Refactor modules (#315)

CHANGELOG.md

@@ -1,10 +1,20 @@
 # Changelog
 
-## 0.16.1 (Unreleased)
+## 0.17.0 (Unreleased)
+
+BREAKING CHANGES:
+
+*   The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/master/vars/main.yml).
+*   Modules can no longer be added to your NGINX config using this role. Please use the [`nginx_config`](https://github.com/nginxinc/ansible-role-nginx-config) role instead.
 
 ENHANCEMENTS:
+
 *   Update Ansible to `2.9.13` and Ansible Lint to `4.3.4`.
 
+BUG FIXES:
+
+*   NGINX Plus repository data for RedHat based distros is now appropriately set.
+
 ## 0.16.0 (August 28, 2020)
 
 BREAKING CHANGES:

README.md

@@ -198,6 +198,10 @@ This role has multiple variables. The descriptions and defaults for all these va
 -   **[defaults/main/bsd.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/defaults/main/bsd.yml):** BSD installation variables
 -   **[defaults/main/unit.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/defaults/main/unit.yml):** NGINX Unit installation variables
 
+Similarly, descriptions and defaults for preset variables can be found in the **`vars`** directory:
+
+-   **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/vars/main.yml):** NGINX supported modules
+
 Example Playbooks
 -----------------
 

defaults/main/main.yml

@@ -81,16 +81,28 @@ nginx_license:
 # Default is false.
 nginx_delete_license: false
 
-# Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming (NGINX Plus only), and/or XSLT modules.
-# Default is false.
-nginx_modules:
-  njs: false
-  perl: false
-  waf: false
-  geoip: false
-  image_filter: false
-  rtmp: false
-  xslt: false
+# Install NGINX Modules.
+# You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked).
+# Default is no modules.
+nginx_modules: []
+  # - auth-spnego  # NGINX Plus
+  # - brotli  # NGINX Plus
+  # - cookie-flag  # NGINX Plus
+  # - encrypted-session  # NGINX Plus
+  # - geoip
+  # - geoip2  # NGINX Plus
+  # - headers-more  # NGINX Plus
+  # - image-filter
+  # - lua  # NGINX Plus
+  # - njs
+  # - opentracing  # NGINX Plus
+  # - passenger  # NGINX Plus
+  # - perl  # NGINX Plus
+  # - prometheus  # NGINX Plus
+  # - rtmp
+  # - subs-filter  # NGINX Plus
+  # - waf  # NGINX Plus
+  # - xslt
 
 # Remove previously existing NGINX configuration files.
 # You can specify a list of paths you wish to remove.

molecule/common/playbooks/module_converge.yml

@@ -24,10 +24,9 @@
           - /etc/nginx/conf.d/default.conf
 
         nginx_modules:
-          njs: true
-          perl: true
-          waf: false
-          geoip: true
-          image_filter: true
-          rtmp: true
-          xslt: true
+          - brotli
+          - geoip
+          - image-filter
+          - njs
+          - perl
+          - xslt

tasks/main.yml

@@ -31,7 +31,9 @@
 
         - name: "(Install: All OSs) Install NGINX Modules"
           include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml"
-          when: true in nginx_modules.values()
+          when:
+            - nginx_modules is defined
+            - nginx_modules | length > 0
           tags: nginx_install_modules
 
         - name: "(Install: All OSs) Delete NGINX Plus License"

