sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add experimental support for Ubuntu focal (#292)

Browse Source
This commit is contained in:
Alessandro Fael Garcia 2020-07-28 12:26:38 +02:00 committed by GitHub
parent b089b03811
commit c85368e591
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 86 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main/amplify.yml
View File

@ -1,7 +1,7 @@
--- ---
# Install NGINX Amplify. # Install NGINX Amplify.
# Use your NGINX Amplify API key. # Use your NGINX Amplify API key.
# Requires access to either the NGINX stub status or the NGINX Plus REST API. # Requires access to either the NGINX stub_status or the NGINX Plus REST API.
# Default is null. # Default is null.
nginx_amplify_enable: false nginx_amplify_enable: false
nginx_amplify_api_key: null nginx_amplify_api_key: null

7
defaults/main/template.yml
View File

@ -312,9 +312,10 @@ nginx_http_template:
# custom_options: [] # custom_options: []
# custom_options: [] # custom_options: []
# Enable NGINX status data. # Enable NGINX 'stub_status' data.
# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus. # Will enable 'stub_status' in NGINX Open Source.
# Note - 'status' has been deprecated since NGINX Plus R13. # Note - NGINX Plus 'status' has been deprecated since NGINX Plus R13.
# Use the Rest API parameter instead.
# Default is false. # Default is false.
nginx_status_enable: false nginx_status_enable: false
nginx_status_template_file: http/status.conf.j2 nginx_status_template_file: http/status.conf.j2

7
tasks/amplify/setup-debian.yml
View File

@ -3,3 +3,10 @@
apt_repository: apt_repository:
filename: nginx-amplify filename: nginx-amplify
repo: deb [arch=amd64] http://packages.amplify.nginx.com/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} amplify-agent repo: deb [arch=amd64] http://packages.amplify.nginx.com/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} amplify-agent
when: ansible_distribution_release != "focal"
- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository"
apt_repository:
filename: nginx-amplify
repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent
when: ansible_distribution_release == "focal"

4
tasks/keys/setup-keys.yml
View File

@ -4,12 +4,12 @@
when: ansible_os_family == "Alpine" when: ansible_os_family == "Alpine"
tags: nginx_apkkey tags: nginx_apkkey
- name: "(Setup: Keys) Debian" - name: "(Setup: Keys) Debian/Ubuntu"
include_tasks: "{{ role_path }}/tasks/keys/apt-key.yml" include_tasks: "{{ role_path }}/tasks/keys/apt-key.yml"
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
tags: nginx_aptkey tags: nginx_aptkey
- name: "(Setup: Keys) RedHat/Suse" - name: "(Setup: Keys) CentOS/RedHat/Suse"
include_tasks: "{{ role_path }}/tasks/keys/rpm-key.yml" include_tasks: "{{ role_path }}/tasks/keys/rpm-key.yml"
when: ansible_os_family == "RedHat" when: ansible_os_family == "RedHat"
or ansible_os_family == "Suse" or ansible_os_family == "Suse"

3
tasks/modules/install-geoip.yml
View File

@ -1,8 +1,7 @@
--- ---
- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies" - name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies"
yum: yum:
name: name: epel-release
- epel-release
when: ansible_distribution == "CentOS" when: ansible_distribution == "CentOS"
- name: "(Install: All OSs) Install NGINX Open Source GeoIP Module" - name: "(Install: All OSs) Install NGINX Open Source GeoIP Module"

