Add RHEL distro to Molecule tests (#498)

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## 0.23.1 (Unreleased)
 
+FEATURES:
+
+Add Molecule testing infrastructure for RHEL 7/8.
+
 BUG FIXES:
 
 Ansible check mode runs will no longer fail if NGINX has not yet been installed.

defaults/main/main.yml

@@ -22,7 +22,7 @@ nginx_type: opensource
 # Default is true.
 nginx_start: true
 
-# Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX.
+# Specify whether you want to install NGINX, upgrade to the latest version, or remove NGINX.
 # Can be used with `nginx_version` to fine tune control which version of NGINX is installed/used on each playbook execution.
 # Using 'install' will install the latest version (or 'nginx_version') of NGINX on a fresh install.
 # Using 'upgrade' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution. Does not work on Alpine Linux.
@@ -42,12 +42,6 @@ nginx_manage_repo: true
 # Default is nginx_repository.
 nginx_install_from: nginx_repository
 
-# Specify whether or not you want this role to install the epel-release package.
-# Using 'true' will install epel-release if other criteria are met.
-# Using 'false' will not install epel-release.
-# Default is true.
-nginx_install_epel_release: true
-
 # Specify source install options for NGINX Open Source.
 # Options represent whether to install from source also or to install from packages (default).
 # These only apply if 'nginx_install_from' is set to 'source'.
@@ -59,6 +53,13 @@ nginx_install_source_pcre: false
 nginx_install_source_openssl: true
 nginx_install_source_zlib: false
 
+# Specify source install module for NGINX Open Source.
+# You can select any of the static modules listed on http://nginx.org/en/docs/configure.html.
+# Format is '--with-*' where '*' should be used as static module name in the list below. (see an example below).
+# Default is 'http_ssl_module'. (DO NOT remove it if you need SSL support).
+nginx_static_modules: ['http_ssl_module']
+# nginx_static_modules: ['http_v2_module']  # Example for '--with-http_v2_module'
+
 # (Optional) Choose where to fetch the NGINX signing key from.
 # Default is the official NGINX signing key host.
 # nginx_signing_key: http://nginx.org/keys/nginx_signing.key
@@ -88,12 +89,11 @@ nginx_setup_license: true
 # Default is true.
 nginx_remove_license: true
 
-# Install NGINX Static Modules.
+# Specify whether or not you want this role to install the EPEL package when installing certain NGINX Plus modules.
-# You can select any of the static modules listed on http://nginx.org/en/docs/configure.html.
+# Using 'true' will install EPEL.
-# Format is '--with-*' where '*' should be used as static module name in the list below. (see an example below).
+# Using 'false' will not install EPEL.
-# Default is 'http_ssl_module'. (DO NOT remove it if you need SSL support).
+# Default is true.
-nginx_static_modules: ['http_ssl_module']
+nginx_install_epel_release: true
-# nginx_static_modules: ['http_v2_module']  # Example for '--with-http_v2_module'
 
 # Install NGINX Dynamic Modules.
 # You can select any of the dynamic modules listed below. Beware of NGINX Plus only dynamic modules (these are marked).

molecule/common/Dockerfile.j2

@@ -25,7 +25,7 @@ RUN \
     && dnf clean all; \
   elif [ $(command -v yum) ]; then \
     yum makecache fast \
-    && yum install -y bash iproute initscripts sudo /usr/bin/python /usr/bin/python2-config vim yum-plugin-ovl \
+    && yum install -y bash iproute initscripts sudo /usr/bin/python /usr/bin/python2-config vim yum-plugin-ovl http://mirror.centos.org/centos/7/os/x86_64/Packages/pcre2-10.23-2.el7.x86_64.rpm \
     && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \
     && yum clean all; \
   elif [ $(command -v zypper) ]; then \

molecule/default/converge.yml

@@ -12,26 +12,20 @@
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       set_fact:
-        version: "-1.21.5-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
+        version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
       when: ansible_facts['os_family'] == "RedHat"
-    - name: Enable NGINX @CentOS-AppStream dnf modules
-      shell:
-      args:
-        cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx  # noqa command-instead-of-module
-      register: dnf_module_enable
-      changed_when: dnf_module_enable.stdout != 'ENABLED'
-      when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')
   tasks:
     - name: Install NGINX
       include_role:
         name: ansible-role-nginx
       vars:
-        nginx_debug_output: true
+        nginx_version: "{{ version }}"
+        nginx_service_modify: true
+        nginx_service_timeout: 95
         nginx_selinux: true
         nginx_selinux_tcp_ports:
           - 80
           - 443
-        nginx_version: "{{ version }}"
         nginx_logrotate_conf_enable: true
         nginx_logrotate_conf:
           paths:

