Refactor modules (#315)
This commit is contained in:
parent
d12c3c5c71
commit
9b9b3e8dd3
12
CHANGELOG.md
12
CHANGELOG.md
@ -1,10 +1,20 @@
|
||||
# Changelog
|
||||
|
||||
## 0.16.1 (Unreleased)
|
||||
## 0.17.0 (Unreleased)
|
||||
|
||||
BREAKING CHANGES:
|
||||
|
||||
* The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/master/vars/main.yml).
|
||||
* Modules can no longer be added to your NGINX config using this role. Please use the [`nginx_config`](https://github.com/nginxinc/ansible-role-nginx-config) role instead.
|
||||
|
||||
ENHANCEMENTS:
|
||||
|
||||
* Update Ansible to `2.9.13` and Ansible Lint to `4.3.4`.
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* NGINX Plus repository data for RedHat based distros is now appropriately set.
|
||||
|
||||
## 0.16.0 (August 28, 2020)
|
||||
|
||||
BREAKING CHANGES:
|
||||
|
@ -198,6 +198,10 @@ This role has multiple variables. The descriptions and defaults for all these va
|
||||
- **[defaults/main/bsd.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/defaults/main/bsd.yml):** BSD installation variables
|
||||
- **[defaults/main/unit.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/defaults/main/unit.yml):** NGINX Unit installation variables
|
||||
|
||||
Similarly, descriptions and defaults for preset variables can be found in the **`vars`** directory:
|
||||
|
||||
- **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/vars/main.yml):** NGINX supported modules
|
||||
|
||||
Example Playbooks
|
||||
-----------------
|
||||
|
||||
|
@ -81,16 +81,28 @@ nginx_license:
|
||||
# Default is false.
|
||||
nginx_delete_license: false
|
||||
|
||||
# Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming (NGINX Plus only), and/or XSLT modules.
|
||||
# Default is false.
|
||||
nginx_modules:
|
||||
njs: false
|
||||
perl: false
|
||||
waf: false
|
||||
geoip: false
|
||||
image_filter: false
|
||||
rtmp: false
|
||||
xslt: false
|
||||
# Install NGINX Modules.
|
||||
# You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked).
|
||||
# Default is no modules.
|
||||
nginx_modules: []
|
||||
# - auth-spnego # NGINX Plus
|
||||
# - brotli # NGINX Plus
|
||||
# - cookie-flag # NGINX Plus
|
||||
# - encrypted-session # NGINX Plus
|
||||
# - geoip
|
||||
# - geoip2 # NGINX Plus
|
||||
# - headers-more # NGINX Plus
|
||||
# - image-filter
|
||||
# - lua # NGINX Plus
|
||||
# - njs
|
||||
# - opentracing # NGINX Plus
|
||||
# - passenger # NGINX Plus
|
||||
# - perl # NGINX Plus
|
||||
# - prometheus # NGINX Plus
|
||||
# - rtmp
|
||||
# - subs-filter # NGINX Plus
|
||||
# - waf # NGINX Plus
|
||||
# - xslt
|
||||
|
||||
# Remove previously existing NGINX configuration files.
|
||||
# You can specify a list of paths you wish to remove.
|
||||
|
@ -24,10 +24,9 @@
|
||||
- /etc/nginx/conf.d/default.conf
|
||||
|
||||
nginx_modules:
|
||||
njs: true
|
||||
perl: true
|
||||
waf: false
|
||||
geoip: true
|
||||
image_filter: true
|
||||
rtmp: true
|
||||
xslt: true
|
||||
- brotli
|
||||
- geoip
|
||||
- image-filter
|
||||
- njs
|
||||
- perl
|
||||
- xslt
|
||||
|
@ -31,7 +31,9 @@
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Modules"
|
||||
include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml"
|
||||
when: true in nginx_modules.values()
|
||||
when:
|
||||
- nginx_modules is defined
|
||||
- nginx_modules | length > 0
|
||||
tags: nginx_install_modules
|
||||
|
||||
- name: "(Install: All OSs) Delete NGINX Plus License"
|
||||
|
@ -1,28 +0,0 @@
|
||||
---
|
||||
- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies"
|
||||
yum:
|
||||
name: epel-release
|
||||
when: ansible_distribution == "CentOS"
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Open Source GeoIP Module"
|
||||
package:
|
||||
name: "nginx-module-geoip{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
when: nginx_type == "opensource"
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Plus GeoIP Module"
|
||||
package:
|
||||
name: "nginx-plus-module-geoip{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
when: nginx_type == "plus"
|
||||
|
||||
- name: "(Setup: All NGINX) Load NGINX GeoIP Module"
|
||||
lineinfile:
|
||||
path: /etc/nginx/nginx.conf
|
||||
insertbefore: BOF
|
||||
line: "{{ item }}"
|
||||
loop:
|
||||
- load_module modules/ngx_http_geoip_module.so;
|
||||
- load_module modules/ngx_stream_geoip_module.so;
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
@ -1,20 +0,0 @@
|
||||
---
|
||||
- name: "(Install: All OSs) Install NGINX Open Source Image Filter Module"
|
||||
package:
|
||||
name: "nginx-module-image-filter{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
when: nginx_type == "opensource"
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Plus Image Filter Module"
|
||||
