Replace "yes"/"no" boolean values with "true"/"false" (#414)
This commit is contained in:
parent
d52f867761
commit
fb391a09cc
2
.github/workflows/galaxy.yml
vendored
2
.github/workflows/galaxy.yml
vendored
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
name: Ansible Galaxy import
|
name: Ansible Galaxy import
|
||||||
on:
|
"on":
|
||||||
release:
|
release:
|
||||||
types:
|
types:
|
||||||
- published
|
- published
|
||||||
|
2
.github/workflows/molecule.yml
vendored
2
.github/workflows/molecule.yml
vendored
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
name: Molecule CI/CD
|
name: Molecule CI/CD
|
||||||
on:
|
"on":
|
||||||
pull_request:
|
pull_request:
|
||||||
branches:
|
branches:
|
||||||
- main
|
- main
|
||||||
|
2
.github/workflows/release-drafter.yml
vendored
2
.github/workflows/release-drafter.yml
vendored
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
name: Release Drafter
|
name: Release Drafter
|
||||||
on:
|
"on":
|
||||||
pull_request:
|
pull_request:
|
||||||
types:
|
types:
|
||||||
- opened
|
- opened
|
||||||
|
@ -10,4 +10,3 @@ rules:
|
|||||||
level: error
|
level: error
|
||||||
comments-indentation: disable
|
comments-indentation: disable
|
||||||
line-length: disable
|
line-length: disable
|
||||||
truthy: disable
|
|
||||||
|
@ -11,6 +11,7 @@ ENHANCEMENTS:
|
|||||||
|
|
||||||
* Replace Ansible base with Ansible core. Ansible core will be the "core" Ansible release moving forward from Ansible `2.11`.
|
* Replace Ansible base with Ansible core. Ansible core will be the "core" Ansible release moving forward from Ansible `2.11`.
|
||||||
* Update GitHub actions to add a workflow dispatch option.
|
* Update GitHub actions to add a workflow dispatch option.
|
||||||
|
* Replace "yes"/"no" boolean values with "true"/"false" to comply with YAML spec `1.2`.
|
||||||
|
|
||||||
BUG FIXES:
|
BUG FIXES:
|
||||||
|
|
||||||
|
@ -1,13 +1,13 @@
|
|||||||
---
|
---
|
||||||
- name: (Handler) Systemd daemon-reload
|
- name: (Handler) Systemd daemon-reload
|
||||||
systemd:
|
systemd:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
||||||
- name: (Handler) Start/reload NGINX
|
- name: (Handler) Start/reload NGINX
|
||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: reloaded
|
state: reloaded
|
||||||
enabled: yes
|
enabled: true
|
||||||
when:
|
when:
|
||||||
- nginx_start | bool
|
- nginx_start | bool
|
||||||
- not ansible_check_mode | bool
|
- not ansible_check_mode | bool
|
||||||
@ -18,8 +18,8 @@
|
|||||||
args:
|
args:
|
||||||
chdir: /etc/nginx/
|
chdir: /etc/nginx/
|
||||||
register: config_check
|
register: config_check
|
||||||
ignore_errors: yes
|
ignore_errors: true
|
||||||
check_mode: no
|
check_mode: false
|
||||||
changed_when: false
|
changed_when: false
|
||||||
listen: (Handler) Run NGINX
|
listen: (Handler) Run NGINX
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
package:
|
package:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: present
|
state: present
|
||||||
check_mode: yes
|
check_mode: true
|
||||||
register: install
|
register: install
|
||||||
failed_when: (install is changed) or (install is failed)
|
failed_when: (install is changed) or (install is failed)
|
||||||
|
|
||||||
@ -14,8 +14,8 @@
|
|||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
check_mode: yes
|
check_mode: true
|
||||||
register: service
|
register: service
|
||||||
failed_when: (service is changed) or (service is failed)
|
failed_when: (service is changed) or (service is failed)
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
package:
|
package:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: present
|
state: present
|
||||||
check_mode: yes
|
check_mode: true
|
||||||
register: install
|
register: install
|
||||||
failed_when: (install is changed) or (install is failed)