21
tasks/modules/install-modules.yml
View File

@ -1,28 +1,35 @@
--- ---
- include_tasks: "{{ role_path }}/tasks/modules/install-njs.yml" - name: "(Install: All OSs) Install NGINX JavaScript Module"
include_tasks: "{{ role_path }}/tasks/modules/install-njs.yml"
when: nginx_modules.njs | default(false) when: nginx_modules.njs | default(false)
- include_tasks: "{{ role_path }}/tasks/modules/install-perl.yml" - name: "(Install: All OSs) Install NGINX Perl Module"
include_tasks: "{{ role_path }}/tasks/modules/install-perl.yml"
when: nginx_modules.perl | default(false) when: nginx_modules.perl | default(false)
- include_tasks: "{{ role_path }}/tasks/modules/install-geoip.yml" - name: "(Install: All OSs) Install NGINX GeoIP Module"
include_tasks: "{{ role_path }}/tasks/modules/install-geoip.yml"
when: when:
- nginx_modules.geoip | default(false) - nginx_modules.geoip | default(false)
- ansible_os_family != "RedHat" - ansible_os_family != "RedHat"
- ansible_distribution_major_version != "8" - ansible_distribution_major_version != "8"
- include_tasks: "{{ role_path }}/tasks/modules/install-image-filter.yml" - name: "(Install: All OSs) Install NGINX Image Filter Module"
include_tasks: "{{ role_path }}/tasks/modules/install-image-filter.yml"
when: nginx_modules.image_filter | default(false) when: nginx_modules.image_filter | default(false)
- include_tasks: "{{ role_path }}/tasks/modules/install-rtmp.yml" - name: "(Install: All OSs) Install NGINX RTMP Module"
include_tasks: "{{ role_path }}/tasks/modules/install-rtmp.yml"
when: when:
- nginx_modules.rtmp | default(false) - nginx_modules.rtmp | default(false)
- nginx_type == "plus" - nginx_type == "plus"
- include_tasks: "{{ role_path }}/tasks/modules/install-xslt.yml" - name: "(Install: All OSs) Install NGINX XSLT Module"
include_tasks: "{{ role_path }}/tasks/modules/install-xslt.yml"
when: nginx_modules.xslt | default(false) when: nginx_modules.xslt | default(false)
- include_tasks: "{{ role_path }}/tasks/modules/install-waf.yml" - name: "(Install: All OSs) Install NGINX WAF Module"
include_tasks: "{{ role_path }}/tasks/modules/install-waf.yml"
when: when:
- nginx_modules.waf | default(false) - nginx_modules.waf | default(false)
- nginx_type == "plus" - nginx_type == "plus"

40
tasks/opensource/install-oss-bsd.yml
View File

@ -1,7 +1,6 @@
--- ---
- name: "(Install: FreeBSD) Update ports" - name: "(Install: FreeBSD) Update Ports"
block: block:
- name: "(Install: FreeBSD) Fetch Ports" - name: "(Install: FreeBSD) Fetch Ports"
command: portsnap fetch --interactive command: portsnap fetch --interactive
args: args:
@ -11,35 +10,31 @@
command: portsnap extract command: portsnap extract
args: args:
creates: /usr/ports creates: /usr/ports
when: when:
- ansible_system == 'FreeBSD' - ansible_system == "FreeBSD"
- nginx_bsd_update_ports - nginx_bsd_update_ports
- name: "(Install: FreeBSD)" - name: "(Install: FreeBSD)"
block: block:
- name: "(Install: FreeBSD) Install NGINX Package"
- name: "(Install: FreeBSD) Install NGINX package"
pkgng: pkgng:
name: "www/nginx{{ nginx_version | default('') }}" name: "www/nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
when: nginx_bsd_install_packages when: nginx_bsd_install_packages
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: FreeBSD) Install NGINX port" - name: "(Install: FreeBSD) Install NGINX Port"
portinstall: portinstall:
name: "www/nginx{{ nginx_version | default('') }}" name: "www/nginx{{ nginx_version | default('') }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}" use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages when: not nginx_bsd_install_packages
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
when: ansible_system == "FreeBSD"
when: ansible_system == 'FreeBSD'
- name: "(Install: OpenBSD)" - name: "(Install: OpenBSD)"
block: block:
- name: "(Install: OpenBSD) Install NGINX Package"
- name: "(Install: OpenBSD) Install NGINX package"
openbsd_pkg: openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
build: false build: false
@ -47,35 +42,31 @@
when: nginx_bsd_install_packages when: nginx_bsd_install_packages
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: OpenBSD) Install NGINX port" - name: "(Install: OpenBSD) Install NGINX Port"
openbsd_pkg: openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
build: true build: true
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages when: not nginx_bsd_install_packages
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
when: ansible_system == "OpenBSD"
when: ansible_system == 'OpenBSD'
- name: "(Install: NetBSD)" - name: "(Install: NetBSD)"
block: block:
- name: "(Install: NetBSD) Install NGINX Package"
- name: "(Install: NetBSD) Install NGINX package"
command: "pkg_add www/nginx{{ nginx_version | default('') }}" command: "pkg_add www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages when: nginx_bsd_install_packages
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: NetBSD) Install NGINX port" - name: "(Install: NetBSD) Install NGINX Port"
fail: fail:
msg: "{{ ansible_system }} Install NGINX port not implemented." msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages when: not nginx_bsd_install_packages
when: ansible_system == "NetBSD"
when: ansible_system == 'NetBSD'
- name: "(Install: DragonFlyBSD)" - name: "(Install: DragonFlyBSD)"
block: block:
- name: "(Install: DragonFlyBSD) Install NGINX Package"
- name: "(Install: DragonFlyBSD) Install NGINX package"
command: "pkg install www/nginx{{ nginx_version | default('') }}" command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages when: nginx_bsd_install_packages
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
@ -84,12 +75,10 @@
fail: fail:
msg: "{{ ansible_system }} Install NGINX port not implemented." msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages when: not nginx_bsd_install_packages
when: ansible_system == "DragonFlyBSD"
when: ansible_system == 'DragonFlyBSD'
- name: "(Install: HardenedBSD)" - name: "(Install: HardenedBSD)"
block: block:
- name: "(Install: HardenedBSD) Install NGINX package" - name: "(Install: HardenedBSD) Install NGINX package"
command: "pkg install www/nginx{{ nginx_version | default('') }}" command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages when: nginx_bsd_install_packages
@ -99,5 +88,4 @@
fail: fail:
msg: "{{ ansible_system }} Install NGINX port not implemented." msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages when: not nginx_bsd_install_packages
when: ansible_system == "HardenedBSD"
when: ansible_system == 'HardenedBSD'

