sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refactor modules (#315)

Browse Source
This commit is contained in:
Alessandro Fael Garcia 2020-09-08 00:44:54 +02:00 committed by GitHub
parent d12c3c5c71
commit 9b9b3e8dd3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 102 additions and 225 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CHANGELOG.md
View File

@ -1,10 +1,20 @@
# Changelog # Changelog
## 0.16.1 (Unreleased) ## 0.17.0 (Unreleased)
BREAKING CHANGES:
* The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/master/vars/main.yml).
* Modules can no longer be added to your NGINX config using this role. Please use the [`nginx_config`](https://github.com/nginxinc/ansible-role-nginx-config) role instead.
ENHANCEMENTS: ENHANCEMENTS:
* Update Ansible to `2.9.13` and Ansible Lint to `4.3.4`. * Update Ansible to `2.9.13` and Ansible Lint to `4.3.4`.
BUG FIXES:
* NGINX Plus repository data for RedHat based distros is now appropriately set.
## 0.16.0 (August 28, 2020) ## 0.16.0 (August 28, 2020)
BREAKING CHANGES: BREAKING CHANGES:

4
README.md
View File

@ -198,6 +198,10 @@ This role has multiple variables. The descriptions and defaults for all these va
- **[defaults/main/bsd.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/defaults/main/bsd.yml):** BSD installation variables - **[defaults/main/bsd.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/defaults/main/bsd.yml):** BSD installation variables
- **[defaults/main/unit.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/defaults/main/unit.yml):** NGINX Unit installation variables - **[defaults/main/unit.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/defaults/main/unit.yml):** NGINX Unit installation variables
Similarly, descriptions and defaults for preset variables can be found in the **`vars`** directory:
- **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/master/vars/main.yml):** NGINX supported modules
Example Playbooks Example Playbooks
----------------- -----------------

32
defaults/main/main.yml
View File

@ -81,16 +81,28 @@ nginx_license:
# Default is false. # Default is false.
nginx_delete_license: false nginx_delete_license: false
# Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming (NGINX Plus only), and/or XSLT modules. # Install NGINX Modules.
# Default is false. # You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked).
nginx_modules: # Default is no modules.
njs: false nginx_modules: []
perl: false # - auth-spnego # NGINX Plus
waf: false # - brotli # NGINX Plus
geoip: false # - cookie-flag # NGINX Plus
image_filter: false # - encrypted-session # NGINX Plus
rtmp: false # - geoip
xslt: false # - geoip2 # NGINX Plus
# - headers-more # NGINX Plus
# - image-filter
# - lua # NGINX Plus
# - njs
# - opentracing # NGINX Plus
# - passenger # NGINX Plus
# - perl # NGINX Plus
# - prometheus # NGINX Plus
# - rtmp
# - subs-filter # NGINX Plus
# - waf # NGINX Plus
# - xslt
# Remove previously existing NGINX configuration files. # Remove previously existing NGINX configuration files.
# You can specify a list of paths you wish to remove. # You can specify a list of paths you wish to remove.

13
molecule/common/playbooks/module_converge.yml
View File

@ -24,10 +24,9 @@
- /etc/nginx/conf.d/default.conf - /etc/nginx/conf.d/default.conf
nginx_modules: nginx_modules:
njs: true - brotli
perl: true - geoip
waf: false - image-filter
geoip: true - njs
image_filter: true - perl
rtmp: true - xslt
xslt: true

4
tasks/main.yml
View File

@ -31,7 +31,9 @@
- name: "(Install: All OSs) Install NGINX Modules" - name: "(Install: All OSs) Install NGINX Modules"
include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml" include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml"
when: true in nginx_modules.values() when:
- nginx_modules is defined
- nginx_modules | length > 0
tags: nginx_install_modules tags: nginx_install_modules
- name: "(Install: All OSs) Delete NGINX Plus License" - name: "(Install: All OSs) Delete NGINX Plus License"

28
tasks/modules/install-geoip.yml
View File

@ -1,28 +0,0 @@
---
- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies"
yum:
name: epel-release
when: ansible_distribution == "CentOS"
- name: "(Install: All OSs) Install NGINX Open Source GeoIP Module"
package:
name: "nginx-module-geoip{{ nginx_version | default('') }}"
state: present
when: nginx_type == "opensource"
- name: "(Install: All OSs) Install NGINX Plus GeoIP Module"
package:
name: "nginx-plus-module-geoip{{ nginx_version | default('') }}"
state: present
when: nginx_type == "plus"
- name: "(Setup: All NGINX) Load NGINX GeoIP Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: "{{ item }}"
loop:
- load_module modules/ngx_http_geoip_module.so;
- load_module modules/ngx_stream_geoip_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