|
failed_when: (install is changed) or (install is failed)
|
||||||
|
|
||||||
@ -14,8 +14,8 @@
|
|||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
check_mode: yes
|
check_mode: true
|
||||||
register: service
|
register: service
|
||||||
failed_when: (service is changed) or (service is failed)
|
failed_when: (service is changed) or (service is failed)
|
||||||
|
|
||||||
|
@ -7,12 +7,12 @@
|
|||||||
copy:
|
copy:
|
||||||
content: "{{ lookup('env','NGINX_CRT') | b64decode }}"
|
content: "{{ lookup('env','NGINX_CRT') | b64decode }}"
|
||||||
dest: ../../files/license/nginx-repo.crt
|
dest: ../../files/license/nginx-repo.crt
|
||||||
force: no
|
force: false
|
||||||
mode: 0444
|
mode: 0444
|
||||||
|
|
||||||
- name: Create ephemeral license key file from b64 decoded env var
|
- name: Create ephemeral license key file from b64 decoded env var
|
||||||
copy:
|
copy:
|
||||||
content: "{{ lookup('env','NGINX_KEY') | b64decode }}"
|
content: "{{ lookup('env','NGINX_KEY') | b64decode }}"
|
||||||
dest: ../../files/license/nginx-repo.key
|
dest: ../../files/license/nginx-repo.key
|
||||||
force: no
|
force: false
|
||||||
mode: 0444
|
mode: 0444
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
package:
|
package:
|
||||||
name: nginx-plus
|
name: nginx-plus
|
||||||
state: present
|
state: present
|
||||||
check_mode: yes
|
check_mode: true
|
||||||
register: install
|
register: install
|
||||||
failed_when: (install is changed) or (install is failed)
|
failed_when: (install is changed) or (install is failed)
|
||||||
|
|
||||||
@ -14,8 +14,8 @@
|
|||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
check_mode: yes
|
check_mode: true
|
||||||
register: service
|
register: service
|
||||||
failed_when: (service is changed) or (service is failed)
|
failed_when: (service is changed) or (service is failed)
|
||||||
|
|
||||||
|
@ -6,8 +6,8 @@
|
|||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
check_mode: yes
|
check_mode: true
|
||||||
register: service
|
register: service
|
||||||
failed_when: (service is changed) or (service is failed)
|
failed_when: (service is changed) or (service is failed)
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@
|
|||||||
|
|
||||||
- name: Copy NGINX configurator agent configuration template
|
- name: Copy NGINX configurator agent configuration template
|
||||||
copy:
|
copy:
|
||||||
remote_src: yes
|
remote_src: true
|
||||||
src: /etc/amplify-agent/agent.conf.default
|
src: /etc/amplify-agent/agent.conf.default
|
||||||
dest: /etc/amplify-agent/agent.conf
|
dest: /etc/amplify-agent/agent.conf
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
filename: nginx-amplify
|
filename: nginx-amplify
|
||||||
repo: "deb [arch=amd64] https://packages.amplify.nginx.com/{{ ansible_facts['distribution'] | lower }}/
|
repo: "deb [arch=amd64] https://packages.amplify.nginx.com/{{ ansible_facts['distribution'] | lower }}/
|
||||||
{{ ansible_facts['distribution_release'] | lower }} amplify-agent"
|
{{ ansible_facts['distribution_release'] | lower }} amplify-agent"
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
mode: 0644
|
mode: 0644
|
||||||
when: ansible_facts['distribution_release'] != "focal"
|
when: ansible_facts['distribution_release'] != "focal"
|
||||||
|
|
||||||
@ -12,6 +12,6 @@
|
|||||||
apt_repository:
|
apt_repository:
|
||||||
filename: nginx-amplify
|
filename: nginx-amplify
|
||||||
repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent
|
repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
mode: 0644
|
mode: 0644
|
||||||
when: ansible_facts['distribution_release'] == "focal"
|
when: ansible_facts['distribution_release'] == "focal"
|
||||||
|
@ -4,6 +4,6 @@
|
|||||||
name: nginx-amplify
|
name: nginx-amplify
|
||||||
