Upload simple/templated configuration files

This commit is contained in:
Alessandro Fael Garcia 2018-01-26 11:00:26 -08:00
parent c06b7320ad
commit f6f1e0907c
31 changed files with 418 additions and 52 deletions

View File

@ -78,6 +78,7 @@ Role Variables
This role has multiple variables. The defaults for all these variables are the following:
---
# Specify which version of NGINX you want to install.
# Options are 'opensource' or 'plus'.
# Default is 'opensource'.
@ -101,7 +102,7 @@ This role has multiple variables. The defaults for all these variables are the f
# Default is false.
status: false
# Enable NGINX Plus REST API and dashboard.
# Default is false.
# Default is false for all three variables.
api:
enable: false
write: false
@ -109,8 +110,34 @@ This role has multiple variables. The defaults for all these variables are the f
# Location of your NGINX Plus license in your local machine.
# Default is the files folder within the NGINX Ansible role.
license:
certificate: nginx-repo.crt
key: nginx-repo.key
certificate: license/nginx-repo.crt
key: license/nginx-repo.key
# Location of the configuration files you wish to upload to NGINX.
# Default is the files folder within the NGINX Ansible role.
configuration_files:
enable: false
main: conf/nginx.conf
http: conf/http/*.conf
# Configuration variables to create a templated NGINX configuration.
# Defaults are the values found in a fresh NGINX installation.
configuration_templates:
enable: false
opensource:
user: nginx
worker_processes: 1
error_level: warn
worker_connections: 1024
keepalive_timeout: 65
listen: 80
server_name: localhost
plus:
user: nginx
worker_processes: auto
error_level: notice
worker_connections: 1024
keepalive_timeout: 65
listen: 80
server_name: localhost
Dependencies

View File

@ -22,7 +22,7 @@ amplify: null
# Default is false.
status: false
# Enable NGINX Plus REST API and dashboard.
# Default is false.
# Default is false for all three variables.
api:
enable: false
write: false
@ -30,5 +30,31 @@ api:
# Location of your NGINX Plus license in your local machine.
# Default is the files folder within the NGINX Ansible role.
license:
certificate: nginx-repo.crt
key: nginx-repo.key
certificate: license/nginx-repo.crt
key: license/nginx-repo.key
# Location of the configuration files you wish to upload to NGINX.
# Default is the files folder within the NGINX Ansible role.
configuration_files:
enable: false
main: conf/nginx.conf
http: conf/http/*.conf
# Configuration variables to create a templated NGINX configuration.
# Defaults are the values found in a fresh NGINX installation.
configuration_templates:
enable: false
opensource:
user: nginx
worker_processes: 1
error_level: warn
worker_connections: 1024
keepalive_timeout: 65
listen: 80
server_name: localhost
plus:
user: nginx
worker_processes: auto
error_level: notice
worker_connections: 1024
keepalive_timeout: 65
listen: 80
server_name: localhost

View File

@ -0,0 +1,45 @@
#test
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

31
files/conf/nginx.conf Normal file
View File

@ -0,0 +1,31 @@
#test
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

View File

@ -1,12 +1,12 @@
---
# Start NGINX
- name: "(All OSs) Start NGINX"
- name: "(Handler: All OSs) Start NGINX"
service:
name: nginx
state: started
# Reload NGINX
- name: "(All OSs) Reload NGINX"
- name: "(Handler: All OSs) Reload NGINX"
service:
name: nginx
state: reloaded

View File

@ -1,10 +1,10 @@
---
- import_tasks: ../conf/setup-status.yml
- name: "(All OSs) Download NGINX Amplify Script"
- name: "(Install: All NGINX) Download NGINX Amplify Script"
get_url:
url: https://github.com/nginxinc/nginx-amplify-agent/raw/master/packages/install.sh
dest: /tmp/install.sh
- name: "(All OSs) Install NGINX Amplify"
- name: "(Install: All NGINX) Install NGINX Amplify"
shell: API_KEY='{{ amplify }}' sh /tmp/install.sh -y

