sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add experimental support for Ubuntu focal (#292)

Browse Source
This commit is contained in:
Alessandro Fael Garcia 2020-07-28 12:26:38 +02:00 committed by GitHub
parent b089b03811
commit c85368e591
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 86 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main/amplify.yml
View File

@ -1,7 +1,7 @@
---
# Install NGINX Amplify.
# Use your NGINX Amplify API key.
# Requires access to either the NGINX stub status or the NGINX Plus REST API.
# Requires access to either the NGINX stub_status or the NGINX Plus REST API.
# Default is null.
nginx_amplify_enable: false
nginx_amplify_api_key: null

7
defaults/main/template.yml
View File

@ -312,9 +312,10 @@ nginx_http_template:
# custom_options: []
# custom_options: []
# Enable NGINX status data.
# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.
# Note - 'status' has been deprecated since NGINX Plus R13.
# Enable NGINX 'stub_status' data.
# Will enable 'stub_status' in NGINX Open Source.
# Note - NGINX Plus 'status' has been deprecated since NGINX Plus R13.
# Use the Rest API parameter instead.
# Default is false.
nginx_status_enable: false
nginx_status_template_file: http/status.conf.j2

7
tasks/amplify/setup-debian.yml
View File

@ -3,3 +3,10 @@
apt_repository:
filename: nginx-amplify
repo: deb [arch=amd64] http://packages.amplify.nginx.com/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} amplify-agent
when: ansible_distribution_release != "focal"
- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository"
apt_repository:
filename: nginx-amplify
repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent
when: ansible_distribution_release == "focal"

4
tasks/keys/setup-keys.yml
View File

@ -4,12 +4,12 @@
when: ansible_os_family == "Alpine"
tags: nginx_apkkey
- name: "(Setup: Keys) Debian"
- name: "(Setup: Keys) Debian/Ubuntu"
include_tasks: "{{ role_path }}/tasks/keys/apt-key.yml"
when: ansible_os_family == "Debian"
tags: nginx_aptkey
- name: "(Setup: Keys) RedHat/Suse"
- name: "(Setup: Keys) CentOS/RedHat/Suse"
include_tasks: "{{ role_path }}/tasks/keys/rpm-key.yml"
when: ansible_os_family == "RedHat"
or ansible_os_family == "Suse"

3
tasks/modules/install-geoip.yml
View File

@ -1,8 +1,7 @@
---
- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies"
yum:
name:
- epel-release
name: epel-release
when: ansible_distribution == "CentOS"
- name: "(Install: All OSs) Install NGINX Open Source GeoIP Module"

21
tasks/modules/install-modules.yml
View File

@ -1,28 +1,35 @@
---
- include_tasks: "{{ role_path }}/tasks/modules/install-njs.yml"
- name: "(Install: All OSs) Install NGINX JavaScript Module"
include_tasks: "{{ role_path }}/tasks/modules/install-njs.yml"
when: nginx_modules.njs | default(false)
- include_tasks: "{{ role_path }}/tasks/modules/install-perl.yml"
- name: "(Install: All OSs) Install NGINX Perl Module"
include_tasks: "{{ role_path }}/tasks/modules/install-perl.yml"
when: nginx_modules.perl | default(false)
- include_tasks: "{{ role_path }}/tasks/modules/install-geoip.yml"
- name: "(Install: All OSs) Install NGINX GeoIP Module"
include_tasks: "{{ role_path }}/tasks/modules/install-geoip.yml"
when:
- nginx_modules.geoip | default(false)
- ansible_os_family != "RedHat"
- ansible_distribution_major_version != "8"
- include_tasks: "{{ role_path }}/tasks/modules/install-image-filter.yml"
- name: "(Install: All OSs) Install NGINX Image Filter Module"
include_tasks: "{{ role_path }}/tasks/modules/install-image-filter.yml"
when: nginx_modules.image_filter | default(false)
- include_tasks: "{{ role_path }}/tasks/modules/install-rtmp.yml"
- name: "(Install: All OSs) Install NGINX RTMP Module"
include_tasks: "{{ role_path }}/tasks/modules/install-rtmp.yml"
when:
- nginx_modules.rtmp | default(false)
- nginx_type == "plus"
- include_tasks: "{{ role_path }}/tasks/modules/install-xslt.yml"
- name: "(Install: All OSs) Install NGINX XSLT Module"
include_tasks: "{{ role_path }}/tasks/modules/install-xslt.yml"
when: nginx_modules.xslt | default(false)
- include_tasks: "{{ role_path }}/tasks/modules/install-waf.yml"
- name: "(Install: All OSs) Install NGINX WAF Module"
include_tasks: "{{ role_path }}/tasks/modules/install-waf.yml"
when:
- nginx_modules.waf | default(false)
- nginx_type == "plus"

