From ff7ade6f4c86b8f100b220cbad556410ca229d5f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Mar 2022 18:27:11 +0100 Subject: [PATCH] Bump ansible-lint from 5.4.0 to 6.0.1 in /.github/workflows/requirements (#499) --- .../requirements/requirements_molecule.txt | 2 +- handlers/main.yml | 12 +-- molecule/default/converge.yml | 8 +- molecule/default/verify.yml | 8 +- molecule/downgrade/converge.yml | 8 +- molecule/downgrade/prepare.yml | 8 +- molecule/downgrade/verify.yml | 20 ++--- molecule/module/converge.yml | 2 +- molecule/module/verify.yml | 6 +- molecule/plus/converge.yml | 2 +- molecule/plus/prepare.yml | 4 +- molecule/plus/verify.yml | 6 +- molecule/source/converge.yml | 2 +- molecule/source/verify.yml | 4 +- molecule/uninstall/converge.yml | 2 +- molecule/uninstall/prepare.yml | 2 +- molecule/uninstall/verify.yml | 2 +- molecule/uninstall_plus/converge.yml | 2 +- molecule/uninstall_plus/prepare.yml | 6 +- molecule/uninstall_plus/verify.yml | 2 +- molecule/upgrade/converge.yml | 2 +- molecule/upgrade/prepare.yml | 8 +- molecule/upgrade/verify.yml | 12 +-- tasks/amplify/install-amplify.yml | 8 +- tasks/amplify/setup-debian.yml | 2 +- tasks/amplify/setup-redhat.yml | 2 +- tasks/config/debug-output.yml | 4 +- tasks/config/modify-systemd.yml | 8 +- tasks/config/setup-logrotate.yml | 6 +- tasks/keys/setup-keys.yml | 10 +-- tasks/main.yml | 28 +++---- tasks/modules/install-modules.yml | 8 +- tasks/opensource/install-alpine.yml | 2 +- tasks/opensource/install-bsd.yml | 12 +-- tasks/opensource/install-debian.yml | 6 +- tasks/opensource/install-oss.yml | 8 +- tasks/opensource/install-redhat.yml | 4 +- tasks/opensource/install-source.yml | 82 +++++++++---------- tasks/plus/install-alpine.yml | 2 +- tasks/plus/install-debian.yml | 6 +- tasks/plus/install-freebsd.yml | 4 +- tasks/plus/install-redhat.yml | 4 +- tasks/plus/remove-license.yml | 8 +- tasks/plus/setup-license.yml | 12 +-- tasks/prerequisites/install-dependencies.yml | 4 +- tasks/prerequisites/prerequisites.yml | 6 +- tasks/prerequisites/setup-selinux.yml | 14 ++-- 47 files changed, 190 insertions(+), 190 deletions(-) diff --git a/.github/workflows/requirements/requirements_molecule.txt b/.github/workflows/requirements/requirements_molecule.txt index fa81a58..110e856 100644 --- a/.github/workflows/requirements/requirements_molecule.txt +++ b/.github/workflows/requirements/requirements_molecule.txt @@ -1,6 +1,6 @@ ansible-core==2.12.3 jinja2==3.0.3 -ansible-lint==5.4.0 +ansible-lint==6.0.1 yamllint==1.26.3 molecule[docker]==3.6.1 docker==5.0.3 diff --git a/handlers/main.yml b/handlers/main.yml index 96c9a43..e318545 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,10 +1,10 @@ --- - name: (Handler) Systemd daemon-reload - systemd: + ansible.builtin.systemd: daemon_reload: true - name: (Handler) Start/reload NGINX - service: + ansible.builtin.service: name: nginx state: reloaded enabled: true @@ -15,7 +15,7 @@ listen: (Handler) Run NGINX - name: (Handler) Check NGINX - command: nginx -t + ansible.builtin.command: nginx -t args: chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}" register: config_check @@ -26,7 +26,7 @@ listen: (Handler) Run NGINX - name: (Handler) Print NGINX error if syntax check fails - debug: + ansible.builtin.debug: var: config_check.stderr_lines failed_when: config_check.rc != 0 when: @@ -37,9 +37,9 @@ listen: (Handler) Run NGINX - name: (Handler) Start NGINX Amplify agent - service: + ansible.builtin.service: name: amplify-agent state: started - name: (Handler) Run logrotate - command: logrotate -f /etc/logrotate.d/nginx + ansible.builtin.command: logrotate -f /etc/logrotate.d/nginx diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 5695d14..415e1be 