Pin Alpine and Debian OSS repositories (#471)

This commit is contained in:
Alessandro Fael Garcia 2021-12-03 07:59:36 +01:00 committed by GitHub
parent 16d3cb75b9
commit a4b858467a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 52 additions and 32 deletions

View File

@ -2,6 +2,14 @@
## 0.21.4 (Unreleased) ## 0.21.4 (Unreleased)
FEATURES:
Pin repository data when installing NGINX OSS on Alpine and Debian distributions.
ENHANCEMENTS:
Add Alpine Linux 3.15 to list of tested and supported platforms.
BUG FIXES: BUG FIXES:
When building NGINX from source, the original source FTP repository `ftp.pcre.org` is not available anymore, according to <http://pcre.org>. The FTP repository has been updated to use `ftp.exim.org` instead. When building NGINX from source, the original source FTP repository `ftp.pcre.org` is not available anymore, according to <http://pcre.org>. The FTP repository has been updated to use `ftp.exim.org` instead.

View File

@ -73,10 +73,10 @@ The NGINX Ansible role supports all platforms supported by [NGINX Open Source](h
```yaml ```yaml
Alpine: Alpine:
- 3.11
- 3.12 - 3.12
- 3.13 - 3.13
- 3.14 - 3.14
- 3.15
Amazon Linux: Amazon Linux:
- 2 - 2
CentOS: CentOS:

View File

@ -4,15 +4,15 @@
pre_tasks: pre_tasks:
- name: Set repo if Alpine - name: Set repo if Alpine
set_fact: set_fact:
version: "=1.21.1-r1" version: "=1.21.4-r1"
when: ansible_facts['os_family'] == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: Set repo if Debian - name: Set repo if Debian
set_fact: set_fact:
version: "=1.21.1-1~{{ ansible_facts['distribution_release'] }}" version: "=1.21.4-1~{{ ansible_facts['distribution_release'] }}"
when: ansible_facts['os_family'] == "Debian" when: ansible_facts['os_family'] == "Debian"
- name: Set repo if Red Hat - name: Set repo if Red Hat
set_fact: set_fact:
version: "-1.21.1-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" version: "-1.21.4-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
when: ansible_facts['os_family'] == "RedHat" when: ansible_facts['os_family'] == "RedHat"
- name: Enable NGINX @CentOS-AppStream dnf modules - name: Enable NGINX @CentOS-AppStream dnf modules
shell: shell:

View File

@ -6,13 +6,6 @@ lint: |
yamllint . yamllint .
ansible-lint --force-color ansible-lint --force-color
platforms: platforms:
- name: alpine-3.11
image: alpine:3.11
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.12 - name: alpine-3.12
image: alpine:3.12 image: alpine:3.12
dockerfile: ../common/Dockerfile.j2 dockerfile: ../common/Dockerfile.j2
@ -34,6 +27,13 @@ platforms:
volumes: volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw" - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init" command: "/sbin/init"
- name: alpine-3.15
image: alpine:3.15
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: amazonlinux-2 - name: amazonlinux-2
image: amazonlinux:2 image: amazonlinux:2
dockerfile: ../common/Dockerfile.j2 dockerfile: ../common/Dockerfile.j2

View File

@ -6,13 +6,6 @@ lint: |
yamllint . yamllint .
ansible-lint --force-color ansible-lint --force-color
platforms: platforms:
- name: alpine-3.11
image: alpine:3.11
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.12 - name: alpine-3.12
image: alpine:3.12 image: alpine:3.12
dockerfile: ../common/Dockerfile.j2 dockerfile: ../common/Dockerfile.j2
@ -34,6 +27,13 @@ platforms:
volumes: volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw" - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init" command: "/sbin/init"
- name: alpine-3.15
image: alpine:3.15
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: amazonlinux-2 - name: amazonlinux-2
image: amazonlinux:2 image: amazonlinux:2
dockerfile: ../common/Dockerfile.j2 dockerfile: ../common/Dockerfile.j2

View File

@ -6,13 +6,6 @@ lint: |
yamllint . yamllint .
ansible-lint --force-color ansible-lint --force-color
platforms: platforms:
- name: alpine-3.11
image: alpine:3.11
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.12 - name: alpine-3.12
image: alpine:3.12 image: alpine:3.12
dockerfile: ../common/Dockerfile.j2 dockerfile: ../common/Dockerfile.j2
@ -34,6 +27,13 @@ platforms:
volumes: volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw" - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init" command: "/sbin/init"
- name: alpine-3.15
image: alpine:3.15
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: amazonlinux-2 - name: amazonlinux-2
image: amazonlinux:2 image: amazonlinux:2
dockerfile: ../common/Dockerfile.j2 dockerfile: ../common/Dockerfile.j2

View File

@ -20,6 +20,7 @@
- name: (Debian/Ubuntu) Add NGINX signing key - name: (Debian/Ubuntu) Add NGINX signing key
apt_key: apt_key:
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
keyring: /usr/share/keyrings/nginx-archive-keyring.gpg
url: "{{ keysite }}" url: "{{ keysite }}"
when: ansible_facts['os_family'] == "Debian" when: ansible_facts['os_family'] == "Debian"

View File

@ -10,7 +10,7 @@
- name: Install NGINX modules - name: Install NGINX modules
package: package:
name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item.name | default(item) }}\ name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item.name | default(item) }}\
{{ item.version | default(nginx_version) | default('') }}" {{ item.version | default(nginx_version) | default('') }}{{ (nginx_repository is not defined and ansible_facts['os_family'] == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}"
state: "{{ item.state | default('present') }}" state: "{{ item.state | default('present') }}"
loop: "{{ nginx_modules }}" loop: "{{ nginx_modules }}"
when: when:

View File

@ -8,8 +8,7 @@
- name: (Alpine Linux) Install NGINX - name: (Alpine Linux) Install NGINX
apk: apk:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_repository is not defined | ternary('@nginx', '') }}{{ nginx_version | default('') }}"
repository: "{{ nginx_repository | default(nginx_default_repository_alpine) }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
update_cache: true update_cache: true
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: "{{ ansible_check_mode }}"

View File

@ -8,6 +8,18 @@
loop: "{{ nginx_repository | default(nginx_default_repository_debian) }}" loop: "{{ nginx_repository | default(nginx_default_repository_debian) }}"
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (Debian/Ubuntu) Pin NGINX repository
blockinfile:
path: /etc/apt/preferences.d/99nginx
create: true
block: |
Package: *
Pin: origin nginx.org
Pin: release o=nginx
Pin-Priority: 900
mode: 0644
when: nginx_repository is not defined
- name: (Debian/Ubuntu) Install NGINX - name: (Debian/Ubuntu) Install NGINX
apt: apt:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"

View File

@ -17,13 +17,13 @@ nginx_default_signing_key_rsa_pub: https://nginx.org/keys/nginx_signing.rsa.pub
nginx_default_signing_key_pgp: https://nginx.org/keys/nginx_signing.key nginx_default_signing_key_pgp: https://nginx.org/keys/nginx_signing.key
# Default NGINX Open Source repositories # Default NGINX Open Source repositories
nginx_default_repository_alpine: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\ nginx_default_repository_alpine: "@nginx http://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main" alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
nginx_default_repository_amazon: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}/amzn2/$releasever/$basearch" nginx_default_repository_amazon: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}/amzn2/$releasever/$basearch"
nginx_default_repository_debian: nginx_default_repository_debian:
- "deb [arch={{ (ansible_facts['architecture'] == 'aarch64') | ternary('arm64', 'amd64') }}] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\ - "deb [arch={{ (ansible_facts['architecture'] == 'aarch64') | ternary('arm64', 'amd64') }} signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx" {{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx"
- "deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\ - "deb-src [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx" {{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx"
nginx_default_repository_redhat: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\ nginx_default_repository_redhat: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\
{{ (ansible_facts['distribution'] == 'CentOS') | ternary('centos', 'rhel') }}/\ {{ (ansible_facts['distribution'] == 'CentOS') | ternary('centos', 'rhel') }}/\
@ -34,7 +34,7 @@ nginx_default_repository_suse: "https://nginx.org/packages/{{ (nginx_branch == '
# Default NGINX Plus repositories # Default NGINX Plus repositories
nginx_plus_default_repository_alpine: "https://pkgs.nginx.com/plus/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main" nginx_plus_default_repository_alpine: "https://pkgs.nginx.com/plus/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
nginx_plus_default_repository_amazon: "https://pkgs.nginx.com/plus/amzn{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch" nginx_plus_default_repository_amazon: "https://pkgs.nginx.com/plus/amzn{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch"
nginx_plus_default_repository_debian: "deb [arch={{ (ansible_facts['architecture'] == 'aarch64') | ternary('arm64', 'amd64') }}] https://pkgs.nginx.com/plus/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus" nginx_plus_default_repository_debian: "deb [arch={{ (ansible_facts['architecture'] == 'aarch64') | ternary('arm64', 'amd64') }} signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus"
nginx_plus_default_repository_freebsd: "https://pkgs.nginx.com/plus/freebsd/${ABI}/latest" nginx_plus_default_repository_freebsd: "https://pkgs.nginx.com/plus/freebsd/${ABI}/latest"
nginx_plus_default_repository_redhat: "https://pkgs.nginx.com/plus/{{ (ansible_facts['distribution'] == 'CentOS') | ternary('centos', 'rhel') }}/\ nginx_plus_default_repository_redhat: "https://pkgs.nginx.com/plus/{{ (ansible_facts['distribution'] == 'CentOS') | ternary('centos', 'rhel') }}/\
{{ (ansible_facts['distribution_version'] is version('7.4', '>=') {{ (ansible_facts['distribution_version'] is version('7.4', '>=')