yes
     block: |
       server {
-        listen 127.0.0.1:80;
-        server_name 127.0.0.1;
-        location /nginx_status {
-            stub_status on;
-            allow 127.0.0.1;
-            deny all;
-        }
+          listen 127.0.0.1:80;
+          location /nginx_status {
+              stub_status on;
+              allow 127.0.0.1;
+              deny all;
+          }
       }
   when: type == "opensource"
   notify: "(All OSs) Reload NGINX"
@@ -22,13 +21,12 @@
     create: yes
     block: |
       server {
-        listen 127.0.0.1:80;
-        server_name 127.0.0.1;
-        location /status {
-            status;
-            allow 127.0.0.1;
-            deny all;
-        }
+          listen 127.0.0.1:80;
+          location /status {
+              status;
+              allow 127.0.0.1;
+              deny all;
+          }
       }
   when: type == "plus"
   notify: "(All OSs) Reload NGINX"
diff --git a/tasks/main.yml b/tasks/main.yml
index fd2acdd..5e30fec 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -11,8 +11,20 @@
 - import_tasks: plus/install-plus.yml
   when: type == "plus"
 
-- import_tasks: conf/nginx-status.yml
+- import_tasks: modules/install-njs.yml
+  when: modules.njs
+
+- import_tasks: modules/install-perl.yml
+  when: modules.perl
+
+- import_tasks: modules/install-waf.yml
+  when: modules.waf and type == "plus"
+
+- import_tasks: conf/setup-status.yml
   when: status
 
+- import_tasks: conf/setup-api.yml
+  when: api.enable and type == "plus"
+
 - import_tasks: amplify/install-amplify.yml
   when: amplify is defined and amplify
diff --git a/tasks/modules/install-njs.yml b/tasks/modules/install-njs.yml
new file mode 100644
index 0000000..626ab0e
--- /dev/null
+++ b/tasks/modules/install-njs.yml
@@ -0,0 +1,21 @@
+---
+- name: "(All OSs) Install NGINX NJS Module"
+  package:
+    name: nginx-module-njs
+    state: present
+  when: type == "opensource"
+
+- name: "(All OSs) Install NGINX NJS Module"
+  package:
+    name: nginx-plus-module-njs
+    state: present
+  when: type == "plus"
+
+- name: "(All OSs) Load NGINX NJS Module"
+  blockinfile:
+    path: /etc/nginx/nginx.conf
+    insertbefore: BOF
+    block: |
+      load_module modules/ngx_http_js_module.so;
+      load_module modules/ngx_stream_js_module.so;
+  notify: "(All OSs) Reload NGINX"
diff --git a/tasks/modules/install-perl.yml b/tasks/modules/install-perl.yml
new file mode 100644
index 0000000..fe95185
--- /dev/null
+++ b/tasks/modules/install-perl.yml
@@ -0,0 +1,19 @@
+---
+- name: "(All OSs) Install NGINX Perl Module"
+  package:
+    name: nginx-module-perl
+    state: present
+  when: type == "opensource"
+
+- name: "(All OSs) Install NGINX Perl Module"
+  package:
+    name: nginx-plus-module-perl
+    state: present
+  when: type == "plus"
+
+- name: "(All OSs) Load NGINX Perl Module"
+  lineinfile:
+    path: /etc/nginx/nginx.conf
+    insertbefore: BOF
+    line: load_module modules/ngx_http_perl.so;
+  notify: "(All OSs) Reload NGINX"
diff --git a/tasks/modules/install-waf.yml b/tasks/modules/install-waf.yml
new file mode 100644
index 0000000..2a5bdc8
--- /dev/null
+++ b/tasks/modules/install-waf.yml
@@ -0,0 +1,13 @@
+---
+- name: "(All OSs) Install NGINX Plus WAF Module"
+  package:
+    name: nginx-plus-module-modsecurity
+    state: present
+  when: waf
+
+- name: "(All OSs) Load NGINX Plus WAF Module"
+  lineinfile:
+    path: /etc/nginx/nginx.conf
+    insertbefore: BOF
+    line: load_module modules/ngx_http_modsecurity_module.so;
+  notify: "(All OSs) Reload NGINX"
diff --git a/tasks/opensource/install-oss.yml b/tasks/opensource/install-oss.yml
index 5190698..32aa35a 100644
--- a/tasks/opensource/install-oss.yml
+++ b/tasks/opensource/install-oss.yml
@@ -13,15 +13,3 @@
     name: nginx
     state: present
   notify: "(All OSs) Start NGINX"
-
-- name: "(All OSs) Install NGINX NJS Module"
-  package:
-    name: nginx-module-njs
-    state: present
-  when: njs
-
-- name: "(All OSs) Install NGINX Perl Module"
-  package:
-    name: nginx-module-perl
-    state: present
-  when: perl
diff --git a/tasks/plus/install-plus.yml b/tasks/plus/install-plus.yml
index b7f772c..1f964e6 100644
--- a/tasks/plus/install-plus.yml
+++ b/tasks/plus/install-plus.yml
@@ -18,15 +18,3 @@
     name: nginx-plus
     state: present
   notify: "(All OSs) Start NGINX"
-
-- name: "(All OSs) Install NGINX NJS Module"
-  package:
-    name: nginx-plus-module-njs
-    state: present
-  when: njs
-
-- name: "(All OSs) Install NGINX Perl Module"
-  package:
-    name: nginx-plus-module-perl
-    state: present
-  when: perl
diff --git a/tasks/plus/setup-redhat.yml b/tasks/plus/setup-redhat.yml
index a8f77d4..d1d18e2 100644
--- a/tasks/plus/setup-redhat.yml
+++ b/tasks/plus/setup-redhat.yml
@@ -7,12 +7,12 @@
 - name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
   set_fact:
     version: "7"
-  when: ansible_distribution_major_version|int >= 7 and ansible_distribution_major_version|int <= 7.3
+  when: ansible_distribution_major_version|float >= 7.0 and ansible_distribution_major_version|float <= 7.3
 
 - name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
   set_fact:
     version: "7.4"
-  when: ansible_distribution_major_version|int == 7.4
+  when: ansible_distribution_major_version|float == 7.4
 
 - name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
   set_fact:
diff --git a/templates/.gitkeep b/templates/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/templates/api.j2 b/templates/api.j2
new file mode 100644
index 0000000..9e00fb5
--- /dev/null
+++ b/templates/api.j2
@@ -0,0 +1,15 @@
+server {
+    listen 8080;
+    location /api {
+{% if api.write %}
+        api write=on;
+{% else %}
+        api;
+{% endif %}
+    }
+{% if api.dashboard %}
+    location = /dashboard.html {
+        root /usr/share/nginx/html;
+    }
+{% endif %}
+}