From 9760f98f059cde2df210cfca7de8a73b19dee297 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sun, 20 Sep 2020 12:15:28 +0200 Subject: [PATCH] Add NGINX Plus tests to TravisCI (#327) --- .travis.yml | 10 +++++++- CHANGELOG.md | 4 +++- README.md | 1 + defaults/main/main.yml | 12 +++++----- handlers/main.yml | 10 ++++---- molecule/common/playbooks/plus_converge.yml | 5 ++-- molecule/common/playbooks/plus_prepare.yml | 18 ++++++++++++++ molecule/common/playbooks/plus_verify.yml | 7 ++++++ molecule/plus/molecule.yml | 1 + molecule/plus_alpine/molecule.yml | 1 + molecule/plus_centos/molecule.yml | 1 + tasks/plus/install-debian.yml | 3 ++- templates/http/api.conf.j2 | 1 + templates/http/default.conf.j2 | 1 + templates/http/status.conf.j2 | 1 + templates/nginx.conf.j2 | 1 + templates/stream/default.conf.j2 | 1 + templates/www/index.html.j2 | 1 + vars/main.yml | 26 ++++++++------------- 19 files changed, 73 insertions(+), 32 deletions(-) create mode 100644 molecule/common/playbooks/plus_prepare.yml diff --git a/.travis.yml b/.travis.yml index 407abd4..06b0ec3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -24,6 +24,15 @@ jobs: - name: (CentOS) Cleanup config and try to install modules env: scenario: module_centos + - name: (Debian/Ubuntu) Install NGINX Plus + env: + scenario: plus + - name: (Alpine Linux) Install NGINX Plus + env: + scenario: plus_alpine + - name: (CentOS) Install NGINX Plus + env: + scenario: plus_centos - name: (Debian/Ubuntu) Install stable branch and push a config env: scenario: stable_push @@ -73,6 +82,5 @@ install: - pip install docker==4.3.1 script: - travis_wait 50 molecule test -s $scenario - notifications: webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/CHANGELOG.md b/CHANGELOG.md index d70924f..9b76ab0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## 0.17.0 (September 19, 2020) +## 0.17.0 (September 20, 2020) BREAKING CHANGES: @@ -16,10 +16,12 @@ FEATURES: * Three new tags have been introduced -- `nginx_setup_license`, `nginx_install` and `nginx_check_support`. * Add Alpine 3.12 to the list of supported platforms. * Remove Alpine 3.8 from the list of supported platforms. +* Add NGINX Plus tests to TravisCI ENHANCEMENTS: * Added handlers to check for NGINX syntax validity and fail if any errors are detected. +* Switch to using `ansible_facts` wherever possible. * Major backend refactoring to reduce the number of files and tasks. * You can now specify an `nginx_repository` for NGINX Plus too. * Moved "constant" variables to `vars/main.yml`. diff --git a/README.md b/README.md index efa1fbb..0b41066 100644 --- a/README.md +++ b/README.md @@ -181,6 +181,7 @@ Working functional playbook examples can be found in the **`molecule/common/`** - **[molecule/common/playbooks/default_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/default_converge.yml):** Install a specific version of NGINX and set up logrotate - **[molecule/common/playbooks/module_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/module_converge.yml):** Install various NGINX supported modules +- **[molecule/common/playbooks/plus_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/plus_converge.yml):** Install NGINX Plus and various NGINX Plus supported modules - **[molecule/common/playbooks/source_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/source_converge.yml):** Install NGINX from source - **[molecule/common/playbooks/stable_push_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/stable_push_converge.yml):** Install NGINX using the stable branch and push a preexisting config from your system to your NGINX instance - **[molecule/common/playbooks/template_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/template_converge.yml):** Use the NGINX configuration templating variables to create an NGINX configuration file diff --git a/defaults/main/main.yml b/defaults/main/main.yml index 671c9ba..6d9e71a 100644 --- a/defaults/main/main.yml +++ b/defaults/main/main.yml @@ -26,8 +26,8 @@ nginx_debug_output: false # Default is 'opensource'. nginx_type: opensource -# Specify which version of NGINX you want to install. -# Default is empty. +# (Optional) Specify which version of NGINX you want to install. +# Default is to install the latest release. # nginx_version: "=19-1~bionic" # For