tasks/modules/install-geoip.yml

@@ -1,28 +0,0 @@
----
-- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies"
-  yum:
-    name: epel-release
-  when: ansible_distribution == "CentOS"
-
-- name: "(Install: All OSs) Install NGINX Open Source GeoIP Module"
-  package:
-    name: "nginx-module-geoip{{ nginx_version | default('') }}"
-    state: present
-  when: nginx_type == "opensource"
-
-- name: "(Install: All OSs) Install NGINX Plus GeoIP Module"
-  package:
-    name: "nginx-plus-module-geoip{{ nginx_version | default('') }}"
-    state: present
-  when: nginx_type == "plus"
-
-- name: "(Setup: All NGINX) Load NGINX GeoIP Module"
-  lineinfile:
-    path: /etc/nginx/nginx.conf
-    insertbefore: BOF
-    line: "{{ item }}"
-  loop:
-    - load_module modules/ngx_http_geoip_module.so;
-    - load_module modules/ngx_stream_geoip_module.so;
-  when: not nginx_main_template_enable | bool
-  notify: "(Handler: All OSs) Reload NGINX"

tasks/modules/install-image-filter.yml

@@ -1,20 +0,0 @@
----
-- name: "(Install: All OSs) Install NGINX Open Source Image Filter Module"
-  package:
-    name: "nginx-module-image-filter{{ nginx_version | default('') }}"
-    state: present
-  when: nginx_type == "opensource"
-
-- name: "(Install: All OSs) Install NGINX Plus Image Filter Module"
-  package:
-    name: "nginx-plus-module-image-filter{{ nginx_version | default('') }}"
-    state: present
-  when: nginx_type == "plus"
-
-- name: "(Setup: All NGINX) Load NGINX Image Filter Module"
-  lineinfile:
-    path: /etc/nginx/nginx.conf
-    insertbefore: BOF
-    line: load_module modules/ngx_http_image_filter_module.so;
-  when: not nginx_main_template_enable | bool
-  notify: "(Handler: All OSs) Reload NGINX"

tasks/modules/install-modules.yml

@@ -1,35 +1,32 @@
 ---
-- name: "(Install: All OSs) Install NGINX JavaScript Module"
-  include_tasks: "{{ role_path }}/tasks/modules/install-njs.yml"
-  when: nginx_modules.njs | default(false)
-
-- name: "(Install: All OSs) Install NGINX Perl Module"
-  include_tasks: "{{ role_path }}/tasks/modules/install-perl.yml"
-  when: nginx_modules.perl | default(false)
-
-- name: "(Install: All OSs) Install NGINX GeoIP Module"
-  include_tasks: "{{ role_path }}/tasks/modules/install-geoip.yml"
+- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies"
+  yum:
+    name: epel-release
   when:
-    - nginx_modules.geoip | default(false)
-    - ansible_os_family != "RedHat"
-    - ansible_distribution_major_version != "8"
+    - ansible_distribution == "CentOS"
+    - '"geoip" in nginx_modules'
 
-- name: "(Install: All OSs) Install NGINX Image Filter Module"
-  include_tasks: "{{ role_path }}/tasks/modules/install-image-filter.yml"
-  when: nginx_modules.image_filter | default(false)
-
-- name: "(Install: All OSs) Install NGINX RTMP Module"
-  include_tasks: "{{ role_path }}/tasks/modules/install-rtmp.yml"
+- name: "(Install: All OSs) Install NGINX Modules"
+  package:
+    name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item }}{{ nginx_version | default('') }}"
+    state: present
+  loop: "{{ nginx_modules }}"
   when:
-    - nginx_modules.rtmp | default(false)
-    - nginx_type == "plus"
-
-- name: "(Install: All OSs) Install NGINX XSLT Module"
-  include_tasks: "{{ role_path }}/tasks/modules/install-xslt.yml"
-  when: nginx_modules.xslt | default(false)
-
-- name: "(Install: All OSs) Install NGINX WAF Module"
-  include_tasks: "{{ role_path }}/tasks/modules/install-waf.yml"
-  when:
-    - nginx_modules.waf | default(false)
-    - nginx_type == "plus"
+    - (item in nginx_modules_list and nginx_type == 'opensource')
+      or (item in nginx_plus_modules_list and nginx_type == 'plus')
+    - not (item == "auth-spnego")
+      or not (ansible_os_family == "Alpine" and (ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') == "3.8"))
+    - not (item == "geoip")
+      or not ((ansible_os_family == "RedHat" and ansible_distribution_major_version == "8")
+      or (ansible_os_family == "FreeBSD"))
+    - not (item == "brotli")
+      or not ((ansible_os_family == "Alpine")
+      or (ansible_os_family == "RedHat" and ansible_distribution_major_version < "8")
+      or (ansible_os_family == "Debian" and ansible_distribution_major_version == "9")
+      or (ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
+      or (ansible_distribution == "Amazon")
+      or (ansible_distribution == "OracleLinux"))
+    - not (item == "geoip2") or not (ansible_os_family == "Suse")
+    - not (item == "opentracing")
+      or not ((ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
+      or (ansible_os_family == "RedHat" and ansible_distribution_major_version == "6"))