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -3,20 +3,20 @@ hosts: all pre_tasks: - name: Set repo if Alpine - set_fact: + ansible.builtin.set_fact: version: "=1.21.5-r1" when: ansible_facts['os_family'] == "Alpine" - name: Set repo if Debian - set_fact: + ansible.builtin.set_fact: version: "=1.21.5-1~{{ ansible_facts['distribution_release'] }}" when: ansible_facts['os_family'] == "Debian" - name: Set repo if Red Hat - set_fact: + ansible.builtin.set_fact: version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" when: ansible_facts['os_family'] == "RedHat" tasks: - name: Install NGINX - include_role: + ansible.builtin.include_role: name: ansible-role-nginx vars: nginx_version: "{{ version }}" diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index fa5e230..b0263ec 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Check if NGINX is installed - package: + ansible.builtin.package: name: nginx state: present check_mode: true @@ -11,7 +11,7 @@ failed_when: (install is changed) or (install is failed) - name: Check if NGINX service is running - service: + ansible.builtin.service: name: nginx state: started enabled: true @@ -20,12 +20,12 @@ failed_when: (service is changed) or (service is failed) - name: Verify NGINX is up and running - uri: + ansible.builtin.uri: url: http://localhost status_code: 200 - name: Verify correct version of NGINX has been installed - command: nginx -v + ansible.builtin.command: nginx -v args: chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}" changed_when: false diff --git a/molecule/downgrade/converge.yml b/molecule/downgrade/converge.yml index 9392bea..2c9fd7e 100644 --- a/molecule/downgrade/converge.yml +++ b/molecule/downgrade/converge.yml @@ -3,20 +3,20 @@ hosts: all pre_tasks: - name: Set repo if Alpine - set_fact: + ansible.builtin.set_fact: version: "=1.20.2-r1" when: ansible_facts['os_family'] == "Alpine" - name: Set repo if Debian - set_fact: + ansible.builtin.set_fact: version: "=1.20.2-1~{{ ansible_facts['distribution_release'] }}" when: ansible_facts['os_family'] == "Debian" - name: Set repo if Red Hat - set_fact: + ansible.builtin.set_fact: version: "-1.20.2-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" when: ansible_facts['os_family'] == "RedHat" tasks: - name: Install NGINX - include_role: + ansible.builtin.include_role: name: ansible-role-nginx vars: nginx_version: "{{ version }}" diff --git a/molecule/downgrade/prepare.yml b/molecule/downgrade/prepare.yml index 07bb870..f73160f 100644 --- a/molecule/downgrade/prepare.yml +++ b/molecule/downgrade/prepare.yml @@ -3,20 +3,20 @@ hosts: all pre_tasks: - name: Set repo if Alpine - set_fact: + ansible.builtin.set_fact: version: "=1.21.5-r1" when: ansible_facts['os_family'] == "Alpine" - name: Set repo if Debian - set_fact: + ansible.builtin.set_fact: version: "=1.21.5-1~{{ ansible_facts['distribution_release'] }}" when: ansible_facts['os_family'] == "Debian" - name: Set repo if Red Hat - set_fact: + ansible.builtin.set_fact: version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" when: ansible_facts['os_family'] == "RedHat" tasks: - name: Install NGINX - include_role: + ansible.builtin.include_role: name: ansible-role-nginx vars: nginx_version: "{{ version }}" diff --git a/molecule/downgrade/verify.yml b/molecule/downgrade/verify.yml index 867c3b3..9db2345 100644 --- a/molecule/downgrade/verify.yml +++ b/molecule/downgrade/verify.