40
tasks/opensource/install-oss-bsd.yml
View File

@ -1,7 +1,6 @@
---
- name: "(Install: FreeBSD) Update ports"
- name: "(Install: FreeBSD) Update Ports"
block:
- name: "(Install: FreeBSD) Fetch Ports"
command: portsnap fetch --interactive
args:
@ -11,35 +10,31 @@
command: portsnap extract
args:
creates: /usr/ports
when:
- ansible_system == 'FreeBSD'
- ansible_system == "FreeBSD"
- nginx_bsd_update_ports
- name: "(Install: FreeBSD)"
block:
- name: "(Install: FreeBSD) Install NGINX package"
- name: "(Install: FreeBSD) Install NGINX Package"
pkgng:
name: "www/nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
when: nginx_bsd_install_packages
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: FreeBSD) Install NGINX port"
- name: "(Install: FreeBSD) Install NGINX Port"
portinstall:
name: "www/nginx{{ nginx_version | default('') }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages
notify: "(Handler: All OSs) Start NGINX"
when: ansible_system == 'FreeBSD'
when: ansible_system == "FreeBSD"
- name: "(Install: OpenBSD)"
block:
- name: "(Install: OpenBSD) Install NGINX package"
- name: "(Install: OpenBSD) Install NGINX Package"
openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}"
build: false
@ -47,35 +42,31 @@
when: nginx_bsd_install_packages
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: OpenBSD) Install NGINX port"
- name: "(Install: OpenBSD) Install NGINX Port"
openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}"
build: true
state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages
notify: "(Handler: All OSs) Start NGINX"
when: ansible_system == 'OpenBSD'
when: ansible_system == "OpenBSD"
- name: "(Install: NetBSD)"
block:
- name: "(Install: NetBSD) Install NGINX package"
- name: "(Install: NetBSD) Install NGINX Package"
command: "pkg_add www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: NetBSD) Install NGINX port"
- name: "(Install: NetBSD) Install NGINX Port"
fail:
msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages
when: ansible_system == 'NetBSD'
when: ansible_system == "NetBSD"
- name: "(Install: DragonFlyBSD)"
block:
- name: "(Install: DragonFlyBSD) Install NGINX package"
- name: "(Install: DragonFlyBSD) Install NGINX Package"
command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages
notify: "(Handler: All OSs) Start NGINX"
@ -84,12 +75,10 @@
fail:
msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages
when: ansible_system == 'DragonFlyBSD'
when: ansible_system == "DragonFlyBSD"
- name: "(Install: HardenedBSD)"
block:
- name: "(Install: HardenedBSD) Install NGINX package"
command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages
@ -99,5 +88,4 @@
fail:
msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages
when: ansible_system == 'HardenedBSD'
when: ansible_system == "HardenedBSD"

8
tasks/opensource/install-oss-linux.yml
View File

@ -1,5 +1,5 @@
---
- name: "(Install: Linux) Configure NGINX repo"
- name: "(Install: Linux) Configure NGINX Repository"
include_tasks: "{{ role_path }}/tasks/opensource/setup-{{ ansible_os_family | lower }}.yml"
when:
- ansible_os_family == "Alpine"
@ -8,17 +8,17 @@
or ansible_os_family == "Suse"
- nginx_install_from == "nginx_repository"
- name: "(Install: Linux) Modify Service for Systemd"
- name: "(Install: Linux) Modify Service For Systemd"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
when:
- ansible_service_mgr == "systemd"
- nginx_service_modify
- name: "(Install: Linux) Install NGINX from source"
- name: "(Install: Linux) Install NGINX From Source"
include_tasks: "{{ role_path }}/tasks/opensource/setup-source.yml"
when: nginx_install_from == "source"
- name: "(Install: Linux) Install NGINX package"
- name: "(Install: Linux) Install NGINX Package"
package:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"