8
tasks/opensource/install-oss-linux.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: "(Install: Linux) Configure NGINX repo" - name: "(Install: Linux) Configure NGINX Repository"
include_tasks: "{{ role_path }}/tasks/opensource/setup-{{ ansible_os_family | lower }}.yml" include_tasks: "{{ role_path }}/tasks/opensource/setup-{{ ansible_os_family | lower }}.yml"
when: when:
- ansible_os_family == "Alpine" - ansible_os_family == "Alpine"
@ -8,17 +8,17 @@
or ansible_os_family == "Suse" or ansible_os_family == "Suse"
- nginx_install_from == "nginx_repository" - nginx_install_from == "nginx_repository"
- name: "(Install: Linux) Modify Service for Systemd" - name: "(Install: Linux) Modify Service For Systemd"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml" include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
when: when:
- ansible_service_mgr == "systemd" - ansible_service_mgr == "systemd"
- nginx_service_modify - nginx_service_modify
- name: "(Install: Linux) Install NGINX from source" - name: "(Install: Linux) Install NGINX From Source"
include_tasks: "{{ role_path }}/tasks/opensource/setup-source.yml" include_tasks: "{{ role_path }}/tasks/opensource/setup-source.yml"
when: nginx_install_from == "source" when: nginx_install_from == "source"
- name: "(Install: Linux) Install NGINX package" - name: "(Install: Linux) Install NGINX Package"
package: package:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"

