sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add NGINX Plus tests to TravisCI (#327)

Browse Source
This commit is contained in:
Alessandro Fael Garcia 2020-09-20 12:15:28 +02:00
parent 2ca5ce87b5
commit 9760f98f05
No known key found for this signature in database
GPG Key ID: 7E5B134EEDC42A56
19 changed files with 73 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.travis.yml
View File

@ -24,6 +24,15 @@ jobs:
- name: (CentOS) Cleanup config and try to install modules - name: (CentOS) Cleanup config and try to install modules
env: env:
scenario: module_centos scenario: module_centos
- name: (Debian/Ubuntu) Install NGINX Plus
env:
scenario: plus
- name: (Alpine Linux) Install NGINX Plus
env:
scenario: plus_alpine
- name: (CentOS) Install NGINX Plus
env:
scenario: plus_centos
- name: (Debian/Ubuntu) Install stable branch and push a config - name: (Debian/Ubuntu) Install stable branch and push a config
env: env:
scenario: stable_push scenario: stable_push
@ -73,6 +82,5 @@ install:
- pip install docker==4.3.1 - pip install docker==4.3.1
script: script:
- travis_wait 50 molecule test -s $scenario - travis_wait 50 molecule test -s $scenario
notifications: notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/ webhooks: https://galaxy.ansible.com/api/v1/notifications/

4
CHANGELOG.md
View File

@ -1,6 +1,6 @@
# Changelog # Changelog
## 0.17.0 (September 19, 2020) ## 0.17.0 (September 20, 2020)
BREAKING CHANGES: BREAKING CHANGES:
@ -16,10 +16,12 @@ FEATURES:
* Three new tags have been introduced -- `nginx_setup_license`, `nginx_install` and `nginx_check_support`. * Three new tags have been introduced -- `nginx_setup_license`, `nginx_install` and `nginx_check_support`.
* Add Alpine 3.12 to the list of supported platforms. * Add Alpine 3.12 to the list of supported platforms.
* Remove Alpine 3.8 from the list of supported platforms. * Remove Alpine 3.8 from the list of supported platforms.
* Add NGINX Plus tests to TravisCI
ENHANCEMENTS: ENHANCEMENTS:
* Added handlers to check for NGINX syntax validity and fail if any errors are detected. * Added handlers to check for NGINX syntax validity and fail if any errors are detected.
* Switch to using `ansible_facts` wherever possible.
* Major backend refactoring to reduce the number of files and tasks. * Major backend refactoring to reduce the number of files and tasks.
* You can now specify an `nginx_repository` for NGINX Plus too. * You can now specify an `nginx_repository` for NGINX Plus too.
* Moved "constant" variables to `vars/main.yml`. * Moved "constant" variables to `vars/main.yml`.

1
README.md
View File

@ -181,6 +181,7 @@ Working functional playbook examples can be found in the **`molecule/common/`**
- **[molecule/common/playbooks/default_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/default_converge.yml):** Install a specific version of NGINX and set up logrotate - **[molecule/common/playbooks/default_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/default_converge.yml):** Install a specific version of NGINX and set up logrotate
- **[molecule/common/playbooks/module_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/module_converge.yml):** Install various NGINX supported modules - **[molecule/common/playbooks/module_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/module_converge.yml):** Install various NGINX supported modules
- **[molecule/common/playbooks/plus_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/plus_converge.yml):** Install NGINX Plus and various NGINX Plus supported modules
- **[molecule/common/playbooks/source_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/source_converge.yml):** Install NGINX from source - **[molecule/common/playbooks/source_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/source_converge.yml):** Install NGINX from source
- **[molecule/common/playbooks/stable_push_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/stable_push_converge.yml):** Install NGINX using the stable branch and push a preexisting config from your system to your NGINX instance - **[molecule/common/playbooks/stable_push_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/stable_push_converge.yml):** Install NGINX using the stable branch and push a preexisting config from your system to your NGINX instance
- **[molecule/common/playbooks/template_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/template_converge.yml):** Use the NGINX configuration templating variables to create an NGINX configuration file - **[molecule/common/playbooks/template_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/template_converge.yml):** Use the NGINX configuration templating variables to create an NGINX configuration file

