Update Ansible to 2.9.12 and explicitly set mode on relevant tasks (#309)
* Explicitly define `mode` in relevant tasks. * Explicitly define the `nginx` `apt_repository` filename in Debian based distros. * Building OpenSSL from source should now work properly in CentOS 8.
This commit is contained in:
parent
79ddc30a3a
commit
bf2916fc55
16
.travis.yml
16
.travis.yml
@ -57,15 +57,17 @@ jobs:
|
||||
- name: "(CentOS) Install from Source"
|
||||
env:
|
||||
scenario: source_centos
|
||||
before_install: sudo apt-get -qq update
|
||||
before_install:
|
||||
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
||||
- sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
||||
- sudo apt-get update
|
||||
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
|
||||
install:
|
||||
- pip install ansible==2.9.11
|
||||
- pip install molecule==3.0.6
|
||||
- pip install docker==4.2.2
|
||||
- pip install ansible-lint==4.2.0
|
||||
- pip install ansible==2.9.12
|
||||
- pip install ansible-lint==4.3.2
|
||||
- pip install molecule==3.0.8
|
||||
- pip install docker==4.3.1
|
||||
script:
|
||||
- molecule --version
|
||||
- ansible --version
|
||||
- travis_wait 50 molecule test -s $scenario
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
||||
|
20
CHANGELOG.md
20
CHANGELOG.md
@ -1,5 +1,25 @@
|
||||
# Changelog
|
||||
|
||||
## 0.16.0 (August 28, 2020)
|
||||
|
||||
BREAKING CHANGES:
|
||||
|
||||
* The Debian and Ubuntu repositories have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source.
|
||||
|
||||
ENHANCEMENTS:
|
||||
|
||||
* Update Ansible to `2.9.12` and Ansible Lint to `4.3.2`.
|
||||
* Explicitly define `mode` in relevant tasks.
|
||||
* Explicitly define the `nginx` `apt_repository` filename in Debian based distros.
|
||||
|
||||
FEATURES:
|
||||
|
||||
* TravisCI now always uses the latest version of Docker.
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* Building OpenSSL from source should now work properly in CentOS 8.
|
||||
|
||||
## 0.15.0 (August 20, 2020)
|
||||
|
||||
DEPRECATION WARNING:
|
||||
|
@ -9,8 +9,9 @@ This role installs NGINX Open Source, NGINX Plus, the NGINX Amplify agent, or NG
|
||||
**Note:** This role is still in active development. There may be unidentified issues and the role variables may change as development continues.
|
||||
|
||||
**Deprecation Warnings:**
|
||||
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release.
|
||||
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
|
||||
|
||||
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX configuration functionalities included in this role will be removed in an upcoming release.
|
||||
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX Unit functionalities included in this role will be removed in an upcoming release.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
@ -8,6 +8,6 @@ nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
|
||||
nginx_plus_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
|
||||
|
||||
# Default locations and versions when 'nginx_install_from; is set to 'source'
|
||||
pcre_version: pcre-8.43
|
||||
pcre_version: pcre-8.44
|
||||
zlib_version: zlib-1.2.11
|
||||
openssl_version: openssl-1.1.1c
|
||||
openssl_version: openssl-1.1.1g
|
||||
|
@ -22,7 +22,7 @@
|
||||
changed_when: false
|
||||
when:
|
||||
- nginx_start | bool
|
||||
- not ansible_check_mode
|
||||
- not ansible_check_mode | bool
|
||||
|
||||
- name: "(Handler: All OSs) Start NGINX Amplify Agent"
|
||||
service:
|
||||
|
@ -21,5 +21,6 @@
|
||||
- name: Check default.conf does not exist
|
||||
stat:
|