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Check if NGINX is installed - package: + ansible.builtin.package: name: nginx state: present check_mode: true @@ -11,7 +11,7 @@ failed_when: (install is changed) or (install is failed) - name: Check if NGINX service is running - service: + ansible.builtin.service: name: nginx state: started enabled: true @@ -20,14 +20,14 @@ failed_when: (service is changed) or (service is failed) - name: Verify NGINX is up and running - uri: + ansible.builtin.uri: url: http://localhost status_code: 200 - # - name: Verify NGINX has been downgraded - # command: nginx -v - # args: - # chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}" - # changed_when: false - # register: version - # failed_when: version is not search('1.21.3') + - name: Verify NGINX has been downgraded + ansible.builtin.command: nginx -v + args: + chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}" + changed_when: false + register: version + failed_when: version is not search('1.20.2') diff --git a/molecule/module/converge.yml b/molecule/module/converge.yml index 0ea6163..5ca4ebf 100644 --- a/molecule/module/converge.yml +++ b/molecule/module/converge.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Install NGINX modules - include_role: + ansible.builtin.include_role: name: ansible-role-nginx vars: nginx_modules: diff --git a/molecule/module/verify.yml b/molecule/module/verify.yml index 68c7890..aa34593 100644 --- a/molecule/module/verify.yml +++ b/molecule/module/verify.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Check if NGINX is installed - package: + ansible.builtin.package: name: nginx state: present check_mode: true @@ -11,7 +11,7 @@ failed_when: (install is changed) or (install is failed) - name: Check if NGINX service is running - service: + ansible.builtin.service: name: nginx state: started enabled: true @@ -20,6 +20,6 @@ failed_when: (service is changed) or (service is failed) - name: Verify NGINX is up and running - uri: + ansible.builtin.uri: url: http://localhost status_code: 200 diff --git a/molecule/plus/converge.yml b/molecule/plus/converge.yml index 4e3fdc9..c270414 100644 --- a/molecule/plus/converge.yml +++ b/molecule/plus/converge.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Install NGINX Plus - include_role: + ansible.builtin.include_role: name: ansible-role-nginx vars: nginx_type: plus diff --git a/molecule/plus/prepare.yml b/molecule/plus/prepare.yml index dc67771..c33c5ca 100644 --- a/molecule/plus/prepare.yml +++ b/molecule/plus/prepare.yml @@ -4,14 +4,14 @@ gather_facts: false tasks: - name: Create ephemeral license certificate file from b64 decoded env var - copy: + ansible.builtin.copy: content: "{{ lookup('env','NGINX_CRT') | b64decode }}" dest: ../../files/license/nginx-repo.crt force: false mode: 0444 - name: Create ephemeral license key file from b64 decoded env var - copy: + ansible.builtin.copy: content: "{{ lookup('env','NGINX_KEY') | b64decode }}" dest: ../../files/license/nginx-repo.key force: false diff --git a/molecule/plus/verify.yml b/molecule/plus/verify.yml index c7c63d1..05d26ca 100644 --- a/molecule/plus/verify.yml +++ b/molecule/plus/verify.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Check if NGINX Plus is installed - package: + ansible.builtin.package: name: nginx-plus state: present check_mode: true @@ -11,7 +11,7 @@ failed_when: (install is changed) or (install is failed) - name: Check if NGINX Plus service is running - service: + ansible.builtin.service: name: nginx state: started enabled: true @@ -20,6 +20,6 @@ failed_when: (service is changed) or (service is failed) - name: Verify NGINX Plus is up and running - uri: + ansible.builtin.uri: url: http://localhost status_code: 200 diff --git a/molecule/source/converge.yml b/molecule/source/converge.yml index a189339..dbf9e89 100644 --- a/molecule/source/converge.yml +++ b/molecule/source/converge.