12
defaults/main/main.yml
View File

@ -26,8 +26,8 @@ nginx_debug_output: false
# Default is 'opensource'. # Default is 'opensource'.
nginx_type: opensource nginx_type: opensource
# Specify which version of NGINX you want to install. # (Optional) Specify which version of NGINX you want to install.
# Default is empty. # Default is to install the latest release.
# nginx_version: "=19-1~bionic" # nginx_version: "=19-1~bionic"
# For NGINX Plus and modules you'll need a wilcard like below (which installs plus-20 and modules) # For NGINX Plus and modules you'll need a wilcard like below (which installs plus-20 and modules)
# nginx_version: "-20*" # nginx_version: "-20*"
@ -57,11 +57,11 @@ nginx_install_source_pcre: false
nginx_install_source_openssl: true nginx_install_source_openssl: true
nginx_install_source_zlib: false nginx_install_source_zlib: false
# Choose where to fetch the NGINX signing key from. # (Optional) Choose where to fetch the NGINX signing key from.
# Default is the official NGINX signing key host. # Default is the official NGINX signing key host.
# nginx_signing_key: http://nginx.org/keys/nginx_signing.key # nginx_signing_key: http://nginx.org/keys/nginx_signing.key
# Specify repository for NGINX Open Source or NGINX Plus. # (Optional) Specify repository for NGINX Open Source or NGINX Plus.
# Only works if 'install_from' is set to 'nginx_repository' when installing NGINX Open Source. # Only works if 'install_from' is set to 'nginx_repository' when installing NGINX Open Source.
# Defaults are the official NGINX repositories. # Defaults are the official NGINX repositories.
# nginx_repository: deb [arch=amd64] https://nginx.org/packages/mainline/debian/ buster nginx # nginx_repository: deb [arch=amd64] https://nginx.org/packages/mainline/debian/ buster nginx
@ -83,8 +83,8 @@ nginx_license:
nginx_setup_license: true nginx_setup_license: true
# Remove NGINX Plus license and repository after installation for security purposes. # Remove NGINX Plus license and repository after installation for security purposes.
# Default is false. # Default is true.
nginx_remove_license: false nginx_remove_license: true
# Install NGINX Modules. # Install NGINX Modules.
# You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked). # You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked).

10
handlers/main.yml
View File

@ -1,4 +1,8 @@
--- ---
- name: (Handler) Systemd daemon-reload
systemd:
daemon_reload: yes
- name: (Handler) Check NGINX - name: (Handler) Check NGINX
command: nginx -t command: nginx -t
register: config register: config
@ -12,10 +16,6 @@
when: config.rc != 0 when: config.rc != 0
listen: (Handler) Run NGINX listen: (Handler) Run NGINX
- name: (Handler) Systemd daemon-reload
systemd:
daemon_reload: yes
- name: (Handler) Start/Reload NGINX - name: (Handler) Start/Reload NGINX
service: service:
name: nginx name: nginx
@ -24,7 +24,7 @@
when: when:
- nginx_start | bool - nginx_start | bool
- not ansible_check_mode | bool - not ansible_check_mode | bool
listen: "(Handler) Run NGINX" listen: (Handler) Run NGINX
- name: (Handler) Start NGINX Amplify agent - name: (Handler) Start NGINX Amplify agent
service: service:

5
molecule/common/playbooks/plus_converge.yml
View File

@ -8,8 +8,9 @@
vars: vars:
nginx_type: plus nginx_type: plus
nginx_license: nginx_license:
certificate: ../../ansible-role-nginx/files/license/nginx-repo.crt certificate: license/nginx-repo.crt
key: ../../ansible-role-nginx/files/license/nginx-repo.key key: license/nginx-repo.key
nginx_remove_license: false
nginx_modules: nginx_modules:
- auth-spnego - auth-spnego
- brotli - brotli

18
molecule/common/playbooks/plus_prepare.yml Normal file
View File

@ -0,0 +1,18 @@
---
- name: Prepare
hosts: localhost
gather_facts: false
tasks:
- name: Create ephemeral license certificate file from b64 decoded env var
copy:
content: "{{ lookup('env','NGINX_CRT') | b64decode }}"
dest: ../../../files/license/nginx-repo.crt
force: no
mode: 0444
- name: Create ephemeral license key file from b64 decoded env var
copy:
content: "{{ lookup('env','NGINX_KEY') | b64decode }}"
dest: ../../../files/license/nginx-repo.key
force: no
mode: 0444

7
molecule/common/playbooks/plus_verify.yml
View File

@ -2,6 +2,13 @@
- name: Verify - name: Verify
hosts: all hosts: all
tasks: tasks:
- name: Check if NGINX is installed
package:
name: nginx-plus
check_mode: yes
register: install
failed_when: (install is changed) or (install is failed)
- name: Check if NGINX service is running - name: Check if NGINX service is running
service: service:
name: nginx name: nginx

