Initial role commit

README.md

@@ -0,0 +1,156 @@
+Ansible NGINX Role
+==================
+
+[![Ansible Galaxy](https://img.shields.io/badge/galaxy-nginxinc.nginx-5bbdbf.svg)](https://galaxy.ansible.com/nginxinc/nginx)
+[![Build Status](https://travis-ci.org/nginxinc/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/nginxinc/ansible-role-nginx)
+
+This role installs open source NGINX or NGINX Plus on your target host.
+
+Requirements
+------------
+
+This role was developed using Ansible 2.4.0.0. Backwards compatibility is not guaranteed.
+
+Use `ansible-galaxy install nginxinc.nginx` to install the role on your system.
+
+It supports all platforms supported by [open source NGINX](https://nginx.org/en/linux_packages.html#mainline) and [NGINX Plus](https://www.nginx.com/products/technical-specs/):
+
+Open Source NGINX:
+
+    CentOS:
+      versions:
+        - 6
+        - 7
+    RedHat:
+      versions:
+        - 6
+        - 7
+    Debian:
+      versions:
+        - jessie
+        - stretch
+    Ubuntu:
+      versions:
+        - trusty
+        - xenial
+        - zesty
+    SUSE/SLES:
+      versions:
+        - 12
+
+NGINX Plus:
+
+    CentOS:
+      versions:
+        - 6
+        - 7
+    RedHat:
+      versions:
+        - 6
+        - 7
+    Debian:
+      versions:
+        - wheezy
+        - jessie
+        - stretch
+    Ubuntu:
+      versions:
+        - trusty
+        - xenial
+        - zesty
+    SUSE/SLES:
+      versions:
+        - 12
+    FreeBSD:
+      versions:
+        - 10.3
+        - 11
+    OracleLinux:
+      versions:
+        - 6.5
+        - 7
+    Amazon Linux:
+      versions:
+        - 2016.09
+
+Role Variables
+--------------
+
+This role has multiple variables. The defaults for all these variables are the following:
+
+    # Specify which version of NGINX you want to install.
+    # Options are 'opensource' or 'plus'.
+    # Default is 'opensource'.
+    type: opensource
+    # Specify which branch of Open Source NGINX you want to install.
+    # Options are 'mainline' or 'stable'.
+    # Default is stable.
+    branch: mainline
+    # Install nginscript module.
+    # Default is false.
+    njs: false
+    # Install Perl module.
+    # Default is false.
+    perl: false
+    # Install NGINX Amplify.
+    # Use your NGINX Amplify API key.
+    # Default is null.
+    amplify: null
+    # Enable NGINX status data.
+    # Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus.
+    # Default is false.
+    status: false
+    # Location of your NGINX Plus license in your local machine.
+    license:
+      certificate: ~/.ssh/ngx-certs/nginx-repo.crt
+      key: ~/.ssh/ngx-certs/nginx-repo.key
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and installing the open source version of NGINX.
+
+    ---
+    - hosts: localhost
+      become: true
+      roles:
+        - role: nginxinc.nginx
+
+This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and installing NGINX Plus.
+
+    ---
+    - hosts: localhost
+      become: true
+      roles:
+        - role: nginxinc.nginx
+      vars:
+        - type: plus
+
+This is a sample playbook file for deploying the Ansible Galaxy NGINX role to a dynamic inventory containing the `nginx` tag.
+
+    ---
+    - hosts: tag_nginx
+      remote_user: root
+      roles:
+        - role: nginxinc.nginx
+
+To run any of the above sample playbooks create a `setup-nginx.yml` file and paste the contents. Executing the Ansible Playbook is then as simple as executing `ansible-playbook setup-nginx.yml`.
+
+Alternatively, you can also clone this repository instead of installing it from Ansible Galaxy. If you decide to do so, replace the role variable in the previous sample playbooks from `nginxinc.nginx` to `ansible-role-nginx`.
+
+License
+-------
+
+[Apache License, Version 2.0](https://github.com/nginxinc/ansible-role-nginx/blob/master/LICENSE)
+
+Author Information
+------------------
+
+Alessandro Fael Garcia
+
+[NGINX Inc](https://www.nginx.com/)