molecule/default/molecule.yml

@@ -48,6 +48,20 @@ platforms:
     volumes:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/usr/sbin/init"
+  - name: rhel-7
+    image: registry.access.redhat.com/ubi7/ubi:7.9
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: rhel-8
+    image: registry.access.redhat.com/ubi8/ubi:8.5
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
   - name: debian-buster
     image: debian:buster-slim
     dockerfile: ../common/Dockerfile.j2

molecule/downgrade/converge.yml

@@ -12,7 +12,7 @@
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       set_fact:
-        version: "-1.20.2-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
+        version: "-1.20.2-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
       when: ansible_facts['os_family'] == "RedHat"
   tasks:
     - name: Install NGINX

molecule/downgrade/molecule.yml

@@ -27,6 +27,13 @@ platforms:
     volumes:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/sbin/init"
+  - name: alpine-3.15
+    image: alpine:3.15
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
   - name: amazonlinux-2
     image: amazonlinux:2
     dockerfile: ../common/Dockerfile.j2
@@ -41,6 +48,20 @@ platforms:
     volumes:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/usr/sbin/init"
+  - name: rhel-7
+    image: registry.access.redhat.com/ubi7/ubi:7.9
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: rhel-8
+    image: registry.access.redhat.com/ubi8/ubi:8.5
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
   - name: debian-buster
     image: debian:buster-slim
     dockerfile: ../common/Dockerfile.j2

molecule/downgrade/prepare.yml

@@ -4,23 +4,16 @@
   pre_tasks:
     - name: Set repo if Alpine
       set_fact:
-        version: "=1.21.4-r1"
+        version: "=1.21.5-r1"
       when: ansible_facts['os_family'] == "Alpine"
     - name: Set repo if Debian
       set_fact:
-        version: "=1.21.4-1~{{ ansible_facts['distribution_release'] }}"
+        version: "=1.21.5-1~{{ ansible_facts['distribution_release'] }}"
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       set_fact:
-        version: "-1.21.4-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
+        version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
       when: ansible_facts['os_family'] == "RedHat"
-    - name: Enable NGINX @CentOS-AppStream dnf modules
-      shell:
-      args:
-        cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx  # noqa command-instead-of-module
-      register: dnf_module_enable
-      changed_when: dnf_module_enable.stdout != 'ENABLED'
-      when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')
   tasks:
     - name: Install NGINX
       include_role:

molecule/module/converge.yml

@@ -6,21 +6,11 @@
       include_role:
         name: ansible-role-nginx
       vars:
-        nginx_debug_output: true
-
-        nginx_service_modify: true
-        nginx_service_timeout: 95
-        nginx_selinux: true
-        nginx_selinux_tcp_ports:
-          - 80
-          - 443
-
         nginx_modules:
           - brotli
           - geoip
           - image-filter
           - name: njs
-            # version: =1.19.4+0.4.4-1~bionic
             state: present
           - perl
           - xslt

molecule/module/molecule.yml

@@ -48,6 +48,20 @@ platforms:
     volumes:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/usr/sbin/init"
+  - name: rhel-7
+    image: registry.access.redhat.com/ubi7/ubi:7.9
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: rhel-8
+    image: registry.access.redhat.com/ubi8/ubi:8.5
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
   - name: debian-buster
     image: debian:buster-slim
     dockerfile: ../common/Dockerfile.j2

molecule/plus/molecule.yml

@@ -48,6 +48,20 @@ platforms:
     volumes:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/usr/sbin/init"
+  - name: rhel-7
+    image: registry.access.redhat.com/ubi7/ubi:7.9
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: rhel-8
+    image: registry.access.redhat.com/ubi8/ubi:8.5
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
   - name: debian-buster
     image: debian:buster-slim
     dockerfile: ../common/Dockerfile.j2