||||
path: /etc/nginx/conf.d/default.conf
|
||||
check_mode: yes
|
||||
register: stat_result
|
||||
failed_when: stat_result.stat.exists
|
||||
|
@ -26,6 +26,7 @@
|
||||
- name: Check default.conf exists
|
||||
stat:
|
||||
path: /etc/nginx/conf.d/default.conf
|
||||
check_mode: yes
|
||||
register: stat_result
|
||||
failed_when: not stat_result.stat.exists
|
||||
|
||||
|
@ -6,7 +6,7 @@
|
||||
include_role:
|
||||
name: ansible-role-nginx
|
||||
vars:
|
||||
nginx_debug_output: true
|
||||
# nginx_debug_output: true
|
||||
|
||||
nginx_service_modify: true
|
||||
nginx_service_timeout: 95
|
||||
|
@ -26,18 +26,21 @@
|
||||
- name: Check default.conf exists
|
||||
stat:
|
||||
path: /etc/nginx/conf.d/default.conf
|
||||
check_mode: yes
|
||||
register: stat_result
|
||||
failed_when: not stat_result.stat.exists
|
||||
|
||||
- name: Check frontend_default.conf exists
|
||||
stat:
|
||||
path: /etc/nginx/conf.d/frontend_default.conf
|
||||
check_mode: yes
|
||||
register: stat_result
|
||||
failed_when: not stat_result.stat.exists
|
||||
|
||||
- name: Check backend_default.conf exists
|
||||
stat:
|
||||
path: /etc/nginx/conf.d/backend_default.conf
|
||||
check_mode: yes
|
||||
register: stat_result
|
||||
failed_when: not stat_result.stat.exists
|
||||
|
||||
|
@ -14,6 +14,7 @@
|
||||
remote_src: yes
|
||||
src: /etc/amplify-agent/agent.conf.default
|
||||
dest: /etc/amplify-agent/agent.conf
|
||||
mode: 0644
|
||||
|
||||
- name: "(Setup: All OSs) Configure NGINX Amplify Agent API Key"
|
||||
lineinfile:
|
||||
|
@ -3,10 +3,14 @@
|
||||
apt_repository:
|
||||
filename: nginx-amplify
|
||||
repo: deb [arch=amd64] http://packages.amplify.nginx.com/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} amplify-agent
|
||||
update_cache: yes
|
||||
mode: 0644
|
||||
when: ansible_distribution_release != "focal"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository"
|
||||
apt_repository:
|
||||
filename: nginx-amplify
|
||||
repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent
|
||||
update_cache: yes
|
||||
mode: 0644
|
||||
when: ansible_distribution_release == "focal"
|
||||
|
@ -6,3 +6,4 @@
|
||||
description: NGINX Amplify Agent
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
mode: 0644
|
||||
|
@ -31,4 +31,5 @@
|
||||
template:
|
||||
src: "logrotate/nginx.j2"
|
||||
dest: "/etc/logrotate.d/nginx"
|
||||
mode: 0644
|
||||
notify: "(Config: All OSs) Run Logrotate"
|
||||
|
@ -3,6 +3,7 @@
|
||||
file:
|
||||
path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
with_dict: "{{ nginx_html_demo_template }}"
|
||||
when: nginx_html_demo_template_enable | bool
|
||||
|
||||
@ -11,6 +12,7 @@
|
||||
src: "{{ item.value.template_file | default('www/index.html.j2') }}"
|
||||
dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}"
|
||||
backup: yes
|
||||
mode: 0644
|
||||
with_dict: "{{ nginx_html_demo_template }}"
|
||||
when: nginx_html_demo_template_enable | bool
|
||||
|
||||
@ -18,6 +20,7 @@
|
||||
file:
|
||||
path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_main_template_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File"
|
||||
@ -25,6 +28,7 @@
|
||||
src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}"
|
||||
dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}"
|
||||
backup: yes
|
||||
mode: 0644
|
||||
when: nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
||||
@ -32,6 +36,7 @@
|
||||
file:
|
||||
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
with_dict: "{{ nginx_http_template }}"
|
||||
when: nginx_http_template_enable | bool
|
||||
|
||||
@ -40,6 +45,7 @@