22
tasks/opensource/setup-source.yml
View File

@ -68,7 +68,7 @@
update_cache: true update_cache: true
when: ansible_os_family == "Alpine" when: ansible_os_family == "Alpine"
- name: "(Install: Alpine) Enable openrc" - name: "(Install: Alpine) Enable OpenRC"
copy: copy:
content: "" content: ""
dest: /run/openrc/softlevel dest: /run/openrc/softlevel
@ -85,12 +85,12 @@
path: /tmp/{{ pcre_version }} path: /tmp/{{ pcre_version }}
register: pcre_result register: pcre_result
- name: "(Install: Linux) Check For zlib Install" - name: "(Install: Linux) Check For ZLib Install"
stat: stat:
path: /tmp/{{ zlib_version }} path: /tmp/{{ zlib_version }}
register: zlib_result register: zlib_result
- name: "(Install: Linux) Check For openssl Install" - name: "(Install: Linux) Check For OpenSSL Install"
stat: stat:
path: /tmp/{{ openssl_version }} path: /tmp/{{ openssl_version }}
register: openssl_result register: openssl_result
@ -152,7 +152,7 @@
- not pcre_result.stat.exists - not pcre_result.stat.exists
- not nginx_install_source_pcre - not nginx_install_source_pcre
- name: "(Install: Centos/RHEL) Install zlib Dependency From Package" - name: "(Install: Centos/RHEL) Install ZLib Dependency From Package"
yum: yum:
name: zlib-devel name: zlib-devel
update_cache: true update_cache: true
@ -160,7 +160,7 @@
- nginx_install_source_zlib - nginx_install_source_zlib
- ansible_os_family == "RedHat" - ansible_os_family == "RedHat"
- name: "(Install: Debian/Ubuntu) Install zlib Dependency From Package" - name: "(Install: Debian/Ubuntu) Install ZLib Dependency From Package"
apt: apt:
name: zlib1g-dev name: zlib1g-dev
update_cache: true update_cache: true
@ -168,7 +168,7 @@
- nginx_install_source_zlib - nginx_install_source_zlib
- ansible_os_family == "Debian" - ansible_os_family == "Debian"
- name: "(Install: Alpine) Install zlib Dependency From Package" - name: "(Install: Alpine) Install ZLib Dependency From Package"
apk: apk:
name: zlib-dev name: zlib-dev
update_cache: true update_cache: true
@ -176,15 +176,15 @@
- nginx_install_source_zlib - nginx_install_source_zlib
- ansible_os_family == "Alpine" - ansible_os_family == "Alpine"
- name: "(Install: Linux) Install zlib Dependency From Source" - name: "(Install: Linux) Install ZLib Dependency From Source"
block: block:
- name: "(Install: Linux) Download zlib Dependency" - name: "(Install: Linux) Download ZLib Dependency"
get_url: get_url:
url: "http://zlib.net/{{ zlib_version }}.tar.gz" url: "http://zlib.net/{{ zlib_version }}.tar.gz"
dest: "/tmp/{{ zlib_version }}.tar.gz" dest: "/tmp/{{ zlib_version }}.tar.gz"
register: zlib_source register: zlib_source
- name: "(Install: Linux) Unpack zlib Dependency" - name: "(Install: Linux) Unpack ZLib Dependency"
unarchive: unarchive:
copy: no copy: no
dest: /tmp/ dest: /tmp/
@ -197,11 +197,11 @@
chdir: "/tmp/{{ zlib_version }}" chdir: "/tmp/{{ zlib_version }}"
register: zlib_configure register: zlib_configure
- name: "(Install: Linux) Make zlib Dependency" - name: "(Install: Linux) Make ZLib Dependency"
make: make:
chdir: "/tmp/{{ zlib_version }}" chdir: "/tmp/{{ zlib_version }}"
- name: "(Install: Linux) Install zlib Dependency" - name: "(Install: Linux) Install ZLib Dependency"
make: make:
chdir: "/tmp/{{ zlib_version }}" chdir: "/tmp/{{ zlib_version }}"
target: install target: install

7
tasks/prerequisites/setup-freebsd.yml
View File

@ -1,17 +1,14 @@
--- ---
- name: "(Setup: FreeBSD) Install Required Dependencies" - name: "(Setup: FreeBSD) Install Required Dependencies"
block: block:
- name: "(Setup: FreeBSD) Install Extra Package(s)" - name: "(Setup: FreeBSD) Install Extra Package(s)"
pkgng: pkgng:
name: "{{ nginx_freebsd_extra_packages }}" name: "{{ nginx_freebsd_extra_packages }}"
state: present when: nginx_bsd_install_packages | bool
when: nginx_bsd_install_packages|bool
- name: "(Setup: FreeBSD) Install Extra Port(s)" - name: "(Setup: FreeBSD) Install Extra Port(s)"
portinstall: portinstall:
name: "{{ item }}" name: "{{ item }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}" use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
state: present
loop: "{{ nginx_freebsd_extra_packages }}" loop: "{{ nginx_freebsd_extra_packages }}"
when: not nginx_bsd_install_packages|bool when: not nginx_bsd_install_packages | bool