molecule/source/converge.yml

@@ -6,8 +6,6 @@
       include_role:
         name: ansible-role-nginx
       vars:
-        nginx_debug_output: true
-
         nginx_install_from: source
         nginx_branch: stable
         nginx_static_modules: ['http_ssl_module']

molecule/source/molecule.yml

@@ -48,6 +48,20 @@ platforms:
     volumes:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/usr/sbin/init"
+  - name: rhel-7
+    image: registry.access.redhat.com/ubi7/ubi:7.9
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: rhel-8
+    image: registry.access.redhat.com/ubi8/ubi:8.5
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
   - name: debian-buster
     image: debian:buster-slim
     dockerfile: ../common/Dockerfile.j2

molecule/uninstall/molecule.yml

@@ -48,6 +48,20 @@ platforms:
     volumes:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/usr/sbin/init"
+  - name: rhel-7
+    image: registry.access.redhat.com/ubi7/ubi:7.9
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: rhel-8
+    image: registry.access.redhat.com/ubi8/ubi:8.5
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
   - name: debian-buster
     image: debian:buster-slim
     dockerfile: ../common/Dockerfile.j2

molecule/uninstall_plus/converge.yml

@@ -6,6 +6,6 @@
       include_role:
         name: ansible-role-nginx
       vars:
-        nginx_setup: uninstall
         nginx_type: plus
         nginx_setup_license: false
+        nginx_setup: uninstall

molecule/uninstall_plus/molecule.yml

@@ -48,6 +48,20 @@ platforms:
     volumes:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/usr/sbin/init"
+  - name: rhel-7
+    image: registry.access.redhat.com/ubi7/ubi:7.9
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: rhel-8
+    image: registry.access.redhat.com/ubi8/ubi:8.5
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
   - name: debian-buster
     image: debian:buster-slim
     dockerfile: ../common/Dockerfile.j2

molecule/upgrade/molecule.yml

@@ -20,6 +20,20 @@ platforms:
     volumes:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/usr/sbin/init"
+  - name: rhel-7
+    image: registry.access.redhat.com/ubi7/ubi:7.9
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: rhel-8
+    image: registry.access.redhat.com/ubi8/ubi:8.5
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
   - name: debian-buster
     image: debian:buster-slim
     dockerfile: ../common/Dockerfile.j2

molecule/upgrade/prepare.yml

@@ -12,15 +12,8 @@
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       set_fact:
-        version: "-1.21.5-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
+        version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
       when: ansible_facts['os_family'] == "RedHat"
-    - name: Enable NGINX @CentOS-AppStream dnf modules
-      shell:
-      args:
-        cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx  # noqa command-instead-of-module
-      register: dnf_module_enable
-      changed_when: dnf_module_enable.stdout != 'ENABLED'
-      when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')
   tasks:
     - name: Install NGINX
       include_role:

tasks/modules/install-modules.yml

@@ -1,5 +1,5 @@
 ---
-- name: (CentOS) Install GeoIP dependencies
+- name: (CentOS) Install GeoIP EPEL dependencies
   yum:
     name: epel-release
   when:
@@ -7,6 +7,22 @@
     - '"geoip" in nginx_modules'
     - nginx_install_epel_release | bool
 
+- name: (RHEL) Install GeoIP2 and/or OpenTracing EPEL dependencies
+  block:
+    - name: (RHEL) Import EPEL GPG key
+      rpm_key:
+        state: present
+        key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_facts['distribution_major_version'] }}
+
+    - name: (RHEL) Install package dependencies
+      yum:
+        name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_facts['distribution_major_version'] }}.noarch.rpm
+  when:
+    - ansible_facts['distribution'] == "RedHat"
+    - (ansible_facts['distribution_major_version'] == 7 and '"geoip2" in nginx_modules')
+      or '"opentracing" in nginx_modules'
+    - nginx_install_epel_release | bool
+
 - name: Setup NGINX modules
   package:
     name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item.name | default(item) }}\

tasks/opensource/install-source.yml

@@ -23,14 +23,16 @@
     - name: (CentOS/RHEL) Install build tools
       yum:
         name:
-          - "@Development tools"
           - ca-certificates
           - gcc
           - gd
           - gd-devel
           - glibc
           - glibc-common
+          - make
           - perl-core
+          - tar
+          - unzip
           - wget
           - zlib-devel
         update_cache: true