Update Ansible to 2.9.12 and explicitly set mode on relevant tasks (#309)

*   Explicitly define `mode` in relevant tasks.
*   Explicitly define the `nginx` `apt_repository` filename in Debian based distros.
*   Building OpenSSL from source should now work properly in CentOS 8.
This commit is contained in:
Alessandro Fael Garcia 2020-08-28 10:30:23 +02:00 committed by GitHub
parent 79ddc30a3a
commit bf2916fc55
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
30 changed files with 172 additions and 93 deletions

View File

@ -57,15 +57,17 @@ jobs:
- name: "(CentOS) Install from Source"
env:
scenario: source_centos
before_install: sudo apt-get -qq update
before_install:
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
- sudo apt-get update
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
install:
- pip install ansible==2.9.11
- pip install molecule==3.0.6
- pip install docker==4.2.2
- pip install ansible-lint==4.2.0
- pip install ansible==2.9.12
- pip install ansible-lint==4.3.2
- pip install molecule==3.0.8
- pip install docker==4.3.1
script:
- molecule --version
- ansible --version
- travis_wait 50 molecule test -s $scenario
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

View File

@ -1,5 +1,25 @@
# Changelog
## 0.16.0 (August 28, 2020)
BREAKING CHANGES:
* The Debian and Ubuntu repositories have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source.
ENHANCEMENTS:
* Update Ansible to `2.9.12` and Ansible Lint to `4.3.2`.
* Explicitly define `mode` in relevant tasks.
* Explicitly define the `nginx` `apt_repository` filename in Debian based distros.
FEATURES:
* TravisCI now always uses the latest version of Docker.
BUG FIXES:
* Building OpenSSL from source should now work properly in CentOS 8.
## 0.15.0 (August 20, 2020)
DEPRECATION WARNING:

View File

@ -9,8 +9,9 @@ This role installs NGINX Open Source, NGINX Plus, the NGINX Amplify agent, or NG
**Note:** This role is still in active development. There may be unidentified issues and the role variables may change as development continues.
**Deprecation Warnings:**
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release.
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX configuration functionalities included in this role will be removed in an upcoming release.
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX Unit functionalities included in this role will be removed in an upcoming release.
Requirements
------------

View File

@ -8,6 +8,6 @@ nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
nginx_plus_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
# Default locations and versions when 'nginx_install_from; is set to 'source'
pcre_version: pcre-8.43
pcre_version: pcre-8.44
zlib_version: zlib-1.2.11
openssl_version: openssl-1.1.1c
openssl_version: openssl-1.1.1g

View File

@ -22,7 +22,7 @@
changed_when: false
when:
- nginx_start | bool
- not ansible_check_mode
- not ansible_check_mode | bool
- name: "(Handler: All OSs) Start NGINX Amplify Agent"
service:

View File

@ -21,5 +21,6 @@
- name: Check default.conf does not exist
stat:
path: /etc/nginx/conf.d/default.conf
check_mode: yes
register: stat_result
failed_when: stat_result.stat.exists

View File

@ -26,6 +26,7 @@
- name: Check default.conf exists
stat:
path: /etc/nginx/conf.d/default.conf
check_mode: yes
register: stat_result
failed_when: not stat_result.stat.exists

View File

@ -6,7 +6,7 @@
include_role:
name: ansible-role-nginx
vars:
nginx_debug_output: true
# nginx_debug_output: true
nginx_service_modify: true
nginx_service_timeout: 95

View File

@ -26,18 +26,21 @@
- name: Check default.conf exists
stat:
path: /etc/nginx/conf.d/default.conf
check_mode: yes
register: stat_result
failed_when: not stat_result.stat.exists
- name: Check frontend_default.conf exists
stat:
path: /etc/nginx/conf.d/frontend_default.conf
check_mode: yes
register: stat_result
failed_when: not stat_result.stat.exists
- name: Check backend_default.conf exists
stat:
path: /etc/nginx/conf.d/backend_default.conf
check_mode: yes
register: stat_result
failed_when: not stat_result.stat.exists

View File

@ -14,6 +14,7 @@
remote_src: yes
src: /etc/amplify-agent/agent.conf.default
dest: /etc/amplify-agent/agent.conf
mode: 0644
- name: "(Setup: All OSs) Configure NGINX Amplify Agent API Key"
lineinfile:

View File

@ -3,10 +3,14 @@
apt_repository:
filename: nginx-amplify
repo: deb [arch=amd64] http://packages.amplify.nginx.com/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} amplify-agent
update_cache: yes
mode: 0644
when: ansible_distribution_release != "focal"
- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository"
apt_repository:
filename: nginx-amplify
repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent
update_cache: yes
mode: 0644
when: ansible_distribution_release == "focal"

View File

@ -6,3 +6,4 @@
description: NGINX Amplify Agent
enabled: yes
gpgcheck: yes
mode: 0644

View File

@ -31,4 +31,5 @@
template:
src: "logrotate/nginx.j2"
dest: "/etc/logrotate.d/nginx"
mode: 0644
notify: "(Config: All OSs) Run Logrotate"

View File

@ -3,6 +3,7 @@
file:
path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}"
state: directory
mode: 0755
with_dict: "{{ nginx_html_demo_template }}"
when: nginx_html_demo_template_enable | bool
@ -11,6 +12,7 @@
src: "{{ item.value.template_file | default('www/index.html.j2') }}"
dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}"
backup: yes
mode: 0644
with_dict: "{{ nginx_html_demo_template }}"
when: nginx_html_demo_template_enable | bool
@ -18,6 +20,7 @@
file:
path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}"
state: directory
mode: 0755
when: nginx_main_template_enable | bool
- name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File"
@ -25,6 +28,7 @@
src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}"
dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}"
backup: yes
mode: 0644
when: nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
@ -32,6 +36,7 @@
file:
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}"
state: directory
mode: 0755
with_dict: "{{ nginx_http_template }}"
when: nginx_http_template_enable | bool
@ -40,6 +45,7 @@
path: "{{ item.1.path }}"
state: directory
owner: "{{ nginx_main_template.user | default('nginx') }}"
mode: 0755
with_subelements:
- "{{ nginx_http_template }}"
- proxy_cache.proxy_cache_path
@ -51,6 +57,7 @@
src: "{{ item.value.template_file | default('http/default.conf.j2') }}"
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
backup: yes
mode: 0644
with_dict: "{{ nginx_http_template }}"
when: nginx_http_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
@ -60,21 +67,24 @@
src: "{{ nginx_status_template_file | default('http/status.conf.j2') }}"
dest: "{{ nginx_status_file_location | default('/etc/nginx/conf.d/status.conf') }}"
backup: yes
notify: "(Handler: All OSs) Reload NGINX"
mode: 0644
when: nginx_status_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File"
template:
src: "{{ nginx_rest_api_template_file | default('http/api.conf.j2') }}"
dest: "{{ nginx_rest_api_file_location | default('/etc/nginx/conf.d/api.conf') }}"
backup: yes
notify: "(Handler: All OSs) Reload NGINX"
mode: 0644
when: nginx_rest_api_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
file:
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}"
state: directory
mode: 0755
with_dict: "{{ nginx_stream_template }}"
when: nginx_stream_template_enable | bool
@ -83,6 +93,7 @@
src: "{{ item.value.template_file | default('stream/default.conf.j2') }}"
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
backup: yes
mode: 0644
with_dict: "{{ nginx_stream_template }}"
notify: "(Handler: All OSs) Reload NGINX"
when: nginx_stream_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -1,8 +1,26 @@
---
- name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists"
file:
path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
state: directory
mode: 0755
when: nginx_html_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX HTML Files"
copy:
src: "{{ item }}"
dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
backup: yes
mode: 0644
with_fileglob: "{{ nginx_html_upload_src }}"
when: nginx_html_upload_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
file:
path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
state: directory
mode: 0755
when: nginx_main_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX Main Configuration File"
@ -10,6 +28,7 @@
src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}"
dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
backup: yes
mode: 0644
when: nginx_main_upload_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
@ -17,6 +36,7 @@
file:
path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
state: directory
mode: 0755
when: nginx_http_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files"
@ -24,6 +44,7 @@
src: "{{ item }}"
dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
backup: yes
mode: 0644
with_fileglob: "{{ nginx_http_upload_src }}"
when: nginx_http_upload_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
@ -32,6 +53,7 @@
file:
path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
state: directory
mode: 0755
when: nginx_stream_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files"
@ -39,44 +61,32 @@
src: "{{ item }}"
dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
backup: yes
mode: 0644
with_fileglob: "{{ nginx_stream_upload_src }}"
when: nginx_stream_upload_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists"
file:
path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
state: directory
when: nginx_html_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX HTML Files"
copy:
src: "{{ item }}"
dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
backup: yes
with_fileglob: "{{ nginx_html_upload_src }}"
when: nginx_html_upload_enable | bool
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: All NGINX) Ensure SSL Certificate Directory Exists"
file:
path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
state: directory
mode: 0755
when: nginx_ssl_upload_enable | bool
- name: "(Setup: All NGINX) Ensure SSL Key Directory Exists"
file:
path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
state: directory
mode: 0755
when: nginx_ssl_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX SSL Certificates"
copy:
src: "{{ item }}"
dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
mode: 0640
decrypt: yes
backup: yes
mode: 0640
with_fileglob: "{{ nginx_ssl_crt_upload_src }}"
when: nginx_ssl_upload_enable | bool
@ -84,9 +94,9 @@
copy:
src: "{{ item }}"
dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
mode: 0640
decrypt: yes
backup: yes
mode: 0640
with_fileglob: "{{ nginx_ssl_key_upload_src }}"
no_log: yes
when: nginx_ssl_upload_enable | bool