defaults/main.yml

@@ -0,0 +1,27 @@
+---
+# Specify which version of NGINX you want to install.
+# Options are 'opensource' or 'plus'.
+# Default is 'opensource'.
+type: opensource
+# Specify which branch of Open Source NGINX you want to install.
+# Options are 'mainline' or 'stable'.
+# Default is stable.
+branch: mainline
+# Install nginscript module.
+# Default is false.
+njs: false
+# Install Perl module.
+# Default is false.
+perl: false
+# Install NGINX Amplify.
+# Use your NGINX Amplify API key.
+# Default is null.
+amplify: null
+# Enable NGINX status data.
+# Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus.
+# Default is false.
+status: false
+# Location of your NGINX Plus license in your local machine.
+license:
+  certificate: ~/.ssh/ngx-certs/nginx-repo.crt
+  key: ~/.ssh/ngx-certs/nginx-repo.key

handlers/main.yml

@@ -0,0 +1,12 @@
+---
+# Start NGINX
+- name: "(All OSs) Start NGINX"
+  service:
+    name: nginx
+    state: started
+
+# Reload NGINX
+- name: "(All OSs) Reload NGINX"
+  service:
+    name: nginx
+    state: reloaded

meta/main.yml

@@ -0,0 +1,38 @@
+galaxy_info:
+  author: Alessandro Fael Garcia
+  description: Ansible role for NGINX
+  company: NGINX Inc
+
+  license: Apache License, Version 2.0
+
+  min_ansible_version: 2.4.0.0
+
+  platforms:
+  - name: Debian
+    versions:
+      - wheezy
+      - jessie
+      - stretch
+  - name: Ubuntu
+    versions:
+      - precise
+      - trusty
+      - xenial
+      - yakkety
+  - name: EL
+    versions:
+      - 6
+      - 7
+  - name: SLES
+    versions:
+      - 12
+
+  galaxy_tags:
+    - nginx
+    - amplify
+    - oss
+    - plus
+    - web
+    - server
+
+dependencies: []

tasks/amplify/install-amplify.yml

@@ -0,0 +1,10 @@
+---
+- import_tasks: ../conf/nginx-status.yml
+
+- name: "(All OSs) Download NGINX Amplify Script"
+  get_url:
+    url: https://github.com/nginxinc/nginx-amplify-agent/raw/master/packages/install.sh
+    dest: /tmp/install.sh
+
+- name: "(All OSs) Install NGINX Amplify"
+  shell: API_KEY='{{ amplify }}' sh /tmp/install.sh -y

tasks/conf/nginx-status.yml

@@ -0,0 +1,34 @@
+---
+- name: "(All OSs) Enable Open Source NGINX Status"
+  blockinfile:
+    path: /etc/nginx/conf.d/stub_status.conf
+    create: yes
+    block: |
+      server {
+        listen 127.0.0.1:80;
+        server_name 127.0.0.1;
+        location /nginx_status {
+            stub_status on;
+            allow 127.0.0.1;
+            deny all;
+        }
+      }
+  when: type == "opensource"
+  notify: "(All OSs) Reload NGINX"
+
+- name: "(All OSs) Enable NGINX Plus Status"
+  blockinfile:
+    path: /etc/nginx/conf.d/status.conf
+    create: yes
+    block: |
+      server {
+        listen 127.0.0.1:80;
+        server_name 127.0.0.1;
+        location /status {
+            status;
+            allow 127.0.0.1;
+            deny all;
+        }
+      }
+  when: type == "plus"
+  notify: "(All OSs) Reload NGINX"

tasks/keys/apt-key.yml

@@ -0,0 +1,5 @@
+---
+- name: "(APT OSs) Add APT NGINX Signing Key"
+  apt_key:
+    id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
+    keyserver: ha.pool.sks-keyservers.net

