Add NGINX Plus tests to TravisCI (#327)

2020-09-20 12:15:28 +02:00 · 2020-09-20 12:15:28 +02:00 · 9760f98f05
commit 9760f98f05
parent 2ca5ce87b5
19 changed files with 73 additions and 32 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -24,6 +24,15 @@ jobs:
    - name: (CentOS) Cleanup config and try to install modules
      env:
        scenario: module_centos
+    - name: (Debian/Ubuntu) Install NGINX Plus
+      env:
+        scenario: plus
+    - name: (Alpine Linux) Install NGINX Plus
+      env:
+        scenario: plus_alpine
+    - name: (CentOS) Install NGINX Plus
+      env:
+        scenario: plus_centos
    - name: (Debian/Ubuntu) Install stable branch and push a config
      env:
        scenario: stable_push
@ -73,6 +82,5 @@ install:
  - pip install docker==4.3.1
 script:
  - travis_wait 50 molecule test -s $scenario
-
 notifications:
  webhooks: https://galaxy.ansible.com/api/v1/notifications/
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,6 @@
 # Changelog

-## 0.17.0 (September 19, 2020)
+## 0.17.0 (September 20, 2020)

 BREAKING CHANGES:

@ -16,10 +16,12 @@ FEATURES:
 *   Three new tags have been introduced -- `nginx_setup_license`, `nginx_install` and `nginx_check_support`.
 *   Add Alpine 3.12 to the list of supported platforms.
 *   Remove Alpine 3.8 from the list of supported platforms.
+*   Add NGINX Plus tests to TravisCI

 ENHANCEMENTS:

 *   Added handlers to check for NGINX syntax validity and fail if any errors are detected.
+*   Switch to using `ansible_facts` wherever possible.
 *   Major backend refactoring to reduce the number of files and tasks.
 *   You can now specify an `nginx_repository` for NGINX Plus too.
 *   Moved "constant" variables to `vars/main.yml`.
--- a/README.md
+++ b/README.md
@ -181,6 +181,7 @@ Working functional playbook examples can be found in the **`molecule/common/`**

 -   **[molecule/common/playbooks/default_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/default_converge.yml):** Install a specific version of NGINX and set up logrotate
 -   **[molecule/common/playbooks/module_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/module_converge.yml):** Install various NGINX supported modules
+-   **[molecule/common/playbooks/plus_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/plus_converge.yml):** Install NGINX Plus and various NGINX Plus supported modules
 -   **[molecule/common/playbooks/source_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/source_converge.yml):** Install NGINX from source
 -   **[molecule/common/playbooks/stable_push_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/stable_push_converge.yml):** Install NGINX using the stable branch and push a preexisting config from your system to your NGINX instance
 -   **[molecule/common/playbooks/template_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/template_converge.yml):** Use the NGINX configuration templating variables to create an NGINX configuration file
--- a/defaults/main/main.yml
+++ b/defaults/main/main.yml
@ -26,8 +26,8 @@ nginx_debug_output: false
 # Default is 'opensource'.
 nginx_type: opensource

-# Specify which version of NGINX you want to install.
-# Default is empty.
+# (Optional) Specify which version of NGINX you want to install.
+# Default is to install the latest release.
 # nginx_version: "=19-1~bionic"
 # For NGINX Plus and modules you'll need a wilcard like below (which installs plus-20 and modules)
 # nginx_version: "-20*"
@ -57,11 +57,11 @@ nginx_install_source_pcre: false
 nginx_install_source_openssl: true
 nginx_install_source_zlib: false

-# Choose where to fetch the NGINX signing key from.
+# (Optional) Choose where to fetch the NGINX signing key from.
 # Default is the official NGINX signing key host.
 # nginx_signing_key: http://nginx.org/keys/nginx_signing.key

-# Specify repository for NGINX Open Source or NGINX Plus.
+# (Optional) Specify repository for NGINX Open Source or NGINX Plus.
 # Only works if 'install_from' is set to 'nginx_repository' when installing NGINX Open Source.
 # Defaults are the official NGINX repositories.
 # nginx_repository: deb [arch=amd64] https://nginx.org/packages/mainline/debian/ buster nginx
@ -83,8 +83,8 @@ nginx_license:
 nginx_setup_license: true

 # Remove NGINX Plus license and repository after installation for security purposes.
-# Default is false.
-nginx_remove_license: false
+# Default is true.
+nginx_remove_license: true

 # Install NGINX Modules.
 # You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked).
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,4 +1,8 @@
 ---
+- name: (Handler) Systemd daemon-reload
+  systemd:
+    daemon_reload: yes
+
 - name: (Handler) Check NGINX
  command: nginx -t
  register: config
@ -12,10 +16,6 @@
  when: config.rc != 0
  listen: (Handler) Run NGINX

- name: (Handler) Systemd daemon-reload
-  systemd:
-    daemon_reload: yes
-
 - name: (Handler) Start/Reload NGINX
  service:
    name: nginx
@ -24,7 +24,7 @@
  when:
    - nginx_start | bool
    - not ansible_check_mode | bool
-  listen: "(Handler) Run NGINX"
+  listen: (Handler) Run NGINX