View File

@ -11,3 +11,4 @@
get_url:
url: "{{ keysite }}"
dest: /etc/apk/keys/nginx_signing.rsa.pub
mode: 0400

View File

@ -12,7 +12,7 @@
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
when:
- ansible_service_mgr == "systemd"
- nginx_service_modify
- nginx_service_modify | bool
- name: "(Install: Linux) Install NGINX From Source"
include_tasks: "{{ role_path }}/tasks/opensource/setup-source.yml"

View File

@ -15,7 +15,10 @@
- name: "(Install: Debian/Ubuntu) Add NGINX Repository"
apt_repository:
filename: nginx
repo: "{{ item }}"
update_cache: yes
mode: 0644
loop: "{{ repository }}"
- name: "(Install: Debian/Ubuntu) Install NGINX"

View File

@ -17,6 +17,7 @@
description: NGINX Repository
enabled: yes
gpgcheck: yes
mode: 0644
when: ansible_distribution_major_version < "8"
- name: "(Install: CentOS/RedHat) Add NGINX Repository for CentOS/RHEL 8"
@ -30,6 +31,7 @@
gpgcheck = 1
name = NGINX Repository
module_hotfixes = true
mode: 0644
when: ansible_distribution_major_version == "8"
- name: "(Install: CentOS/RedHat) Install Required CentOS/RedHat Dependencies"