38
tasks/prerequisites/setup-selinux.yml
View File

@ -1,11 +1,13 @@
--- ---
- name: "(Setup: SELinux) Install Required CentOS Dependencies" - name: "(Setup: SELinux) Install Required CentOS Dependencies"
package: package:
name: policycoreutils-python, setools name:
- policycoreutils-python
- setools
state: present state: present
when: when:
- not ansible_os_family == "RedHat" - ansible_os_family == "RedHat"
- not ansible_distribution_major_version == "8" - ansible_distribution_major_version != "8"
- name: "(Setup: SELinux) Install Required RHEL8 Dependencies" - name: "(Setup: SELinux) Install Required RHEL8 Dependencies"
package: package:
@ -18,31 +20,31 @@
- ansible_os_family == "RedHat" - ansible_os_family == "RedHat"
- ansible_distribution_major_version == "8" - ansible_distribution_major_version == "8"
- name: "(Setup: SELinux) Check for SELinux enabled" - name: "(Setup: SELinux) Check if SELinux is Enabled"
debug: debug:
msg: "You need to enable selinux, if it was disabled you need to reboot" msg: "You need to enable selinux, if it was disabled you need to reboot"
when: ansible_selinux is undefined when: ansible_selinux is undefined
- name: "(Setup: SELinux) Permissive SELinux" - name: "(Setup: SELinux) Setup Permissive SELinux"
selinux: selinux:
state: permissive state: permissive
policy: targeted policy: targeted
changed_when: false changed_when: false
when: ansible_selinux.mode == "enforcing" when: ansible_selinux.mode == "enforcing"
- name: "(Setup: SELinux: Booleans) Allow HTTP network connection" - name: "(Setup: SELinux) Allow HTTP Network Connection"
seboolean: seboolean:
name: httpd_can_network_connect name: httpd_can_network_connect
state: yes state: yes
persistent: yes persistent: yes
- name: "(Setup: SELinux: Booleans) Allow HTTP relay connection" - name: "(Setup: SELinux) Allow HTTP Relay Connection"
seboolean: seboolean:
name: httpd_can_network_relay name: httpd_can_network_relay
state: yes state: yes
persistent: yes persistent: yes
- name: "(Setup: SELinux: Ports) Allow status ports" - name: "(Setup: SELinux) Allow Status Ports"
seport: seport:
ports: "{{ nginx_status_port }}" ports: "{{ nginx_status_port }}"
proto: tcp proto: tcp
@ -50,7 +52,7 @@
state: present state: present
when: nginx_status_port is defined when: nginx_status_port is defined
- name: "(Setup: SELinux: Ports) Allow Rest API ports" - name: "(Setup: SELinux) Allow Rest API Ports"
seport: seport:
ports: "{{ nginx_rest_api_port }}" ports: "{{ nginx_rest_api_port }}"
proto: tcp proto: tcp
@ -58,7 +60,7 @@
state: present state: present
when: nginx_rest_api_port is defined when: nginx_rest_api_port is defined
- name: "(Setup: SELinux: Ports) Allow Specific TCP Ports" - name: "(Setup: SELinux) Allow Specific TCP Ports"
seport: seport:
ports: "{{ nginx_selinux_tcp_ports }}" ports: "{{ nginx_selinux_tcp_ports }}"
proto: tcp proto: tcp
@ -66,7 +68,7 @@
state: present state: present
when: nginx_selinux_tcp_ports is defined when: nginx_selinux_tcp_ports is defined
- name: "(Setup: SELinux: Ports) Allow Specific UDP Ports" - name: "(Setup: SELinux) Allow Specific UDP Ports"
seport: seport:
ports: "{{ nginx_selinux_udp_ports }}" ports: "{{ nginx_selinux_udp_ports }}"
proto: udp proto: udp
@ -74,26 +76,26 @@
state: present state: present
when: nginx_selinux_udp_ports is defined when: nginx_selinux_udp_ports is defined
- name: "(Setup: SELinux: Module) Create NGINX Plus Module" - name: "(Setup: SELinux) Create NGINX Plus Module"
template: template:
src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2" src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2"
dest: "{{ nginx_tempdir }}/nginx-plus-module.te" dest: "{{ nginx_tempdir }}/nginx-plus-module.te"
register: nginx_selinux_module register: nginx_selinux_module
- name: "(Setup: SELinux: Module) Check NGINX Plus Module" - name: "(Setup: SELinux) Check NGINX Plus Module"
command: "checkmodule -M -m -o {{ nginx_tempdir }}/nginx-plus-module.mod {{ nginx_tempdir }}/nginx-plus-module.te" command: "checkmodule -M -m -o {{ nginx_tempdir }}/nginx-plus-module.mod {{ nginx_tempdir }}/nginx-plus-module.te"
args: args:
creates: "{{ nginx_tempdir }}/nginx-plus-module.mod" creates: "{{ nginx_tempdir }}/nginx-plus-module.mod"
changed_when: false changed_when: false
- name: "(Setup: SELinux: Module) Compile NGINX Plus Module" - name: "(Setup: SELinux) Compile NGINX Plus Module"
command: "semodule_package -o {{ nginx_tempdir }}/nginx-plus-module.pp -m {{ nginx_tempdir }}/nginx-plus-module.mod" command: "semodule_package -o {{ nginx_tempdir }}/nginx-plus-module.pp -m {{ nginx_tempdir }}/nginx-plus-module.mod"
args: args:
creates: "{{ nginx_tempdir }}/nginx-plus-module.pp" creates: "{{ nginx_tempdir }}/nginx-plus-module.pp"
changed_when: false changed_when: false
- name: "(Setup: SELinux: Module) Import NGINX Plus Module" # noqa 503 - name: "(Setup: SELinux) Import NGINX Plus Module"
command: "semodule -i {{ nginx_tempdir }}/nginx-plus-module.pp" command: "semodule -i {{ nginx_tempdir }}/nginx-plus-module.pp" # noqa 503
changed_when: false changed_when: false
when: nginx_selinux_module.changed when: nginx_selinux_module.changed
@ -102,4 +104,6 @@
state: enforcing state: enforcing
policy: targeted policy: targeted
changed_when: false changed_when: false
when: nginx_selinux_enforcing and ansible_selinux.mode == "permissive" when:
- nginx_selinux_enforcing
- ansible_selinux.mode == "permissive"

