From c85368e591dfd4892d20648b7c9e1c865b9c8838 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 28 Jul 2020 12:26:38 +0200 Subject: [PATCH] Add experimental support for Ubuntu focal (#292) --- defaults/main/amplify.yml | 2 +- defaults/main/template.yml | 7 +++-- tasks/amplify/setup-debian.yml | 7 +++++ tasks/keys/setup-keys.yml | 4 +-- tasks/modules/install-geoip.yml | 3 +- tasks/modules/install-modules.yml | 21 +++++++++----- tasks/opensource/install-oss-bsd.yml | 40 +++++++++----------------- tasks/opensource/install-oss-linux.yml | 8 +++--- tasks/opensource/setup-source.yml | 22 +++++++------- tasks/prerequisites/setup-freebsd.yml | 7 ++--- tasks/prerequisites/setup-selinux.yml | 38 +++++++++++++----------- tasks/prerequisites/setup-systemd.yml | 11 ++++--- 12 files changed, 86 insertions(+), 84 deletions(-) diff --git a/defaults/main/amplify.yml b/defaults/main/amplify.yml index 6e041c9..2c6a534 100644 --- a/defaults/main/amplify.yml +++ b/defaults/main/amplify.yml @@ -1,7 +1,7 @@ --- # Install NGINX Amplify. # Use your NGINX Amplify API key. -# Requires access to either the NGINX stub status or the NGINX Plus REST API. +# Requires access to either the NGINX stub_status or the NGINX Plus REST API. # Default is null. nginx_amplify_enable: false nginx_amplify_api_key: null diff --git a/defaults/main/template.yml b/defaults/main/template.yml index b622272..1ad9e1c 100644 --- a/defaults/main/template.yml +++ b/defaults/main/template.yml @@ -312,9 +312,10 @@ nginx_http_template: # custom_options: [] # custom_options: [] -# Enable NGINX status data. -# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus. -# Note - 'status' has been deprecated since NGINX Plus R13. +# Enable NGINX 'stub_status' data. +# Will enable 'stub_status' in NGINX Open Source. +# Note - NGINX Plus 'status' has been deprecated since NGINX Plus R13. +# Use the Rest API parameter instead. # Default is false. nginx_status_enable: false nginx_status_template_file: http/status.conf.j2 diff --git a/tasks/amplify/setup-debian.yml b/tasks/amplify/setup-debian.yml index 224a076..b414e82 100644 --- a/tasks/amplify/setup-debian.yml +++ b/tasks/amplify/setup-debian.yml @@ -3,3 +3,10 @@ apt_repository: filename: nginx-amplify repo: deb [arch=amd64] http://packages.amplify.nginx.com/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} amplify-agent + when: ansible_distribution_release != "focal" + +- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository" + apt_repository: + filename: nginx-amplify + repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent + when: ansible_distribution_release == "focal" diff --git a/tasks/keys/setup-keys.yml b/tasks/keys/setup-keys.yml index 07abc97..1f00f0c 100644 --- a/tasks/keys/setup-keys.yml +++ b/tasks/keys/setup-keys.yml @@ -4,12 +4,12 @@ when: ansible_os_family == "Alpine" tags: nginx_apkkey -- name: "(Setup: Keys) Debian" +- name: "(Setup: Keys) Debian/Ubuntu" include_tasks: "{{ role_path }}/tasks/keys/apt-key.yml" when: ansible_os_family == "Debian" tags: nginx_aptkey -- name: "(Setup: Keys) RedHat/Suse" +- name: "(Setup: Keys) CentOS/RedHat/Suse" include_tasks: "{{ role_path }}/tasks/keys/rpm-key.yml" when: ansible_os_family == "RedHat" or ansible_os_family == "Suse" diff --git a/tasks/modules/install-geoip.yml b/tasks/modules/install-geoip.yml index 2205066..50e9f8a 100644 --- a/tasks/modules/install-geoip.yml +++ b/tasks/modules/install-geoip.yml @@ -1,8 +1,7 @@ --- - name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies" yum: - name: - - epel-release + name: epel-release when: ansible_distribution == "CentOS" - name: "(Install: All OSs) Install NGINX Open Source GeoIP Module" diff --git a/tasks/modules/install-modules.yml b/tasks/modules/install-modules.yml index 1441efd..7e2bd3f 100644 --- a/tasks/modules/install-modules.yml +++ b/tasks/modules/install-modules.yml @@ -1,28 +1,35 @@ --- -- include_tasks: "{{ role_path }}/tasks/modules/install-njs.yml" +- name: "(Install: All OSs) Install NGINX JavaScript Module" + include_tasks: "{{ role_path }}/tasks/modules/install-njs.yml" when: nginx_modules.njs | default(false) -- include_tasks: "{{ role_path }}/tasks/modules/install-perl.yml" +- name: "(Install: All OSs) Install NGINX Perl Module" + include_tasks: "{{ role_path }}/tasks/modules/install-perl.yml" when: nginx_modules.perl | default(false) -- include_tasks: "{{ role_path }}/tasks/modules/install-geoip.yml" +- name: "(Install: All OSs) Install NGINX GeoIP Module" + include_tasks: "{{ role_path }}/tasks/modules/install-geoip.yml" when: - nginx_modules.geoip | default(false) - ansible_os_family != "RedHat" - ansible_distribution_major_version != "8" -- include_tasks: "{{ role_path }}/tasks/modules/install-image-filter.yml" +- name: "(Install: All OSs) Install NGINX Image Filter Module" + include_tasks: "{{ role_path }}/tasks/modules/install-image-filter.yml" when: nginx_modules.image_filter | default(false) -- include_tasks: "{{ role_path }}/tasks/modules/install-rtmp.yml" +- name: "(Install: All OSs) Install NGINX RTMP Module" + include_tasks: "{{ role_path }}/tasks/modules/install-rtmp.yml" when: - nginx_modules.rtmp | default(false) - nginx_type == "plus" -- include_tasks: "{{ role_path }}/tasks/modules/install-xslt.yml" +- name: "(Install: All OSs) Install NGINX XSLT Module" + include_tasks: "{{ role_path }}/tasks/modules/install-xslt.yml" when: nginx_modules.xslt | default(false) -- include_tasks: "{{ role_path }}/tasks/modules/install-waf.yml" +- name: "(Install: All OSs) Install NGINX WAF Module" + include_tasks: "{{ role_path }}/tasks/modules/install-waf.yml" when: - nginx_modules.waf | default(false) - nginx_type == "plus" diff --git a/tasks/opensource/install-oss-bsd.yml b/tasks/opensource/install-oss-bsd.yml index b8b5997..6c94e7d 100644 --- a/tasks/opensource/install-oss-bsd.yml +++ b/tasks/opensource/install-oss-bsd.yml @@ -1,7 +1,6 @@ --- -- name: "(Install: FreeBSD) Update ports" +- name: "(Install: FreeBSD) Update Ports" block: - - name: "(Install: FreeBSD) Fetch Ports" command: portsnap fetch --interactive args: @@ -11,35 +10,31 @@ command: portsnap extract args: creates: /usr/ports - when: - - ansible_system == 'FreeBSD' + - ansible_system == "FreeBSD" - nginx_bsd_update_ports - name: "(Install: FreeBSD)" block: - - - name: "(Install: FreeBSD) Install NGINX package" + - name: "(Install: FreeBSD) Install NGINX Package" pkgng: name: "www/nginx{{ nginx_version | default('') }}" state: "{{ nginx_state }}" when: nginx_bsd_install_packages notify: "(Handler: All OSs) Start NGINX" - - name: "(Install: FreeBSD) Install NGINX port" + - name: "(Install: FreeBSD) Install NGINX Port" portinstall: name: "www/nginx{{ nginx_version | default('') }}" use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}" state: "{{ nginx_state }}" when: not nginx_bsd_install_packages notify: "(Handler: All OSs) Start NGINX" - - when: ansible_system == 'FreeBSD' + when: ansible_system == "FreeBSD" - name: "(Install: OpenBSD)" block: - - - name: "(Install: OpenBSD) Install NGINX package" + - name: "(Install: OpenBSD) Install NGINX Package" openbsd_pkg: name: "nginx{{ nginx_version | default('') }}" build: false @@ -47,35 +42,31 @@ when: nginx_bsd_install_packages notify: "(Handler: All OSs) Start NGINX" - - name: "(Install: OpenBSD) Install NGINX port" + - name: "(Install: OpenBSD) Install NGINX Port" openbsd_pkg: name: "nginx{{ nginx_version | default('') }}" build: true state: "{{ nginx_state }}" when: not nginx_bsd_install_packages notify: "(Handler: All OSs) Start NGINX" - - when: ansible_system == 'OpenBSD' + when: ansible_system == "OpenBSD" - name: "(Install: NetBSD)" block: - - - name: "(Install: NetBSD) Install NGINX package" + - name: "(Install: NetBSD) Install NGINX Package" command: "pkg_add www/nginx{{ nginx_version | default('') }}" when: nginx_bsd_install_packages notify: "(Handler: All OSs) Start NGINX" - - name: "(Install: NetBSD) Install NGINX port" + - name: "(Install: NetBSD) Install NGINX Port" fail: msg: "{{ ansible_system }} Install NGINX port not implemented." when: not nginx_bsd_install_packages - - when: ansible_system == 'NetBSD' + when: ansible_system == "NetBSD" - name: "(Install: DragonFlyBSD)" block: - - - name: "(Install: DragonFlyBSD) Install NGINX package" + - name: "(Install: DragonFlyBSD) Install NGINX Package" command: "pkg install www/nginx{{ nginx_version | default('') }}" when: nginx_bsd_install_packages notify: "(Handler: All OSs) Start NGINX" @@ -84,12 +75,10 @@ fail: msg: "{{ ansible_system }} Install NGINX port not implemented." when: not nginx_bsd_install_packages - - when: ansible_system == 'DragonFlyBSD' + when: ansible_system == "DragonFlyBSD" - name: "(Install: HardenedBSD)" block: - - name: "(Install: HardenedBSD) Install NGINX package" command: "pkg install www/nginx{{ nginx_version | default('') }}" when: nginx_bsd_install_packages @@ -99,5 +88,4 @@ fail: msg: "{{ ansible_system }} Install NGINX port not implemented." when: not nginx_bsd_install_packages - - when: ansible_system == 'HardenedBSD' + when: ansible_system == "HardenedBSD" diff --git a/tasks/opensource/install-oss-linux.yml b/tasks/opensource/install-oss-linux.yml index 23c8c4e..0baf4cf 100644 --- a/tasks/opensource/install-oss-linux.yml +++ b/tasks/opensource/install-oss-linux.yml @@ -1,5 +1,5 @@ --- -- name: "(Install: Linux) Configure NGINX repo" +- name: "(Install: Linux) Configure NGINX Repository" include_tasks: "{{ role_path }}/tasks/opensource/setup-{{ ansible_os_family | lower }}.yml" when: - ansible_os_family == "Alpine" @@ -8,17 +8,17 @@ or ansible_os_family == "Suse" - nginx_install_from == "nginx_repository" -- name: "(Install: Linux) Modify Service for Systemd" +- name: "(Install: Linux) Modify Service For Systemd" include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml" when: - ansible_service_mgr == "systemd" - nginx_service_modify -- name: "(Install: Linux) Install NGINX from source" +- name: "(Install: Linux) Install NGINX From Source" include_tasks: "{{ role_path }}/tasks/opensource/setup-source.yml" when: nginx_install_from == "source" -- name: "(Install: Linux) Install NGINX package" +- name: "(Install: Linux) Install NGINX Package" package: name: "nginx{{ nginx_version | default('') }}" state: "{{ nginx_state }}" diff --git a/tasks/opensource/setup-source.yml b/tasks/opensource/setup-source.yml index e2d5c56..ccdd3c0 100644 --- a/tasks/opensource/setup-source.yml +++ b/tasks/opensource/setup-source.yml @@ -68,7 +68,7 @@ update_cache: true when: ansible_os_family == "Alpine" - - name: "(Install: Alpine) Enable openrc" + - name: "(Install: Alpine) Enable OpenRC" copy: content: "" dest: /run/openrc/softlevel @@ -85,12 +85,12 @@ path: /tmp/{{ pcre_version }} register: pcre_result - - name: "(Install: Linux) Check For zlib Install" + - name: "(Install: Linux) Check For ZLib Install" stat: path: /tmp/{{ zlib_version }} register: zlib_result - - name: "(Install: Linux) Check For openssl Install" + - name: "(Install: Linux) Check For OpenSSL Install" stat: path: /tmp/{{ openssl_version }} register: openssl_result @@ -152,7 +152,7 @@ - not pcre_result.stat.exists - not nginx_install_source_pcre -- name: "(Install: Centos/RHEL) Install zlib Dependency From Package" +- name: "(Install: Centos/RHEL) Install ZLib Dependency From Package" yum: name: zlib-devel update_cache: true @@ -160,7 +160,7 @@ - nginx_install_source_zlib - ansible_os_family == "RedHat" -- name: "(Install: Debian/Ubuntu) Install zlib Dependency From Package" +- name: "(Install: Debian/Ubuntu) Install ZLib Dependency From Package" apt: name: zlib1g-dev update_cache: true @@ -168,7 +168,7 @@ - nginx_install_source_zlib - ansible_os_family == "Debian" -- name: "(Install: Alpine) Install zlib Dependency From Package" +- name: "(Install: Alpine) Install ZLib Dependency From Package" apk: name: zlib-dev update_cache: true @@ -176,15 +176,15 @@ - nginx_install_source_zlib - ansible_os_family == "Alpine" -- name: "(Install: Linux) Install zlib Dependency From Source" +- name: "(Install: Linux) Install ZLib Dependency From Source" block: - - name: "(Install: Linux) Download zlib Dependency" + - name: "(Install: Linux) Download ZLib Dependency" get_url: url: "http://zlib.net/{{ zlib_version }}.tar.gz" dest: "/tmp/{{ zlib_version }}.tar.gz" register: zlib_source - - name: "(Install: Linux) Unpack zlib Dependency" + - name: "(Install: Linux) Unpack ZLib Dependency" unarchive: copy: no dest: /tmp/ @@ -197,11 +197,11 @@ chdir: "/tmp/{{ zlib_version }}" register: zlib_configure - - name: "(Install: Linux) Make zlib Dependency" + - name: "(Install: Linux) Make ZLib Dependency" make: chdir: "/tmp/{{ zlib_version }}" - - name: "(Install: Linux) Install zlib Dependency" + - name: "(Install: Linux) Install ZLib Dependency" make: chdir: "/tmp/{{ zlib_version }}" target: install diff --git a/tasks/prerequisites/setup-freebsd.yml b/tasks/prerequisites/setup-freebsd.yml index e5ab238..472b1ae 100644 --- a/tasks/prerequisites/setup-freebsd.yml +++ b/tasks/prerequisites/setup-freebsd.yml @@ -1,17 +1,14 @@ --- - name: "(Setup: FreeBSD) Install Required Dependencies" block: - - name: "(Setup: FreeBSD) Install Extra Package(s)" pkgng: name: "{{ nginx_freebsd_extra_packages }}" - state: present - when: nginx_bsd_install_packages|bool + when: nginx_bsd_install_packages | bool - name: "(Setup: FreeBSD) Install Extra Port(s)" portinstall: name: "{{ item }}" use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}" - state: present loop: "{{ nginx_freebsd_extra_packages }}" - when: not nginx_bsd_install_packages|bool + when: not nginx_bsd_install_packages | bool diff --git a/tasks/prerequisites/setup-selinux.yml b/tasks/prerequisites/setup-selinux.yml index f29f73d..60739b7 100644 --- a/tasks/prerequisites/setup-selinux.yml +++ b/tasks/prerequisites/setup-selinux.yml @@ -1,11 +1,13 @@ --- - name: "(Setup: SELinux) Install Required CentOS Dependencies" package: - name: policycoreutils-python, setools + name: + - policycoreutils-python + - setools state: present when: - - not ansible_os_family == "RedHat" - - not ansible_distribution_major_version == "8" + - ansible_os_family == "RedHat" + - ansible_distribution_major_version != "8" - name: "(Setup: SELinux) Install Required RHEL8 Dependencies" package: @@ -18,31 +20,31 @@ - ansible_os_family == "RedHat" - ansible_distribution_major_version == "8" -- name: "(Setup: SELinux) Check for SELinux enabled" +- name: "(Setup: SELinux) Check if SELinux is Enabled" debug: msg: "You need to enable selinux, if it was disabled you need to reboot" when: ansible_selinux is undefined -- name: "(Setup: SELinux) Permissive SELinux" +- name: "(Setup: SELinux) Setup Permissive SELinux" selinux: state: permissive policy: targeted changed_when: false when: ansible_selinux.mode == "enforcing" -- name: "(Setup: SELinux: Booleans) Allow HTTP network connection" +- name: "(Setup: SELinux) Allow HTTP Network Connection" seboolean: name: httpd_can_network_connect state: yes persistent: yes -- name: "(Setup: SELinux: Booleans) Allow HTTP relay connection" +- name: "(Setup: SELinux) Allow HTTP Relay Connection" seboolean: name: httpd_can_network_relay state: yes persistent: yes -- name: "(Setup: SELinux: Ports) Allow status ports" +- name: "(Setup: SELinux) Allow Status Ports" seport: ports: "{{ nginx_status_port }}" proto: tcp @@ -50,7 +52,7 @@ state: present when: nginx_status_port is defined -- name: "(Setup: SELinux: Ports) Allow Rest API ports" +- name: "(Setup: SELinux) Allow Rest API Ports" seport: ports: "{{ nginx_rest_api_port }}" proto: tcp @@ -58,7 +60,7 @@ state: present when: nginx_rest_api_port is defined -- name: "(Setup: SELinux: Ports) Allow Specific TCP Ports" +- name: "(Setup: SELinux) Allow Specific TCP Ports" seport: ports: "{{ nginx_selinux_tcp_ports }}" proto: tcp @@ -66,7 +68,7 @@ state: present when: nginx_selinux_tcp_ports is defined -- name: "(Setup: SELinux: Ports) Allow Specific UDP Ports" +- name: "(Setup: SELinux) Allow Specific UDP Ports" seport: ports: "{{ nginx_selinux_udp_ports }}" proto: udp @@ -74,26 +76,26 @@ state: present when: nginx_selinux_udp_ports is defined -- name: "(Setup: SELinux: Module) Create NGINX Plus Module" +- name: "(Setup: SELinux) Create NGINX Plus Module" template: src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2" dest: "{{ nginx_tempdir }}/nginx-plus-module.te" register: nginx_selinux_module -- name: "(Setup: SELinux: Module) Check NGINX Plus Module" +- name: "(Setup: SELinux) Check NGINX Plus Module" command: "checkmodule -M -m -o {{ nginx_tempdir }}/nginx-plus-module.mod {{ nginx_tempdir }}/nginx-plus-module.te" args: creates: "{{ nginx_tempdir }}/nginx-plus-module.mod" changed_when: false -- name: "(Setup: SELinux: Module) Compile NGINX Plus Module" +- name: "(Setup: SELinux) Compile NGINX Plus Module" command: "semodule_package -o {{ nginx_tempdir }}/nginx-plus-module.pp -m {{ nginx_tempdir }}/nginx-plus-module.mod" args: creates: "{{ nginx_tempdir }}/nginx-plus-module.pp" changed_when: false -- name: "(Setup: SELinux: Module) Import NGINX Plus Module" # noqa 503 - command: "semodule -i {{ nginx_tempdir }}/nginx-plus-module.pp" +- name: "(Setup: SELinux) Import NGINX Plus Module" + command: "semodule -i {{ nginx_tempdir }}/nginx-plus-module.pp" # noqa 503 changed_when: false when: nginx_selinux_module.changed @@ -102,4 +104,6 @@ state: enforcing policy: targeted changed_when: false - when: nginx_selinux_enforcing and ansible_selinux.mode == "permissive" + when: + - nginx_selinux_enforcing + - ansible_selinux.mode == "permissive" diff --git a/tasks/prerequisites/setup-systemd.yml b/tasks/prerequisites/setup-systemd.yml index d94e839..ca63ec9 100644 --- a/tasks/prerequisites/setup-systemd.yml +++ b/tasks/prerequisites/setup-systemd.yml @@ -1,11 +1,11 @@ --- -- name: "(Setup: Linux) Create override directory for NGINX systemd Service" +- name: "(Setup: Linux) Create Override Directory For NGINX Systemd Service" file: path: "{{ nginx_service_overridepath }}" state: directory mode: '0755' -- name: "(Setup: Linux) Create override for NGINX systemd Service" +- name: "(Setup: Linux) Create Override For NGINX Systemd Service" template: src: "{{ role_path }}/templates/services/nginx.service.override.conf.j2" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" @@ -17,7 +17,7 @@ - not nginx_service_custom - not nginx_service_clean -- name: "(Setup: Linux) Customize override for NGINX systemd Service" +- name: "(Setup: Linux) Customize Override For NGINX Systemd Service" copy: src: "{{ nginx_service_custom_file }}" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" @@ -29,10 +29,9 @@ - nginx_service_custom - not nginx_service_clean -- name: "(Setup: Linux) Remove override for NGINX systemd Service" +- name: "(Setup: Linux) Remove Override For NGINX Systemd Service" file: path: "{{ nginx_service_overridepath }}" state: absent notify: "(Handler: All OSs) systemd daemon-reload" - when: - - nginx_service_clean + when: nginx_service_clean