View File

@ -1,20 +1,21 @@
---
- name: "(Install: Linux) Check For Build Tools"
block:
- name: "(Install: Centos/RHEL) Install Python"
yum:
name:
- python3
- python3-pip
- python3-devel
update_cache: yes
when: ansible_os_family == "RedHat"
- name: "(Install: Centos/RHEL) Setup Python 3"
block:
- name: "(Install: Centos/RHEL) Install Python 3"
yum:
name:
- python3
- python3-pip
- python3-devel
update_cache: yes
- name: "(Install: Centos/RHEL) Set Python3 Default"
alternatives:
name: python
path: /usr/bin/python3
link: /usr/bin/python
- name: "(Install: Centos/RHEL) Set Python 3 Default"
alternatives:
name: python
path: /usr/bin/python3
link: /usr/bin/python
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "8"
@ -37,7 +38,10 @@
- name: "(Install: Debian) Install Backports Repo For Buster"
apt_repository:
filename: buster-backports
repo: deb http://ftp.us.debian.org/debian buster-backports main
update_cache: yes
mode: 0644
when: ansible_distribution_release == "buster"
- name: "(Install: Debian/Ubuntu) Install Build Tools"
@ -76,7 +80,7 @@
owner: root
mode: 0644
when: ansible_os_family == "Alpine"
when: nginx_install_source_build_tools
when: nginx_install_source_build_tools | bool
- name: "(Install: Linux) Check For Source Installs"
block:
@ -100,7 +104,7 @@
name: pcre-devel
update_cache: yes
when:
- nginx_install_source_pcre
- nginx_install_source_pcre | bool
- ansible_os_family == "RedHat"
- name: "(Install: Debian/Ubuntu) Install PCRE Dependency From Package"
@ -108,7 +112,7 @@
name: libpcre3-dev
update_cache: yes
when:
- nginx_install_source_pcre
- nginx_install_source_pcre | bool
- ansible_os_family == "Debian"
- name: "(Install: Alpine) Install PCRE Dependency From Package"
@ -116,7 +120,7 @@
name: pcre-dev
update_cache: yes
when:
- nginx_install_source_pcre
- nginx_install_source_pcre | bool
- ansible_os_family == "Alpine"
- name: "(Install: Linux) Install PCRE Dependence From Source"
@ -125,6 +129,7 @@
get_url:
url: "http://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz"
dest: "/tmp/{{ pcre_version }}.tar.gz"
mode: 0600
register: pcre_source
- name: "(Install: Linux) Unpack PCRE Dependency"
@ -132,13 +137,12 @@
copy: no
dest: /tmp/
src: "{{ pcre_source.dest }}"
register: pcre_source_unpack
mode: 0700
- name: "(Install: Linux) Configure PCRE Dependency"
command: "./configure"
args:
chdir: "/tmp/{{ pcre_version }}"
register: pcre_configure
- name: "(Install: Linux) Make PCRE Dependency"
make:
@ -149,15 +153,15 @@
chdir: "/tmp/{{ pcre_version }}"
target: install
when:
- not pcre_result.stat.exists
- not nginx_install_source_pcre
- not pcre_result.stat.exists | bool
- not nginx_install_source_pcre | bool
- name: "(Install: Centos/RHEL) Install ZLib Dependency From Package"
yum:
name: zlib-devel
update_cache: yes
when:
- nginx_install_source_zlib
- nginx_install_source_zlib | bool
- ansible_os_family == "RedHat"
- name: "(Install: Debian/Ubuntu) Install ZLib Dependency From Package"
@ -165,7 +169,7 @@
name: zlib1g-dev
update_cache: true
when:
- nginx_install_source_zlib
- nginx_install_source_zlib | bool
- ansible_os_family == "Debian"
- name: "(Install: Alpine) Install ZLib Dependency From Package"
@ -173,7 +177,7 @@
name: zlib-dev
update_cache: yes
when:
- nginx_install_source_zlib
- nginx_install_source_zlib | bool
- ansible_os_family == "Alpine"
- name: "(Install: Linux) Install ZLib Dependency From Source"
@ -182,6 +186,7 @@
get_url:
url: "http://zlib.net/{{ zlib_version }}.tar.gz"
dest: "/tmp/{{ zlib_version }}.tar.gz"
mode: 0600
register: zlib_source
- name: "(Install: Linux) Unpack ZLib Dependency"
@ -189,13 +194,12 @@
copy: no
dest: /tmp/
src: "{{ zlib_source.dest }}"
register: zlib_source_unpack
mode: 0700
- name: "(Install: Linux) Configure zlib Dependency"
command: "./configure"
args:
chdir: "/tmp/{{ zlib_version }}"
register: zlib_configure
- name: "(Install: Linux) Make ZLib Dependency"
