Refactor status templating (#288)

This commit is contained in:
Alessandro Fael Garcia 2020-07-22 16:19:43 +02:00 committed by GitHub
parent 838e756ab8
commit b7e25961d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 76 additions and 59 deletions

View File

@ -6,6 +6,7 @@ BREAKING CHANGES:
* The Debian and Ubuntu repositories have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source.
* If you use `custom_options` you will now need to manually end each directive with a semicolon.
* The `status` directive is no longer supported in NGINX Plus, and the `stub_status` directive has been reworked into a template.
* The listen directive structure in the `stream` template has been updated to the listen directive structure found in the `http` template. You can now specify multiple `listen` directives in the same `server` block as well as include any extra `listen` options you might need.
Old configuration example

View File

@ -317,9 +317,12 @@ nginx_http_template:
# Note - 'status' has been deprecated since NGINX Plus R13.
# Default is false.
nginx_status_enable: false
nginx_status_location: /etc/nginx/conf.d/stub_status.conf
nginx_status_port: 80
nginx_status_template_file: http/status.conf.j2
nginx_status_file_location: /etc/nginx/conf.d/status.conf
nginx_status_log: false
nginx_status_port: 80
nginx_status_allow: 127.0.0.1
nginx_status_deny: all
# Enable NGINX Plus REST API, write access to the REST API, and NGINX Plus dashboard.
# Requires NGINX Plus.
@ -327,10 +330,14 @@ nginx_status_log: false
nginx_rest_api_enable: false
nginx_rest_api_template_file: http/api.conf.j2
nginx_rest_api_file_location: /etc/nginx/conf.d/api.conf
nginx_rest_api_port: 80
nginx_rest_api_log: false
nginx_rest_api_port: 80
nginx_rest_api_write: false
nginx_rest_api_dashboard: false
nginx_status_rest_api_allow: 127.0.0.1
nginx_status_rest_api_deny: all
nginx_status_rest_api_dashboard_allow: 127.0.0.1
nginx_status_rest_api_dashboard_deny: all
# Enable creating dynamic templated NGINX stream configuration files.
# Defaults will not produce a valid configuration. Instead they are meant to showcase

View File

@ -58,7 +58,6 @@
stream_enable: true
nginx_status_enable: true
nginx_status_location: /etc/nginx/conf.d/stub_status.conf
nginx_status_port: 8080
nginx_status_log: true

View File

@ -1,34 +0,0 @@
---
- name: "(Setup: NGINX Open Source) Enable NGINX Open Source Status"
blockinfile:
path: "{{ nginx_status_location }}"
create: yes
block: |
server {
listen 127.0.0.1:{{ nginx_status_port | default('80') }};
location /nginx_status {
stub_status on;
access_log {{ nginx_status_log | ternary("on", "off") }};
allow 127.0.0.1;
deny all;
}
}
when: nginx_type == "opensource"
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: NGINX Plus) Enable NGINX Plus Status"
blockinfile:
path: "{{ nginx_status_location }}"
create: yes
block: |
server {
listen 127.0.0.1:{{ nginx_status_port | default('80') }};
location /status {
status;
access_log {{ nginx_status_log | ternary("on", "off") }};
allow 127.0.0.1;
deny all;
}
}
when: nginx_type == "plus"
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -55,6 +55,14 @@
when: nginx_http_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: All NGINX) Dynamically Generate NGINX Stub Status Configuration File"
template:
src: "{{ nginx_status_template_file | default('http/status.conf.j2') }}"
dest: "{{ nginx_status_file_location | default('/etc/nginx/conf.d/status.conf') }}"
backup: yes
notify: "(Handler: All OSs) Reload NGINX"
when: nginx_status_enable | bool
- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File"
template:
src: "{{ nginx_rest_api_template_file | default('http/api.conf.j2') }}"

