diff --git a/README.md b/README.md new file mode 100644 index 0000000..f6605ab --- /dev/null +++ b/README.md @@ -0,0 +1,156 @@ +Ansible NGINX Role +================== + +[![Ansible Galaxy](https://img.shields.io/badge/galaxy-nginxinc.nginx-5bbdbf.svg)](https://galaxy.ansible.com/nginxinc/nginx) +[![Build Status](https://travis-ci.org/nginxinc/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/nginxinc/ansible-role-nginx) + +This role installs open source NGINX or NGINX Plus on your target host. + +Requirements +------------ + +This role was developed using Ansible 2.4.0.0. Backwards compatibility is not guaranteed. + +Use `ansible-galaxy install nginxinc.nginx` to install the role on your system. + +It supports all platforms supported by [open source NGINX](https://nginx.org/en/linux_packages.html#mainline) and [NGINX Plus](https://www.nginx.com/products/technical-specs/): + +Open Source NGINX: + + CentOS: + versions: + - 6 + - 7 + RedHat: + versions: + - 6 + - 7 + Debian: + versions: + - jessie + - stretch + Ubuntu: + versions: + - trusty + - xenial + - zesty + SUSE/SLES: + versions: + - 12 + +NGINX Plus: + + CentOS: + versions: + - 6 + - 7 + RedHat: + versions: + - 6 + - 7 + Debian: + versions: + - wheezy + - jessie + - stretch + Ubuntu: + versions: + - trusty + - xenial + - zesty + SUSE/SLES: + versions: + - 12 + FreeBSD: + versions: + - 10.3 + - 11 + OracleLinux: + versions: + - 6.5 + - 7 + Amazon Linux: + versions: + - 2016.09 + +Role Variables +-------------- + +This role has multiple variables. The defaults for all these variables are the following: + + # Specify which version of NGINX you want to install. + # Options are 'opensource' or 'plus'. + # Default is 'opensource'. + type: opensource + # Specify which branch of Open Source NGINX you want to install. + # Options are 'mainline' or 'stable'. + # Default is stable. + branch: mainline + # Install nginscript module. + # Default is false. + njs: false + # Install Perl module. + # Default is false. + perl: false + # Install NGINX Amplify. + # Use your NGINX Amplify API key. + # Default is null. + amplify: null + # Enable NGINX status data. + # Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus. + # Default is false. + status: false + # Location of your NGINX Plus license in your local machine. + license: + certificate: ~/.ssh/ngx-certs/nginx-repo.crt + key: ~/.ssh/ngx-certs/nginx-repo.key + +Dependencies +------------ + +None + +Example Playbook +---------------- + +This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and installing the open source version of NGINX. + + --- + - hosts: localhost + become: true + roles: + - role: nginxinc.nginx + +This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and installing NGINX Plus. + + --- + - hosts: localhost + become: true + roles: + - role: nginxinc.nginx + vars: + - type: plus + +This is a sample playbook file for deploying the Ansible Galaxy NGINX role to a dynamic inventory containing the `nginx` tag. + + --- + - hosts: tag_nginx + remote_user: root + roles: + - role: nginxinc.nginx + +To run any of the above sample playbooks create a `setup-nginx.yml` file and paste the contents. Executing the Ansible Playbook is then as simple as executing `ansible-playbook setup-nginx.yml`. + +Alternatively, you can also clone this repository instead of installing it from Ansible Galaxy. If you decide to do so, replace the role variable in the previous sample playbooks from `nginxinc.nginx` to `ansible-role-nginx`. + +License +------- + +[Apache License, Version 2.0](https://github.com/nginxinc/ansible-role-nginx/blob/master/LICENSE) + +Author Information +------------------ + +Alessandro Fael Garcia + +[NGINX Inc](https://www.nginx.com/) diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..acbeb01 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,27 @@ +--- +# Specify which version of NGINX you want