Initial role commit
This commit is contained in:
parent
29a2f6a278
commit
e2b83ac215
156
README.md
Normal file
156
README.md
Normal file
@ -0,0 +1,156 @@
|
||||
Ansible NGINX Role
|
||||
==================
|
||||
|
||||
[![Ansible Galaxy](https://img.shields.io/badge/galaxy-nginxinc.nginx-5bbdbf.svg)](https://galaxy.ansible.com/nginxinc/nginx)
|
||||
[![Build Status](https://travis-ci.org/nginxinc/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/nginxinc/ansible-role-nginx)
|
||||
|
||||
This role installs open source NGINX or NGINX Plus on your target host.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
This role was developed using Ansible 2.4.0.0. Backwards compatibility is not guaranteed.
|
||||
|
||||
Use `ansible-galaxy install nginxinc.nginx` to install the role on your system.
|
||||
|
||||
It supports all platforms supported by [open source NGINX](https://nginx.org/en/linux_packages.html#mainline) and [NGINX Plus](https://www.nginx.com/products/technical-specs/):
|
||||
|
||||
Open Source NGINX:
|
||||
|
||||
CentOS:
|
||||
versions:
|
||||
- 6
|
||||
- 7
|
||||
RedHat:
|
||||
versions:
|
||||
- 6
|
||||
- 7
|
||||
Debian:
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
Ubuntu:
|
||||
versions:
|
||||
- trusty
|
||||
- xenial
|
||||
- zesty
|
||||
SUSE/SLES:
|
||||
versions:
|
||||
- 12
|
||||
|
||||
NGINX Plus:
|
||||
|
||||
CentOS:
|
||||
versions:
|
||||
- 6
|
||||
- 7
|
||||
RedHat:
|
||||
versions:
|
||||
- 6
|
||||
- 7
|
||||
Debian:
|
||||
versions:
|
||||
- wheezy
|
||||
- jessie
|
||||
- stretch
|
||||
Ubuntu:
|
||||
versions:
|
||||
- trusty
|
||||
- xenial
|
||||
- zesty
|
||||
SUSE/SLES:
|
||||
versions:
|
||||
- 12
|
||||
FreeBSD:
|
||||
versions:
|
||||
- 10.3
|
||||
- 11
|
||||
OracleLinux:
|
||||
versions:
|
||||
- 6.5
|
||||
- 7
|
||||
Amazon Linux:
|
||||
versions:
|
||||
- 2016.09
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
This role has multiple variables. The defaults for all these variables are the following:
|
||||
|
||||
# Specify which version of NGINX you want to install.
|
||||
# Options are 'opensource' or 'plus'.
|
||||
# Default is 'opensource'.
|
||||
type: opensource
|
||||
# Specify which branch of Open Source NGINX you want to install.
|
||||
# Options are 'mainline' or 'stable'.
|
||||
# Default is stable.
|
||||
branch: mainline
|
||||
# Install nginscript module.
|
||||
# Default is false.
|
||||
njs: false
|
||||
# Install Perl module.
|
||||
# Default is false.
|
||||
perl: false
|
||||
# Install NGINX Amplify.
|
||||
# Use your NGINX Amplify API key.
|
||||
# Default is null.
|
||||
amplify: null
|
||||
# Enable NGINX status data.
|
||||
# Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus.
|
||||
# Default is false.
|
||||
status: false
|
||||
# Location of your NGINX Plus license in your local machine.
|
||||
license:
|
||||
certificate: ~/.ssh/ngx-certs/nginx-repo.crt
|
||||
key: ~/.ssh/ngx-certs/nginx-repo.key
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
None
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and installing the open source version of NGINX.
|
||||
|
||||
---
|
||||
- hosts: localhost
|
||||
become: true
|
||||
roles:
|
||||
- role: nginxinc.nginx
|
||||
|
||||
This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and installing NGINX Plus.
|
||||
|
||||
---
|
||||
- hosts: localhost
|
||||
become: true
|
||||
roles:
|
||||
- role: nginxinc.nginx
|
||||
vars:
|
||||
- type: plus
|
||||
|
||||
This is a sample playbook file for deploying the Ansible Galaxy NGINX role to a dynamic inventory containing the `nginx` tag.
|
||||
|
||||
---
|
||||
- hosts: tag_nginx
|
||||
remote_user: root
|
||||
roles:
|
||||
- role: nginxinc.nginx
|
||||
|
||||
To run any of the above sample playbooks create a `setup-nginx.yml` file and paste the contents. Executing the Ansible Playbook is then as simple as executing `ansible-playbook setup-nginx.yml`.
|
||||
|
||||
Alternatively, you can also clone this repository instead of installing it from Ansible Galaxy. If you decide to do so, replace the role variable in the previous sample playbooks from `nginxinc.nginx` to `ansible-role-nginx`.
