sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add RHEL distro to Molecule tests (#498)

Browse Source
This commit is contained in:
Alessandro Fael Garcia 2022-03-17 23:50:41 +01:00 committed by GitHub
parent 16d1d18d6c
commit e6f5dda35e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 167 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -2,6 +2,10 @@
## 0.23.1 (Unreleased)
FEATURES:
Add Molecule testing infrastructure for RHEL 7/8.
BUG FIXES:
Ansible check mode runs will no longer fail if NGINX has not yet been installed.

26
defaults/main/main.yml
View File

@ -22,7 +22,7 @@ nginx_type: opensource
# Default is true.
nginx_start: true
# Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX.
# Specify whether you want to install NGINX, upgrade to the latest version, or remove NGINX.
# Can be used with `nginx_version` to fine tune control which version of NGINX is installed/used on each playbook execution.
# Using 'install' will install the latest version (or 'nginx_version') of NGINX on a fresh install.
# Using 'upgrade' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution. Does not work on Alpine Linux.
@ -42,12 +42,6 @@ nginx_manage_repo: true
# Default is nginx_repository.
nginx_install_from: nginx_repository
# Specify whether or not you want this role to install the epel-release package.
# Using 'true' will install epel-release if other criteria are met.
# Using 'false' will not install epel-release.
# Default is true.
nginx_install_epel_release: true
# Specify source install options for NGINX Open Source.
# Options represent whether to install from source also or to install from packages (default).
# These only apply if 'nginx_install_from' is set to 'source'.
@ -59,6 +53,13 @@ nginx_install_source_pcre: false
nginx_install_source_openssl: true
nginx_install_source_zlib: false
# Specify source install module for NGINX Open Source.
# You can select any of the static modules listed on http://nginx.org/en/docs/configure.html.
# Format is '--with-*' where '*' should be used as static module name in the list below. (see an example below).
# Default is 'http_ssl_module'. (DO NOT remove it if you need SSL support).
nginx_static_modules: ['http_ssl_module']
# nginx_static_modules: ['http_v2_module'] # Example for '--with-http_v2_module'
# (Optional) Choose where to fetch the NGINX signing key from.
# Default is the official NGINX signing key host.
# nginx_signing_key: http://nginx.org/keys/nginx_signing.key
@ -88,12 +89,11 @@ nginx_setup_license: true
# Default is true.
nginx_remove_license: true
# Install NGINX Static Modules.
# You can select any of the static modules listed on http://nginx.org/en/docs/configure.html.
# Format is '--with-*' where '*' should be used as static module name in the list below. (see an example below).
# Default is 'http_ssl_module'. (DO NOT remove it if you need SSL support).
nginx_static_modules: ['http_ssl_module']
# nginx_static_modules: ['http_v2_module'] # Example for '--with-http_v2_module'
# Specify whether or not you want this role to install the EPEL package when installing certain NGINX Plus modules.
# Using 'true' will install EPEL.
# Using 'false' will not install EPEL.
# Default is true.
nginx_install_epel_release: true
# Install NGINX Dynamic Modules.
# You can select any of the dynamic modules listed below. Beware of NGINX Plus only dynamic modules (these are marked).

2
molecule/common/Dockerfile.j2
View File

@ -25,7 +25,7 @@ RUN \
&& dnf clean all; \
elif [ $(command -v yum) ]; then \
yum makecache fast \
&& yum install -y bash iproute initscripts sudo /usr/bin/python /usr/bin/python2-config vim yum-plugin-ovl \
&& yum install -y bash iproute initscripts sudo /usr/bin/python /usr/bin/python2-config vim yum-plugin-ovl http://mirror.centos.org/centos/7/os/x86_64/Packages/pcre2-10.23-2.el7.x86_64.rpm \
&& sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \
&& yum clean all; \
elif [ $(command -v zypper) ]; then \

14
molecule/default/converge.yml
View File

@ -12,26 +12,20 @@
when: ansible_facts['os_family'] == "Debian"
- name: Set repo if Red Hat
set_fact:
version: "-1.21.5-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
when: ansible_facts['os_family'] == "RedHat"
- name: Enable NGINX @CentOS-AppStream dnf modules
shell:
args:
cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa command-instead-of-module
register: dnf_module_enable
changed_when: dnf_module_enable.stdout != 'ENABLED'
when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')
tasks:
- name: Install NGINX
include_role:
name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_version: "{{ version }}"
nginx_service_modify: true
nginx_service_timeout: 95
nginx_selinux: true
nginx_selinux_tcp_ports:
- 80
- 443
nginx_version: "{{ version }}"
nginx_logrotate_conf_enable: true
nginx_logrotate_conf:
paths:

14
molecule/default/molecule.yml
View File

@ -48,6 +48,20 @@ platforms:
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-7
image: registry.access.redhat.com/ubi7/ubi:7.9
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-8
image: registry.access.redhat.com/ubi8/ubi:8.5
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2

2
molecule/downgrade/converge.yml
View File

@ -12,7 +12,7 @@
when: ansible_facts['os_family'] == "Debian"
- name: Set repo if Red Hat
set_fact:
version: "-1.20.2-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
version: "-1.20.2-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
when: ansible_facts['os_family'] == "RedHat"
tasks:
- name: Install NGINX

21
molecule/downgrade/molecule.yml
View File

@ -27,6 +27,13 @@ platforms:
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.15
image: alpine:3.15
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: amazonlinux-2
image: amazonlinux:2
dockerfile: ../common/Dockerfile.j2
@ -41,6 +48,20 @@ platforms:
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-7
image: registry.access.redhat.com/ubi7/ubi:7.9
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-8
image: registry.access.redhat.com/ubi8/ubi:8.5
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2