20
tasks/modules/install-image-filter.yml
View File

@ -1,20 +0,0 @@
---
- name: "(Install: All OSs) Install NGINX Open Source Image Filter Module"
package:
name: "nginx-module-image-filter{{ nginx_version | default('') }}"
state: present
when: nginx_type == "opensource"
- name: "(Install: All OSs) Install NGINX Plus Image Filter Module"
package:
name: "nginx-plus-module-image-filter{{ nginx_version | default('') }}"
state: present
when: nginx_type == "plus"
- name: "(Setup: All NGINX) Load NGINX Image Filter Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_image_filter_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

59
tasks/modules/install-modules.yml
View File

@ -1,35 +1,32 @@
--- ---
- name: "(Install: All OSs) Install NGINX JavaScript Module" - name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies"
include_tasks: "{{ role_path }}/tasks/modules/install-njs.yml" yum:
when: nginx_modules.njs | default(false) name: epel-release
- name: "(Install: All OSs) Install NGINX Perl Module"
include_tasks: "{{ role_path }}/tasks/modules/install-perl.yml"
when: nginx_modules.perl | default(false)
- name: "(Install: All OSs) Install NGINX GeoIP Module"
include_tasks: "{{ role_path }}/tasks/modules/install-geoip.yml"
when: when:
- nginx_modules.geoip | default(false) - ansible_distribution == "CentOS"
- ansible_os_family != "RedHat" - '"geoip" in nginx_modules'
- ansible_distribution_major_version != "8"
- name: "(Install: All OSs) Install NGINX Image Filter Module" - name: "(Install: All OSs) Install NGINX Modules"
include_tasks: "{{ role_path }}/tasks/modules/install-image-filter.yml" package:
when: nginx_modules.image_filter | default(false) name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item }}{{ nginx_version | default('') }}"
state: present
- name: "(Install: All OSs) Install NGINX RTMP Module" loop: "{{ nginx_modules }}"
include_tasks: "{{ role_path }}/tasks/modules/install-rtmp.yml"
when: when:
- nginx_modules.rtmp | default(false) - (item in nginx_modules_list and nginx_type == 'opensource')
- nginx_type == "plus" or (item in nginx_plus_modules_list and nginx_type == 'plus')
- not (item == "auth-spnego")
- name: "(Install: All OSs) Install NGINX XSLT Module" or not (ansible_os_family == "Alpine" and (ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') == "3.8"))
include_tasks: "{{ role_path }}/tasks/modules/install-xslt.yml" - not (item == "geoip")
when: nginx_modules.xslt | default(false) or not ((ansible_os_family == "RedHat" and ansible_distribution_major_version == "8")
or (ansible_os_family == "FreeBSD"))
- name: "(Install: All OSs) Install NGINX WAF Module" - not (item == "brotli")
include_tasks: "{{ role_path }}/tasks/modules/install-waf.yml" or not ((ansible_os_family == "Alpine")
when: or (ansible_os_family == "RedHat" and ansible_distribution_major_version < "8")
- nginx_modules.waf | default(false) or (ansible_os_family == "Debian" and ansible_distribution_major_version == "9")
- nginx_type == "plus" or (ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
or (ansible_distribution == "Amazon")
or (ansible_distribution == "OracleLinux"))
- not (item == "geoip2") or not (ansible_os_family == "Suse")
- not (item == "opentracing")
or not ((ansible_os_family == "Suse" and ansible_distribution_major_version == "12")
or (ansible_os_family == "RedHat" and ansible_distribution_major_version == "6"))

23
tasks/modules/install-njs.yml
View File

@ -1,23 +0,0 @@
---
- name: "(Install: All OSs) Install NGINX Open Source JavaScript Module"
package:
name: "nginx-module-njs{{ nginx_version | default('') }}"
state: present
when: nginx_type == "opensource"
- name: "(Install: All OSs) Install NGINX Plus JavaScript Module"
package:
name: "nginx-plus-module-njs{{ nginx_version | default('') }}"
state: present
when: nginx_type == "plus"
- name: "(Setup: All NGINX) Load NGINX JavaScript Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: "{{ item }}"
loop:
- load_module modules/ngx_http_js_module.so;
- load_module modules/ngx_stream_js_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

