Pin Alpine and Debian OSS repositories (#471)
This commit is contained in:
parent
16d3cb75b9
commit
a4b858467a
@ -2,6 +2,14 @@
|
|||||||
|
|
||||||
## 0.21.4 (Unreleased)
|
## 0.21.4 (Unreleased)
|
||||||
|
|
||||||
|
FEATURES:
|
||||||
|
|
||||||
|
Pin repository data when installing NGINX OSS on Alpine and Debian distributions.
|
||||||
|
|
||||||
|
ENHANCEMENTS:
|
||||||
|
|
||||||
|
Add Alpine Linux 3.15 to list of tested and supported platforms.
|
||||||
|
|
||||||
BUG FIXES:
|
BUG FIXES:
|
||||||
|
|
||||||
When building NGINX from source, the original source FTP repository `ftp.pcre.org` is not available anymore, according to <http://pcre.org>. The FTP repository has been updated to use `ftp.exim.org` instead.
|
When building NGINX from source, the original source FTP repository `ftp.pcre.org` is not available anymore, according to <http://pcre.org>. The FTP repository has been updated to use `ftp.exim.org` instead.
|
||||||
|
@ -73,10 +73,10 @@ The NGINX Ansible role supports all platforms supported by [NGINX Open Source](h
|
|||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
Alpine:
|
Alpine:
|
||||||
- 3.11
|
|
||||||
- 3.12
|
- 3.12
|
||||||
- 3.13
|
- 3.13
|
||||||
- 3.14
|
- 3.14
|
||||||
|
- 3.15
|
||||||
Amazon Linux:
|
Amazon Linux:
|
||||||
- 2
|
- 2
|
||||||
CentOS:
|
CentOS:
|
||||||
|
@ -4,15 +4,15 @@
|
|||||||
pre_tasks:
|
pre_tasks:
|
||||||
- name: Set repo if Alpine
|
- name: Set repo if Alpine
|
||||||
set_fact:
|
set_fact:
|
||||||
version: "=1.21.1-r1"
|
version: "=1.21.4-r1"
|
||||||
when: ansible_facts['os_family'] == "Alpine"
|
when: ansible_facts['os_family'] == "Alpine"
|
||||||
- name: Set repo if Debian
|
- name: Set repo if Debian
|
||||||
set_fact:
|
set_fact:
|
||||||
version: "=1.21.1-1~{{ ansible_facts['distribution_release'] }}"
|
version: "=1.21.4-1~{{ ansible_facts['distribution_release'] }}"
|
||||||
when: ansible_facts['os_family'] == "Debian"
|
when: ansible_facts['os_family'] == "Debian"
|
||||||
- name: Set repo if Red Hat
|
- name: Set repo if Red Hat
|
||||||
set_fact:
|
set_fact:
|
||||||
version: "-1.21.1-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
|
version: "-1.21.4-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
|
||||||
when: ansible_facts['os_family'] == "RedHat"
|
when: ansible_facts['os_family'] == "RedHat"
|
||||||
- name: Enable NGINX @CentOS-AppStream dnf modules
|
- name: Enable NGINX @CentOS-AppStream dnf modules
|
||||||
shell:
|
shell:
|
||||||
|
@ -6,13 +6,6 @@ lint: |
|
|||||||
yamllint .
|
yamllint .
|
||||||
ansible-lint --force-color
|
ansible-lint --force-color
|
||||||
platforms:
|
platforms:
|
||||||
- name: alpine-3.11
|
|
||||||
image: alpine:3.11
|
|
||||||
dockerfile: ../common/Dockerfile.j2
|
|
||||||
privileged: true
|
|
||||||
volumes:
|
|
||||||
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
|
||||||
command: "/sbin/init"
|
|
||||||
- name: alpine-3.12
|
- name: alpine-3.12
|
||||||
image: alpine:3.12
|
image: alpine:3.12
|
||||||
dockerfile: ../common/Dockerfile.j2
|
dockerfile: ../common/Dockerfile.j2
|
||||||
@ -34,6 +27,13 @@ platforms:
|
|||||||
volumes:
|
volumes:
|
||||||
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
||||||
command: "/sbin/init"
|
command: "/sbin/init"
|
||||||
|
- name: alpine-3.15
|
||||||
|
image: alpine:3.15
|
||||||
|
dockerfile: ../common/Dockerfile.j2
|
||||||
|
privileged: true
|
||||||
|
volumes:
|
||||||
|
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
||||||
|
command: "/sbin/init"
|
||||||
- name: amazonlinux-2
|
- name: amazonlinux-2
|
||||||
image: amazonlinux:2
|
image: amazonlinux:2
|
||||||
dockerfile: ../common/Dockerfile.j2
|
dockerfile: ../common/Dockerfile.j2
|
||||||
|
@ -6,13 +6,6 @@ lint: |
|
|||||||
yamllint .
|
yamllint .