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Install NGINX from source - include_role: + ansible.builtin.include_role: name: ansible-role-nginx vars: nginx_install_from: source diff --git a/molecule/source/verify.yml b/molecule/source/verify.yml index 5ac047e..9b525f7 100644 --- a/molecule/source/verify.yml +++ b/molecule/source/verify.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Check if NGINX service is running - service: + ansible.builtin.service: name: nginx state: started enabled: true @@ -12,6 +12,6 @@ failed_when: (service is changed) or (service is failed) - name: Verify NGINX is up and running - uri: + ansible.builtin.uri: url: http://localhost status_code: 200 diff --git a/molecule/uninstall/converge.yml b/molecule/uninstall/converge.yml index 44e90cb..1436d07 100644 --- a/molecule/uninstall/converge.yml +++ b/molecule/uninstall/converge.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Uninstall NGINX - include_role: + ansible.builtin.include_role: name: ansible-role-nginx vars: nginx_setup: uninstall diff --git a/molecule/uninstall/prepare.yml b/molecule/uninstall/prepare.yml index 5c8d5bd..4c8a6b4 100644 --- a/molecule/uninstall/prepare.yml +++ b/molecule/uninstall/prepare.yml @@ -3,5 +3,5 @@ hosts: all tasks: - name: Install NGINX - include_role: + ansible.builtin.include_role: name: ansible-role-nginx diff --git a/molecule/uninstall/verify.yml b/molecule/uninstall/verify.yml index d5729f0..182b3f9 100644 --- a/molecule/uninstall/verify.yml +++ b/molecule/uninstall/verify.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Check if NGINX is installed - package: + ansible.builtin.package: name: nginx state: absent check_mode: true diff --git a/molecule/uninstall_plus/converge.yml b/molecule/uninstall_plus/converge.yml index bdbea27..3f26f38 100644 --- a/molecule/uninstall_plus/converge.yml +++ b/molecule/uninstall_plus/converge.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Uninstall NGINX - include_role: + ansible.builtin.include_role: name: ansible-role-nginx vars: nginx_type: plus diff --git a/molecule/uninstall_plus/prepare.yml b/molecule/uninstall_plus/prepare.yml index cd3b0b5..970d7d4 100644 --- a/molecule/uninstall_plus/prepare.yml +++ b/molecule/uninstall_plus/prepare.yml @@ -4,14 +4,14 @@ gather_facts: false tasks: - name: Create ephemeral license certificate file from b64 decoded env var - copy: + ansible.builtin.copy: content: "{{ lookup('env','NGINX_CRT') | b64decode }}" dest: ../../files/license/nginx-repo.crt force: false mode: 0444 - name: Create ephemeral license key file from b64 decoded env var - copy: + ansible.builtin.copy: content: "{{ lookup('env','NGINX_KEY') | b64decode }}" dest: ../../files/license/nginx-repo.key force: false @@ -21,7 +21,7 @@ hosts: all tasks: - name: Install NGINX - include_role: + ansible.builtin.include_role: name: ansible-role-nginx vars: nginx_type: plus diff --git a/molecule/uninstall_plus/verify.yml b/molecule/uninstall_plus/verify.yml index 203bf03..7aea4b6 100644 --- a/molecule/uninstall_plus/verify.yml +++ b/molecule/uninstall_plus/verify.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Check if NGINX is installed - package: + ansible.builtin.package: name: nginx-plus state: absent check_mode: true diff --git a/molecule/upgrade/converge.yml b/molecule/upgrade/converge.yml index 96c97f4..e26a427 100644 --- a/molecule/upgrade/converge.yml +++ b/molecule/upgrade/converge.