View File

@ -1,6 +1,6 @@
---
- name: "(All OSs) Setup NGINX Plus API"
- name: "(Setup: NGINX Plus) Setup NGINX Plus API"
template:
src: api.j2
dest: /etc/nginx/conf.d/api.conf
notify: "(All OSs) Reload NGINX"
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -1,5 +1,5 @@
---
- name: "(All OSs) Enable Open Source NGINX Status"
- name: "(Setup: Open Source NGINX) Enable Open Source NGINX Status"
blockinfile:
path: /etc/nginx/conf.d/stub_status.conf
create: yes
@ -13,9 +13,9 @@
}
}
when: type == "opensource"
notify: "(All OSs) Reload NGINX"
notify: "(Handler: All OSs) Reload NGINX"
- name: "(All OSs) Enable NGINX Plus Status"
- name: "(Setup: NGINX Plus) Enable NGINX Plus Status"
blockinfile:
path: /etc/nginx/conf.d/status.conf
create: yes
@ -29,4 +29,4 @@
}
}
when: type == "plus"
notify: "(All OSs) Reload NGINX"
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -0,0 +1,14 @@
---
- name: "(Setup: All NGINX) Upload NGINX Main Configuration File"
copy:
src: conf/nginx.conf
dest: /etc/nginx/nginx.conf
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files"
copy:
src: "{{ item }}"
dest: /etc/nginx/conf.d/
with_fileglob:
- "conf/http/*.conf"
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -0,0 +1,32 @@
---
- name: "(Setup: Open Source NGINX) Upload Open Source NGINX Main Configuration File"
template:
src: opensource/nginx.conf.j2
dest: /etc/nginx/nginx.conf
when: type == "opensource"
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: Open Source NGINX) Upload Open Source NGINX HTTP Configuration Files"
template:
src: "{{ item }}"
dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2','') }}
with_fileglob:
- "../templates/opensource/http/*.j2"
when: type == "opensource"
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: NGINX Plus) Upload NGINX Plus Main Configuration File"
template:
src: plus/nginx.conf.j2
dest: /etc/nginx/nginx.conf
when: type == "plus"
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: NGINX Plus) Upload NGINX Plus HTTP Configuration Files"
template:
src: "{{ item }}"
dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2','') }}
with_fileglob:
- "../templates/plus/http/*.j2"
when: type == "plus"
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -1,5 +1,5 @@
---
- name: "(APT OSs) Add APT NGINX Signing Key"
- name: "(Install: APT OSs) Add APT NGINX Signing Key"
apt_key:
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
keyserver: ha.pool.sks-keyservers.net

View File

@ -1,4 +1,4 @@
---
- name: "(RPM OSs) Add RPM NGINX Signing Key"
- name: "(Install: RPM OSs) Add RPM NGINX Signing Key"
rpm_key:
key: http://nginx.org/keys/nginx_signing.key

View File

@ -20,6 +20,12 @@
- import_tasks: modules/install-waf.yml
when: modules.waf and type == "plus"
- import_tasks: conf/upload-files.yml
when: configuration_files.enable
- import_tasks: conf/upload-templates.yml
when: configuration_templates.enable
- import_tasks: conf/setup-status.yml
when: status