|
||||||
ansible-lint --force-color
|
ansible-lint --force-color
|
||||||
platforms:
|
platforms:
|
||||||
- name: alpine-3.11
|
|
||||||
image: alpine:3.11
|
|
||||||
dockerfile: ../common/Dockerfile.j2
|
|
||||||
privileged: true
|
|
||||||
volumes:
|
|
||||||
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
|
||||||
command: "/sbin/init"
|
|
||||||
- name: alpine-3.12
|
- name: alpine-3.12
|
||||||
image: alpine:3.12
|
image: alpine:3.12
|
||||||
dockerfile: ../common/Dockerfile.j2
|
dockerfile: ../common/Dockerfile.j2
|
||||||
@ -34,6 +27,13 @@ platforms:
|
|||||||
volumes:
|
volumes:
|
||||||
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
||||||
command: "/sbin/init"
|
command: "/sbin/init"
|
||||||
|
- name: alpine-3.15
|
||||||
|
image: alpine:3.15
|
||||||
|
dockerfile: ../common/Dockerfile.j2
|
||||||
|
privileged: true
|
||||||
|
volumes:
|
||||||
|
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
||||||
|
command: "/sbin/init"
|
||||||
- name: amazonlinux-2
|
- name: amazonlinux-2
|
||||||
image: amazonlinux:2
|
image: amazonlinux:2
|
||||||
dockerfile: ../common/Dockerfile.j2
|
dockerfile: ../common/Dockerfile.j2
|
||||||
|
@ -6,13 +6,6 @@ lint: |
|
|||||||
yamllint .
|
yamllint .
|
||||||
ansible-lint --force-color
|
ansible-lint --force-color
|
||||||
platforms:
|
platforms:
|
||||||
- name: alpine-3.11
|
|
||||||
image: alpine:3.11
|
|
||||||
dockerfile: ../common/Dockerfile.j2
|
|
||||||
privileged: true
|
|
||||||
volumes:
|
|
||||||
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
|
||||||
command: "/sbin/init"
|
|
||||||
- name: alpine-3.12
|
- name: alpine-3.12
|
||||||
image: alpine:3.12
|
image: alpine:3.12
|
||||||
dockerfile: ../common/Dockerfile.j2
|
dockerfile: ../common/Dockerfile.j2
|
||||||
@ -34,6 +27,13 @@ platforms:
|
|||||||
volumes:
|
volumes:
|
||||||
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
||||||
command: "/sbin/init"
|
command: "/sbin/init"
|
||||||
|
- name: alpine-3.15
|
||||||
|
image: alpine:3.15
|
||||||
|
dockerfile: ../common/Dockerfile.j2
|
||||||
|
privileged: true
|
||||||
|
volumes:
|
||||||
|
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
|
||||||
|
command: "/sbin/init"
|
||||||
- name: amazonlinux-2
|
- name: amazonlinux-2
|
||||||
image: amazonlinux:2
|
image: amazonlinux:2
|
||||||
dockerfile: ../common/Dockerfile.j2
|
dockerfile: ../common/Dockerfile.j2
|
||||||
|
@ -20,6 +20,7 @@
|
|||||||
- name: (Debian/Ubuntu) Add NGINX signing key
|
- name: (Debian/Ubuntu) Add NGINX signing key
|
||||||
apt_key:
|
apt_key:
|
||||||
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
|
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
|
||||||
|
keyring: /usr/share/keyrings/nginx-archive-keyring.gpg
|
||||||
url: "{{ keysite }}"
|
url: "{{ keysite }}"
|
||||||
when: ansible_facts['os_family'] == "Debian"
|
when: ansible_facts['os_family'] == "Debian"
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@
|
|||||||
- name: Install NGINX modules
|
- name: Install NGINX modules
|
||||||
package:
|
package:
|
||||||
name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item.name | default(item) }}\
|
name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item.name | default(item) }}\
|
||||||
{{ item.version | default(nginx_version) | default('') }}"
|
{{ item.version | default(nginx_version) | default('') }}{{ (nginx_repository is not defined and ansible_facts['os_family'] == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}"
|
||||||
state: "{{ item.state | default('present') }}"
|
state: "{{ item.state | default('present') }}"
|
||||||
loop: "{{ nginx_modules }}"
|
loop: "{{ nginx_modules }}"
|
||||||
when:
|
when:
|
||||||
|
@ -8,8 +8,7 @@
|
|||||||
|
|
||||||
- name: (Alpine Linux) Install NGINX
|
- name: (Alpine Linux) Install NGINX
|
||||||
apk:
|
apk:
|
||||||
name: "nginx{{ nginx_version | default('') }}"
|
name: "nginx{{ nginx_repository is not defined | ternary('@nginx', '') }}{{ nginx_version | default('') }}"
|
||||||
repository: "{{ nginx_repository | default(nginx_default_repository_alpine) }}"
|
|
||||||
state: "{{ nginx_state }}"
|
state: "{{ nginx_state }}"
|
||||||
update_cache: true
|
update_cache: true
|
||||||
ignore_errors: "{{ ansible_check_mode }}"
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
|
@ -8,6 +8,18 @@
|
|||||||
loop: "{{ nginx_repository | default(nginx_default_repository_debian) }}"
|
loop: "{{ nginx_repository | default(nginx_default_repository_debian) }}"
|
||||||