25
tasks/modules/install-perl.yml
View File

@ -1,25 +0,0 @@
---
- name: "(Install: All OSs) Install Perl Dependency"
package:
name: perl
state: present
- name: "(Install: All OSs) Install NGINX Open Source Perl Module"
package:
name: "nginx-module-perl{{ nginx_version | default('') }}"
state: present
when: nginx_type == "opensource"
- name: "(Install: All OSs) Install NGINX Plus Perl Module"
package:
name: "nginx-plus-module-perl{{ nginx_version | default('') }}"
state: present
when: nginx_type == "plus"
- name: "(Setup: All NGINX) Load NGINX Perl Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_perl_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

13
tasks/modules/install-rtmp.yml
View File

@ -1,13 +0,0 @@
---
- name: "(Install: All OSs) Install NGINX Plus RTMP Module"
package:
name: "nginx-plus-module-rtmp{{ nginx_version | default('') }}"
state: present
- name: "(Setup: All NGINX) Load NGINX RTMP Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_rtmp_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

13
tasks/modules/install-waf.yml
View File

@ -1,13 +0,0 @@
---
- name: "(Install: All OSs) Install NGINX Plus WAF Module"
package:
name: "nginx-plus-module-modsecurity{{ nginx_version | default('') }}"
state: present
- name: "(Setup: NGINX Plus) Load NGINX Plus WAF Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_modsecurity_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

20
tasks/modules/install-xslt.yml
View File

@ -1,20 +0,0 @@
---
- name: "(Install: All OSs) Install NGINX Open Source XSLT Module"
package:
name: "nginx-module-xslt{{ nginx_version | default('') }}"
state: present
when: nginx_type == "opensource"
- name: "(Install: All OSs) Install NGINX Plus XSLT Module"
package:
name: "nginx-plus-module-xslt{{ nginx_version | default('') }}"
state: present
when: nginx_type == "plus"
- name: "(Setup: All NGINX) Load NGINX XSLT Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_xslt_filter_module.so;
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

4
tasks/plus/setup-redhat.yml
View File

@ -4,7 +4,7 @@
name: nginx-plus name: nginx-plus
baseurl: >- baseurl: >-
https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0) https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0)
| ternary(ansible_distribution_major_version | int, 7.4) }}/$basearch/ | ternary('7.4', ansible_distribution_major_version | int) }}/$basearch/
description: NGINX Plus Repository description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt sslclientcert: /etc/ssl/nginx/nginx-repo.crt
sslclientkey: /etc/ssl/nginx/nginx-repo.key sslclientkey: /etc/ssl/nginx/nginx-repo.key
@ -18,7 +18,7 @@
yum_repository: yum_repository:
name: nginx-plus name: nginx-plus
baseurl: >- baseurl: >-
https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == "2") https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == '2')
| ternary('2', '') }}/$releasever/$basearch | ternary('2', '') }}/$releasever/$basearch
description: NGINX Plus Repository description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt sslclientcert: /etc/ssl/nginx/nginx-repo.crt

31
templates/nginx.conf.j2
View File

@ -1,36 +1,5 @@
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
{% if nginx_modules.njs %}
{% if nginx_http_template_enable %}
load_module modules/ngx_http_js_module.so;
{% endif %}
{% if nginx_stream_template_enable %}
load_module modules/ngx_stream_js_module.so;
{% endif %}
{% endif %}
{% if nginx_modules.perl %}
load_module modules/ngx_http_perl_module.so;
{% endif %}
{% if nginx_modules.geoip %}
{% if nginx_http_template_enable %}
load_module modules/ngx_http_geoip_module.so;
{% endif %}
{% if nginx_stream_template_enable %}
load_module modules/ngx_stream_geoip_module.so;
{% endif %}
{% endif %}
{% if nginx_modules.image_filter %}
load_module modules/ngx_http_image_filter_module.so;
{% endif %}
{% if nginx_modules.rtmp and nginx_type == "plus" %}
load_module modules/ngx_rtmp_module.so;
{% endif %}
{% if nginx_modules.xslt %}
load_module modules/ngx_http_xslt_filter_module.so;
{% endif %}
{% if nginx_modules.waf and nginx_type == "plus" %}
load_module modules/ngx_http_modsecurity_module.so;
{% endif %}
user {{ nginx_main_template.user }}; user {{ nginx_main_template.user }};
worker_processes {{ nginx_main_template.worker_processes }}; worker_processes {{ nginx_main_template.worker_processes }};

26
vars/main.yml
View File

@ -1 +1,27 @@
--- ---
nginx_modules_list:
- geoip
- image-filter
- njs
- perl
- xslt
nginx_plus_modules_list:
- auth-spnego
- brotli
- cookie-flag
- encrypted-session
- geoip
- geoip2
- headers-more
- image-filter
- lua
- modsecurity
- njs
- opentracing
- passenger
- perl
- prometheus
- rtmp
- subs-filter
- xslt