View File

@ -1,21 +1,21 @@
---
- name: "(All OSs) Install NGINX NJS Module"
- name: "(Install: All OSs) Install NGINX NJS Module"
package:
name: nginx-module-njs
state: present
when: type == "opensource"
- name: "(All OSs) Install NGINX NJS Module"
- name: "(Install: All OSs) Install NGINX NJS Module"
package:
name: nginx-plus-module-njs
state: present
when: type == "plus"
- name: "(All OSs) Load NGINX NJS Module"
- name: "(Setup: All NGINX) Load NGINX NJS Module"
blockinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
block: |
load_module modules/ngx_http_js_module.so;
load_module modules/ngx_stream_js_module.so;
notify: "(All OSs) Reload NGINX"
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -1,19 +1,19 @@
---
- name: "(All OSs) Install NGINX Perl Module"
- name: "(Install: All OSs) Install NGINX Perl Module"
package:
name: nginx-module-perl
state: present
when: type == "opensource"
- name: "(All OSs) Install NGINX Perl Module"
- name: "(Install: All OSs) Install NGINX Perl Module"
package:
name: nginx-plus-module-perl
state: present
when: type == "plus"
- name: "(All OSs) Load NGINX Perl Module"
- name: "(Setup: All NGINX) Load NGINX Perl Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_perl.so;
notify: "(All OSs) Reload NGINX"
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -1,13 +1,13 @@
---
- name: "(All OSs) Install NGINX Plus WAF Module"
- name: "(Install: All OSs) Install NGINX Plus WAF Module"
package:
name: nginx-plus-module-modsecurity
state: present
when: waf
- name: "(All OSs) Load NGINX Plus WAF Module"
- name: "(Setup: NGINX Plus) Load NGINX Plus WAF Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_modsecurity_module.so;
notify: "(All OSs) Reload NGINX"
notify: "(Handler: All OSs) Reload NGINX"

View File

@ -8,8 +8,8 @@
- import_tasks: setup-suse.yml
when: ansible_os_family == "Suse"
- name: "(All OSs) Install NGINX"
- name: "(Install: All OSs) Install NGINX"
package:
name: nginx
state: present
notify: "(All OSs) Start NGINX"
notify: "(Handler: All OSs) Start NGINX"

View File

@ -1,5 +1,5 @@
---
- name: "(Debian/Ubuntu) Add Mainline NGINX Repository"
- name: "(Install: Debian/Ubuntu) Add Mainline NGINX Repository"
apt_repository:
repo: "{{ item }}"
with_items:
@ -7,7 +7,7 @@
- deb-src https://nginx.org/packages/mainline/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
when: branch == "mainline"
- name: "(Debian/Ubuntu) Add Stable NGINX Repository"
- name: "(Install: Debian/Ubuntu) Add Stable NGINX Repository"
apt_repository:
repo: "{{ item }}"
with_items:

View File

@ -1,5 +1,5 @@
---
- name: "(CentOS/RedHat) Add Mainline NGINX Repository"
- name: "(Install: CentOS/RedHat) Add Mainline NGINX Repository"
yum_repository:
name: nginx
baseurl: https://nginx.org/packages/mainline/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/
@ -11,7 +11,7 @@
- rhel
when: branch == "mainline"
- name: "(CentOS/RedHat) Add Stable NGINX Repository"
- name: "(Install: CentOS/RedHat) Add Stable NGINX Repository"
yum_repository:
name: nginx
baseurl: https://nginx.org/packages/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/

View File

@ -1,11 +1,11 @@
---
- name: "(SUSE) Add Mainline NGINX Repository"
- name: "(Install: SUSE) Add Mainline NGINX Repository"
zypper_repository:
name: nginx
repo: https://nginx.org/packages/mainline/sles/12
when: branch == "mainline"
- name: "(SUSE) Add Stable NGINX Repository"
- name: "(Install: SUSE) Add Stable NGINX Repository"
zypper_repository:
name: nginx
repo: https://nginx.org/packages/sles/12

View File

@ -13,8 +13,8 @@
- import_tasks: setup-freebsd.yml
when: ansible_os_family == "FreeBSD"
- name: "(All OSs) Install NGINX Plus"
- name: "(Install: All OSs) Install NGINX Plus"
package:
name: nginx-plus
state: present
notify: "(All OSs) Start NGINX"
notify: "(Handler: All OSs) Start NGINX"

View File

@ -1,12 +1,12 @@
---
- name: "(Debian/Ubuntu) Add NGINX Plus Repository"
- name: "(Install: Debian/Ubuntu) Add NGINX Plus Repository"
shell: printf "deb https://plus-pkgs.nginx.com/{{ ansible_distribution|lower }} `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-plus.list
- name: "(Debian/Ubuntu) Verify NGINX Plus License"
- name: "(Install: Debian/Ubuntu) Verify NGINX Plus License"
get_url:
url: https://cs.nginx.com/static/files/90nginx
dest: /etc/apt/apt.conf.d/90nginx
- name: "(Debian/Ubuntu) Update APT Cache"
- name: "(Install: Debian/Ubuntu) Update APT Cache"
apt:
update_cache: yes