baseurl: http://packages.amplify.nginx.com/{{ (ansible_facts['distribution'] == "Amazon") | ternary('amzn/', 'centos/') }}/$releasever/$basearch/
|
baseurl: http://packages.amplify.nginx.com/{{ (ansible_facts['distribution'] == "Amazon") | ternary('amzn/', 'centos/') }}/$releasever/$basearch/
|
||||||
description: NGINX Amplify Agent
|
description: NGINX Amplify Agent
|
||||||
enabled: yes
|
enabled: true
|
||||||
gpgcheck: yes
|
gpgcheck: true
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
- name: Register NGINX config
|
- name: Register NGINX config
|
||||||
command: nginx -T
|
command: nginx -T
|
||||||
ignore_errors: "{{ ansible_check_mode }}"
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
check_mode: no
|
check_mode: false
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: config_full
|
register: config_full
|
||||||
|
|
||||||
|
@ -27,5 +27,5 @@
|
|||||||
rpm_key:
|
rpm_key:
|
||||||
fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
|
fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
|
||||||
key: "{{ keysite }}"
|
key: "{{ keysite }}"
|
||||||
validate_certs: "{{ (ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}"
|
validate_certs: "{{ (ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('false', 'true') }}"
|
||||||
when: ansible_facts['os_family'] in ['RedHat', 'Suse']
|
when: ansible_facts['os_family'] in ['RedHat', 'Suse']
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
when:
|
when:
|
||||||
- nginx_install | bool
|
- nginx_install | bool
|
||||||
- (nginx_install_from == "nginx_repository" or nginx_type == "plus")
|
- (nginx_install_from == "nginx_repository" or nginx_type == "plus")
|
||||||
ignore_errors: yes
|
ignore_errors: true
|
||||||
tags: nginx_check_support
|
tags: nginx_check_support
|
||||||
|
|
||||||
- name: Set up prerequisites
|
- name: Set up prerequisites
|
||||||
|
@ -10,6 +10,6 @@
|
|||||||
name: "nginx{{ nginx_version | default('') }}"
|
name: "nginx{{ nginx_version | default('') }}"
|
||||||
repository: "{{ nginx_repository | default(nginx_default_repository_alpine) }}"
|
repository: "{{ nginx_repository | default(nginx_default_repository_alpine) }}"
|
||||||
state: "{{ nginx_state }}"
|
state: "{{ nginx_state }}"
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
ignore_errors: "{{ ansible_check_mode }}"
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
notify: (Handler) Run NGINX
|
notify: (Handler) Run NGINX
|
||||||
|
@ -37,7 +37,7 @@
|
|||||||
- name: (OpenBSD) Install NGINX package
|
- name: (OpenBSD) Install NGINX package
|
||||||
openbsd_pkg:
|
openbsd_pkg:
|
||||||
name: "nginx{{ nginx_version | default('') }}"
|
name: "nginx{{ nginx_version | default('') }}"
|
||||||
build: no
|
build: false
|
||||||
state: "{{ nginx_state }}"
|
state: "{{ nginx_state }}"
|
||||||
when: nginx_bsd_install_packages | bool
|
when: nginx_bsd_install_packages | bool
|
||||||
notify: (Handler) Run NGINX
|
notify: (Handler) Run NGINX
|
||||||
@ -45,7 +45,7 @@
|
|||||||
- name: (OpenBSD) Install NGINX port
|
- name: (OpenBSD) Install NGINX port
|
||||||
openbsd_pkg:
|
openbsd_pkg:
|
||||||
name: "nginx{{ nginx_version | default('') }}"
|
name: "nginx{{ nginx_version | default('') }}"
|
||||||
build: yes
|
build: true
|
||||||
state: "{{ nginx_state }}"
|
state: "{{ nginx_state }}"
|
||||||
when: not nginx_bsd_install_packages | bool
|
when: not nginx_bsd_install_packages | bool
|
||||||
notify: (Handler) Run NGINX
|
notify: (Handler) Run NGINX
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
apt_repository:
|
apt_repository:
|
||||||
filename: nginx
|
filename: nginx
|
||||||
repo: "{{ item }}"
|
repo: "{{ item }}"
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
mode: 0644
|
mode: 0644
|
||||||
loop: "{{ nginx_repository | default(nginx_default_repository_debian) }}"
|