tasks/keys/rpm-key.yml

@@ -0,0 +1,4 @@
+---
+- name: "(RPM OSs) Add RPM NGINX Signing Key"
+  rpm_key:
+    key: http://nginx.org/keys/nginx_signing.key

tasks/main.yml

@@ -0,0 +1,18 @@
+---
+- import_tasks: keys/apt-key.yml
+  when: ansible_os_family == "Debian"
+
+- import_tasks: keys/rpm-key.yml
+  when: ansible_os_family == "RedHat" or ansible_os_family == "Suse"
+
+- import_tasks: opensource/install-oss.yml
+  when: type == "opensource"
+
+- import_tasks: plus/install-plus.yml
+  when: type == "plus"
+
+- import_tasks: conf/nginx-status.yml
+  when: status
+
+- import_tasks: amplify/install-amplify.yml
+  when: amplify is defined and amplify

tasks/opensource/install-oss.yml

@@ -0,0 +1,27 @@
+---
+- import_tasks: setup-debian.yml
+  when: ansible_os_family == "Debian"
+
+- import_tasks: setup-redhat.yml
+  when: ansible_os_family == "RedHat"
+
+- import_tasks: setup-suse.yml
+  when: ansible_os_family == "Suse"
+
+- name: "(All OSs) Install NGINX"
+  package:
+    name: nginx
+    state: present
+  notify: "(All OSs) Start NGINX"
+
+- name: "(All OSs) Install NGINX NJS Module"
+  package:
+    name: nginx-module-njs
+    state: present
+  when: njs
+
+- name: "(All OSs) Install NGINX Perl Module"
+  package:
+    name: nginx-module-perl
+    state: present
+  when: perl

tasks/opensource/setup-debian.yml

@@ -0,0 +1,16 @@
+---
+- name: "(Debian/Ubuntu) Add Mainline NGINX Repository"
+  apt_repository:
+    repo: "{{ item }}"
+  with_items:
+    - deb https://nginx.org/packages/mainline/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
+    - deb-src https://nginx.org/packages/mainline/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
+  when: branch == "mainline"
+
+- name: "(Debian/Ubuntu) Add Stable NGINX Repository"
+  apt_repository:
+    repo: "{{ item }}"
+  with_items:
+    - deb https://nginx.org/packages/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
+    - deb-src https://nginx.org/packages/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
+  when: branch == "stable"

tasks/opensource/setup-redhat.yml

@@ -0,0 +1,24 @@
+---
+- name: "(CentOS/RedHat) Add Mainline NGINX Repository"
+  yum_repository:
+    name: nginx
+    baseurl: https://nginx.org/packages/mainline/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/
+    description: NGINX Repository
+    enabled: yes
+    gpgcheck: yes
+  with_items:
+    - centos
+    - rhel
+  when: branch == "mainline"
+
+- name: "(CentOS/RedHat) Add Stable NGINX Repository"
+  yum_repository:
+    name: nginx
+    baseurl: https://nginx.org/packages/mainline/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/
+    description: NGINX Repository
+    enabled: yes
+    gpgcheck: yes
+  with_items:
+    - centos
+    - rhel
+  when: branch == "stable"

tasks/opensource/setup-suse.yml

@@ -0,0 +1,12 @@
+---
+- name: "(SUSE) Add Mainline NGINX Repository"
+  zypper_repository:
+    name: nginx
+    repo: https://nginx.org/packages/mainline/sles/12
+  when: branch == "mainline"
+
+- name: "(SUSE) Add Stable NGINX Repository"
+  zypper_repository:
+    name: nginx
+    repo: https://nginx.org/packages/sles/12
+  when: branch == "stable"