NGINX Plus and modules you'll need a wilcard like below (which installs plus-20 and modules) # nginx_version: "-20*" @@ -57,11 +57,11 @@ nginx_install_source_pcre: false nginx_install_source_openssl: true nginx_install_source_zlib: false -# Choose where to fetch the NGINX signing key from. +# (Optional) Choose where to fetch the NGINX signing key from. # Default is the official NGINX signing key host. # nginx_signing_key: http://nginx.org/keys/nginx_signing.key -# Specify repository for NGINX Open Source or NGINX Plus. +# (Optional) Specify repository for NGINX Open Source or NGINX Plus. # Only works if 'install_from' is set to 'nginx_repository' when installing NGINX Open Source. # Defaults are the official NGINX repositories. # nginx_repository: deb [arch=amd64] https://nginx.org/packages/mainline/debian/ buster nginx @@ -83,8 +83,8 @@ nginx_license: nginx_setup_license: true # Remove NGINX Plus license and repository after installation for security purposes. -# Default is false. -nginx_remove_license: false +# Default is true. +nginx_remove_license: true # Install NGINX Modules. # You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked). diff --git a/handlers/main.yml b/handlers/main.yml index 59a7445..9c915d1 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,4 +1,8 @@ --- +- name: (Handler) Systemd daemon-reload + systemd: + daemon_reload: yes + - name: (Handler) Check NGINX command: nginx -t register: config @@ -12,10 +16,6 @@ when: config.rc != 0 listen: (Handler) Run NGINX -- name: (Handler) Systemd daemon-reload - systemd: - daemon_reload: yes - - name: (Handler) Start/Reload NGINX service: name: nginx @@ -24,7 +24,7 @@ when: - nginx_start | bool - not ansible_check_mode | bool - listen: "(Handler) Run NGINX" + listen: (Handler) Run NGINX - name: (Handler) Start NGINX Amplify agent service: diff --git a/molecule/common/playbooks/plus_converge.yml b/molecule/common/playbooks/plus_converge.yml index 27e4d43..696ffd8 100644 --- a/molecule/common/playbooks/plus_converge.yml +++ b/molecule/common/playbooks/plus_converge.yml @@ -8,8 +8,9 @@ vars: nginx_type: plus nginx_license: - certificate: ../../ansible-role-nginx/files/license/nginx-repo.crt - key: ../../ansible-role-nginx/files/license/nginx-repo.key + certificate: license/nginx-repo.crt + key: license/nginx-repo.key + nginx_remove_license: false nginx_modules: - auth-spnego - brotli diff --git a/molecule/common/playbooks/plus_prepare.yml b/molecule/common/playbooks/plus_prepare.yml new file mode 100644 index 0000000..594d5ee --- /dev/null +++ b/molecule/common/playbooks/plus_prepare.yml @@ -0,0 +1,18 @@ +--- +- name: Prepare + hosts: localhost + gather_facts: false + tasks: + - name: Create ephemeral license certificate file from b64 decoded env var + copy: + content: "{{ lookup('env','NGINX_CRT') | b64decode }}" + dest: ../../../files/license/nginx-repo.crt + force: no + mode: 0444 + + - name: Create ephemeral license key file from b64 decoded env var + copy: + content: "{{ lookup('env','NGINX_KEY') | b64decode }}" + dest: ../../../files/license/nginx-repo.key + force: no + mode: 0444 diff --git a/molecule/common/playbooks/plus_verify.yml b/molecule/common/playbooks/plus_verify.yml index d69320c..2c1c78f 100644 --- a/molecule/common/playbooks/plus_verify.yml +++ b/molecule/common/playbooks/plus_verify.yml @@ -2,6 +2,13 @@ - name: Verify hosts: all tasks: + - name: Check if NGINX is installed + package: + name: nginx-plus + check_mode: yes + register: install + failed_when: (install is changed) or (install is failed) + - name: Check if NGINX service is running service: name: nginx diff --git a/molecule/plus/molecule.yml b/molecule/plus/molecule.yml index 53455ff..6f3dbd5 100644 --- a/molecule/plus/molecule.yml +++ b/molecule/plus/molecule.yml @@ -44,5 +44,6 @@ platforms: provisioner: name: ansible playbooks: + prepare: ../common/playbooks/plus_prepare.yml converge: ../common/playbooks/plus_converge.yml verify: ../common/playbooks/plus_verify.yml diff --git a/molecule/plus_alpine/molecule.yml b/molecule/plus_alpine/molecule.yml index 9f5622f..94f6016 100644 --- a/molecule/plus_alpine/molecule.yml +++ b/molecule/plus_alpine/molecule.yml @@ -30,5 +30,6 @@ platforms: provisioner: name: ansible playbooks: + prepare: ../common/playbooks/plus_prepare.yml