loop: "{{ nginx_repository | default(nginx_default_repository_debian) }}"
|
||||||
|
|
||||||
|
@ -4,15 +4,15 @@
|
|||||||
name: nginx
|
name: nginx
|
||||||
baseurl: "{{ nginx_repository | default(nginx_default_repository_redhat) }}"
|
baseurl: "{{ nginx_repository | default(nginx_default_repository_redhat) }}"
|
||||||
description: NGINX Repository
|
description: NGINX Repository
|
||||||
enabled: yes
|
enabled: true
|
||||||
gpgcheck: yes
|
gpgcheck: true
|
||||||
mode: 0644
|
mode: 0644
|
||||||
when: ansible_facts['distribution_major_version'] is version('8', '<')
|
when: ansible_facts['distribution_major_version'] is version('8', '<')
|
||||||
|
|
||||||
- name: (CentOS/RHEL 8) Configure NGINX repository
|
- name: (CentOS/RHEL 8) Configure NGINX repository
|
||||||
blockinfile:
|
blockinfile:
|
||||||
path: /etc/yum.repos.d/nginx.repo
|
path: /etc/yum.repos.d/nginx.repo
|
||||||
create: yes
|
create: true
|
||||||
block: |
|
block: |
|
||||||
[nginx]
|
[nginx]
|
||||||
baseurl = {{ nginx_repository | default(nginx_default_repository_redhat) }}
|
baseurl = {{ nginx_repository | default(nginx_default_repository_redhat) }}
|
||||||
@ -29,6 +29,6 @@
|
|||||||
state: "{{ nginx_state }}"
|
state: "{{ nginx_state }}"
|
||||||
disablerepo: "*"
|
disablerepo: "*"
|
||||||
enablerepo: nginx
|
enablerepo: nginx
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
ignore_errors: "{{ ansible_check_mode }}"
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
notify: (Handler) Run NGINX
|
notify: (Handler) Run NGINX
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
- python3
|
- python3
|
||||||
- python3-pip
|
- python3-pip
|
||||||
- python3-devel
|
- python3-devel
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
|
|
||||||
- name: (Centos/RHEL 8) Set Python 3 as default
|
- name: (Centos/RHEL 8) Set Python 3 as default
|
||||||
alternatives:
|
alternatives:
|
||||||
@ -33,14 +33,14 @@
|
|||||||
- perl-core
|
- perl-core
|
||||||
- wget
|
- wget
|
||||||
- zlib-devel
|
- zlib-devel
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when: ansible_facts['os_family'] == "RedHat"
|
when: ansible_facts['os_family'] == "RedHat"
|
||||||
|
|
||||||
- name: (Debian) Install backports repo for 'buster'
|
- name: (Debian) Install backports repo for 'buster'
|
||||||
apt_repository:
|
apt_repository:
|
||||||
filename: buster-backports
|
filename: buster-backports
|
||||||
repo: deb http://ftp.us.debian.org/debian buster-backports main
|
repo: deb http://ftp.us.debian.org/debian buster-backports main
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
mode: 0644
|
mode: 0644
|
||||||
when: ansible_facts['distribution_release'] == "buster"
|
when: ansible_facts['distribution_release'] == "buster"
|
||||||
|
|
||||||
@ -54,7 +54,7 @@
|
|||||||
- perl
|
- perl
|
||||||
- tar
|
- tar
|
||||||
- zlib1g-dev
|
- zlib1g-dev
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when: ansible_facts['os_family'] == "Debian"
|
when: ansible_facts['os_family'] == "Debian"
|
||||||
|
|
||||||
- name: (Alpine Linux) Install build tools
|
- name: (Alpine Linux) Install build tools
|
||||||
@ -69,14 +69,14 @@
|
|||||||
- linux-headers
|
- linux-headers
|
||||||
- tar
|
- tar
|
||||||
- wget
|
- wget
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when: ansible_facts['os_family'] == "Alpine"
|
when: ansible_facts['os_family'] == "Alpine"
|
||||||
|
|
||||||
- name: (Alpine Linux) Enable OpenRC
|
- name: (Alpine Linux) Enable OpenRC
|
||||||
copy:
|
copy:
|
||||||
content: ""
|
content: ""
|
||||||
dest: /run/openrc/softlevel
|
dest: /run/openrc/softlevel
|
||||||
force: no
|
force: false
|
||||||
owner: root
|
owner: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
when: ansible_facts['os_family'] == "Alpine"
|
when: ansible_facts['os_family'] == "Alpine"
|
||||||