tasks/modules/install-njs.yml

@@ -1,23 +0,0 @@
----
-- name: "(Install: All OSs) Install NGINX Open Source JavaScript Module"
-  package:
-    name: "nginx-module-njs{{ nginx_version | default('') }}"
-    state: present
-  when: nginx_type == "opensource"
-
-- name: "(Install: All OSs) Install NGINX Plus JavaScript Module"
-  package:
-    name: "nginx-plus-module-njs{{ nginx_version | default('') }}"
-    state: present
-  when: nginx_type == "plus"
-
-- name: "(Setup: All NGINX) Load NGINX JavaScript Module"
-  lineinfile:
-    path: /etc/nginx/nginx.conf
-    insertbefore: BOF
-    line: "{{ item }}"
-  loop:
-    - load_module modules/ngx_http_js_module.so;
-    - load_module modules/ngx_stream_js_module.so;
-  when: not nginx_main_template_enable | bool
-  notify: "(Handler: All OSs) Reload NGINX"

tasks/modules/install-perl.yml

@@ -1,25 +0,0 @@
----
-- name: "(Install: All OSs) Install Perl Dependency"
-  package:
-    name: perl
-    state: present
-
-- name: "(Install: All OSs) Install NGINX Open Source Perl Module"
-  package:
-    name: "nginx-module-perl{{ nginx_version | default('') }}"
-    state: present
-  when: nginx_type == "opensource"
-
-- name: "(Install: All OSs) Install NGINX Plus Perl Module"
-  package:
-    name: "nginx-plus-module-perl{{ nginx_version | default('') }}"
-    state: present
-  when: nginx_type == "plus"
-
-- name: "(Setup: All NGINX) Load NGINX Perl Module"
-  lineinfile:
-    path: /etc/nginx/nginx.conf
-    insertbefore: BOF
-    line: load_module modules/ngx_http_perl_module.so;
-  when: not nginx_main_template_enable | bool
-  notify: "(Handler: All OSs) Reload NGINX"

tasks/modules/install-rtmp.yml

@@ -1,13 +0,0 @@
----
-- name: "(Install: All OSs) Install NGINX Plus RTMP Module"
-  package:
-    name: "nginx-plus-module-rtmp{{ nginx_version | default('') }}"
-    state: present
-
-- name: "(Setup: All NGINX) Load NGINX RTMP Module"
-  lineinfile:
-    path: /etc/nginx/nginx.conf
-    insertbefore: BOF
-    line: load_module modules/ngx_rtmp_module.so;
-  when: not nginx_main_template_enable | bool
-  notify: "(Handler: All OSs) Reload NGINX"

tasks/modules/install-waf.yml

@@ -1,13 +0,0 @@
----
-- name: "(Install: All OSs) Install NGINX Plus WAF Module"
-  package:
-    name: "nginx-plus-module-modsecurity{{ nginx_version | default('') }}"
-    state: present
-
-- name: "(Setup: NGINX Plus) Load NGINX Plus WAF Module"
-  lineinfile:
-    path: /etc/nginx/nginx.conf
-    insertbefore: BOF
-    line: load_module modules/ngx_http_modsecurity_module.so;
-  when: not nginx_main_template_enable | bool
-  notify: "(Handler: All OSs) Reload NGINX"