View File

@ -1,9 +1,9 @@
---
- name: "(Setup: Prerequisites)"
- name: "(Setup: All OSs) Setup Prerequisites"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-{{ ansible_os_family | lower }}.yml"
tags: nginx_prerequisites
- name: "(Setup: Keys)"
- name: "(Setup: All OSs) Setup Keys"
import_tasks: keys/setup-keys.yml
when:
- ansible_os_family == "Alpine"
@ -15,35 +15,43 @@
or nginx_unit_enable
tags: nginx_key
- name: "(Install: Debian/Ubuntu/CentOS/RedHat/FreeBSD) Install NGINX"
- name: "(Install/Config: All OSs) Install and Configure NGINX"
block:
- block:
- include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml"
- name: "(Install: All OSs) Install NGINX"
block:
- name: "(Install: All OSs) Install NGINX Open Source"
include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml"
when: nginx_type == "opensource"
tags: nginx_install_oss
- include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml"
- name: "(Install: All OSs) Install NGINX Plus"
include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml"
when: nginx_type == "plus"
tags: nginx_install_plus
- include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml"
- name: "(Install: All OSs) Install NGINX Modules"
include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml"
when: true in nginx_modules.values()
tags: nginx_install_modules
- include_tasks: "{{ role_path }}/tasks/plus/delete-license.yml"
- name: "(Install: All OSs) Delete NGINX Plus License"
include_tasks: "{{ role_path }}/tasks/plus/delete-license.yml"
when:
- nginx_type == "plus"
- nginx_delete_license
tags: nginx_delete_license
when: nginx_install | bool
- block:
- include_tasks: "{{ role_path }}/tasks/conf/cleanup-config.yml"
- name: "(Config: All OSs) Configure NGINX"
block:
- name: "(Config: All OSs) Cleanup NGINX Config"
include_tasks: "{{ role_path }}/tasks/conf/cleanup-config.yml"
when: nginx_cleanup_config | bool
tags: nginx_cleanup_config
- include_tasks: "{{ role_path }}/tasks/conf/upload-config.yml"
- name: "(Config: All OSs) Upload NGINX Config"
include_tasks: "{{ role_path }}/tasks/conf/upload-config.yml"
when: nginx_main_upload_enable
or nginx_http_upload_enable
or nginx_stream_upload_enable
@ -51,37 +59,38 @@
or nginx_ssl_upload_enable
tags: nginx_upload_config
- include_tasks: "{{ role_path }}/tasks/conf/template-config.yml"
- name: "(Config: All OSs) Create NGINX Config"
include_tasks: "{{ role_path }}/tasks/conf/template-config.yml"
when: nginx_main_template_enable
or nginx_http_template_enable
or nginx_stream_template_enable
or nginx_rest_api_enable
tags: nginx_template_config
- include_tasks: "{{ role_path }}/tasks/conf/setup-status.yml"
when: nginx_status_enable | bool
tags: nginx_setup_status
when: nginx_configure | bool
- name: "(Config: All OSs) Ensure NGINX is Running"
meta: flush_handlers
- include_tasks: "{{ role_path }}/tasks/conf/debug-output.yml"
- name: "(Config: All OSs) Debug Output"
include_tasks: "{{ role_path }}/tasks/conf/debug-output.yml"
when: nginx_debug_output | bool
tags: nginx_debug_output
- include_tasks: "{{ role_path }}/tasks/conf/logrotate.yml"
- name: "(Config: All OSs): Configure Logrotate"
include_tasks: "{{ role_path }}/tasks/conf/logrotate.yml"
when: nginx_logrotate_conf_enable | bool
tags: nginx_logrotate_config
when: nginx_enable | bool
- include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml"
- name: "(Install: All OSs) Install NGINX Amplify"
include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml"
when:
- nginx_amplify_enable | bool
- nginx_amplify_api_key is defined
- nginx_amplify_api_key | length > 0
tags: nginx_install_amplify
- include_tasks: "{{ role_path }}/tasks/unit/install-unit.yml"
- name: "(Install: All OSs) Install NGINX Unit"
include_tasks: "{{ role_path }}/tasks/unit/install-unit.yml"
when: nginx_unit_enable | bool
tags: nginx_install_unit

View File

@ -2,17 +2,29 @@
server {
listen {{ nginx_rest_api_port | default('80') }};
access_log {{ nginx_rest_api_log | ternary("on", "off") }};
access_log {{ nginx_rest_api_log | ternary('on', 'off') }};
location /api {
{% if nginx_rest_api_write %}
api write=on;
{% else %}
api;
{% endif %}
{% if nginx_status_rest_api_allow is defined %}
allow {{ nginx_status_rest_api_allow }};
{% endif %}
{% if nginx_status_rest_api_deny is defined %}
deny {{ nginx_status_rest_api_deny }};
{% endif %}
}
{% if nginx_rest_api_dashboard %}
location = /dashboard.html {
root /usr/share/nginx/html;
{% if nginx_status_rest_api_dashboard_allow is defined %}
allow {{ nginx_status_rest_api_dashboard_allow }};
{% endif %}
{% if nginx_status_rest_api_dashboard_deny is defined %}
deny {{ nginx_status_rest_api_dashboard_deny }};
{% endif %}
}
{% endif %}
}

View File

@ -0,0 +1,15 @@
{{ ansible_managed | comment }}
server {
listen {{ nginx_status_port | default('80') }};
access_log {{ nginx_status_log | ternary('on', 'off') }};
location /nginx_status {
stub_status on;
{% if nginx_status_allow is defined %}
allow {{ nginx_status_allow }};
{% endif %}
{% if nginx_status_deny is defined %}
deny {{ nginx_status_deny }};
{% endif %}
}
}