@ -102,7 +102,7 @@
|
|||||||
- name: (CentOS/RHEL) Install PCRE dependency from package
|
- name: (CentOS/RHEL) Install PCRE dependency from package
|
||||||
yum:
|
yum:
|
||||||
name: pcre-devel
|
name: pcre-devel
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when:
|
when:
|
||||||
- nginx_install_source_pcre | bool
|
- nginx_install_source_pcre | bool
|
||||||
- ansible_facts['os_family'] == "RedHat"
|
- ansible_facts['os_family'] == "RedHat"
|
||||||
@ -110,7 +110,7 @@
|
|||||||
- name: (Debian/Ubuntu) Install PCRE dependency from package
|
- name: (Debian/Ubuntu) Install PCRE dependency from package
|
||||||
apt:
|
apt:
|
||||||
name: libpcre3-dev
|
name: libpcre3-dev
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when:
|
when:
|
||||||
- nginx_install_source_pcre | bool
|
- nginx_install_source_pcre | bool
|
||||||
- ansible_facts['os_family'] == "Debian"
|
- ansible_facts['os_family'] == "Debian"
|
||||||
@ -118,7 +118,7 @@
|
|||||||
- name: (Alpine Linux) Install PCRE dependency from package
|
- name: (Alpine Linux) Install PCRE dependency from package
|
||||||
apk:
|
apk:
|
||||||
name: pcre-dev
|
name: pcre-dev
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when:
|
when:
|
||||||
- nginx_install_source_pcre | bool
|
- nginx_install_source_pcre | bool
|
||||||
- ansible_facts['os_family'] == "Alpine"
|
- ansible_facts['os_family'] == "Alpine"
|
||||||
@ -131,12 +131,12 @@
|
|||||||
dest: "/tmp/{{ pcre_version }}.tar.gz"
|
dest: "/tmp/{{ pcre_version }}.tar.gz"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
||||||
| ternary('no', 'yes') }}"
|
| ternary('false', 'true') }}"
|
||||||
register: pcre_source
|
register: pcre_source
|
||||||
|
|
||||||
- name: Unpack PCRE dependency
|
- name: Unpack PCRE dependency
|
||||||
unarchive:
|
unarchive:
|
||||||
copy: no
|
copy: false
|
||||||
dest: /tmp/
|
dest: /tmp/
|
||||||
src: "{{ pcre_source.dest }}"
|
src: "{{ pcre_source.dest }}"
|
||||||
mode: 0700
|
mode: 0700
|
||||||
@ -162,7 +162,7 @@
|
|||||||
- name: (Centos/RHEL) Install ZLib dependency from package
|
- name: (Centos/RHEL) Install ZLib dependency from package
|
||||||
yum:
|
yum:
|
||||||
name: zlib-devel
|
name: zlib-devel
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when:
|
when:
|
||||||
- nginx_install_source_zlib | bool
|
- nginx_install_source_zlib | bool
|
||||||
- ansible_facts['os_family'] == "RedHat"
|
- ansible_facts['os_family'] == "RedHat"
|
||||||
@ -178,7 +178,7 @@
|
|||||||
- name: (Alpine Linux) Install ZLib dependency from package
|
- name: (Alpine Linux) Install ZLib dependency from package
|
||||||
apk:
|
apk:
|
||||||
name: zlib-dev
|
name: zlib-dev
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when:
|
when:
|
||||||
- nginx_install_source_zlib | bool
|
- nginx_install_source_zlib | bool
|
||||||
- ansible_facts['os_family'] == "Alpine"
|
- ansible_facts['os_family'] == "Alpine"
|
||||||
@ -191,12 +191,12 @@
|
|||||||
dest: "/tmp/{{ zlib_version }}.tar.gz"
|
dest: "/tmp/{{ zlib_version }}.tar.gz"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
||||||
| ternary('no', 'yes') }}"
|
| ternary('false', 'true') }}"
|
||||||
register: zlib_source
|
register: zlib_source
|
||||||
|
|
||||||
- name: Unpack ZLib dependency
|
- name: Unpack ZLib dependency
|
||||||
unarchive:
|
unarchive:
|
||||||
copy: no
|
copy: false
|
||||||
dest: /tmp/
|
dest: /tmp/
|
||||||
src: "{{ zlib_source.dest }}"
|
src: "{{ zlib_source.dest }}"
|
||||||
mode: 0700
|
mode: 0700
|
||||||
@ -222,7 +222,7 @@
|
|||||||
- name: (CentOS/RHEL) Install OpenSSL dependency from package
|
- name: (CentOS/RHEL) Install OpenSSL dependency from package
|
||||||
yum:
|
yum:
|
||||||
name: openssl-devel
|
name: openssl-devel
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when:
|
when:
|
||||||