13
molecule/downgrade/prepare.yml
View File

@ -4,23 +4,16 @@
pre_tasks:
- name: Set repo if Alpine
set_fact:
version: "=1.21.4-r1"
version: "=1.21.5-r1"
when: ansible_facts['os_family'] == "Alpine"
- name: Set repo if Debian
set_fact:
version: "=1.21.4-1~{{ ansible_facts['distribution_release'] }}"
version: "=1.21.5-1~{{ ansible_facts['distribution_release'] }}"
when: ansible_facts['os_family'] == "Debian"
- name: Set repo if Red Hat
set_fact:
version: "-1.21.4-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
when: ansible_facts['os_family'] == "RedHat"
- name: Enable NGINX @CentOS-AppStream dnf modules
shell:
args:
cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa command-instead-of-module
register: dnf_module_enable
changed_when: dnf_module_enable.stdout != 'ENABLED'
when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')
tasks:
- name: Install NGINX
include_role:

10
molecule/module/converge.yml
View File

@ -6,21 +6,11 @@
include_role:
name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_service_modify: true
nginx_service_timeout: 95
nginx_selinux: true
nginx_selinux_tcp_ports:
- 80
- 443
nginx_modules:
- brotli
- geoip
- image-filter
- name: njs
# version: =1.19.4+0.4.4-1~bionic
state: present
- perl
- xslt

14
molecule/module/molecule.yml
View File

@ -48,6 +48,20 @@ platforms:
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-7
image: registry.access.redhat.com/ubi7/ubi:7.9
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-8
image: registry.access.redhat.com/ubi8/ubi:8.5
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2

14
molecule/plus/molecule.yml
View File

@ -48,6 +48,20 @@ platforms:
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-7
image: registry.access.redhat.com/ubi7/ubi:7.9
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-8
image: registry.access.redhat.com/ubi8/ubi:8.5
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2

2
molecule/source/converge.yml
View File

@ -6,8 +6,6 @@
include_role:
name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_install_from: source
nginx_branch: stable
nginx_static_modules: ['http_ssl_module']

14
molecule/source/molecule.yml
View File

@ -48,6 +48,20 @@ platforms:
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-7
image: registry.access.redhat.com/ubi7/ubi:7.9
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-8
image: registry.access.redhat.com/ubi8/ubi:8.5
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2

14
molecule/uninstall/molecule.yml
View File

@ -48,6 +48,20 @@ platforms:
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-7
image: registry.access.redhat.com/ubi7/ubi:7.9
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-8
image: registry.access.redhat.com/ubi8/ubi:8.5
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2

2
molecule/uninstall_plus/converge.yml
View File

@ -6,6 +6,6 @@
include_role:
name: ansible-role-nginx
vars:
nginx_setup: uninstall
nginx_type: plus
nginx_setup_license: false
nginx_setup: uninstall

14
molecule/uninstall_plus/molecule.yml
View File

@ -48,6 +48,20 @@ platforms:
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-7
image: registry.access.redhat.com/ubi7/ubi:7.9
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-8
image: registry.access.redhat.com/ubi8/ubi:8.5
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2

14
molecule/upgrade/molecule.yml
View File

@ -20,6 +20,20 @@ platforms:
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-7
image: registry.access.redhat.com/ubi7/ubi:7.9
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: rhel-8
image: registry.access.redhat.com/ubi8/ubi:8.5
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2

9
molecule/upgrade/prepare.yml
View File

@ -12,15 +12,8 @@
when: ansible_facts['os_family'] == "Debian"
- name: Set repo if Red Hat
set_fact:
version: "-1.21.5-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
when: ansible_facts['os_family'] == "RedHat"
- name: Enable NGINX @CentOS-AppStream dnf modules
shell:
args:
cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa command-instead-of-module
register: dnf_module_enable
changed_when: dnf_module_enable.stdout != 'ENABLED'
when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')
tasks:
- name: Install NGINX
include_role:

18
tasks/modules/install-modules.yml
View File

@ -1,5 +1,5 @@
---
- name: (CentOS) Install GeoIP dependencies
- name: (CentOS) Install GeoIP EPEL dependencies
yum:
name: epel-release
when:
@ -7,6 +7,22 @@
- '"geoip" in nginx_modules'
- nginx_install_epel_release | bool
- name: (RHEL) Install GeoIP2 and/or OpenTracing EPEL dependencies
block:
- name: (RHEL) Import EPEL GPG key
rpm_key:
state: present
key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_facts['distribution_major_version'] }}
- name: (RHEL) Install package dependencies
yum:
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_facts['distribution_major_version'] }}.noarch.rpm
when:
- ansible_facts['distribution'] == "RedHat"
- (ansible_facts['distribution_major_version'] == 7 and '"geoip2" in nginx_modules')
or '"opentracing" in nginx_modules'
- nginx_install_epel_release | bool
- name: Setup NGINX modules
package:
name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item.name | default(item) }}\

4
tasks/opensource/install-source.yml
View File

@ -23,14 +23,16 @@
- name: (CentOS/RHEL) Install build tools
yum:
name:
- "@Development tools"
- ca-certificates
- gcc
- gd
- gd-devel
- glibc
- glibc-common
- make
- perl-core
- tar
- unzip
- wget
- zlib-devel
update_cache: true