to install. +# Options are 'opensource' or 'plus'. +# Default is 'opensource'. +type: opensource +# Specify which branch of Open Source NGINX you want to install. +# Options are 'mainline' or 'stable'. +# Default is stable. +branch: mainline +# Install nginscript module. +# Default is false. +njs: false +# Install Perl module. +# Default is false. +perl: false +# Install NGINX Amplify. +# Use your NGINX Amplify API key. +# Default is null. +amplify: null +# Enable NGINX status data. +# Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus. +# Default is false. +status: false +# Location of your NGINX Plus license in your local machine. +license: + certificate: ~/.ssh/ngx-certs/nginx-repo.crt + key: ~/.ssh/ngx-certs/nginx-repo.key diff --git a/files/.gitkeep b/files/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..67ab275 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,12 @@ +--- +# Start NGINX +- name: "(All OSs) Start NGINX" + service: + name: nginx + state: started + +# Reload NGINX +- name: "(All OSs) Reload NGINX" + service: + name: nginx + state: reloaded diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..1f16642 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,38 @@ +galaxy_info: + author: Alessandro Fael Garcia + description: Ansible role for NGINX + company: NGINX Inc + + license: Apache License, Version 2.0 + + min_ansible_version: 2.4.0.0 + + platforms: + - name: Debian + versions: + - wheezy + - jessie + - stretch + - name: Ubuntu + versions: + - precise + - trusty + - xenial + - yakkety + - name: EL + versions: + - 6 + - 7 + - name: SLES + versions: + - 12 + + galaxy_tags: + - nginx + - amplify + - oss + - plus + - web + - server + +dependencies: [] diff --git a/tasks/amplify/install-amplify.yml b/tasks/amplify/install-amplify.yml new file mode 100644 index 0000000..153c354 --- /dev/null +++ b/tasks/amplify/install-amplify.yml @@ -0,0 +1,10 @@ +--- +- import_tasks: ../conf/nginx-status.yml + +- name: "(All OSs) Download NGINX Amplify Script" + get_url: + url: https://github.com/nginxinc/nginx-amplify-agent/raw/master/packages/install.sh + dest: /tmp/install.sh + +- name: "(All OSs) Install NGINX Amplify" + shell: API_KEY='{{ amplify }}' sh /tmp/install.sh -y diff --git a/tasks/conf/nginx-status.yml b/tasks/conf/nginx-status.yml new file mode 100644 index 0000000..9c1d3c4 --- /dev/null +++ b/tasks/conf/nginx-status.yml @@ -0,0 +1,34 @@ +--- +- name: "(All OSs) Enable Open Source NGINX Status" + blockinfile: + path: /etc/nginx/conf.d/stub_status.conf + create: yes + block: | + server { + listen 127.0.0.1:80; + server_name 127.0.0.1; + location /nginx_status { + stub_status on; + allow 127.0.0.1; + deny all; + } + } + when: type == "opensource" + notify: "(All OSs) Reload NGINX" + +- name: "(All OSs) Enable NGINX Plus Status" + blockinfile: + path: /etc/nginx/conf.d/status.conf + create: yes + block: | + server { + listen 127.0.0.1:80; + server_name 127.0.0.1; + location /status { + status; + allow 127.0.0.1; + deny all; + } + } + when: type == "plus" + notify: "(All OSs) Reload NGINX" diff --git a/tasks/keys/apt-key.yml b/tasks/keys/apt-key.yml new file mode 100644 index 0000000..9127a8f --- /dev/null +++ b/tasks/keys/apt-key.yml @@ -0,0 +1,5 @@ +--- +- name: "(APT OSs) Add APT NGINX Signing Key" + apt_key: + id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 + keyserver: ha.pool.sks-keyservers.net diff --git a/tasks/keys/rpm-key.yml b/tasks/keys/rpm-key.yml new file mode 100644 index 0000000..2ea8ee8 --- /dev/null +++ b/tasks/keys/rpm-key.yml @@ -0,0 +1,4 @@ +--- +- name: "(RPM OSs) Add RPM NGINX Signing Key" + rpm_key: + key: http://nginx.org/keys/nginx_signing.key diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..fd2acdd --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- import_tasks: keys/apt-key.yml + when: ansible_os_family == "Debian" + +- import_tasks: keys/rpm-key.yml + when: ansible_os_family == "RedHat" or ansible_os_family == "Suse" + +- import_tasks: opensource/install-oss.yml + when: type == "opensource" + +- import_tasks: plus/install-plus.yml + when: type == "plus" + +- import_tasks: conf/nginx-status.yml + when: status + +- import_tasks: amplify/install-amplify.yml + when: amplify is defined and amplify diff --git a/tasks/opensource/install-oss.yml b/tasks/opensource/install-oss.yml new file mode 100644 index 0000000..5190698 --- /dev/null +++ b/tasks/opensource/install-oss.yml @@ -0,0 +1,27 @@ +--- +- import_tasks: setup-debian.yml + when: ansible_os_family == "Debian" + +- import_tasks: setup-redhat.yml + when: ansible_os_family == "RedHat" + +- import_tasks: setup-suse.yml + when: ansible_os_family == "Suse" + +- name: "(All OSs) Install NGINX" + package: + name: nginx + state: present + notify: "(All OSs) Start NGINX" + +- name: "(All OSs) Install NGINX NJS Module" + package: + name: nginx-module-njs + state: present + when: njs + +- name: "(All OSs) Install NGINX Perl Module" + package: + name: nginx-module-perl + state: present + when: perl diff --git a/tasks/opensource/setup-debian.yml b/tasks/opensource/setup-debian.yml new file mode 100644 index 0000000..5f70ad2 --- /dev/null +++ b/tasks/opensource/setup-debian.yml @@ -0,0 +1,16 @@ +--- +- name: "(Debian/Ubuntu) Add Mainline NGINX Repository" + apt_repository: + repo: "{{ item }}" + with_items: + - deb https://nginx.org/packages/mainline/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx + - deb-src https://nginx.org/packages/mainline/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx + when: branch == "mainline" + +- name: "(Debian/Ubuntu) Add Stable NGINX Repository" + apt_repository: + repo: "{{ item }}" + with_items: + - deb https://nginx.org/packages/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx + - deb-src https://nginx.org/packages/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx + when: branch == "stable" diff --git a/tasks/opensource/setup-redhat.yml b/tasks/opensource/setup-redhat.yml new file mode 100644 index 0000000..8a0540f --- /dev/null +++ b/tasks/opensource/setup-redhat.yml @@ -0,0 +1,24 @@ +--- +- name: "(CentOS/RedHat) Add Mainline NGINX Repository" + yum_repository: + name: nginx + baseurl: https://nginx.org/packages/mainline/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/ + description: NGINX Repository + enabled: yes + gpgcheck: yes + with_items: + - centos + - rhel + when: branch == "mainline" + +- name: "(CentOS/RedHat) Add Stable NGINX Repository" + yum_repository: + name: nginx + baseurl: https://nginx.org/packages/mainline/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/ + description: NGINX Repository + enabled: yes + gpgcheck: yes + with_items: + - centos + - rhel + when: branch == "stable" diff --git a/tasks/opensource/setup-suse.yml b/tasks/opensource/setup-suse.yml new file mode 100644 index 0000000..be74b1b --- /dev/null +++ b/tasks/opensource/setup-suse.yml @@ -0,0 +1,12 @@ +--- +- name: "(SUSE) Add Mainline NGINX Repository" + zypper_repository: + name: nginx + repo: https://nginx.org/packages/mainline/sles/12 + when: branch == "mainline" + +- name: "(SUSE) Add Stable NGINX Repository" + zypper_repository: + name: nginx + repo: https://nginx.org/packages/sles/12 + when: branch == "stable" diff --git a/tasks/plus/install-plus.yml b/tasks/plus/install-plus.yml new file mode 100644 index 0000000..b7f772c --- /dev/null +++ b/tasks/plus/install-plus.yml @@ -0,0 +1,32 @@ +--- +- import_tasks: setup-license.yml + +- import_tasks: setup-debian.yml + when: ansible_os_family == "Debian" + +- import_tasks: setup-redhat.yml + when: ansible_os_family == "RedHat" + +- import_tasks: setup-suse.yml + when: ansible_os_family == "Suse" + +- import_tasks: setup-freebsd.yml + when: ansible_os_family == "FreeBSD" + +- name: "(All OSs) Install