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Install NGINX - include_role: + ansible.builtin.include_role: name: ansible-role-nginx vars: nginx_setup: upgrade diff --git a/molecule/upgrade/prepare.yml b/molecule/upgrade/prepare.yml index 07bb870..f73160f 100644 --- a/molecule/upgrade/prepare.yml +++ b/molecule/upgrade/prepare.yml @@ -3,20 +3,20 @@ hosts: all pre_tasks: - name: Set repo if Alpine - set_fact: + ansible.builtin.set_fact: version: "=1.21.5-r1" when: ansible_facts['os_family'] == "Alpine" - name: Set repo if Debian - set_fact: + ansible.builtin.set_fact: version: "=1.21.5-1~{{ ansible_facts['distribution_release'] }}" when: ansible_facts['os_family'] == "Debian" - name: Set repo if Red Hat - set_fact: + ansible.builtin.set_fact: version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" when: ansible_facts['os_family'] == "RedHat" tasks: - name: Install NGINX - include_role: + ansible.builtin.include_role: name: ansible-role-nginx vars: nginx_version: "{{ version }}" diff --git a/molecule/upgrade/verify.yml b/molecule/upgrade/verify.yml index b327871..dae20c1 100644 --- a/molecule/upgrade/verify.yml +++ b/molecule/upgrade/verify.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Check if NGINX is installed - package: + ansible.builtin.package: name: nginx state: present check_mode: true @@ -11,7 +11,7 @@ failed_when: (install is changed) or (install is failed) - name: Check if NGINX service is running - service: + ansible.builtin.service: name: nginx state: started enabled: true @@ -20,23 +20,23 @@ failed_when: (service is changed) or (service is failed) - name: Verify NGINX is up and running - uri: + ansible.builtin.uri: url: http://localhost status_code: 200 - name: Fetch NGINX version - uri: + ansible.builtin.uri: url: https://version.nginx.com/nginx/mainline return_content: true check_mode: false register: nginx_versions - name: Set NGINX version - set_fact: + ansible.builtin.set_fact: nginx_version: "{{ nginx_versions.content | regex_search('([0-9]+\\.){2}[0-9]+') }}" - name: Verify NGINX has been upgraded - command: nginx -v + ansible.builtin.command: nginx -v args: chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}" changed_when: false diff --git a/tasks/amplify/install-amplify.yml b/tasks/amplify/install-amplify.yml index 32bdbfd..aa9f7c6 100644 --- a/tasks/amplify/install-amplify.yml +++ b/tasks/amplify/install-amplify.yml @@ -1,22 +1,22 @@ --- - name: Configure NGINX Amplify agent repository - include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_facts['os_family'] | lower }}.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_facts['os_family'] | lower }}.yml" when: ansible_facts['os_family'] in ['Debian', 'RedHat'] - name: Install NGINX Amplify agent - package: + ansible.builtin.package: name: nginx-amplify-agent state: present - name: Copy NGINX Amplify configurator agent configuration template - copy: + ansible.builtin.copy: remote_src: true src: /etc/amplify-agent/agent.conf.default dest: /etc/amplify-agent/agent.conf mode: 0644 - name: Configure NGINX Amplify agent API key - lineinfile: + ansible.builtin.lineinfile: dest: /etc/amplify-agent/agent.conf regexp: api_key =.* line: "api_key = {{ nginx_amplify_api_key }}" diff --git a/tasks/amplify/setup-debian.yml b/tasks/amplify/setup-debian.yml index cbc369b..3e23b86 100644 --- a/tasks/amplify/setup-debian.yml +++ b/tasks/amplify/setup-debian.yml @@ -1,6 +1,6 @@ --- - name: (Debian/Ubuntu) Add NGINX Amplify agent repository - apt_repository: + ansible.builtin.apt_repository: filename: nginx-amplify repo: "deb [arch=amd64 signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.amplify.nginx.com/py3/{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] | lower }} amplify-agent" diff --git a/tasks/amplify/setup-redhat.yml b/tasks/amplify/setup-redhat.yml index b4dfb9c..10e759d 100644 --- a/tasks/amplify/setup-redhat.yml +++ b/tasks/amplify/setup-redhat.yml @@ -1,6 +1,6 @@ --- - name: (Amazon Linux/CentOS/RHEL) Add NGINX Amplify agent repository - yum_repository: + ansible.builtin.yum_repository: name: nginx-amplify baseurl: https://packages.amplify.nginx.com/{{ (ansible_facts['distribution_major_version'] == "7") | ternary('', 'py3/') }}{{ (ansible_facts['distribution'] == "Amazon") | ternary('amzn', 'centos') }}/$releasever/$basearch/ description: NGINX Amplify Agent diff --git a/tasks/config/debug-output.yml b/tasks/config/debug-output.yml index e1bf04a..89a64a6 100644 --- a/tasks/config/debug-output.yml +++ b/tasks/config/debug-output.yml @@ -1,12 +1,12 @@ --- - name: Register NGINX config - command: nginx -T + ansible.builtin.command: nginx -T ignore_errors: "{{ ansible_check_mode }}" check_mode: false changed_when: false register: config_full - name: Print NGINX config - debug: + ansible.builtin.debug: var: config_full.stdout_lines when: config_full.stdout_lines is defined diff --git a/tasks/config/modify-systemd.yml b/tasks/config/modify-systemd.yml index cad1b25..17458f3 100644 --- a/tasks/config/modify-systemd.yml +++ b/tasks/config/modify-systemd.yml @@ -1,12 +1,12 @@ --- - name: Create override directory for NGINX systemd service - file: + ansible.builtin.file: path: "{{ nginx_service_overridepath }}" state: directory mode: 0755 - name: Create override for NGINX systemd service - template: + ansible.builtin.template: src: "{{ role_path }}/templates/services/nginx.service.override.conf.j2" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" owner: root @@ -18,7 +18,7 @@ notify: (Handler) Systemd daemon-reload - name: Customize override for NGINX systemd service - copy: + ansible.builtin.copy: src: "{{ nginx_service_custom_file }}" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" owner: root @@ -30,7 +30,7 @@ notify: (Handler) Systemd daemon-reload - name: Remove override for NGINX systemd service - file: + ansible.builtin.file: path: "{{ nginx_service_overridepath }}" state: absent when: nginx_service_clean | bool diff --git a/tasks/config/setup-logrotate.yml b/tasks/config/setup-logrotate.yml index a01c629..4757311 100644 --- a/tasks/config/setup-logrotate.yml +++ b/tasks/config/setup-logrotate.yml @@ -5,13 +5,13 @@ when: ansible_facts['os_family'] == "Alpine" - name: (Debian/Ubuntu) Install logrotate - apt: + ansible.builtin.apt: name: logrotate state: present when: ansible_facts['os_family'] == "Debian" - name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Install logrotate - yum: + ansible.builtin.yum: name: logrotate state: present when: ansible_facts['os_family'] == "RedHat" @@ -29,7 +29,7 @@ when: ansible_facts['os_family'] == "Suse" - name: Create logrotate config - template: + ansible.builtin.template: src: logrotate/nginx.j2 dest: /etc/logrotate.d/nginx mode: 0644 diff --git a/tasks/keys/setup-keys.yml b/tasks/keys/setup-keys.yml index 5cf60fc..3cd63e6 100644 --- a/tasks/keys/setup-keys.yml +++ b/tasks/keys/setup-keys.yml @@ -2,30 +2,30 @@ - name: (Alpine Linux) Set up signing key block: - name: (Alpine Linux) Set up NGINX signing key URL - set_fact: + ansible.builtin.set_fact: keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_rsa_pub) }}" - name: (Alpine Linux) Download NGINX signing key - get_url: + ansible.builtin.get_url: url: "{{ keysite }}" dest: /etc/apk/keys/nginx_signing.rsa.pub mode: 0400 when: ansible_facts['os_family'] == "Alpine" - name: (Debian/Red Hat/SLES OSs) Set up NGINX signing key URL - set_fact: + ansible.builtin.set_fact: keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_pgp) }}" when: ansible_facts['os_family'] != "Alpine" - name: (Debian/Ubuntu) Add NGINX signing key - apt_key: + ansible.builtin.apt_key: id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 keyring: /usr/share/keyrings/nginx-archive-keyring.gpg url: "{{ keysite }}" when: ansible_facts['os_family'] == "Debian" - name: (Amazon Linux/CentOS/Oracle Linux/RHEL/SLES) Add NGINX signing key - rpm_key: + ansible.builtin.rpm_key: fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 key: "{{ keysite }}" when: ansible_facts['os_family'] in ['RedHat', 'Suse'] diff --git a/tasks/main.yml b/tasks/main.yml index a99ea63..7935f9e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Check whether you are using a supported NGINX distribution - assert: + ansible.builtin.assert: that: (nginx_type == "opensource" and ansible_facts['distribution'] in nginx_distributions) or (nginx_type == "plus" and ansible_facts['distribution'] in nginx_plus_distributions) success_msg: "Your OS, {{ ansible_facts['distribution'] }} is supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}" @@ -12,7 +12,7 @@ tags: nginx_check_support - name: Check that NGINX setup is an allowed value - assert: + ansible.builtin.assert: that: nginx_setup in nginx_setup_vars fail_msg: The value {{ nginx_setup }} you used for `nginx_setup` is not allowed. Try one of {{ nginx_setup_vars | join(', ') }}. when: nginx_enable | bool @@ -20,12 +20,12 @@ tags: nginx_check_support - name: Set up prerequisites - include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml" when: nginx_state != "absent" tags: nginx_prerequisites - name: Set up signing keys - include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml" when: (nginx_enable | bool and nginx_install_from == "nginx_repository") or nginx_amplify_enable | bool tags: nginx_key @@ -33,38 +33,38 @@ - name: "{{ nginx_setup | capitalize }} NGINX" block: - name: "{{ nginx_setup | capitalize }} NGINX Open Source" - include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml" when: nginx_type == "opensource" tags: nginx_install_oss - name: Set up NGINX Plus license - include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml" when: - nginx_type == "plus" - nginx_setup_license | bool tags: nginx_setup_license - name: "{{ nginx_setup | capitalize }} NGINX Plus" - include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml" when: nginx_type == "plus" tags: nginx_install_plus - name: "{{ nginx_setup | capitalize }} NGINX dynamic modules" - include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml" when: - nginx_modules is defined - nginx_modules | length > 0 tags: nginx_install_modules - name: Remove NGINX Plus license - include_tasks: "{{ role_path }}/tasks/plus/remove-license.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/plus/remove-license.yml" when: - nginx_type == "plus" - nginx_remove_license | bool tags: nginx_remove_license - name: Modify systemd parameters - include_tasks: "{{ role_path }}/tasks/config/modify-systemd.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/config/modify-systemd.yml" when: - ansible_facts['service_mgr'] == "systemd" - nginx_service_modify | bool @@ -73,24 +73,24 @@ tags: nginx_enable - name: Trigger handlers if necessary - meta: flush_handlers + ansible.builtin.meta: flush_handlers - name: Debug NGINX output - include_tasks: "{{ role_path }}/tasks/config/debug-output.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/config/debug-output.yml" when: - nginx_debug_output | bool - nginx_state != "absent" tags: nginx_debug_output - name: Configure logrotate for NGINX - include_tasks: "{{ role_path }}/tasks/config/setup-logrotate.