1
molecule/plus/molecule.yml
View File

@ -44,5 +44,6 @@ platforms:
provisioner: provisioner:
name: ansible name: ansible
playbooks: playbooks:
prepare: ../common/playbooks/plus_prepare.yml
converge: ../common/playbooks/plus_converge.yml converge: ../common/playbooks/plus_converge.yml
verify: ../common/playbooks/plus_verify.yml verify: ../common/playbooks/plus_verify.yml

1
molecule/plus_alpine/molecule.yml
View File

@ -30,5 +30,6 @@ platforms:
provisioner: provisioner:
name: ansible name: ansible
playbooks: playbooks:
prepare: ../common/playbooks/plus_prepare.yml
converge: ../common/playbooks/plus_converge.yml converge: ../common/playbooks/plus_converge.yml
verify: ../common/playbooks/plus_verify.yml verify: ../common/playbooks/plus_verify.yml

1
molecule/plus_centos/molecule.yml
View File

@ -30,5 +30,6 @@ platforms:
provisioner: provisioner:
name: ansible name: ansible
playbooks: playbooks:
prepare: ../common/playbooks/plus_prepare.yml
converge: ../common/playbooks/plus_converge.yml converge: ../common/playbooks/plus_converge.yml
verify: ../common/playbooks/plus_verify.yml verify: ../common/playbooks/plus_verify.yml

3
tasks/plus/install-debian.yml
View File

@ -15,7 +15,7 @@
apt_repository: apt_repository:
filename: nginx-plus filename: nginx-plus
repo: "{{ repository }}" repo: "{{ repository }}"
update_cache: yes update_cache: no
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default ('present') }}"
mode: 0644 mode: 0644
@ -23,4 +23,5 @@
apt: apt:
name: "nginx-plus{{ nginx_version | default('') }}" name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
update_cache: yes
notify: (Handler) Run NGINX notify: (Handler) Run NGINX

1
templates/http/api.conf.j2
View File

@ -1,3 +1,4 @@
{# DEPRECATED #}
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
server { server {

1
templates/http/default.conf.j2
View File

@ -1,3 +1,4 @@
{# DEPRECATED #}
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
{% if item.value.upstreams is defined and item.value.upstreams %} {% if item.value.upstreams is defined and item.value.upstreams %}

1
templates/http/status.conf.j2
View File

@ -1,3 +1,4 @@
{# DEPRECATED #}
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
server { server {

1
templates/nginx.conf.j2
View File

@ -1,3 +1,4 @@
{# DEPRECATED #}
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
user {{ nginx_main_template.user }}; user {{ nginx_main_template.user }};

1
templates/stream/default.conf.j2
View File

@ -1,3 +1,4 @@
{# DEPRECATED #}
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
{% if item.value.upstreams is defined %} {% if item.value.upstreams is defined %}

1
templates/www/index.html.j2
View File

@ -1,3 +1,4 @@
<!-- DEPRECATED -->
<!-- {{ ansible_managed }} --> <!-- {{ ansible_managed }} -->
<!DOCTYPE html> <!DOCTYPE html>

26
vars/main.yml
View File

@ -34,21 +34,15 @@ nginx_default_repository:
# Default NGINX Plus repositories # Default NGINX Plus repositories
nginx_plus_default_repository: nginx_plus_default_repository:
alpine: >- alpine: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main amazon: "https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch"
amazon: >- debian: "deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus"
https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '==')) freebsd: "https://plus-pkgs.nginx.com/freebsd/${ABI}/latest"
| ternary('2', '') }}/$releasever/$basearch redhat: "https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == 'CentOS')
debian: >- | ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/"
freebsd: >- suse: "https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}\
https://plus-pkgs.nginx.com/freebsd/${ABI}/latest ?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host"
redhat: >-
https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == "CentOS")
| ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/
suse: >-
https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host
# Alpine dependencies # Alpine dependencies
nginx_alpine_dependencies: [ nginx_alpine_dependencies: [
@ -72,7 +66,7 @@ nginx_sles_dependencies: [
# FreeBSD dependencies # FreeBSD dependencies
nginx_freebsd_dependencies: [ nginx_freebsd_dependencies: [
'security/ca_root_nss' 'security/ca_root_nss',
] ]
# Default locations and versions when 'nginx_install_from' is set to 'source' # Default locations and versions when 'nginx_install_from' is set to 'source'