when: nginx_manage_repo | bool
|
when: nginx_manage_repo | bool
|
||||||
|
|
||||||
|
- name: (Debian/Ubuntu) Pin NGINX repository
|
||||||
|
blockinfile:
|
||||||
|
path: /etc/apt/preferences.d/99nginx
|
||||||
|
create: true
|
||||||
|
block: |
|
||||||
|
Package: *
|
||||||
|
Pin: origin nginx.org
|
||||||
|
Pin: release o=nginx
|
||||||
|
Pin-Priority: 900
|
||||||
|
mode: 0644
|
||||||
|
when: nginx_repository is not defined
|
||||||
|
|
||||||
- name: (Debian/Ubuntu) Install NGINX
|
- name: (Debian/Ubuntu) Install NGINX
|
||||||
apt:
|
apt:
|
||||||
name: "nginx{{ nginx_version | default('') }}"
|
name: "nginx{{ nginx_version | default('') }}"
|
||||||
|
@ -17,13 +17,13 @@ nginx_default_signing_key_rsa_pub: https://nginx.org/keys/nginx_signing.rsa.pub
|
|||||||
nginx_default_signing_key_pgp: https://nginx.org/keys/nginx_signing.key
|
nginx_default_signing_key_pgp: https://nginx.org/keys/nginx_signing.key
|
||||||
|
|
||||||
# Default NGINX Open Source repositories
|
# Default NGINX Open Source repositories
|
||||||
nginx_default_repository_alpine: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
|
nginx_default_repository_alpine: "@nginx http://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
|
||||||
alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
|
alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
|
||||||
nginx_default_repository_amazon: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}/amzn2/$releasever/$basearch"
|
nginx_default_repository_amazon: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}/amzn2/$releasever/$basearch"
|
||||||
nginx_default_repository_debian:
|
nginx_default_repository_debian:
|
||||||
- "deb [arch={{ (ansible_facts['architecture'] == 'aarch64') | ternary('arm64', 'amd64') }}] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
|
- "deb [arch={{ (ansible_facts['architecture'] == 'aarch64') | ternary('arm64', 'amd64') }} signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
|
||||||
{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx"
|
{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx"
|
||||||
- "deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
|
- "deb-src [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
|
||||||
{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx"
|
{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx"
|
||||||
nginx_default_repository_redhat: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
|
nginx_default_repository_redhat: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
|
||||||
{{ (ansible_facts['distribution'] == 'CentOS') | ternary('centos', 'rhel') }}/\
|
{{ (ansible_facts['distribution'] == 'CentOS') | ternary('centos', 'rhel') }}/\
|
||||||
@ -34,7 +34,7 @@ nginx_default_repository_suse: "https://nginx.org/packages/{{ (nginx_branch == '
|
|||||||
# Default NGINX Plus repositories
|
# Default NGINX Plus repositories
|
||||||
nginx_plus_default_repository_alpine: "https://pkgs.nginx.com/plus/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
|
nginx_plus_default_repository_alpine: "https://pkgs.nginx.com/plus/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
|
||||||
nginx_plus_default_repository_amazon: "https://pkgs.nginx.com/plus/amzn{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch"
|
nginx_plus_default_repository_amazon: "https://pkgs.nginx.com/plus/amzn{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch"
|
||||||
nginx_plus_default_repository_debian: "deb [arch={{ (ansible_facts['architecture'] == 'aarch64') | ternary('arm64', 'amd64') }}] https://pkgs.nginx.com/plus/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus"
|
nginx_plus_default_repository_debian: "deb [arch={{ (ansible_facts['architecture'] == 'aarch64') | ternary('arm64', 'amd64') }} signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus"
|
||||||
nginx_plus_default_repository_freebsd: "https://pkgs.nginx.com/plus/freebsd/${ABI}/latest"
|
nginx_plus_default_repository_freebsd: "https://pkgs.nginx.com/plus/freebsd/${ABI}/latest"
|
||||||
nginx_plus_default_repository_redhat: "https://pkgs.nginx.com/plus/{{ (ansible_facts['distribution'] == 'CentOS') | ternary('centos', 'rhel') }}/\
|
nginx_plus_default_repository_redhat: "https://pkgs.nginx.com/plus/{{ (ansible_facts['distribution'] == 'CentOS') | ternary('centos', 'rhel') }}/\
|
||||||
{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
|
{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
|
||||||
|
Loading…
Reference in New Issue
Block a user