package:
|
||||
name: "nginx-plus-module-image-filter{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
when: nginx_type == "plus"
|
||||
|
||||
- name: "(Setup: All NGINX) Load NGINX Image Filter Module"
|
||||
lineinfile:
|
||||
path: /etc/nginx/nginx.conf
|
||||
insertbefore: BOF
|
||||
line: load_module modules/ngx_http_image_filter_module.so;
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
@ -1,35 +1,32 @@
|
||||
---
|
||||
- name: "(Install: All OSs) Install NGINX JavaScript Module"
|
||||
include_tasks: "{{ role_path }}/tasks/modules/install-njs.yml"
|
||||
when: nginx_modules.njs | default(false)
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Perl Module"
|
||||
include_tasks: "{{ role_path }}/tasks/modules/install-perl.yml"
|
||||
when: nginx_modules.perl | default(false)
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX GeoIP Module"
|
||||
include_tasks: "{{ role_path }}/tasks/modules/install-geoip.yml"
|
||||
- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies"
|
||||
yum:
|
||||
name: epel-release
|
||||
when:
|
||||
- nginx_modules.geoip | default(false)
|
||||
- ansible_os_family != "RedHat"
|
||||
- ansible_distribution_major_version != "8"
|
||||
- ansible_distribution == "CentOS"
|
||||
- '"geoip" in nginx_modules'
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Image Filter Module"
|
||||
include_tasks: "{{ role_path }}/tasks/modules/install-image-filter.yml"
|
||||
when: nginx_modules.image_filter | default(false)
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX RTMP Module"
|
||||
include_tasks: "{{ role_path }}/tasks/modules/install-rtmp.yml"
|
||||
- name: "(Install: All OSs) Install NGINX Modules"
|
||||
package:
|
||||
name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item }}{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
loop: "{{ nginx_modules }}"
|
||||
when:
|
||||
- nginx_modules.rtmp | default(false)
|
||||
- nginx_type == "plus"
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX XSLT Module"
|
||||
include_tasks: "{{ role_path }}/tasks/modules/install-xslt.yml"
|
||||
when: nginx_modules.xslt | default(false)
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX WAF Module"
|
||||
include_tasks: "{{ role_path }}/tasks/modules/install-waf.yml"
|
||||
when:
|
||||
- nginx_modules.waf | default(false)
|
||||
- nginx_type == "plus"
|
||||
- (item in nginx_modules_list and nginx_type == 'opensource')
|
||||
or (item in nginx_plus_modules_list and nginx_type == 'plus')
|
||||
- not (item == "auth-spnego")
|
||||
or not (ansible_os_family == "Alpine" and (ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') == "3.8"))
|
||||
- not (item == "geoip")
|
||||
or not ((ansible_os_family == "RedHat" and ansible_distribution_major_version == "8")
|
||||
or (ansible_os_family == "FreeBSD"))
|
||||
- not (item == "brotli")
|
||||
or not ((ansible_os_family == "Alpine")
|
||||
or (ansible_os_family == "RedHat" and ansible_distribution_major_version < "8")
|
||||
or (ansible_os_family == "Debian" and ansible_distribution_major_version == "9")
|
||||
or (ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
|
||||
or (ansible_distribution == "Amazon")
|
||||
or (ansible_distribution == "OracleLinux"))
|
||||
- not (item == "geoip2") or not (ansible_os_family == "Suse")
|
||||
- not (item == "opentracing")
|
||||
or not ((ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
|
||||
or (ansible_os_family == "RedHat" and ansible_distribution_major_version == "6"))
|
||||
|
@ -1,23 +0,0 @@
|
||||
---
|
||||
- name: "(Install: All OSs) Install NGINX Open Source JavaScript Module"
|
||||
package:
|
||||
name: "nginx-module-njs{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
when: nginx_type == "opensource"
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Plus JavaScript Module"
|
||||
package:
|
||||
name: "nginx-plus-module-njs{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
when: nginx_type == "plus"
|
||||
|
||||
- name: "(Setup: All NGINX) Load NGINX JavaScript Module"
|
||||
lineinfile:
|
||||
path: /etc/nginx/nginx.conf
|
||||
insertbefore: BOF
|
||||
line: "{{ item }}"
|
||||
loop:
|
||||
- load_module modules/ngx_http_js_module.so;
|
||||
- load_module modules/ngx_stream_js_module.so;
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
@ -1,25 +0,0 @@
|
||||
---
|
||||
- name: "(Install: All OSs) Install Perl Dependency"
|
||||
package:
|
||||
name: perl
|
||||
state: present
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Open Source Perl Module"
|
||||
package:
|
||||
name: "nginx-module-perl{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
when: nginx_type == "opensource"
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Plus Perl Module"
|
||||
package:
|
||||
