Refactor modules (#315)

This commit is contained in:
Alessandro Fael Garcia 2020-09-08 00:44:54 +02:00 committed by GitHub
parent d12c3c5c71
commit 9b9b3e8dd3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 102 additions and 225 deletions

View File

@ -1,10 +1,20 @@
# Changelog
## 0.16.1 (Unreleased)
## 0.17.0 (Unreleased)
BREAKING CHANGES:
* The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/master/vars/main.yml).
* Modules can no longer be added to your NGINX config using this role. Please use the [`nginx_config`](https://github.com/nginxinc/ansible-role-nginx-config) role instead.
ENHANCEMENTS:
* Update Ansible to `2.9.13` and Ansible Lint to `4.3.4`.
BUG FIXES:
* NGINX Plus repository data for RedHat based distros is now appropriately set.
## 0.16.0 (August 28, 2020)
BREAKING CHANGES:

View File

@ -198,6 +198,10 @@ This role has multiple variables. The descriptions and defaults for all these va
- **[defaults/main/bsd.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/defaults/main/bsd.yml):** BSD installation variables
- **[defaults/main/unit.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/defaults/main/unit.yml):** NGINX Unit installation variables
Similarly, descriptions and defaults for preset variables can be found in the **`vars`** directory:
- **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/vars/main.yml):** NGINX supported modules
Example Playbooks
-----------------

View File

@ -81,16 +81,28 @@ nginx_license:
# Default is false.
nginx_delete_license: false
# Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming (NGINX Plus only), and/or XSLT modules.
# Default is false.
nginx_modules:
njs: false
perl: false
waf: false
geoip: false
image_filter: false
rtmp: false
xslt: false
# Install NGINX Modules.
# You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked).
# Default is no modules.
nginx_modules: []
# - auth-spnego # NGINX Plus
# - brotli # NGINX Plus
# - cookie-flag # NGINX Plus
# - encrypted-session # NGINX Plus
# - geoip
# - geoip2 # NGINX Plus
# - headers-more # NGINX Plus
# - image-filter
# - lua # NGINX Plus
# - njs
# - opentracing # NGINX Plus
# - passenger # NGINX Plus
# - perl # NGINX Plus
# - prometheus # NGINX Plus
# - rtmp
# - subs-filter # NGINX Plus
# - waf # NGINX Plus
# - xslt
# Remove previously existing NGINX configuration files.
# You can specify a list of paths you wish to remove.

View File

@ -24,10 +24,9 @@
- /etc/nginx/conf.d/default.conf
nginx_modules:
njs: true
perl: true
waf: false
geoip: true
image_filter: true
rtmp: true
xslt: true
- brotli
- geoip
- image-filter
- njs
- perl
- xslt

View File

@ -31,7 +31,9 @@
- name: "(Install: All OSs) Install NGINX Modules"
include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml"
when: true in nginx_modules.values()
when:
- nginx_modules is defined
- nginx_modules | length > 0
tags: nginx_install_modules
- name: "(Install: All OSs) Delete NGINX Plus License"