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
[Apache License, Version 2.0](https://github.com/nginxinc/ansible-role-nginx/blob/master/LICENSE)
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
|
||||
Alessandro Fael Garcia
|
||||
|
||||
[NGINX Inc](https://www.nginx.com/)
|
27
defaults/main.yml
Normal file
27
defaults/main.yml
Normal file
@ -0,0 +1,27 @@
|
||||
---
|
||||
# Specify which version of NGINX you want to install.
|
||||
# Options are 'opensource' or 'plus'.
|
||||
# Default is 'opensource'.
|
||||
type: opensource
|
||||
# Specify which branch of Open Source NGINX you want to install.
|
||||
# Options are 'mainline' or 'stable'.
|
||||
# Default is stable.
|
||||
branch: mainline
|
||||
# Install nginscript module.
|
||||
# Default is false.
|
||||
njs: false
|
||||
# Install Perl module.
|
||||
# Default is false.
|
||||
perl: false
|
||||
# Install NGINX Amplify.
|
||||
# Use your NGINX Amplify API key.
|
||||
# Default is null.
|
||||
amplify: null
|
||||
# Enable NGINX status data.
|
||||
# Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus.
|
||||
# Default is false.
|
||||
status: false
|
||||
# Location of your NGINX Plus license in your local machine.
|
||||
license:
|
||||
certificate: ~/.ssh/ngx-certs/nginx-repo.crt
|
||||
key: ~/.ssh/ngx-certs/nginx-repo.key
|
0
files/.gitkeep
Normal file
0
files/.gitkeep
Normal file
12
handlers/main.yml
Normal file
12
handlers/main.yml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
# Start NGINX
|
||||
- name: "(All OSs) Start NGINX"
|
||||
service:
|
||||
name: nginx
|
||||
state: started
|
||||
|
||||
# Reload NGINX
|
||||
- name: "(All OSs) Reload NGINX"
|
||||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
38
meta/main.yml
Normal file
38
meta/main.yml
Normal file
@ -0,0 +1,38 @@
|
||||
galaxy_info:
|
||||
author: Alessandro Fael Garcia
|
||||
description: Ansible role for NGINX
|
||||
company: NGINX Inc
|
||||
|
||||
license: Apache License, Version 2.0
|
||||
|
||||
min_ansible_version: 2.4.0.0
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- wheezy
|
||||
- jessie
|
||||
- stretch
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- precise
|
||||
- trusty
|
||||
- xenial
|
||||
- yakkety
|
||||
- name: EL
|
||||
versions:
|
||||
- 6
|
||||
- 7
|
||||
- name: SLES
|
||||
versions:
|
||||
- 12
|
||||
|
||||
galaxy_tags:
|
||||
- nginx
|
||||
- amplify
|
||||
- oss
|
||||
- plus
|
||||
- web
|
||||
- server
|
||||
|
||||
dependencies: []
|
10
tasks/amplify/install-amplify.yml
Normal file
10
tasks/amplify/install-amplify.yml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
- import_tasks: ../conf/nginx-status.yml
|
||||
|
||||
- name: "(All OSs) Download NGINX Amplify Script"
|
||||
get_url:
|
||||
url: https://github.com/nginxinc/nginx-amplify-agent/raw/master/packages/install.sh
|
||||
dest: /tmp/install.sh
|
||||
|
||||
- name: "(All OSs) Install NGINX Amplify"
|
||||
shell: API_KEY='{{ amplify }}' sh /tmp/install.sh -y
|
34
tasks/conf/nginx-status.yml
Normal file
34
tasks/conf/nginx-status.yml
Normal file
@ -0,0 +1,34 @@
|
||||
---
|
||||
- name: "(All OSs) Enable Open Source NGINX Status"
|
||||
blockinfile:
|
||||
path: /etc/nginx/conf.d/stub_status.conf
|
||||
create: yes
|
||||
block: |
|
||||
server {
|
||||
listen 127.0.0.1:80;
|
||||
server_name 127.0.0.1;
|
||||
location /nginx_status {
|
||||
stub_status on;
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
when: type == "opensource"
|
||||
notify: "(All OSs) Reload NGINX"
|
||||
|
||||
- name: "(All OSs) Enable NGINX Plus Status"
|
||||
blockinfile:
|
||||
path: /etc/nginx/conf.d/status.conf
|
||||
create: yes
|
||||
block: |
|
||||
server {
|
||||
listen 127.0.0.1:80;
|
||||
server_name 127.0.0.1;
|
||||
location /status {
|
||||
status;
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
when: type == "plus"
|
||||
notify: "(All OSs) Reload NGINX"
|
5
tasks/keys/apt-key.yml
Normal file
5
tasks/keys/apt-key.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: "(APT OSs) Add APT NGINX Signing Key"
|
||||
apt_key:
|
||||
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
|
||||
keyserver: ha.pool.sks-keyservers.net
|
4
tasks/keys/rpm-key.yml
Normal file
4