|
||||
path: "{{ item.1.path }}"
|
||||
state: directory
|
||||
owner: "{{ nginx_main_template.user | default('nginx') }}"
|
||||
mode: 0755
|
||||
with_subelements:
|
||||
- "{{ nginx_http_template }}"
|
||||
- proxy_cache.proxy_cache_path
|
||||
@ -51,6 +57,7 @@
|
||||
src: "{{ item.value.template_file | default('http/default.conf.j2') }}"
|
||||
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
|
||||
backup: yes
|
||||
mode: 0644
|
||||
with_dict: "{{ nginx_http_template }}"
|
||||
when: nginx_http_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
@ -60,21 +67,24 @@
|
||||
src: "{{ nginx_status_template_file | default('http/status.conf.j2') }}"
|
||||
dest: "{{ nginx_status_file_location | default('/etc/nginx/conf.d/status.conf') }}"
|
||||
backup: yes
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
mode: 0644
|
||||
when: nginx_status_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
||||
- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File"
|
||||
template:
|
||||
src: "{{ nginx_rest_api_template_file | default('http/api.conf.j2') }}"
|
||||
dest: "{{ nginx_rest_api_file_location | default('/etc/nginx/conf.d/api.conf') }}"
|
||||
backup: yes
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
mode: 0644
|
||||
when: nginx_rest_api_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
|
||||
file:
|
||||
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
with_dict: "{{ nginx_stream_template }}"
|
||||
when: nginx_stream_template_enable | bool
|
||||
|
||||
@ -83,6 +93,7 @@
|
||||
src: "{{ item.value.template_file | default('stream/default.conf.j2') }}"
|
||||
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
|
||||
backup: yes
|
||||
mode: 0644
|
||||
with_dict: "{{ nginx_stream_template }}"
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
when: nginx_stream_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
@ -1,8 +1,26 @@
|
||||
---
|
||||
- name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists"
|
||||
file:
|
||||
path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_html_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Upload NGINX HTML Files"
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
|
||||
backup: yes
|
||||
mode: 0644
|
||||
with_fileglob: "{{ nginx_html_upload_src }}"
|
||||
when: nginx_html_upload_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
|
||||
file:
|
||||
path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_main_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Upload NGINX Main Configuration File"
|
||||
@ -10,6 +28,7 @@
|
||||
src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}"
|
||||
dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
|
||||
backup: yes
|
||||
mode: 0644
|
||||
when: nginx_main_upload_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
||||
@ -17,6 +36,7 @@
|
||||
file:
|
||||
path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_http_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files"
|
||||
@ -24,6 +44,7 @@
|
||||
src: "{{ item }}"
|
||||
dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
|
||||
backup: yes
|
||||
mode: 0644
|
||||
with_fileglob: "{{ nginx_http_upload_src }}"
|
||||
when: nginx_http_upload_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
@ -32,6 +53,7 @@
|
||||
file:
|
||||
path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_stream_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files"
|
||||
@ -39,44 +61,32 @@
|
||||
src: "{{ item }}"
|
||||
dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
|
||||
backup: yes
|
||||
mode: 0644