make:
@ -206,15 +210,15 @@
chdir: "/tmp/{{ zlib_version }}"
target: install
when:
- not zlib_result.stat.exists
- not nginx_install_source_zlib
- not zlib_result.stat.exists | bool
- not nginx_install_source_zlib | bool
- name: "(Install: Centos/RHEL) Install OpenSSL Dependency From Package"
yum:
name: openssl-devel
update_cache: yes
when:
- nginx_install_source_openssl
- nginx_install_source_openssl | bool
- ansible_os_family == "RedHat"
- name: "(Install: Debian/Ubuntu) Install OpenSSL Dependency From Package"
@ -222,7 +226,7 @@
name: libssl-dev
update_cache: yes
when:
- nginx_install_source_openssl
- nginx_install_source_openssl | bool
- ansible_os_family == "Debian"
- name: "(Install: Alpine) Install OpenSSL Dependency From Package"
@ -230,7 +234,7 @@
name: openssl-dev
update_cache: yes
when:
- nginx_install_source_openssl
- nginx_install_source_openssl | bool
- ansible_os_family == "Alpine"
- name: "(Install: Linux) Install OpenSSL Dependency From Source"
@ -239,6 +243,7 @@
get_url:
url: "http://www.openssl.org/source/{{ openssl_version }}.tar.gz"
dest: "/tmp/{{ openssl_version }}.tar.gz"
mode: 0600
register: openssl_source
- name: "(Install: Linux) Unpack OpenSSL Dependency"
@ -246,13 +251,12 @@
copy: no
dest: /tmp/
src: "{{ openssl_source.dest }}"
register: openssl_source_unpack
mode: 0700
- name: "(Install: Linux) Configure OpenSSL Dependency"
command: "./config --prefix=/usr"
command: "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib"
args:
chdir: "/tmp/{{ openssl_version }}"
register: openssl_configure
- name: "(Install: Linux) Make OpenSSL Dependency"
make:
@ -263,8 +267,8 @@
chdir: "/tmp/{{ openssl_version }}"
target: install
when:
- not openssl_result.stat.exists
- not nginx_install_source_openssl
- not openssl_result.stat.exists | bool
- not nginx_install_source_openssl | bool
- name: "(Install: Linux) Get NGINX Version"
block:
@ -309,6 +313,7 @@
get_url:
url: "http://nginx.org/download/{{ nginx_download_name }}.tar.gz"
dest: "/tmp/{{ nginx_download_name }}.tar.gz"
mode: 0600
register: nginx_source
- name: "(Install: Linux) Unpack NGINX"
@ -316,7 +321,7 @@
copy: no
dest: /tmp/
src: "{{ nginx_source.dest }}"
register: nginx_source_unpack
mode: 0755
- name: "(Install: Linux) Configure NGINX"
command: >-
@ -353,7 +358,7 @@
dest: /lib/systemd/system/nginx.service
owner: root
group: root
mode: '0644'
mode: 0644
when: ansible_service_mgr == "systemd"
- name: "(Install: Linux) Enable systemd NGINX Service File"
@ -362,8 +367,8 @@
name: nginx
state: restarted
enabled: yes
notify: "(Handler: All OSs) Start NGINX"
when: ansible_service_mgr == "systemd"
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: Linux) Upload upstart NGINX Service File"
copy:
@ -371,7 +376,7 @@
dest: /etc/init.d/nginx
owner: root
group: root
mode: '0755'
mode: 0755
when: ansible_service_mgr == "upstart"
- name: "(Install: Linux) Upload upstart NGINX Service Conf File"
@ -380,7 +385,7 @@
dest: /etc/init/nginx.conf
owner: root
group: root
mode: '0644'
mode: 0644
when: ansible_service_mgr == "upstart"
- name: "(Install: Linux) Enable upstart NGINX Service Reload"
@ -389,8 +394,8 @@
- name: "(Install: Linux) Start upstart NGINX Service Reload"
command: "nginx"
notify: "(Handler: All OSs) Start NGINX"
when: ansible_service_mgr == "upstart"
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: Linux) Upload sysvinit NGINX Service File"
copy:
@ -398,9 +403,9 @@
dest: /etc/init.d/nginx
owner: root
group: root
mode: '0755'
notify: "(Handler: All OSs) Start NGINX"
mode: 0755
when: ansible_service_mgr == "sysvinit"
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: Linux) Upload openrc NGINX Service File"
copy:
@ -408,7 +413,7 @@
dest: /etc/init.d/nginx
owner: root
group: root
mode: '0755'
mode: 0755
when: ansible_service_mgr == "openrc"
- name: "(Install: Linux) Enable openrc NGINX Service"