tasks/keys/rpm-key.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
- name: "(RPM OSs) Add RPM NGINX Signing Key"
|
||||
rpm_key:
|
||||
key: http://nginx.org/keys/nginx_signing.key
|
18
tasks/main.yml
Normal file
18
tasks/main.yml
Normal file
@ -0,0 +1,18 @@
|
||||
---
|
||||
- import_tasks: keys/apt-key.yml
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- import_tasks: keys/rpm-key.yml
|
||||
when: ansible_os_family == "RedHat" or ansible_os_family == "Suse"
|
||||
|
||||
- import_tasks: opensource/install-oss.yml
|
||||
when: type == "opensource"
|
||||
|
||||
- import_tasks: plus/install-plus.yml
|
||||
when: type == "plus"
|
||||
|
||||
- import_tasks: conf/nginx-status.yml
|
||||
when: status
|
||||
|
||||
- import_tasks: amplify/install-amplify.yml
|
||||
when: amplify is defined and amplify
|
27
tasks/opensource/install-oss.yml
Normal file
27
tasks/opensource/install-oss.yml
Normal file
@ -0,0 +1,27 @@
|
||||
---
|
||||
- import_tasks: setup-debian.yml
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- import_tasks: setup-redhat.yml
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- import_tasks: setup-suse.yml
|
||||
when: ansible_os_family == "Suse"
|
||||
|
||||
- name: "(All OSs) Install NGINX"
|
||||
package:
|
||||
name: nginx
|
||||
state: present
|
||||
notify: "(All OSs) Start NGINX"
|
||||
|
||||
- name: "(All OSs) Install NGINX NJS Module"
|
||||
package:
|
||||
name: nginx-module-njs
|
||||
state: present
|
||||
when: njs
|
||||
|
||||
- name: "(All OSs) Install NGINX Perl Module"
|
||||
package:
|
||||
name: nginx-module-perl
|
||||
state: present
|
||||
when: perl
|
16
tasks/opensource/setup-debian.yml
Normal file
16
tasks/opensource/setup-debian.yml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
- name: "(Debian/Ubuntu) Add Mainline NGINX Repository"
|
||||
apt_repository:
|
||||
repo: "{{ item }}"
|
||||
with_items:
|
||||
- deb https://nginx.org/packages/mainline/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
|
||||
- deb-src https://nginx.org/packages/mainline/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
|
||||
when: branch == "mainline"
|
||||
|
||||
- name: "(Debian/Ubuntu) Add Stable NGINX Repository"
|
||||
apt_repository:
|
||||
repo: "{{ item }}"
|
||||
with_items:
|
||||
- deb https://nginx.org/packages/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
|
||||
- deb-src https://nginx.org/packages/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
|
||||
when: branch == "stable"
|
24
tasks/opensource/setup-redhat.yml
Normal file
24
tasks/opensource/setup-redhat.yml
Normal file
@ -0,0 +1,24 @@
|
||||
---
|
||||
- name: "(CentOS/RedHat) Add Mainline NGINX Repository"
|
||||
yum_repository:
|
||||
name: nginx
|
||||
baseurl: https://nginx.org/packages/mainline/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/
|
||||
description: NGINX Repository
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
with_items:
|
||||
- centos
|
||||
- rhel
|
||||
when: branch == "mainline"
|
||||
|
||||
- name: "(CentOS/RedHat) Add Stable NGINX Repository"
|
||||
yum_repository:
|
||||
name: nginx
|
||||
baseurl: https://nginx.org/packages/mainline/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/
|
||||
description: NGINX Repository
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
with_items:
|
||||
- centos
|
||||
- rhel
|
||||
when: branch == "stable"
|
12
tasks/opensource/setup-suse.yml
Normal file
12
tasks/opensource/setup-suse.yml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
- name: "(SUSE) Add Mainline NGINX Repository"
|
||||
zypper_repository:
|
||||
name: nginx
|
||||
repo: https://nginx.org/packages/mainline/sles/12
|
||||
when: branch == "mainline"
|
||||
|
||||
- name: "(SUSE) Add Stable NGINX Repository"
|
||||
zypper_repository:
|
||||
name: nginx
|
||||
repo: https://nginx.org/packages/sles/12
|
||||
when: branch == "stable"
|
32
tasks/plus/install-plus.yml
Normal file
32
tasks/plus/install-plus.yml
Normal file
@ -0,0 +1,32 @@
|
||||
---
|
||||
- import_tasks: setup-license.yml
|
||||
|
||||
- import_tasks: setup-debian.yml
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- import_tasks: setup-redhat.yml
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- import_tasks: setup-suse.yml