|
||||
with_fileglob: "{{ nginx_stream_upload_src }}"
|
||||
when: nginx_stream_upload_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists"
|
||||
file:
|
||||
path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
|
||||
state: directory
|
||||
when: nginx_html_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Upload NGINX HTML Files"
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
|
||||
backup: yes
|
||||
with_fileglob: "{{ nginx_html_upload_src }}"
|
||||
when: nginx_html_upload_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure SSL Certificate Directory Exists"
|
||||
file:
|
||||
path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_ssl_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Ensure SSL Key Directory Exists"
|
||||
file:
|
||||
path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: nginx_ssl_upload_enable | bool
|
||||
|
||||
- name: "(Setup: All NGINX) Upload NGINX SSL Certificates"
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
|
||||
mode: 0640
|
||||
decrypt: yes
|
||||
backup: yes
|
||||
mode: 0640
|
||||
with_fileglob: "{{ nginx_ssl_crt_upload_src }}"
|
||||
when: nginx_ssl_upload_enable | bool
|
||||
|
||||
@ -84,9 +94,9 @@
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
|
||||
mode: 0640
|
||||
decrypt: yes
|
||||
backup: yes
|
||||
mode: 0640
|
||||
with_fileglob: "{{ nginx_ssl_key_upload_src }}"
|
||||
no_log: yes
|
||||
when: nginx_ssl_upload_enable | bool
|
||||
|
@ -11,3 +11,4 @@
|
||||
get_url:
|
||||
url: "{{ keysite }}"
|
||||
dest: /etc/apk/keys/nginx_signing.rsa.pub
|
||||
mode: 0400
|
||||
|
@ -12,7 +12,7 @@
|
||||
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
|
||||
when:
|
||||
- ansible_service_mgr == "systemd"
|
||||
- nginx_service_modify
|
||||
- nginx_service_modify | bool
|
||||
|
||||
- name: "(Install: Linux) Install NGINX From Source"
|
||||
include_tasks: "{{ role_path }}/tasks/opensource/setup-source.yml"
|
||||
|
@ -15,7 +15,10 @@
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Add NGINX Repository"
|
||||
apt_repository:
|
||||
filename: nginx
|
||||
repo: "{{ item }}"
|
||||
update_cache: yes
|
||||
mode: 0644
|
||||
loop: "{{ repository }}"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Install NGINX"
|
||||
|
@ -17,6 +17,7 @@
|
||||
description: NGINX Repository
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
mode: 0644
|
||||
when: ansible_distribution_major_version < "8"
|
||||
|
||||
- name: "(Install: CentOS/RedHat) Add NGINX Repository for CentOS/RHEL 8"
|
||||
@ -30,6 +31,7 @@
|
||||
gpgcheck = 1
|
||||
name = NGINX Repository
|
||||
module_hotfixes = true
|
||||
mode: 0644
|
||||
when: ansible_distribution_major_version == "8"
|
||||
|
||||
- name: "(Install: CentOS/RedHat) Install Required CentOS/RedHat Dependencies"
|
||||
|
@ -1,20 +1,21 @@
|
||||
---
|
||||
- name: "(Install: Linux) Check For Build Tools"
|
||||
block:
|
||||
- name: "(Install: Centos/RHEL) Install Python"
|
||||
yum:
|
||||
name:
|
||||
- python3
|
||||
- python3-pip
|
||||
- python3-devel
|
||||
update_cache: yes
|
||||
when: ansible_os_family == "RedHat"
|
||||
- name: "(Install: Centos/RHEL) Setup Python 3"
|
||||
block:
|
||||
- name: "(Install: Centos/RHEL) Install Python 3"
|
||||
yum:
|
||||
name:
|
||||
- python3
|
||||
- python3-pip
|
||||
- python3-devel
|
||||
update_cache: yes
|
||||
|
||||
- name: "(Install: Centos/RHEL) Set Python3 Default"
|
||||
alternatives:
|
||||
name: python
|
||||
path: /usr/bin/python3
|
||||
link: /usr/bin/python
|
||||
- name: "(Install: Centos/RHEL) Set Python 3 Default"
|
||||