tasks/plus/install-plus.yml

@@ -0,0 +1,32 @@
+---
+- import_tasks: setup-license.yml
+
+- import_tasks: setup-debian.yml
+  when: ansible_os_family == "Debian"
+
+- import_tasks: setup-redhat.yml
+  when: ansible_os_family == "RedHat"
+
+- import_tasks: setup-suse.yml
+  when: ansible_os_family == "Suse"
+
+- import_tasks: setup-freebsd.yml
+  when: ansible_os_family == "FreeBSD"
+
+- name: "(All OSs) Install NGINX Plus"
+  package:
+    name: nginx-plus
+    state: present
+  notify: "(All OSs) Start NGINX"
+
+- name: "(All OSs) Install NGINX NJS Module"
+  package:
+    name: nginx-plus-module-njs
+    state: present
+  when: njs
+
+- name: "(All OSs) Install NGINX Perl Module"
+  package:
+    name: nginx-plus-module-perl
+    state: present
+  when: perl

tasks/plus/setup-debian.yml

@@ -0,0 +1,12 @@
+---
+- name: "(Debian/Ubuntu) Add NGINX Plus Repository"
+  shell: printf "deb https://plus-pkgs.nginx.com/{{ ansible_distribution|lower }} `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-plus.list
+
+- name: "(Debian/Ubuntu) Verify NGINX Plus License"
+  get_url:
+    url: https://cs.nginx.com/static/files/90nginx
+    dest: /etc/apt/apt.conf.d/90nginx
+
+- name: "(Debian/Ubuntu) Update APT Cache"
+  apt:
+    update_cache: yes

tasks/plus/setup-freebsd.yml

@@ -0,0 +1,13 @@
+---
+- name: "(FreeBSD) Add NGINX Plus Repository"
+  get_url:
+    url: https://cs.nginx.com/static/files/nginx-plus.conf
+    dest: /etc/pkg/nginx-plus.conf
+
+- name: "(FreeBSD) Verify NGINX Plus License"
+  blockinfile:
+    path: /usr/local/etc/pkg.conf
+    block: |
+      PKG_ENV: { SSL_NO_VERIFY_PEER: "1",
+      SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt",
+      SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" }

tasks/plus/setup-license.yml

@@ -0,0 +1,13 @@
+---
+- name: "(All OSs) Create SSL directory"
+  file:
+    path: /etc/ssl/nginx
+    state: directory
+
+- name: "(All OSs) Copy NGINX Plus Certificate and License Key"
+  copy:
+    src: "{{ item }}"
+    dest: /etc/ssl/nginx
+  with_items:
+    - "{{ license.certificate }}"
+    - "{{ license.key }}"

tasks/plus/setup-redhat.yml

@@ -0,0 +1,25 @@
+---
+- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
+  set_fact:
+    version: "6"
+  when: ansible_distribution_major_version|int == 6
+
+- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
+  set_fact:
+    version: "7"
+  when: ansible_distribution_major_version|int >= 7 and ansible_distribution_major_version|int <= 7.3
+
+- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
+  set_fact:
+    version: "7.4"
+  when: ansible_distribution_major_version|int == 7.4
+
+- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
+  set_fact:
+    version: "amazon"
+  when: ansible_distribution == "Amazon"
+
+- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Add NGINX Plus Repository"
+  get_url:
+    url: https://cs.nginx.com/static/files/nginx-plus-{{ version }}.repo
+    dest: /etc/yum.repos.d/nginx-plus-{{ version }}.repo

tasks/plus/setup-suse.yml

@@ -0,0 +1,8 @@
+---
+- name: "(SUSE) Combine NGINX Plus Certificate and License Keys"
+  shell: cat /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key > /etc/ssl/nginx/nginx-repo-bundle.crt
+
+- name: "(SUSE) Add NGINX Plus Repository"
+  zypper_repository:
+    name: nginx-plus
+    repo: https://plus-pkgs.nginx.com/sles/12?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host

tests/inventory

@@ -0,0 +1 @@
+localhost

tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - ansible-role-nginx

vars/main.yml

@@ -0,0 +1 @@
+---