View File

@ -1,5 +1,6 @@
---
- include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml"
- name: "(Setup: Linux) Setup NGINX Plus Repository"
include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml"
when: ansible_os_family == "Alpine"
or ansible_os_family == "Debian"
or ansible_os_family == "RedHat"
@ -9,7 +10,7 @@
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
when:
- ansible_service_mgr == "systemd"
- nginx_service_modify
- nginx_service_modify | bool
- name: "(Install: Linux) Install NGINX Plus"
package:

View File

@ -10,6 +10,7 @@
MIRROR_TYPE: SRV
}
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
- name: "(Setup: FreeBSD) Setup NGINX Plus License"
blockinfile:

View File

@ -1,11 +1,4 @@
---
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus Repository"
apt_repository:
repo: deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus
filename: nginx-plus
update_cache: no
state: "{{ nginx_license_status | default ('present') }}"
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus License"
blockinfile:
path: /etc/apt/apt.conf.d/90nginx
@ -16,7 +9,12 @@
Acquire::https::plus-pkgs.nginx.com::SslCert "/etc/ssl/nginx/nginx-repo.crt";
Acquire::https::plus-pkgs.nginx.com::SslKey "/etc/ssl/nginx/nginx-repo.key";
state: "{{ nginx_license_status | default ('present') }}"
mode: 0444
- name: "(Setup: Debian/Ubuntu) Update APT Cache"
apt:
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus Repository"
apt_repository:
filename: nginx-plus
repo: deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus
update_cache: yes
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644

View File

@ -5,12 +5,14 @@
file:
path: /etc/ssl/nginx
state: directory
mode: 0755
- name: "(Setup: All OSs Besides Alpine Linux) Copy NGINX Plus Certificate and License Key"
copy:
src: "{{ item }}"
dest: /etc/ssl/nginx
decrypt: yes
mode: 0444
loop:
- "{{ nginx_license.certificate }}"
- "{{ nginx_license.key }}"
@ -22,16 +24,19 @@
file:
path: /etc/apk
state: directory
mode: 0755
- name: "(Setup: Alpine Linux) Copy NGINX Plus Key"
copy:
src: "{{ nginx_license.key }}"
dest: /etc/apk/cert.key
decrypt: yes
mode: 0444
- name: "(Setup: Alpine Linux) Copy NGINX Plus Certificate"
copy:
src: "{{ nginx_license.certificate }}"
dest: /etc/apk/cert.pem
decrypt: yes
mode: 0444
when: ansible_distribution == "Alpine"

View File

@ -11,6 +11,7 @@
enabled: yes
gpgcheck: yes
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
when: ansible_distribution != "Amazon"
- name: "(Setup: Amazon Linux) Setup NGINX Plus Repository"
@ -25,4 +26,5 @@
enabled: yes
gpgcheck: yes
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
when: ansible_distribution == "Amazon"

View File

@ -3,6 +3,7 @@
assemble:
src: /etc/ssl/nginx
dest: /etc/ssl/nginx/nginx-repo-bundle.crt
mode: 0444
- name: "(Setup: SUSE) Setup NGINX Plus Repository"
zypper_repository:

View File

@ -80,6 +80,7 @@
template:
src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2"
dest: "{{ nginx_tempdir }}/nginx-plus-module.te"
mode: 0644
register: nginx_selinux_module
- name: "(Setup: SELinux) Check NGINX Plus Module"

View File

@ -12,10 +12,10 @@
owner: root
group: root
mode: 0644
notify: "(Handler: All OSs) Systemd Daemon-Reload"
when:
- not nginx_service_custom | bool
- not nginx_service_clean | bool
notify: "(Handler: All OSs) Systemd Daemon-Reload"
- name: "(Setup: Linux) Customize Override For NGINX Systemd Service"
copy:
@ -24,14 +24,14 @@
owner: root
group: root
mode: 0644
notify: "(Handler: All OSs) Systemd Daemon-Reload"
when:
- nginx_service_custom | bool
- not nginx_service_clean | bool
notify: "(Handler: All OSs) Systemd Daemon-Reload"
- name: "(Setup: Linux) Remove Override For NGINX Systemd Service"
file:
path: "{{ nginx_service_overridepath }}"
state: absent
notify: "(Handler: All OSs) Systemd Daemon-Reload"
when: nginx_service_clean | bool
notify: "(Handler: All OSs) Systemd Daemon-Reload"

View File

@ -2,6 +2,7 @@
- name: "(Install: Debian/Ubuntu) Add NGINX Unit Repository"
apt_repository:
repo: "{{ item }}"
mode: 0644
loop:
- deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit
- deb-src https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit

View File

@ -6,6 +6,7 @@
description: NGINX Unit Repository
enabled: yes
gpgcheck: yes
mode: 0644
when: ansible_distribution != "Amazon"
- name: "(Install: Amazon Linux) Add NGINX Unit Repository"
@ -15,4 +16,5 @@
description: NGINX Unit Repository
enabled: yes
gpgcheck: yes
mode: 0644
when: ansible_distribution == "Amazon"