alternatives:
|
||||
name: python
|
||||
path: /usr/bin/python3
|
||||
link: /usr/bin/python
|
||||
when:
|
||||
- ansible_os_family == "RedHat"
|
||||
- ansible_distribution_major_version == "8"
|
||||
@ -37,7 +38,10 @@
|
||||
|
||||
- name: "(Install: Debian) Install Backports Repo For Buster"
|
||||
apt_repository:
|
||||
filename: buster-backports
|
||||
repo: deb http://ftp.us.debian.org/debian buster-backports main
|
||||
update_cache: yes
|
||||
mode: 0644
|
||||
when: ansible_distribution_release == "buster"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Install Build Tools"
|
||||
@ -76,7 +80,7 @@
|
||||
owner: root
|
||||
mode: 0644
|
||||
when: ansible_os_family == "Alpine"
|
||||
when: nginx_install_source_build_tools
|
||||
when: nginx_install_source_build_tools | bool
|
||||
|
||||
- name: "(Install: Linux) Check For Source Installs"
|
||||
block:
|
||||
@ -100,7 +104,7 @@
|
||||
name: pcre-devel
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_pcre
|
||||
- nginx_install_source_pcre | bool
|
||||
- ansible_os_family == "RedHat"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Install PCRE Dependency From Package"
|
||||
@ -108,7 +112,7 @@
|
||||
name: libpcre3-dev
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_pcre
|
||||
- nginx_install_source_pcre | bool
|
||||
- ansible_os_family == "Debian"
|
||||
|
||||
- name: "(Install: Alpine) Install PCRE Dependency From Package"
|
||||
@ -116,7 +120,7 @@
|
||||
name: pcre-dev
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_pcre
|
||||
- nginx_install_source_pcre | bool
|
||||
- ansible_os_family == "Alpine"
|
||||
|
||||
- name: "(Install: Linux) Install PCRE Dependence From Source"
|
||||
@ -125,6 +129,7 @@
|
||||
get_url:
|
||||
url: "http://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz"
|
||||
dest: "/tmp/{{ pcre_version }}.tar.gz"
|
||||
mode: 0600
|
||||
register: pcre_source
|
||||
|
||||
- name: "(Install: Linux) Unpack PCRE Dependency"
|
||||
@ -132,13 +137,12 @@
|
||||
copy: no
|
||||
dest: /tmp/
|
||||
src: "{{ pcre_source.dest }}"
|
||||
register: pcre_source_unpack
|
||||
mode: 0700
|
||||
|
||||
- name: "(Install: Linux) Configure PCRE Dependency"
|
||||
command: "./configure"
|
||||
args:
|
||||
chdir: "/tmp/{{ pcre_version }}"
|
||||
register: pcre_configure
|
||||
|
||||
- name: "(Install: Linux) Make PCRE Dependency"
|
||||
make:
|
||||
@ -149,15 +153,15 @@
|
||||
chdir: "/tmp/{{ pcre_version }}"
|
||||
target: install
|
||||
when:
|
||||
- not pcre_result.stat.exists
|
||||
- not nginx_install_source_pcre
|
||||
- not pcre_result.stat.exists | bool
|
||||
- not nginx_install_source_pcre | bool
|
||||
|
||||
- name: "(Install: Centos/RHEL) Install ZLib Dependency From Package"
|
||||
yum:
|
||||
name: zlib-devel
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_zlib
|
||||
- nginx_install_source_zlib | bool
|
||||
- ansible_os_family == "RedHat"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Install ZLib Dependency From Package"
|
||||
@ -165,7 +169,7 @@
|
||||
name: zlib1g-dev
|
||||
update_cache: true
|
||||
when:
|
||||
- nginx_install_source_zlib
|
||||
- nginx_install_source_zlib | bool
|
||||
- ansible_os_family == "Debian"
|
||||
|
||||
- name: "(Install: Alpine) Install ZLib Dependency From Package"
|
||||
@ -173,7 +177,7 @@
|
||||
name: zlib-dev
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_zlib
|
||||
- nginx_install_source_zlib | bool
|
||||
- ansible_os_family == "Alpine"
|
||||
|
||||
- name: "(Install: Linux) Install ZLib Dependency From Source"
|
||||
@ -182,6 +186,7 @@
|
||||
get_url:
|
||||
url: "http://zlib.net/{{ zlib_version }}.tar.gz"
|
||||
dest: "/tmp/{{ zlib_version }}.tar.gz"
|
||||
mode: 0600
|
||||
register: zlib_source
|
||||
|
||||
- name: "(Install: Linux) Unpack ZLib Dependency"
|
||||
@ -189,13 +194,12 @@
|
||||
copy: no
|
||||
dest: /tmp/
|
||||
src: "{{ zlib_source.dest }}"
|
||||
register: zlib_source_unpack
|
||||
mode: 0700
|
||||
|
||||
- name: "(Install: Linux) Configure zlib Dependency"
|
||||
command: "./configure"
|
||||
args:
|
||||
chdir: "/tmp/{{ zlib_version }}"
|
||||
register: zlib_configure
|
||||
|
||||
- name: "(Install: Linux) Make ZLib Dependency"
|
||||
make:
|
||||
@ -206,15 +210,15 @@
|
||||
chdir: "/tmp/{{ zlib_version }}"
|
||||
target: install
|
||||
when:
|
||||
- not zlib_result.stat.exists
|
||||
- not nginx_install_source_zlib
|
||||
- not zlib_result.stat.exists | bool
|
||||
- not nginx_install_source_zlib | bool
|
||||
|
||||
- name: "(Install: Centos/RHEL) Install OpenSSL Dependency From Package"
|
||||
yum:
|
||||
name: openssl-devel
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_openssl
|
||||
- nginx_install_source_openssl | bool
|
||||
- ansible_os_family == "RedHat"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu) Install OpenSSL Dependency From Package"
|
||||
@ -222,7 +226,7 @@
|
||||
name: libssl-dev
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_openssl
|
||||
- nginx_install_source_openssl | bool
|
||||
- ansible_os_family == "Debian"
|
||||
|
||||
- name: "(Install: Alpine) Install OpenSSL Dependency From Package"
|
||||
@ -230,7 +234,7 @@
|
||||
name: openssl-dev
|
||||
update_cache: yes
|
||||
when:
|
||||
- nginx_install_source_openssl
|
||||
- nginx_install_source_openssl | bool
|
||||
- ansible_os_family == "Alpine"
|
||||
|
||||
- name: "(Install: Linux) Install OpenSSL Dependency From Source"
|
||||
@ -239,6 +243,7 @@
|
||||
get_url:
|
||||
url: "http://www.openssl.org/source/{{ openssl_version }}.tar.gz"
|
||||
dest: "/tmp/{{ openssl_version }}.tar.gz"
|
||||
mode: 0600
|
||||
register: openssl_source
|
||||
|
||||
- name: "(Install: Linux) Unpack OpenSSL Dependency"
|
||||
@ -246,13 +251,12 @@
|
||||
copy: no
|
||||
dest: /tmp/
|
||||
src: "{{ openssl_source.dest }}"
|
||||
register: openssl_source_unpack
|
||||
mode: 0700
|
||||
|
||||
- name: "(Install: Linux) Configure OpenSSL Dependency"
|
||||
command: "./config --prefix=/usr"
|
||||
command: "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib"
|
||||
args:
|
||||
chdir: "/tmp/{{ openssl_version }}"
|
||||
register: openssl_configure
|
||||
|
||||
- name: "(Install: Linux) Make OpenSSL Dependency"
|
||||
make:
|
||||
@ -263,8 +267,8 @@
|
||||
chdir: "/tmp/{{ openssl_version }}"
|
||||
target: install
|
||||
when:
|
||||
- not openssl_result.stat.exists
|
||||
- not nginx_install_source_openssl
|
||||
- not openssl_result.stat.exists | bool
|
||||
- not nginx_install_source_openssl | bool
|
||||
|
||||
- name: "(Install: Linux) Get NGINX Version"
|
||||
block:
|
||||
@ -309,6 +313,7 @@
|
||||
get_url:
|
||||
url: "http://nginx.org/download/{{ nginx_download_name }}.tar.gz"
|
||||
dest: "/tmp/{{ nginx_download_name }}.tar.gz"
|
||||
mode: 0600
|
||||
register: nginx_source
|
||||
|
||||
- name: "(Install: Linux) Unpack NGINX"
|
||||
@ -316,7 +321,7 @@
|
||||
copy: no
|
||||
dest: /tmp/
|
||||
src: "{{ nginx_source.dest }}"
|
||||
register: nginx_source_unpack
|
||||
mode: 0755
|
||||
|
||||
- name: "(Install: Linux) Configure NGINX"
|
||||
command: >-
|
||||
@ -353,7 +358,7 @@
|
||||
dest: /lib/systemd/system/nginx.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: 0644