|
||||
when: ansible_os_family == "Suse"
|
||||
|
||||
- import_tasks: setup-freebsd.yml
|
||||
when: ansible_os_family == "FreeBSD"
|
||||
|
||||
- name: "(All OSs) Install NGINX Plus"
|
||||
package:
|
||||
name: nginx-plus
|
||||
state: present
|
||||
notify: "(All OSs) Start NGINX"
|
||||
|
||||
- name: "(All OSs) Install NGINX NJS Module"
|
||||
package:
|
||||
name: nginx-plus-module-njs
|
||||
state: present
|
||||
when: njs
|
||||
|
||||
- name: "(All OSs) Install NGINX Perl Module"
|
||||
package:
|
||||
name: nginx-plus-module-perl
|
||||
state: present
|
||||
when: perl
|
12
tasks/plus/setup-debian.yml
Normal file
12
tasks/plus/setup-debian.yml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
- name: "(Debian/Ubuntu) Add NGINX Plus Repository"
|
||||
shell: printf "deb https://plus-pkgs.nginx.com/{{ ansible_distribution|lower }} `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-plus.list
|
||||
|
||||
- name: "(Debian/Ubuntu) Verify NGINX Plus License"
|
||||
get_url:
|
||||
url: https://cs.nginx.com/static/files/90nginx
|
||||
dest: /etc/apt/apt.conf.d/90nginx
|
||||
|
||||
- name: "(Debian/Ubuntu) Update APT Cache"
|
||||
apt:
|
||||
update_cache: yes
|
13
tasks/plus/setup-freebsd.yml
Normal file
13
tasks/plus/setup-freebsd.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
- name: "(FreeBSD) Add NGINX Plus Repository"
|
||||
get_url:
|
||||
url: https://cs.nginx.com/static/files/nginx-plus.conf
|
||||
dest: /etc/pkg/nginx-plus.conf
|
||||
|
||||
- name: "(FreeBSD) Verify NGINX Plus License"
|
||||
blockinfile:
|
||||
path: /usr/local/etc/pkg.conf
|
||||
block: |
|
||||
PKG_ENV: { SSL_NO_VERIFY_PEER: "1",
|
||||
SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt",
|
||||
SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" }
|
13
tasks/plus/setup-license.yml
Normal file
13
tasks/plus/setup-license.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
- name: "(All OSs) Create SSL directory"
|
||||
file:
|
||||
path: /etc/ssl/nginx
|
||||
state: directory
|
||||
|
||||
- name: "(All OSs) Copy NGINX Plus Certificate and License Key"
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: /etc/ssl/nginx
|
||||
with_items:
|
||||
- "{{ license.certificate }}"
|
||||
- "{{ license.key }}"
|
25
tasks/plus/setup-redhat.yml
Normal file
25
tasks/plus/setup-redhat.yml
Normal file
@ -0,0 +1,25 @@
|
||||
---
|
||||
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
|
||||
set_fact:
|
||||
version: "6"
|
||||
when: ansible_distribution_major_version|int == 6
|
||||
|
||||
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
|
||||
set_fact:
|
||||
version: "7"
|
||||
when: ansible_distribution_major_version|int >= 7 and ansible_distribution_major_version|int <= 7.3
|
||||
|
||||
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
|
||||
set_fact:
|
||||
version: "7.4"
|
||||
when: ansible_distribution_major_version|int == 7.4
|
||||
|
||||
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
|
||||
set_fact:
|
||||
version: "amazon"
|
||||
when: ansible_distribution == "Amazon"
|
||||
|
||||
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Add NGINX Plus Repository"
|
||||
get_url:
|
||||
url: https://cs.nginx.com/static/files/nginx-plus-{{ version }}.repo
|
||||
dest: /etc/yum.repos.d/nginx-plus-{{ version }}.repo
|
8
tasks/plus/setup-suse.yml
Normal file
8
tasks/plus/setup-suse.yml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
- name: "(SUSE) Combine NGINX Plus Certificate and License Keys"
|
||||
shell: cat /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key > /etc/ssl/nginx/nginx-repo-bundle.crt
|
||||
|
||||
- name: "(SUSE) Add NGINX Plus Repository"
|
||||
zypper_repository:
|
||||
name: nginx-plus
|
||||
repo: https://plus-pkgs.nginx.com/sles/12?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host
|
0
templates/.gitkeep
Normal file
0
templates/.gitkeep
Normal file
1
tests/inventory
Normal file
1
tests/inventory
Normal file
@ -0,0 +1 @@
|
||||
localhost
|
5
tests/test.yml
Normal file
5
tests/test.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- ansible-role-nginx
|
1
vars/main.yml
Normal file
1
vars/main.yml
Normal file
@ -0,0 +1 @@
|
||||
---
|
Loading…
Reference in New Issue
Block a user