- nginx_install_source_openssl | bool
|
- nginx_install_source_openssl | bool
|
||||||
- ansible_facts['os_family'] == "RedHat"
|
- ansible_facts['os_family'] == "RedHat"
|
||||||
@ -230,7 +230,7 @@
|
|||||||
- name: (Debian/Ubuntu) Install OpenSSL dependency from package
|
- name: (Debian/Ubuntu) Install OpenSSL dependency from package
|
||||||
apt:
|
apt:
|
||||||
name: libssl-dev
|
name: libssl-dev
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when:
|
when:
|
||||||
- nginx_install_source_openssl | bool
|
- nginx_install_source_openssl | bool
|
||||||
- ansible_facts['os_family'] == "Debian"
|
- ansible_facts['os_family'] == "Debian"
|
||||||
@ -238,7 +238,7 @@
|
|||||||
- name: (Alpine Linux) Install OpenSSL dependency from package
|
- name: (Alpine Linux) Install OpenSSL dependency from package
|
||||||
apk:
|
apk:
|
||||||
name: openssl-dev
|
name: openssl-dev
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when:
|
when:
|
||||||
- nginx_install_source_openssl | bool
|
- nginx_install_source_openssl | bool
|
||||||
- ansible_facts['os_family'] == "Alpine"
|
- ansible_facts['os_family'] == "Alpine"
|
||||||
@ -251,12 +251,12 @@
|
|||||||
dest: "/tmp/{{ openssl_version }}.tar.gz"
|
dest: "/tmp/{{ openssl_version }}.tar.gz"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
||||||
| ternary('no', 'yes') }}"
|
| ternary('false', 'true') }}"
|
||||||
register: openssl_source
|
register: openssl_source
|
||||||
|
|
||||||
- name: Unpack OpenSSL dependency
|
- name: Unpack OpenSSL dependency
|
||||||
unarchive:
|
unarchive:
|
||||||
copy: no
|
copy: false
|
||||||
dest: /tmp/
|
dest: /tmp/
|
||||||
src: "{{ openssl_source.dest }}"
|
src: "{{ openssl_source.dest }}"
|
||||||
mode: 0700
|
mode: 0700
|
||||||
@ -284,10 +284,10 @@
|
|||||||
- name: Fetch NGINX version
|
- name: Fetch NGINX version
|
||||||
uri:
|
uri:
|
||||||
url: https://version.nginx.com/nginx/{{ nginx_branch }}
|
url: https://version.nginx.com/nginx/{{ nginx_branch }}
|
||||||
return_content: yes
|
return_content: true
|
||||||
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
||||||
| ternary('no', 'yes') }}"
|
| ternary('false', 'true') }}"
|
||||||
check_mode: no
|
check_mode: false
|
||||||
register: nginx_versions
|
register: nginx_versions
|
||||||
|
|
||||||
- name: Set NGINX version
|
- name: Set NGINX version
|
||||||
@ -297,7 +297,7 @@
|
|||||||
- name: Check for NGINX install
|
- name: Check for NGINX install
|
||||||
stat:
|
stat:
|
||||||
path: /usr/sbin/nginx
|
path: /usr/sbin/nginx
|
||||||
follow: yes
|
follow: true
|
||||||
register: nginx_result
|
register: nginx_result
|
||||||
|
|
||||||
- name: Add NGINX user
|
- name: Add NGINX user
|
||||||
@ -312,12 +312,12 @@
|
|||||||
dest: "/tmp/{{ nginx_version }}.tar.gz"
|
dest: "/tmp/{{ nginx_version }}.tar.gz"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
||||||
| ternary('no', 'yes') }}"
|
| ternary('false', 'true') }}"
|
||||||
register: nginx_source
|
register: nginx_source
|
||||||
|
|
||||||
- name: Unpack NGINX
|
- name: Unpack NGINX
|
||||||
unarchive:
|
unarchive:
|
||||||
copy: no
|
copy: false
|
||||||
dest: /tmp/
|
dest: /tmp/
|
||||||
src: "{{ nginx_source.dest }}"
|
src: "{{ nginx_source.dest }}"
|
||||||
mode: 0755
|
mode: 0755
|
||||||
@ -362,10 +362,10 @@
|
|||||||
|
|
||||||
- name: Enable systemd NGINX service file
|
- name: Enable systemd NGINX service file
|
||||||
systemd:
|
systemd:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
name: nginx
|
name: nginx
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: yes
|
enabled: true
|
||||||
when: ansible_facts['service_mgr'] == "systemd"
|
when: ansible_facts['service_mgr'] == "systemd"
|
||||||
notify: "(Handler) Run NGINX"
|
notify: "(Handler) Run NGINX"
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
zypper:
|
zypper:
|
||||||
name: "nginx{{ nginx_version | default('') }}"
|
name: "nginx{{ nginx_version | default('') }}"
|
||||||
state: "{{ nginx_state }}"
|
state: "{{ nginx_state }}"
|
||||||
disable_recommends: no
|
disable_recommends: false
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
ignore_errors: "{{ ansible_check_mode }}"
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
notify: (Handler) Run NGINX
|
notify: (Handler) Run NGINX
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
- name: (Debian/Ubuntu) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus license verification
|
- name: (Debian/Ubuntu) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus license verification
|
||||||
blockinfile:
|
blockinfile:
|
||||||
path: /etc/apt/apt.conf.d/90nginx
|
path: /etc/apt/apt.conf.d/90nginx
|
||||||
create: yes
|
create: true
|
||||||
block: |
|
block: |
|
||||||
Acquire::https::{{ (nginx_repository | default(nginx_plus_default_repository_debian)) | regex_search('(?<=https://)[^/]*') }}::Verify-Peer "true";
|
Acquire::https::{{ (nginx_repository | default(nginx_plus_default_repository_debian)) | regex_search('(?<=https://)[^/]*') }}::Verify-Peer "true";
|
||||||
Acquire::https::{{ (nginx_repository | default(nginx_plus_default_repository_debian)) | regex_search('(?<=https://)[^/]*') }}::Verify-Host "true";
|
Acquire::https::{{ (nginx_repository | default(nginx_plus_default_repository_debian)) | regex_search('(?<=https://)[^/]*') }}::Verify-Host "true";
|
||||||
@ -15,7 +15,7 @@
|
|||||||
apt_repository:
|
apt_repository:
|
||||||
filename: nginx-plus
|
filename: nginx-plus
|
||||||
repo: "{{ nginx_repository | default(nginx_plus_default_repository_debian) }}"
|
repo: "{{ nginx_repository | default(nginx_plus_default_repository_debian) }}"
|
||||||
update_cache: no
|
update_cache: false
|
||||||
state: "{{ nginx_license_status | default ('present') }}"
|
state: "{{ nginx_license_status | default ('present') }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
@ -23,7 +23,7 @@
|
|||||||
apt:
|
apt:
|
||||||
name: "nginx-plus{{ nginx_version | default('') }}"
|
name: "nginx-plus{{ nginx_version | default('') }}"
|
||||||
state: "{{ nginx_state }}"
|
state: "{{ nginx_state }}"
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
ignore_errors: "{{ ansible_check_mode }}"
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
when: nginx_license_status is not defined
|
when: nginx_license_status is not defined
|
||||||
notify: (Handler) Run NGINX
|
notify: (Handler) Run NGINX
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
- name: (FreeBSD) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository
|
- name: (FreeBSD) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository
|
||||||
blockinfile:
|
blockinfile:
|
||||||
path: /etc/pkg/nginx-plus.conf
|
path: /etc/pkg/nginx-plus.conf
|
||||||
create: yes
|
create: true
|
||||||
block: |
|
block: |
|
||||||
nginx-plus: {
|
nginx-plus: {
|
||||||
URL: {{ nginx_repository | default(nginx_plus_default_repository_freebsd) }}
|
URL: {{ nginx_repository | default(nginx_plus_default_repository_freebsd) }}
|
||||||
|
@ -7,8 +7,8 @@
|
|||||||
description: NGINX Plus Repository
|
description: NGINX Plus Repository
|
||||||
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
|
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
|
||||||
sslclientkey: /etc/ssl/nginx/nginx-repo.key
|
sslclientkey: /etc/ssl/nginx/nginx-repo.key
|
||||||
enabled: yes
|
enabled: true
|
||||||
gpgcheck: yes
|
gpgcheck: true
|
||||||
state: "{{ nginx_license_status | default ('present') }}"
|
state: "{{ nginx_license_status | default ('present') }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
@ -16,7 +16,7 @@
|
|||||||
yum:
|
yum:
|
||||||
name: "nginx-plus{{ nginx_version | default('') }}"