View File

@ -1,28 +0,0 @@
---
- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies"
yum:
name: epel-release
when: ansible_distribution == "CentOS"
- name: "(Install: All OSs) Install NGINX Open Source GeoIP Module"
package:
name: "nginx-module-geoip{{ nginx_version | default('') }}"
state: present
when: nginx_type == "opensource"
- name: "(Install: All OSs) Install NGINX Plus GeoIP Module"
package:
name: "nginx-plus-module-geoip{{ nginx_version | default('') }}"
state: present
when: nginx_type == "plus"
- name: "(Setup: All NGINX) Load NGINX GeoIP Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: "{{ item }}"
loop:
- load_module modules/ngx_http_geoip_module.so;
- load_module modules/ngx_stream_geoip_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -1,20 +0,0 @@
---
- name: "(Install: All OSs) Install NGINX Open Source Image Filter Module"
package:
name: "nginx-module-image-filter{{ nginx_version | default('') }}"
state: present
when: nginx_type == "opensource"
- name: "(Install: All OSs) Install NGINX Plus Image Filter Module"
package:
name: "nginx-plus-module-image-filter{{ nginx_version | default('') }}"
state: present
when: nginx_type == "plus"
- name: "(Setup: All NGINX) Load NGINX Image Filter Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_image_filter_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -1,35 +1,32 @@
---
- name: "(Install: All OSs) Install NGINX JavaScript Module"
include_tasks: "{{ role_path }}/tasks/modules/install-njs.yml"
when: nginx_modules.njs | default(false)
- name: "(Install: All OSs) Install NGINX Perl Module"
include_tasks: "{{ role_path }}/tasks/modules/install-perl.yml"
when: nginx_modules.perl | default(false)
- name: "(Install: All OSs) Install NGINX GeoIP Module"
include_tasks: "{{ role_path }}/tasks/modules/install-geoip.yml"
- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies"
yum:
name: epel-release
when:
- nginx_modules.geoip | default(false)
- ansible_os_family != "RedHat"
- ansible_distribution_major_version != "8"
- ansible_distribution == "CentOS"
- '"geoip" in nginx_modules'
- name: "(Install: All OSs) Install NGINX Image Filter Module"
include_tasks: "{{ role_path }}/tasks/modules/install-image-filter.yml"
when: nginx_modules.image_filter | default(false)
- name: "(Install: All OSs) Install NGINX RTMP Module"
include_tasks: "{{ role_path }}/tasks/modules/install-rtmp.yml"
- name: "(Install: All OSs) Install NGINX Modules"
package:
name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item }}{{ nginx_version | default('') }}"
state: present
loop: "{{ nginx_modules }}"
when:
- nginx_modules.rtmp | default(false)
- nginx_type == "plus"
- name: "(Install: All OSs) Install NGINX XSLT Module"
include_tasks: "{{ role_path }}/tasks/modules/install-xslt.yml"
when: nginx_modules.xslt | default(false)
- name: "(Install: All OSs) Install NGINX WAF Module"
include_tasks: "{{ role_path }}/tasks/modules/install-waf.yml"
when:
- nginx_modules.waf | default(false)
- nginx_type == "plus"
- (item in nginx_modules_list and nginx_type == 'opensource')
or (item in nginx_plus_modules_list and nginx_type == 'plus')
- not (item == "auth-spnego")
or not (ansible_os_family == "Alpine" and (ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') == "3.8"))
- not (item == "geoip")
or not ((ansible_os_family == "RedHat" and ansible_distribution_major_version == "8")
or (ansible_os_family == "FreeBSD"))
- not (item == "brotli")
or not ((ansible_os_family == "Alpine")
or (ansible_os_family == "RedHat" and ansible_distribution_major_version < "8")
or (ansible_os_family == "Debian" and ansible_distribution_major_version == "9")
or (ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
or (ansible_distribution == "Amazon")
or (ansible_distribution == "OracleLinux"))
- not (item == "geoip2") or not (ansible_os_family == "Suse")
- not (item == "opentracing")
or not ((ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
or (ansible_os_family == "RedHat" and ansible_distribution_major_version == "6"))