11
tasks/prerequisites/setup-systemd.yml
View File

@ -1,11 +1,11 @@
--- ---
- name: "(Setup: Linux) Create override directory for NGINX systemd Service" - name: "(Setup: Linux) Create Override Directory For NGINX Systemd Service"
file: file:
path: "{{ nginx_service_overridepath }}" path: "{{ nginx_service_overridepath }}"
state: directory state: directory
mode: '0755' mode: '0755'
- name: "(Setup: Linux) Create override for NGINX systemd Service" - name: "(Setup: Linux) Create Override For NGINX Systemd Service"
template: template:
src: "{{ role_path }}/templates/services/nginx.service.override.conf.j2" src: "{{ role_path }}/templates/services/nginx.service.override.conf.j2"
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
@ -17,7 +17,7 @@
- not nginx_service_custom - not nginx_service_custom
- not nginx_service_clean - not nginx_service_clean
- name: "(Setup: Linux) Customize override for NGINX systemd Service" - name: "(Setup: Linux) Customize Override For NGINX Systemd Service"
copy: copy:
src: "{{ nginx_service_custom_file }}" src: "{{ nginx_service_custom_file }}"
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
@ -29,10 +29,9 @@
- nginx_service_custom - nginx_service_custom
- not nginx_service_clean - not nginx_service_clean
- name: "(Setup: Linux) Remove override for NGINX systemd Service" - name: "(Setup: Linux) Remove Override For NGINX Systemd Service"
file: file:
path: "{{ nginx_service_overridepath }}" path: "{{ nginx_service_overridepath }}"
state: absent state: absent
notify: "(Handler: All OSs) systemd daemon-reload" notify: "(Handler: All OSs) systemd daemon-reload"
when: when: nginx_service_clean
- nginx_service_clean