|
name: "nginx-plus{{ nginx_version | default('') }}"
|
||||||
state: "{{ nginx_state }}"
|
state: "{{ nginx_state }}"
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
ignore_errors: "{{ ansible_check_mode }}"
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
when: nginx_license_status is not defined
|
when: nginx_license_status is not defined
|
||||||
notify: (Handler) Run NGINX
|
notify: (Handler) Run NGINX
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
zypper:
|
zypper:
|
||||||
name: "nginx-plus{{ nginx_version | default('') }}"
|
name: "nginx-plus{{ nginx_version | default('') }}"
|
||||||
state: "{{ nginx_state }}"
|
state: "{{ nginx_state }}"
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
ignore_errors: "{{ ansible_check_mode }}"
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
when: nginx_license_status is not defined
|
when: nginx_license_status is not defined
|
||||||
notify: (Handler) Run NGINX
|
notify: (Handler) Run NGINX
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
copy:
|
copy:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: /etc/ssl/nginx
|
dest: /etc/ssl/nginx
|
||||||
decrypt: yes
|
decrypt: true
|
||||||
mode: 0444
|
mode: 0444
|
||||||
loop:
|
loop:
|
||||||
- "{{ nginx_license['certificate'] }}"
|
- "{{ nginx_license['certificate'] }}"
|
||||||
@ -30,13 +30,13 @@
|
|||||||
copy:
|
copy:
|
||||||
src: "{{ nginx_license['key'] }}"
|
src: "{{ nginx_license['key'] }}"
|
||||||
dest: /etc/apk/cert.key
|
dest: /etc/apk/cert.key
|
||||||
decrypt: yes
|
decrypt: true
|
||||||
mode: 0444
|
mode: 0444
|
||||||
|
|
||||||
- name: (Alpine Linux) Copy NGINX Plus certificate
|
- name: (Alpine Linux) Copy NGINX Plus certificate
|
||||||
copy:
|
copy:
|
||||||
src: "{{ nginx_license['certificate'] }}"
|
src: "{{ nginx_license['certificate'] }}"
|
||||||
dest: /etc/apk/cert.pem
|
dest: /etc/apk/cert.pem
|
||||||
decrypt: yes
|
decrypt: true
|
||||||
mode: 0444
|
mode: 0444
|
||||||
when: ansible_facts['os_family'] == "Alpine"
|
when: ansible_facts['os_family'] == "Alpine"
|
||||||
|
@ -2,13 +2,13 @@
|
|||||||
- name: (Alpine Linux) Install dependencies
|
- name: (Alpine Linux) Install dependencies
|
||||||
apk:
|
apk:
|
||||||
name: "{{ nginx_alpine_dependencies }}"
|
name: "{{ nginx_alpine_dependencies }}"
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when: ansible_facts['os_family'] == "Alpine"
|
when: ansible_facts['os_family'] == "Alpine"
|
||||||
|
|
||||||
- name: (Debian/Ubuntu) Install dependencies
|
- name: (Debian/Ubuntu) Install dependencies
|
||||||
apt:
|
apt:
|
||||||
name: "{{ nginx_debian_dependencies }}"
|
name: "{{ nginx_debian_dependencies }}"
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when: ansible_facts['os_family'] == "Debian"
|
when: ansible_facts['os_family'] == "Debian"
|
||||||
|
|
||||||
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies
|
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies
|
||||||
|
@ -25,14 +25,14 @@
|
|||||||
- name: Allow SELinux HTTP network connections
|
- name: Allow SELinux HTTP network connections
|
||||||
seboolean:
|
seboolean:
|
||||||
name: httpd_can_network_connect
|
name: httpd_can_network_connect
|
||||||
state: yes
|
state: true
|
||||||
persistent: yes
|
persistent: true
|
||||||
|
|
||||||
- name: Allow SELinux HTTP network connections
|
- name: Allow SELinux HTTP network connections
|
||||||
seboolean:
|
seboolean:
|
||||||
name: httpd_can_network_relay
|
name: httpd_can_network_relay
|
||||||
state: yes
|
state: true
|
||||||
persistent: yes
|
persistent: true
|
||||||
|
|
||||||
- name: (DEPRECATED) Allow SELinux TCP connections on status ports
|
- name: (DEPRECATED) Allow SELinux TCP connections on status ports
|
||||||
seport:
|
seport:
|
||||||
|
Loading…
Reference in New Issue
Block a user