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: "(Install: Linux) Enable systemd NGINX Service File"
|
||||
@ -362,8 +367,8 @@
|
||||
name: nginx
|
||||
state: restarted
|
||||
enabled: yes
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
when: ansible_service_mgr == "systemd"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Install: Linux) Upload upstart NGINX Service File"
|
||||
copy:
|
||||
@ -371,7 +376,7 @@
|
||||
dest: /etc/init.d/nginx
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
mode: 0755
|
||||
when: ansible_service_mgr == "upstart"
|
||||
|
||||
- name: "(Install: Linux) Upload upstart NGINX Service Conf File"
|
||||
@ -380,7 +385,7 @@
|
||||
dest: /etc/init/nginx.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: 0644
|
||||
when: ansible_service_mgr == "upstart"
|
||||
|
||||
- name: "(Install: Linux) Enable upstart NGINX Service Reload"
|
||||
@ -389,8 +394,8 @@
|
||||
|
||||
- name: "(Install: Linux) Start upstart NGINX Service Reload"
|
||||
command: "nginx"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
when: ansible_service_mgr == "upstart"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Install: Linux) Upload sysvinit NGINX Service File"
|
||||
copy:
|
||||
@ -398,9 +403,9 @@
|
||||
dest: /etc/init.d/nginx
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
mode: 0755
|
||||
when: ansible_service_mgr == "sysvinit"
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Install: Linux) Upload openrc NGINX Service File"
|
||||
copy:
|
||||
@ -408,7 +413,7 @@
|
||||
dest: /etc/init.d/nginx
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
mode: 0755
|
||||
when: ansible_service_mgr == "openrc"
|
||||
|
||||
- name: "(Install: Linux) Enable openrc NGINX Service"
|
||||
|
@ -1,5 +1,6 @@
|
||||
---
|
||||
- include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml"
|
||||
- name: "(Setup: Linux) Setup NGINX Plus Repository"
|
||||
include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml"
|
||||
when: ansible_os_family == "Alpine"
|
||||
or ansible_os_family == "Debian"
|
||||
or ansible_os_family == "RedHat"
|
||||
@ -9,7 +10,7 @@
|
||||
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
|
||||
when:
|
||||
- ansible_service_mgr == "systemd"
|
||||
- nginx_service_modify
|
||||
- nginx_service_modify | bool
|
||||
|
||||
- name: "(Install: Linux) Install NGINX Plus"
|
||||
package:
|
||||
|
@ -10,6 +10,7 @@
|
||||
MIRROR_TYPE: SRV
|
||||
}
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
mode: 0644
|
||||
|
||||
- name: "(Setup: FreeBSD) Setup NGINX Plus License"
|
||||
blockinfile:
|
||||
|
@ -1,11 +1,4 @@
|
||||
---
|
||||
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus Repository"
|
||||
apt_repository:
|
||||
repo: deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus
|
||||
filename: nginx-plus
|
||||
update_cache: no
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
|
||||
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus License"
|
||||
blockinfile:
|
||||
path: /etc/apt/apt.conf.d/90nginx
|
||||
@ -16,7 +9,12 @@
|
||||
Acquire::https::plus-pkgs.nginx.com::SslCert "/etc/ssl/nginx/nginx-repo.crt";
|
||||
Acquire::https::plus-pkgs.nginx.com::SslKey "/etc/ssl/nginx/nginx-repo.key";
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
mode: 0444
|
||||
|
||||
- name: "(Setup: Debian/Ubuntu) Update APT Cache"
|
||||
apt:
|
||||
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus Repository"
|
||||
apt_repository:
|
||||
filename: nginx-plus
|
||||
repo: deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus
|
||||
update_cache: yes
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
mode: 0644
|
||||
|
@ -5,12 +5,14 @@
|
||||
file:
|
||||
path: /etc/ssl/nginx
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: "(Setup: All OSs Besides Alpine Linux) Copy NGINX Plus Certificate and License Key"
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: /etc/ssl/nginx
|
||||
decrypt: yes
|
||||
mode: 0444
|
||||
loop:
|
||||
- "{{ nginx_license.certificate }}"
|
||||
- "{{ nginx_license.key }}"
|
||||
@ -22,16 +24,19 @@
|
||||
file:
|
||||
path: /etc/apk
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: "(Setup: Alpine Linux) Copy NGINX Plus Key"
|
||||
copy:
|
||||
src: "{{ nginx_license.key }}"
|
||||
dest: /etc/apk/cert.key
|
||||
decrypt: yes
|
||||
mode: 0444
|
||||
|
||||
- name: "(Setup: Alpine Linux) Copy NGINX Plus Certificate"
|
||||
copy:
|
||||
src: "{{ nginx_license.certificate }}"
|
||||
dest: /etc/apk/cert.pem
|
||||
decrypt: yes
|
||||
mode: 0444
|
||||
when: ansible_distribution == "Alpine"
|
||||
|
@ -11,6 +11,7 @@
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
mode: 0644
|
||||
when: ansible_distribution != "Amazon"
|
||||
|
||||
- name: "(Setup: Amazon Linux) Setup NGINX Plus Repository"
|
||||
@ -25,4 +26,5 @@
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
state: "{{ nginx_license_status | default ('present') }}"
|
||||
mode: 0644
|
||||
when: ansible_distribution == "Amazon"
|
||||
|
@ -3,6 +3,7 @@
|
||||
assemble:
|
||||
src: /etc/ssl/nginx
|
||||
dest: /etc/ssl/nginx/nginx-repo-bundle.crt
|
||||
mode: 0444
|
||||
|
||||
- name: "(Setup: SUSE) Setup NGINX Plus Repository"
|
||||
zypper_repository:
|
||||
|
@ -80,6 +80,7 @@
|
||||
template:
|
||||
src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2"
|
||||
dest: "{{ nginx_tempdir }}/nginx-plus-module.te"
|
||||
mode: 0644
|
||||
register: nginx_selinux_module
|
||||
|
||||
- name: "(Setup: SELinux) Check NGINX Plus Module"
|
||||
|
@ -12,10 +12,10 @@
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
when:
|
||||
- not nginx_service_custom | bool
|
||||
- not nginx_service_clean | bool
|
||||
notify: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
|
||||
- name: "(Setup: Linux) Customize Override For NGINX Systemd Service"
|
||||
copy:
|
||||
@ -24,14 +24,14 @@
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
when:
|
||||
- nginx_service_custom | bool
|
||||
- not nginx_service_clean | bool
|
||||
notify: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
|
||||
- name: "(Setup: Linux) Remove Override For NGINX Systemd Service"
|
||||
file:
|
||||
path: "{{ nginx_service_overridepath }}"
|
||||
state: absent
|
||||
notify: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
when: nginx_service_clean | bool
|
||||
notify: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
|
@ -2,6 +2,7 @@
|
||||
- name: "(Install: Debian/Ubuntu) Add NGINX Unit Repository"
|
||||
apt_repository:
|
||||
repo: "{{ item }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit
|
||||
- deb-src https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit
|
||||
|
@ -6,6 +6,7 @@
|
||||
description: NGINX Unit Repository
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
mode: 0644
|
||||
when: ansible_distribution != "Amazon"
|
||||
|
||||
- name: "(Install: Amazon Linux) Add NGINX Unit Repository"
|
||||
@ -15,4 +16,5 @@
|
||||
description: NGINX Unit Repository
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
mode: 0644
|
||||
when: ansible_distribution == "Amazon"
|
||||
|
Loading…
Reference in New Issue
Block a user