tasks/modules/install-xslt.yml

@@ -1,20 +0,0 @@
----
-- name: "(Install: All OSs) Install NGINX Open Source XSLT Module"
-  package:
-    name: "nginx-module-xslt{{ nginx_version | default('') }}"
-    state: present
-  when: nginx_type == "opensource"
-
-- name: "(Install: All OSs) Install NGINX Plus XSLT Module"
-  package:
-    name: "nginx-plus-module-xslt{{ nginx_version | default('') }}"
-    state: present
-  when: nginx_type == "plus"
-
-- name: "(Setup: All NGINX) Load NGINX XSLT Module"
-  lineinfile:
-    path: /etc/nginx/nginx.conf
-    insertbefore: BOF
-    line: load_module modules/ngx_http_xslt_filter_module.so;
-  when: not nginx_main_template_enable | bool
-  notify: "(Handler: All OSs) Reload NGINX"

tasks/plus/setup-redhat.yml

@@ -4,7 +4,7 @@
     name: nginx-plus
     baseurl: >-
       https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0)
-      | ternary(ansible_distribution_major_version | int, 7.4) }}/$basearch/
+      | ternary('7.4', ansible_distribution_major_version | int) }}/$basearch/
     description: NGINX Plus Repository
     sslclientcert: /etc/ssl/nginx/nginx-repo.crt
     sslclientkey: /etc/ssl/nginx/nginx-repo.key
@@ -18,7 +18,7 @@
   yum_repository:
     name: nginx-plus
     baseurl: >-
-      https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == "2")
+      https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == '2')
       | ternary('2', '') }}/$releasever/$basearch
     description: NGINX Plus Repository
     sslclientcert: /etc/ssl/nginx/nginx-repo.crt

templates/nginx.conf.j2

@@ -1,36 +1,5 @@
 {{ ansible_managed | comment }}
 
-{% if nginx_modules.njs %}
-{% if nginx_http_template_enable %}
-load_module modules/ngx_http_js_module.so;
-{% endif %}
-{% if nginx_stream_template_enable %}
-load_module modules/ngx_stream_js_module.so;
-{% endif %}
-{% endif %}
-{% if nginx_modules.perl %}
-load_module modules/ngx_http_perl_module.so;
-{% endif %}
-{% if nginx_modules.geoip %}
-{% if nginx_http_template_enable %}
-load_module modules/ngx_http_geoip_module.so;
-{% endif %}
-{% if nginx_stream_template_enable %}
-load_module modules/ngx_stream_geoip_module.so;
-{% endif %}
-{% endif %}
-{% if nginx_modules.image_filter %}
-load_module modules/ngx_http_image_filter_module.so;
-{% endif %}
-{% if nginx_modules.rtmp and nginx_type == "plus" %}
-load_module modules/ngx_rtmp_module.so;
-{% endif %}
-{% if nginx_modules.xslt %}
-load_module modules/ngx_http_xslt_filter_module.so;
-{% endif %}
-{% if nginx_modules.waf and nginx_type == "plus" %}
-load_module modules/ngx_http_modsecurity_module.so;
-{% endif %}
 user  {{ nginx_main_template.user }};
 worker_processes  {{ nginx_main_template.worker_processes }};
 

vars/main.yml

@@ -1 +1,27 @@
 ---
+nginx_modules_list:
+  - geoip
+  - image-filter
+  - njs
+  - perl
+  - xslt
+
+nginx_plus_modules_list:
+  - auth-spnego
+  - brotli
+  - cookie-flag
+  - encrypted-session
+  - geoip
+  - geoip2
+  - headers-more
+  - image-filter
+  - lua
+  - modsecurity
+  - njs
+  - opentracing
+  - passenger
+  - perl
+  - prometheus
+  - rtmp
+  - subs-filter
+  - xslt