View File

@ -1,10 +1,10 @@
---
- name: "(FreeBSD) Add NGINX Plus Repository"
- name: "(Install: FreeBSD) Add NGINX Plus Repository"
get_url:
url: https://cs.nginx.com/static/files/nginx-plus.conf
dest: /etc/pkg/nginx-plus.conf
- name: "(FreeBSD) Verify NGINX Plus License"
- name: "(Install: FreeBSD) Verify NGINX Plus License"
blockinfile:
path: /usr/local/etc/pkg.conf
block: |

View File

@ -1,5 +1,5 @@
---
- name: "(All OSs) Create SSL directory"
- name: "(All OSs) Create SSL Directory"
file:
path: /etc/ssl/nginx
state: directory

View File

@ -1,25 +1,25 @@
---
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
set_fact:
version: "6"
when: ansible_distribution_major_version|int == 6
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
set_fact:
version: "7"
when: ansible_distribution_major_version|float >= 7.0 and ansible_distribution_major_version|float <= 7.3
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
set_fact:
version: "7.4"
when: ansible_distribution_major_version|float == 7.4
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
set_fact:
version: "amazon"
when: ansible_distribution == "Amazon"
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Add NGINX Plus Repository"
- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Add NGINX Plus Repository"
get_url:
url: https://cs.nginx.com/static/files/nginx-plus-{{ version }}.repo
dest: /etc/yum.repos.d/nginx-plus-{{ version }}.repo

View File

@ -1,8 +1,8 @@
---
- name: "(SUSE) Combine NGINX Plus Certificate and License Keys"
- name: "(Install: SUSE) Combine NGINX Plus Certificate and License Keys"
shell: cat /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key > /etc/ssl/nginx/nginx-repo-bundle.crt
- name: "(SUSE) Add NGINX Plus Repository"
- name: "(Install: SUSE) Add NGINX Plus Repository"
zypper_repository:
name: nginx-plus
repo: https://plus-pkgs.nginx.com/sles/12?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host

View File

@ -0,0 +1,44 @@
server {
listen {{ configuration_templates.opensource.listen }};
server_name {{ configuration_templates.opensource.server_name }};
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

View File

@ -0,0 +1,31 @@
user {{ configuration_templates.opensource.user }};
worker_processes {{ configuration_templates.opensource.worker_processes }};
error_log /var/log/nginx/error.log {{ configuration_templates.opensource.error_level }};
pid /var/run/nginx.pid;
events {
worker_connections {{ configuration_templates.opensource.worker_connections }};
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout {{ configuration_templates.opensource.keepalive_timeout }};
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

View File

@ -0,0 +1,60 @@
server {
listen {{ configuration_templates.plus.listen }} default_server;
server_name {{ configuration_templates.plus.server_name }};
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
# enable /api/ location with appropriate access control in order
# to make use of NGINX Plus API
#
#location /api/ {
# api write=on;
# allow 127.0.0.1;
# deny all;
#}
# enable NGINX Plus Dashboard; requires /api/ location to be
# enabled and appropriate access control for remote access
#
#location = /dashboard.html {
# root /usr/share/nginx/html;
#}
}

View File

@ -0,0 +1,50 @@
user {{ configuration_templates.plus.user }};
worker_processes {{ configuration_templates.plus.worker_processes }};
error_log /var/log/nginx/error.log {{ configuration_templates.plus.error_level }};
pid /var/run/nginx.pid;
events {
worker_connections {{ configuration_templates.plus.worker_connections }};
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout {{ configuration_templates.plus.keepalive_timeout }};
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
# TCP/UDP proxy and load balancing block
#
#stream {
# Example configuration for TCP load balancing
#upstream stream_backend {
# zone tcp_servers 64k;
# server backend1.example.com:12345;
# server backend2.example.com:12345;
#}
#server {
# listen 12345;
# status_zone tcp_server;
# proxy_pass stream_backend;
#}
#}