 - name: (Handler) Start NGINX Amplify agent
  service:
--- a/molecule/common/playbooks/plus_converge.yml
+++ b/molecule/common/playbooks/plus_converge.yml
@ -8,8 +8,9 @@
      vars:
        nginx_type: plus
        nginx_license:
-          certificate: ../../ansible-role-nginx/files/license/nginx-repo.crt
-          key: ../../ansible-role-nginx/files/license/nginx-repo.key
+          certificate: license/nginx-repo.crt
+          key: license/nginx-repo.key
+        nginx_remove_license: false
        nginx_modules:
          - auth-spnego
          - brotli
--- a/molecule/common/playbooks/plus_prepare.yml
+++ b/molecule/common/playbooks/plus_prepare.yml
@ -0,0 +1,18 @@
+---
+- name: Prepare
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Create ephemeral license certificate file from b64 decoded env var
+      copy:
+        content: "{{ lookup('env','NGINX_CRT') | b64decode }}"
+        dest: ../../../files/license/nginx-repo.crt
+        force: no
+        mode: 0444
+
+    - name: Create ephemeral license key file from b64 decoded env var
+      copy:
+        content: "{{ lookup('env','NGINX_KEY') | b64decode }}"
+        dest: ../../../files/license/nginx-repo.key
+        force: no
+        mode: 0444
--- a/molecule/common/playbooks/plus_verify.yml
+++ b/molecule/common/playbooks/plus_verify.yml
@ -2,6 +2,13 @@
 - name: Verify
  hosts: all
  tasks:
+    - name: Check if NGINX is installed
+      package:
+        name: nginx-plus
+      check_mode: yes
+      register: install
+      failed_when: (install is changed) or (install is failed)
+
    - name: Check if NGINX service is running
      service:
        name: nginx
--- a/molecule/plus/molecule.yml
+++ b/molecule/plus/molecule.yml
@ -44,5 +44,6 @@ platforms:
 provisioner:
  name: ansible
  playbooks:
+    prepare: ../common/playbooks/plus_prepare.yml
    converge: ../common/playbooks/plus_converge.yml
    verify: ../common/playbooks/plus_verify.yml
--- a/molecule/plus_alpine/molecule.yml
+++ b/molecule/plus_alpine/molecule.yml
@ -30,5 +30,6 @@ platforms:
 provisioner:
  name: ansible
  playbooks:
+    prepare: ../common/playbooks/plus_prepare.yml
    converge: ../common/playbooks/plus_converge.yml
    verify: ../common/playbooks/plus_verify.yml
--- a/molecule/plus_centos/molecule.yml
+++ b/molecule/plus_centos/molecule.yml
@ -30,5 +30,6 @@ platforms:
 provisioner:
  name: ansible
  playbooks:
+    prepare: ../common/playbooks/plus_prepare.yml
    converge: ../common/playbooks/plus_converge.yml
    verify: ../common/playbooks/plus_verify.yml
--- a/tasks/plus/install-debian.yml
+++ b/tasks/plus/install-debian.yml
@ -15,7 +15,7 @@
  apt_repository:
    filename: nginx-plus
    repo: "{{ repository }}"
-    update_cache: yes
+    update_cache: no
    state: "{{ nginx_license_status | default ('present') }}"
    mode: 0644

@ -23,4 +23,5 @@
  apt:
    name: "nginx-plus{{ nginx_version | default('') }}"
    state: "{{ nginx_state }}"
+    update_cache: yes
  notify: (Handler) Run NGINX
--- a/templates/http/api.conf.j2
+++ b/templates/http/api.conf.j2
@ -1,3 +1,4 @@
+{# DEPRECATED #}
 {{ ansible_managed | comment }}

 server {
--- a/templates/http/default.conf.j2
+++ b/templates/http/default.conf.j2
@ -1,3 +1,4 @@
+{# DEPRECATED #}
 {{ ansible_managed | comment }}

 {% if item.value.upstreams is defined and item.value.upstreams %}
--- a/templates/http/status.conf.j2
+++ b/templates/http/status.conf.j2
@ -1,3 +1,4 @@
+{# DEPRECATED #}
 {{ ansible_managed | comment }}

 server {
--- a/templates/nginx.conf.j2
+++ b/templates/nginx.conf.j2
@ -1,3 +1,4 @@
+{# DEPRECATED #}
 {{ ansible_managed | comment }}

 user  {{ nginx_main_template.user }};
--- a/templates/stream/default.conf.j2
+++ b/templates/stream/default.conf.j2
@ -1,3 +1,4 @@
+{# DEPRECATED #}
 {{ ansible_managed | comment }}

 {% if item.value.upstreams is defined %}
--- a/templates/www/index.html.j2
+++ b/templates/www/index.html.j2
@ -1,3 +1,4 @@
+<!-- DEPRECATED -->
 <!-- {{ ansible_managed }} -->

 <!DOCTYPE html>
--- a/vars/main.yml
+++ b/vars/main.yml
@ -34,21 +34,15 @@ nginx_default_repository:

 # Default NGINX Plus repositories
 nginx_plus_default_repository:
-  alpine: >-
-    https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main
-  amazon: >-
-    https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '=='))
-    | ternary('2', '') }}/$releasever/$basearch
-  debian: >-
-    deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus
-  freebsd: >-
-    https://plus-pkgs.nginx.com/freebsd/${ABI}/latest
-  redhat: >-
-    https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == "CentOS")
-    | ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
-    and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/
-  suse: >-
-    https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host
+  alpine: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
+  amazon: "https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch"
+  debian: "deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus"
+  freebsd: "https://plus-pkgs.nginx.com/freebsd/${ABI}/latest"
+  redhat: "https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == 'CentOS')
+          | ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
+          and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/"
+  suse: "https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}\
+        ?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host"

 # Alpine dependencies
 nginx_alpine_dependencies: [
@ -72,7 +66,7 @@ nginx_sles_dependencies: [

 # FreeBSD dependencies
 nginx_freebsd_dependencies: [
-  'security/ca_root_nss'
+  'security/ca_root_nss',
 ]

 # Default locations and versions when 'nginx_install_from' is set to 'source'