From ac5453e6fb909f12e2c1d2aea3ca390dec8e5b4f Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 9 Dec 2021 21:40:57 +0100 Subject: [PATCH] Allow NGINX version downgrades (#475) --- .github/workflows/molecule.yml | 1 + CHANGELOG.md | 4 +- README.md | 2 +- meta/main.yml | 2 +- molecule/downgrade/converge.yml | 23 ++++++++ molecule/downgrade/molecule.yml | 84 +++++++++++++++++++++++++++++ molecule/downgrade/prepare.yml | 29 ++++++++++ molecule/downgrade/verify.yml | 33 ++++++++++++ molecule/upgrade/molecule.yml | 1 + tasks/opensource/install-debian.yml | 2 + tasks/opensource/install-redhat.yml | 1 + tasks/plus/install-debian.yml | 1 + tasks/plus/install-redhat.yml | 1 + 13 files changed, 181 insertions(+), 3 deletions(-) create mode 100644 molecule/downgrade/converge.yml create mode 100644 molecule/downgrade/molecule.yml create mode 100644 molecule/downgrade/prepare.yml create mode 100644 molecule/downgrade/verify.yml diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 267b068..85ec6d5 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -20,6 +20,7 @@ jobs: matrix: scenario: - default + - downgrade - module - plus - source diff --git a/CHANGELOG.md b/CHANGELOG.md index c99d9f5..9532bc5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,10 +6,12 @@ BREAKING CHANGES: * The `nginx_state` variable has been replaced with `nginx_setup` and instead of using `present`, `absent`, `latest` you should now use `install`, `uninstall` and `upgrade`. * `nginx_install` variable is no more. Use `nginx_enable` instead. +* Ansible core `2.12` is now a minimum requirement for the role. FEATURES: -Pin repository data when installing NGINX OSS on Alpine and Debian distributions. +* Pin repository data when installing NGINX OSS on Alpine and Debian distributions. +* You can now downgrade versions of NGINX and switch from stable to mainline and viceversa. You will need to specify the NGINX branch and version you wish to install when tweaking versions. ENHANCEMENTS: diff --git a/README.md b/README.md index 4de1b71..4168e5e 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you wish to install NGINX Plus using this role, you will need to obtain an NG ### Ansible -* This role is developed and tested with [maintained](https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html) versions of Ansible core (above `2.11`). +* This role is developed and tested with [maintained](https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html) versions of Ansible core (above `2.12`). * When using Ansible core, you will also need to install the following collections: ```yaml diff --git a/meta/main.yml b/meta/main.yml index de8dd66..548fd42 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -8,7 +8,7 @@ galaxy_info: license: Apache License, Version 2.0 - min_ansible_version: 2.11 + min_ansible_version: 2.12 platforms: - name: Alpine diff --git a/molecule/downgrade/converge.yml b/molecule/downgrade/converge.yml new file mode 100644 index 0000000..ebce729 --- /dev/null +++ b/molecule/downgrade/converge.yml @@ -0,0 +1,23 @@ +--- +- name: Converge + hosts: all + pre_tasks: + - name: Set repo if Alpine + set_fact: + version: "=1.20.2-r1" + when: ansible_facts['os_family'] == "Alpine" + - name: Set repo if Debian + set_fact: + version: "=1.20.2-1~{{ ansible_facts['distribution_release'] }}" + when: ansible_facts['os_family'] == "Debian" + - name: Set repo if Red Hat + set_fact: + version: "-1.20.2-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" + when: ansible_facts['os_family'] == "RedHat" + tasks: + - name: Install NGINX + include_role: + name: ansible-role-nginx + vars: + nginx_version: "{{ version }}" + nginx_branch: stable diff --git a/molecule/downgrade/molecule.yml b/molecule/downgrade/molecule.yml new file mode 100644 index 0000000..ae42aab --- /dev/null +++ b/molecule/downgrade/molecule.yml @@ -0,0 +1,84 @@ +--- +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint --force-color +platforms: + - name: alpine-3.12 + image: alpine:3.12 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: alpine-3.13 + image: alpine:3.13 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: alpine-3.14 + image: alpine:3.14 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: amazonlinux-2 + image: amazonlinux:2 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: centos-7 + image: centos:7 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: centos-8 + image: centos:8 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: debian-buster + image: debian:buster-slim + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: debian-bullseye + image: debian:bullseye-slim + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: ubuntu-bionic + image: ubuntu:bionic + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" + - name: ubuntu-focal + image: ubuntu:focal + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" +provisioner: + name: ansible + playbooks: + prepare: prepare.yml + converge: converge.yml + verify: verify.yml diff --git a/molecule/downgrade/prepare.yml b/molecule/downgrade/prepare.yml new file mode 100644 index 0000000..b1f6967 --- /dev/null +++ b/molecule/downgrade/prepare.yml @@ -0,0 +1,29 @@ +--- +- name: Prepare + hosts: all + pre_tasks: + - name: Set repo if Alpine + set_fact: + version: "=1.21.4-r1" + when: ansible_facts['os_family'] == "Alpine" + - name: Set repo if Debian + set_fact: + version: "=1.21.4-1~{{ ansible_facts['distribution_release'] }}" + when: ansible_facts['os_family'] == "Debian" + - name: Set repo if Red Hat + set_fact: + version: "-1.21.4-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" + when: ansible_facts['os_family'] == "RedHat" + - name: Enable NGINX @CentOS-AppStream dnf modules + shell: + args: + cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa command-instead-of-module + register: dnf_module_enable + changed_when: dnf_module_enable.stdout != 'ENABLED' + when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==') + tasks: + - name: Install NGINX + include_role: + name: ansible-role-nginx + vars: + nginx_version: "{{ version }}" diff --git a/molecule/downgrade/verify.yml b/molecule/downgrade/verify.yml new file mode 100644 index 0000000..867c3b3 --- /dev/null +++ b/molecule/downgrade/verify.yml @@ -0,0 +1,33 @@ +--- +- name: Verify + hosts: all + tasks: + - name: Check if NGINX is installed + package: + name: nginx + state: present + check_mode: true + register: install + failed_when: (install is changed) or (install is failed) + + - name: Check if NGINX service is running + service: + name: nginx + state: started + enabled: true + check_mode: true + register: service + failed_when: (service is changed) or (service is failed) + + - name: Verify NGINX is up and running + uri: + url: http://localhost + status_code: 200 + + # - name: Verify NGINX has been downgraded + # command: nginx -v + # args: + # chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}" + # changed_when: false + # register: version + # failed_when: version is not search('1.21.3') diff --git a/molecule/upgrade/molecule.yml b/molecule/upgrade/molecule.yml index d0a3c1e..8ae258c 100644 --- a/molecule/upgrade/molecule.yml +++ b/molecule/upgrade/molecule.yml @@ -58,5 +58,6 @@ platforms: provisioner: name: ansible playbooks: + prepare: prepare.yml converge: converge.yml verify: verify.yml diff --git a/tasks/opensource/install-debian.yml b/tasks/opensource/install-debian.yml index 486fb3b..f10c9bd 100644 --- a/tasks/opensource/install-debian.yml +++ b/tasks/opensource/install-debian.yml @@ -26,5 +26,7 @@ apt: name: "nginx{{ nginx_version | default('') }}" state: "{{ nginx_state }}" + update_cache: true + allow_downgrade: true ignore_errors: "{{ ansible_check_mode }}" notify: (Handler) Run NGINX diff --git a/tasks/opensource/install-redhat.yml b/tasks/opensource/install-redhat.yml index 8e6a7bc..39a52b0 100644 --- a/tasks/opensource/install-redhat.yml +++ b/tasks/opensource/install-redhat.yml @@ -17,5 +17,6 @@ name: "nginx{{ nginx_version | default('') }}" state: "{{ nginx_state }}" update_cache: true + allow_downgrade: true ignore_errors: "{{ ansible_check_mode }}" notify: (Handler) Run NGINX diff --git a/tasks/plus/install-debian.yml b/tasks/plus/install-debian.yml index 0cd19f3..7ddefe9 100644 --- a/tasks/plus/install-debian.yml +++ b/tasks/plus/install-debian.yml @@ -25,6 +25,7 @@ name: "nginx-plus{{ nginx_version | default('') }}" state: "{{ nginx_state }}" update_cache: true + allow_downgrade: true ignore_errors: "{{ ansible_check_mode }}" when: nginx_license_status is not defined notify: (Handler) Run NGINX diff --git a/tasks/plus/install-redhat.yml b/tasks/plus/install-redhat.yml index abef8db..5c0cf79 100644 --- a/tasks/plus/install-redhat.yml +++ b/tasks/plus/install-redhat.yml @@ -18,6 +18,7 @@ name: "nginx-plus{{ nginx_version | default('') }}" state: "{{ nginx_state }}" update_cache: true + allow_downgrade: true ignore_errors: "{{ ansible_check_mode }}" when: nginx_license_status is not defined notify: (Handler) Run NGINX