name: "nginx-plus-module-perl{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
when: nginx_type == "plus"
|
||||
|
||||
- name: "(Setup: All NGINX) Load NGINX Perl Module"
|
||||
lineinfile:
|
||||
path: /etc/nginx/nginx.conf
|
||||
insertbefore: BOF
|
||||
line: load_module modules/ngx_http_perl_module.so;
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
@ -1,13 +0,0 @@
|
||||
---
|
||||
- name: "(Install: All OSs) Install NGINX Plus RTMP Module"
|
||||
package:
|
||||
name: "nginx-plus-module-rtmp{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
|
||||
- name: "(Setup: All NGINX) Load NGINX RTMP Module"
|
||||
lineinfile:
|
||||
path: /etc/nginx/nginx.conf
|
||||
insertbefore: BOF
|
||||
line: load_module modules/ngx_rtmp_module.so;
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
@ -1,13 +0,0 @@
|
||||
---
|
||||
- name: "(Install: All OSs) Install NGINX Plus WAF Module"
|
||||
package:
|
||||
name: "nginx-plus-module-modsecurity{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
|
||||
- name: "(Setup: NGINX Plus) Load NGINX Plus WAF Module"
|
||||
lineinfile:
|
||||
path: /etc/nginx/nginx.conf
|
||||
insertbefore: BOF
|
||||
line: load_module modules/ngx_http_modsecurity_module.so;
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
@ -1,20 +0,0 @@
|
||||
---
|
||||
- name: "(Install: All OSs) Install NGINX Open Source XSLT Module"
|
||||
package:
|
||||
name: "nginx-module-xslt{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
when: nginx_type == "opensource"
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Plus XSLT Module"
|
||||
package:
|
||||
name: "nginx-plus-module-xslt{{ nginx_version | default('') }}"
|
||||
state: present
|
||||
when: nginx_type == "plus"
|
||||
|
||||
- name: "(Setup: All NGINX) Load NGINX XSLT Module"
|
||||
lineinfile:
|
||||
path: /etc/nginx/nginx.conf
|
||||
insertbefore: BOF
|
||||
line: load_module modules/ngx_http_xslt_filter_module.so;
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
@ -4,7 +4,7 @@
|
||||
name: nginx-plus
|
||||
baseurl: >-
|
||||
https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0)
|
||||
| ternary(ansible_distribution_major_version | int, 7.4) }}/$basearch/
|
||||
| ternary('7.4', ansible_distribution_major_version | int) }}/$basearch/
|
||||
description: NGINX Plus Repository
|
||||
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
|
||||
sslclientkey: /etc/ssl/nginx/nginx-repo.key
|
||||
@ -18,7 +18,7 @@
|
||||
yum_repository:
|
||||
name: nginx-plus
|
||||
baseurl: >-
|
||||
https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == "2")
|
||||
https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == '2')
|
||||
| ternary('2', '') }}/$releasever/$basearch
|
||||
description: NGINX Plus Repository
|
||||
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
|
||||
|
@ -1,36 +1,5 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
{% if nginx_modules.njs %}
|
||||
{% if nginx_http_template_enable %}
|
||||
load_module modules/ngx_http_js_module.so;
|
||||
{% endif %}
|
||||
{% if nginx_stream_template_enable %}
|
||||
load_module modules/ngx_stream_js_module.so;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if nginx_modules.perl %}
|
||||
load_module modules/ngx_http_perl_module.so;
|
||||
{% endif %}
|
||||
{% if nginx_modules.geoip %}
|
||||
{% if nginx_http_template_enable %}
|
||||
load_module modules/ngx_http_geoip_module.so;
|
||||
{% endif %}
|
||||
{% if nginx_stream_template_enable %}
|
||||
load_module modules/ngx_stream_geoip_module.so;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if nginx_modules.image_filter %}
|
||||
load_module modules/ngx_http_image_filter_module.so;
|
||||
{% endif %}
|
||||
{% if nginx_modules.rtmp and nginx_type == "plus" %}
|
||||
load_module modules/ngx_rtmp_module.so;
|
||||
{% endif %}
|
||||
{% if nginx_modules.xslt %}
|
||||
load_module modules/ngx_http_xslt_filter_module.so;
|
||||
{% endif %}
|
||||
{% if nginx_modules.waf and nginx_type == "plus" %}
|
||||
load_module modules/ngx_http_modsecurity_module.so;
|
||||
{% endif %}
|
||||
user {{ nginx_main_template.user }};
|
||||
worker_processes {{ nginx_main_template.worker_processes }};
|
||||
|
||||
|
@ -1 +1,27 @@
|
||||
---
|
||||
nginx_modules_list:
|
||||
- geoip
|
||||
- image-filter
|
||||
- njs
|
||||
- perl
|
||||
- xslt
|
||||
|
||||
nginx_plus_modules_list:
|
||||
- auth-spnego
|
||||
- brotli
|
||||
- cookie-flag
|
||||
- encrypted-session
|
||||
- geoip
|
||||
- geoip2
|
||||
- headers-more
|
||||
- image-filter
|
||||
- lua
|
||||
- modsecurity
|
||||
- njs
|
||||
- opentracing
|
||||
- passenger
|
||||
- perl
|
||||
- prometheus
|
||||
- rtmp
|
||||
- subs-filter
|
||||
- xslt
|
||||
|
Loading…
Reference in New Issue
Block a user