NGINX Plus" + package: + name: nginx-plus + state: present + notify: "(All OSs) Start NGINX" + +- name: "(All OSs) Install NGINX NJS Module" + package: + name: nginx-plus-module-njs + state: present + when: njs + +- name: "(All OSs) Install NGINX Perl Module" + package: + name: nginx-plus-module-perl + state: present + when: perl diff --git a/tasks/plus/setup-debian.yml b/tasks/plus/setup-debian.yml new file mode 100644 index 0000000..ffa5158 --- /dev/null +++ b/tasks/plus/setup-debian.yml @@ -0,0 +1,12 @@ +--- +- name: "(Debian/Ubuntu) Add NGINX Plus Repository" + shell: printf "deb https://plus-pkgs.nginx.com/{{ ansible_distribution|lower }} `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-plus.list + +- name: "(Debian/Ubuntu) Verify NGINX Plus License" + get_url: + url: https://cs.nginx.com/static/files/90nginx + dest: /etc/apt/apt.conf.d/90nginx + +- name: "(Debian/Ubuntu) Update APT Cache" + apt: + update_cache: yes diff --git a/tasks/plus/setup-freebsd.yml b/tasks/plus/setup-freebsd.yml new file mode 100644 index 0000000..bb9cc9f --- /dev/null +++ b/tasks/plus/setup-freebsd.yml @@ -0,0 +1,13 @@ +--- +- name: "(FreeBSD) Add NGINX Plus Repository" + get_url: + url: https://cs.nginx.com/static/files/nginx-plus.conf + dest: /etc/pkg/nginx-plus.conf + +- name: "(FreeBSD) Verify NGINX Plus License" + blockinfile: + path: /usr/local/etc/pkg.conf + block: | + PKG_ENV: { SSL_NO_VERIFY_PEER: "1", + SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt", + SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" } diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml new file mode 100644 index 0000000..0dbbbad --- /dev/null +++ b/tasks/plus/setup-license.yml @@ -0,0 +1,13 @@ +--- +- name: "(All OSs) Create SSL directory" + file: + path: /etc/ssl/nginx + state: directory + +- name: "(All OSs) Copy NGINX Plus Certificate and License Key" + copy: + src: "{{ item }}" + dest: /etc/ssl/nginx + with_items: + - "{{ license.certificate }}" + - "{{ license.key }}" diff --git a/tasks/plus/setup-redhat.yml b/tasks/plus/setup-redhat.yml new file mode 100644 index 0000000..a8f77d4 --- /dev/null +++ b/tasks/plus/setup-redhat.yml @@ -0,0 +1,25 @@ +--- +- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version" + set_fact: + version: "6" + when: ansible_distribution_major_version|int == 6 + +- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version" + set_fact: + version: "7" + when: ansible_distribution_major_version|int >= 7 and ansible_distribution_major_version|int <= 7.3 + +- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version" + set_fact: + version: "7.4" + when: ansible_distribution_major_version|int == 7.4 + +- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version" + set_fact: + version: "amazon" + when: ansible_distribution == "Amazon" + +- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Add NGINX Plus Repository" + get_url: + url: https://cs.nginx.com/static/files/nginx-plus-{{ version }}.repo + dest: /etc/yum.repos.d/nginx-plus-{{ version }}.repo diff --git a/tasks/plus/setup-suse.yml b/tasks/plus/setup-suse.yml new file mode 100644 index 0000000..d492f80 --- /dev/null +++ b/tasks/plus/setup-suse.yml @@ -0,0 +1,8 @@ +--- +- name: "(SUSE) Combine NGINX Plus Certificate and License Keys" + shell: cat /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key > /etc/ssl/nginx/nginx-repo-bundle.crt + +- name: "(SUSE) Add NGINX Plus Repository" + zypper_repository: + name: nginx-plus + repo: https://plus-pkgs.nginx.com/sles/12?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host diff --git a/templates/.gitkeep b/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..2fbb50c --- /dev/null +++ b/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..42bba2c --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ansible-role-nginx diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1 @@ +---