converge: ../common/playbooks/plus_converge.yml verify: ../common/playbooks/plus_verify.yml diff --git a/molecule/plus_centos/molecule.yml b/molecule/plus_centos/molecule.yml index 31c82d8..57ea7eb 100644 --- a/molecule/plus_centos/molecule.yml +++ b/molecule/plus_centos/molecule.yml @@ -30,5 +30,6 @@ platforms: provisioner: name: ansible playbooks: + prepare: ../common/playbooks/plus_prepare.yml converge: ../common/playbooks/plus_converge.yml verify: ../common/playbooks/plus_verify.yml diff --git a/tasks/plus/install-debian.yml b/tasks/plus/install-debian.yml index bcd5b2a..3406bef 100644 --- a/tasks/plus/install-debian.yml +++ b/tasks/plus/install-debian.yml @@ -15,7 +15,7 @@ apt_repository: filename: nginx-plus repo: "{{ repository }}" - update_cache: yes + update_cache: no state: "{{ nginx_license_status | default ('present') }}" mode: 0644 @@ -23,4 +23,5 @@ apt: name: "nginx-plus{{ nginx_version | default('') }}" state: "{{ nginx_state }}" + update_cache: yes notify: (Handler) Run NGINX diff --git a/templates/http/api.conf.j2 b/templates/http/api.conf.j2 index 3d62348..07a805a 100644 --- a/templates/http/api.conf.j2 +++ b/templates/http/api.conf.j2 @@ -1,3 +1,4 @@ +{# DEPRECATED #} {{ ansible_managed | comment }} server { diff --git a/templates/http/default.conf.j2 b/templates/http/default.conf.j2 index d11236f..03c2356 100644 --- a/templates/http/default.conf.j2 +++ b/templates/http/default.conf.j2 @@ -1,3 +1,4 @@ +{# DEPRECATED #} {{ ansible_managed | comment }} {% if item.value.upstreams is defined and item.value.upstreams %} diff --git a/templates/http/status.conf.j2 b/templates/http/status.conf.j2 index 408e921..6b14458 100644 --- a/templates/http/status.conf.j2 +++ b/templates/http/status.conf.j2 @@ -1,3 +1,4 @@ +{# DEPRECATED #} {{ ansible_managed | comment }} server { diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index d7e4c6a..6b0922f 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -1,3 +1,4 @@ +{# DEPRECATED #} {{ ansible_managed | comment }} user {{ nginx_main_template.user }}; diff --git a/templates/stream/default.conf.j2 b/templates/stream/default.conf.j2 index b4fded5..b1b59c5 100644 --- a/templates/stream/default.conf.j2 +++ b/templates/stream/default.conf.j2 @@ -1,3 +1,4 @@ +{# DEPRECATED #} {{ ansible_managed | comment }} {% if item.value.upstreams is defined %} diff --git a/templates/www/index.html.j2 b/templates/www/index.html.j2 index ce5ccd1..3ed06bd 100644 --- a/templates/www/index.html.j2 +++ b/templates/www/index.html.j2 @@ -1,3 +1,4 @@ + diff --git a/vars/main.yml b/vars/main.yml index 5ba6e15..86112bd 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -34,21 +34,15 @@ nginx_default_repository: # Default NGINX Plus repositories nginx_plus_default_repository: - alpine: >- - https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main - amazon: >- - https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '==')) - | ternary('2', '') }}/$releasever/$basearch - debian: >- - deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus - freebsd: >- - https://plus-pkgs.nginx.com/freebsd/${ABI}/latest - redhat: >- - https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == "CentOS") - | ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=') - and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/ - suse: >- - https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host + alpine: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main" + amazon: "https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch" + debian: "deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus" + freebsd: "https://plus-pkgs.nginx.com/freebsd/${ABI}/latest" + redhat: "https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == 'CentOS') + | ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=') + and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/" + suse: "https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}\ + ?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host" # Alpine dependencies nginx_alpine_dependencies: [ @@ -72,7 +66,7 @@ nginx_sles_dependencies: [ # FreeBSD dependencies nginx_freebsd_dependencies: [ - 'security/ca_root_nss' + 'security/ca_root_nss', ] # Default locations and versions when 'nginx_install_from' is set to 'source'