22
tasks/opensource/setup-source.yml
View File

@ -68,7 +68,7 @@
update_cache: true
when: ansible_os_family == "Alpine"
- name: "(Install: Alpine) Enable openrc"
- name: "(Install: Alpine) Enable OpenRC"
copy:
content: ""
dest: /run/openrc/softlevel
@ -85,12 +85,12 @@
path: /tmp/{{ pcre_version }}
register: pcre_result
- name: "(Install: Linux) Check For zlib Install"
- name: "(Install: Linux) Check For ZLib Install"
stat:
path: /tmp/{{ zlib_version }}
register: zlib_result
- name: "(Install: Linux) Check For openssl Install"
- name: "(Install: Linux) Check For OpenSSL Install"
stat:
path: /tmp/{{ openssl_version }}
register: openssl_result
@ -152,7 +152,7 @@
- not pcre_result.stat.exists
- not nginx_install_source_pcre
- name: "(Install: Centos/RHEL) Install zlib Dependency From Package"
- name: "(Install: Centos/RHEL) Install ZLib Dependency From Package"
yum:
name: zlib-devel
update_cache: true
@ -160,7 +160,7 @@
- nginx_install_source_zlib
- ansible_os_family == "RedHat"
- name: "(Install: Debian/Ubuntu) Install zlib Dependency From Package"
- name: "(Install: Debian/Ubuntu) Install ZLib Dependency From Package"
apt:
name: zlib1g-dev
update_cache: true
@ -168,7 +168,7 @@
- nginx_install_source_zlib
- ansible_os_family == "Debian"
- name: "(Install: Alpine) Install zlib Dependency From Package"
- name: "(Install: Alpine) Install ZLib Dependency From Package"
apk:
name: zlib-dev
update_cache: true
@ -176,15 +176,15 @@
- nginx_install_source_zlib
- ansible_os_family == "Alpine"
- name: "(Install: Linux) Install zlib Dependency From Source"
- name: "(Install: Linux) Install ZLib Dependency From Source"
block:
- name: "(Install: Linux) Download zlib Dependency"
- name: "(Install: Linux) Download ZLib Dependency"
get_url:
url: "http://zlib.net/{{ zlib_version }}.tar.gz"
dest: "/tmp/{{ zlib_version }}.tar.gz"
register: zlib_source
- name: "(Install: Linux) Unpack zlib Dependency"
- name: "(Install: Linux) Unpack ZLib Dependency"
unarchive:
copy: no
dest: /tmp/
@ -197,11 +197,11 @@
chdir: "/tmp/{{ zlib_version }}"
register: zlib_configure
- name: "(Install: Linux) Make zlib Dependency"
- name: "(Install: Linux) Make ZLib Dependency"
make:
chdir: "/tmp/{{ zlib_version }}"
- name: "(Install: Linux) Install zlib Dependency"
- name: "(Install: Linux) Install ZLib Dependency"
make:
chdir: "/tmp/{{ zlib_version }}"
target: install

7
tasks/prerequisites/setup-freebsd.yml
View File

@ -1,17 +1,14 @@
---
- name: "(Setup: FreeBSD) Install Required Dependencies"
block:
- name: "(Setup: FreeBSD) Install Extra Package(s)"
pkgng:
name: "{{ nginx_freebsd_extra_packages }}"
state: present
when: nginx_bsd_install_packages|bool
when: nginx_bsd_install_packages | bool
- name: "(Setup: FreeBSD) Install Extra Port(s)"
portinstall:
name: "{{ item }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
state: present
loop: "{{ nginx_freebsd_extra_packages }}"
when: not nginx_bsd_install_packages|bool
when: not nginx_bsd_install_packages | bool