View File

@ -1,23 +0,0 @@
---
- name: "(Install: All OSs) Install NGINX Open Source JavaScript Module"
package:
name: "nginx-module-njs{{ nginx_version | default('') }}"
state: present
when: nginx_type == "opensource"
- name: "(Install: All OSs) Install NGINX Plus JavaScript Module"
package:
name: "nginx-plus-module-njs{{ nginx_version | default('') }}"
state: present
when: nginx_type == "plus"
- name: "(Setup: All NGINX) Load NGINX JavaScript Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: "{{ item }}"
loop:
- load_module modules/ngx_http_js_module.so;
- load_module modules/ngx_stream_js_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -1,25 +0,0 @@
---
- name: "(Install: All OSs) Install Perl Dependency"
package:
name: perl
state: present
- name: "(Install: All OSs) Install NGINX Open Source Perl Module"
package:
name: "nginx-module-perl{{ nginx_version | default('') }}"
state: present
when: nginx_type == "opensource"
- name: "(Install: All OSs) Install NGINX Plus Perl Module"
package:
name: "nginx-plus-module-perl{{ nginx_version | default('') }}"
state: present
when: nginx_type == "plus"
- name: "(Setup: All NGINX) Load NGINX Perl Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_perl_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -1,13 +0,0 @@
---
- name: "(Install: All OSs) Install NGINX Plus RTMP Module"
package:
name: "nginx-plus-module-rtmp{{ nginx_version | default('') }}"
state: present
- name: "(Setup: All NGINX) Load NGINX RTMP Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_rtmp_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -1,13 +0,0 @@
---
- name: "(Install: All OSs) Install NGINX Plus WAF Module"
package:
name: "nginx-plus-module-modsecurity{{ nginx_version | default('') }}"
state: present
- name: "(Setup: NGINX Plus) Load NGINX Plus WAF Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_modsecurity_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -1,20 +0,0 @@
---
- name: "(Install: All OSs) Install NGINX Open Source XSLT Module"
package:
name: "nginx-module-xslt{{ nginx_version | default('') }}"
state: present
when: nginx_type == "opensource"
- name: "(Install: All OSs) Install NGINX Plus XSLT Module"
package:
name: "nginx-plus-module-xslt{{ nginx_version | default('') }}"
state: present
when: nginx_type == "plus"
- name: "(Setup: All NGINX) Load NGINX XSLT Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_xslt_filter_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -4,7 +4,7 @@
name: nginx-plus
baseurl: >-
https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0)
| ternary(ansible_distribution_major_version | int, 7.4) }}/$basearch/
| ternary('7.4', ansible_distribution_major_version | int) }}/$basearch/
description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
sslclientkey: /etc/ssl/nginx/nginx-repo.key
@ -18,7 +18,7 @@
yum_repository:
name: nginx-plus
baseurl: >-
https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == "2")
https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == '2')
| ternary('2', '') }}/$releasever/$basearch
description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt

View File

@ -1,36 +1,5 @@
{{ ansible_managed | comment }}
{% if nginx_modules.njs %}
{% if nginx_http_template_enable %}
load_module modules/ngx_http_js_module.so;
{% endif %}
{% if nginx_stream_template_enable %}
load_module modules/ngx_stream_js_module.so;
{% endif %}
{% endif %}
{% if nginx_modules.perl %}
load_module modules/ngx_http_perl_module.so;
{% endif %}
{% if nginx_modules.geoip %}
{% if nginx_http_template_enable %}
load_module modules/ngx_http_geoip_module.so;
{% endif %}
{% if nginx_stream_template_enable %}
load_module modules/ngx_stream_geoip_module.so;
{% endif %}
{% endif %}
{% if nginx_modules.image_filter %}
load_module modules/ngx_http_image_filter_module.so;
{% endif %}
{% if nginx_modules.rtmp and nginx_type == "plus" %}
load_module modules/ngx_rtmp_module.so;
{% endif %}
{% if nginx_modules.xslt %}
load_module modules/ngx_http_xslt_filter_module.so;
{% endif %}
{% if nginx_modules.waf and nginx_type == "plus" %}
load_module modules/ngx_http_modsecurity_module.so;
{% endif %}
user {{ nginx_main_template.user }};
worker_processes {{ nginx_main_template.worker_processes }};

View File

@ -1 +1,27 @@
---
nginx_modules_list:
- geoip
- image-filter
- njs
- perl
- xslt
nginx_plus_modules_list:
- auth-spnego
- brotli
- cookie-flag
- encrypted-session
- geoip
- geoip2
- headers-more
- image-filter
- lua
- modsecurity
- njs
- opentracing
- passenger
- perl
- prometheus
- rtmp
- subs-filter
- xslt