38
tasks/prerequisites/setup-selinux.yml
View File

@ -1,11 +1,13 @@
---
- name: "(Setup: SELinux) Install Required CentOS Dependencies"
package:
name: policycoreutils-python, setools
name:
- policycoreutils-python
- setools
state: present
when:
- not ansible_os_family == "RedHat"
- not ansible_distribution_major_version == "8"
- ansible_os_family == "RedHat"
- ansible_distribution_major_version != "8"
- name: "(Setup: SELinux) Install Required RHEL8 Dependencies"
package:
@ -18,31 +20,31 @@
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "8"
- name: "(Setup: SELinux) Check for SELinux enabled"
- name: "(Setup: SELinux) Check if SELinux is Enabled"
debug:
msg: "You need to enable selinux, if it was disabled you need to reboot"
when: ansible_selinux is undefined
- name: "(Setup: SELinux) Permissive SELinux"
- name: "(Setup: SELinux) Setup Permissive SELinux"
selinux:
state: permissive
policy: targeted
changed_when: false
when: ansible_selinux.mode == "enforcing"
- name: "(Setup: SELinux: Booleans) Allow HTTP network connection"
- name: "(Setup: SELinux) Allow HTTP Network Connection"
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
- name: "(Setup: SELinux: Booleans) Allow HTTP relay connection"
- name: "(Setup: SELinux) Allow HTTP Relay Connection"
seboolean:
name: httpd_can_network_relay
state: yes
persistent: yes
- name: "(Setup: SELinux: Ports) Allow status ports"
- name: "(Setup: SELinux) Allow Status Ports"
seport:
ports: "{{ nginx_status_port }}"
proto: tcp
@ -50,7 +52,7 @@
state: present
when: nginx_status_port is defined
- name: "(Setup: SELinux: Ports) Allow Rest API ports"
- name: "(Setup: SELinux) Allow Rest API Ports"
seport:
ports: "{{ nginx_rest_api_port }}"
proto: tcp
@ -58,7 +60,7 @@
state: present
when: nginx_rest_api_port is defined
- name: "(Setup: SELinux: Ports) Allow Specific TCP Ports"
- name: "(Setup: SELinux) Allow Specific TCP Ports"
seport:
ports: "{{ nginx_selinux_tcp_ports }}"
proto: tcp
@ -66,7 +68,7 @@
state: present
when: nginx_selinux_tcp_ports is defined
- name: "(Setup: SELinux: Ports) Allow Specific UDP Ports"
- name: "(Setup: SELinux) Allow Specific UDP Ports"
seport:
ports: "{{ nginx_selinux_udp_ports }}"
proto: udp
@ -74,26 +76,26 @@
state: present
when: nginx_selinux_udp_ports is defined
- name: "(Setup: SELinux: Module) Create NGINX Plus Module"
- name: "(Setup: SELinux) Create NGINX Plus Module"
template:
src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2"
dest: "{{ nginx_tempdir }}/nginx-plus-module.te"
register: nginx_selinux_module
- name: "(Setup: SELinux: Module) Check NGINX Plus Module"
- name: "(Setup: SELinux) Check NGINX Plus Module"
command: "checkmodule -M -m -o {{ nginx_tempdir }}/nginx-plus-module.mod {{ nginx_tempdir }}/nginx-plus-module.te"
args:
creates: "{{ nginx_tempdir }}/nginx-plus-module.mod"
changed_when: false
- name: "(Setup: SELinux: Module) Compile NGINX Plus Module"
- name: "(Setup: SELinux) Compile NGINX Plus Module"
command: "semodule_package -o {{ nginx_tempdir }}/nginx-plus-module.pp -m {{ nginx_tempdir }}/nginx-plus-module.mod"
args:
creates: "{{ nginx_tempdir }}/nginx-plus-module.pp"
changed_when: false
- name: "(Setup: SELinux: Module) Import NGINX Plus Module" # noqa 503
command: "semodule -i {{ nginx_tempdir }}/nginx-plus-module.pp"
- name: "(Setup: SELinux) Import NGINX Plus Module"
command: "semodule -i {{ nginx_tempdir }}/nginx-plus-module.pp" # noqa 503
changed_when: false
when: nginx_selinux_module.changed
@ -102,4 +104,6 @@
state: enforcing
policy: targeted
changed_when: false
when: nginx_selinux_enforcing and ansible_selinux.mode == "permissive"
when:
- nginx_selinux_enforcing
- ansible_selinux.mode == "permissive"

11
tasks/prerequisites/setup-systemd.yml
View File

@ -1,11 +1,11 @@
---
- name: "(Setup: Linux) Create override directory for NGINX systemd Service"
- name: "(Setup: Linux) Create Override Directory For NGINX Systemd Service"
file:
path: "{{ nginx_service_overridepath }}"
state: directory
mode: '0755'
- name: "(Setup: Linux) Create override for NGINX systemd Service"
- name: "(Setup: Linux) Create Override For NGINX Systemd Service"
template:
src: "{{ role_path }}/templates/services/nginx.service.override.conf.j2"
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
@ -17,7 +17,7 @@
- not nginx_service_custom
- not nginx_service_clean
- name: "(Setup: Linux) Customize override for NGINX systemd Service"
- name: "(Setup: Linux) Customize Override For NGINX Systemd Service"
copy:
src: "{{ nginx_service_custom_file }}"
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
@ -29,10 +29,9 @@
- nginx_service_custom
- not nginx_service_clean
- name: "(Setup: Linux) Remove override for NGINX systemd Service"
- name: "(Setup: Linux) Remove Override For NGINX Systemd Service"
file:
path: "{{ nginx_service_overridepath }}"
state: absent
notify: "(Handler: All OSs) systemd daemon-reload"
when:
- nginx_service_clean
when: nginx_service_clean