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/config/setup-logrotate.yml" when: - nginx_logrotate_conf_enable | bool - nginx_state != "absent" tags: nginx_logrotate_config - name: Install NGINX Amplify - include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml" when: - nginx_amplify_enable | bool - nginx_amplify_api_key is defined diff --git a/tasks/modules/install-modules.yml b/tasks/modules/install-modules.yml index a798eba..fe893f3 100644 --- a/tasks/modules/install-modules.yml +++ b/tasks/modules/install-modules.yml @@ -1,6 +1,6 @@ --- - name: (CentOS) Install GeoIP EPEL dependencies - yum: + ansible.builtin.yum: name: epel-release when: - ansible_facts['distribution'] == "CentOS" @@ -10,12 +10,12 @@ - name: (RHEL) Install GeoIP2 and/or OpenTracing EPEL dependencies block: - name: (RHEL) Import EPEL GPG key - rpm_key: + ansible.builtin.rpm_key: state: present key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_facts['distribution_major_version'] }} - name: (RHEL) Install package dependencies - yum: + ansible.builtin.yum: name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_facts['distribution_major_version'] }}.noarch.rpm when: - ansible_facts['distribution'] == "RedHat" @@ -24,7 +24,7 @@ - nginx_install_epel_release | bool - name: Setup NGINX modules - package: + ansible.builtin.package: name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item.name | default(item) }}\ {{ item.version | default(nginx_version) | default('') }}{{ (nginx_repository is not defined and ansible_facts['os_family'] == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}" state: "{{ item.state | default('present') }}" diff --git a/tasks/opensource/install-alpine.yml b/tasks/opensource/install-alpine.yml index e0fd382..ac88c9f 100644 --- a/tasks/opensource/install-alpine.yml +++ b/tasks/opensource/install-alpine.yml @@ -1,6 +1,6 @@ --- - name: (Alpine Linux) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository - lineinfile: + ansible.builtin.lineinfile: path: /etc/apk/repositories insertafter: EOF line: "{{ nginx_repository | default(nginx_default_repository_alpine) }}" diff --git a/tasks/opensource/install-bsd.yml b/tasks/opensource/install-bsd.yml index 153f699..9b9a4d4 100644 --- a/tasks/opensource/install-bsd.yml +++ b/tasks/opensource/install-bsd.yml @@ -2,12 +2,12 @@ - name: (FreeBSD) Update ports block: - name: (FreeBSD) Fetch ports - command: portsnap fetch --interactive + ansible.builtin.command: portsnap fetch --interactive args: creates: /var/db/portsnap/INDEX - name: (FreeBSD) Extract ports - command: portsnap extract + ansible.builtin.command: portsnap extract args: creates: /usr/ports when: @@ -54,12 +54,12 @@ - name: (NetBSD) {{ nginx_setup | capitalize }} NGINX block: - name: (NetBSD) {{ nginx_setup | capitalize }} NGINX package - command: "pkg_add www/nginx{{ nginx_version | default('') }}" + ansible.builtin.command: "pkg_add www/nginx{{ nginx_version | default('') }}" when: nginx_bsd_install_packages | bool notify: (Handler) Run NGINX - name: (NetBSD) {{ nginx_setup | capitalize }} NGINX port - fail: + ansible.builtin.fail: msg: "{{ ansible_facts['system'] }} {{ nginx_setup | capitalize }} NGINX port not implemented." when: not nginx_bsd_install_packages | bool when: ansible_facts['system'] == "NetBSD" @@ -67,12 +67,12 @@ - name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX block: - name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX package - command: "pkg install www/nginx{{ nginx_version | default('') }}" + ansible.builtin.command: "pkg install www/nginx{{ nginx_version | default('') }}" when: nginx_bsd_install_packages | bool notify: (Handler) Run NGINX - name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX port - fail: + ansible.builtin.fail: msg: "{{ ansible_facts['system'] }} {{ nginx_setup | capitalize }} NGINX port not implemented." when: not nginx_bsd_install_packages | bool when: ansible_facts['system'] in ['DragonFlyBSD', 'HardenedBSD'] diff --git a/tasks/opensource/install-debian.yml b/tasks/opensource/install-debian.yml index 9a2e67f..6346ad9 100644 --- a/tasks/opensource/install-debian.yml +++ b/tasks/opensource/install-debian.yml @@ -1,6 +1,6 @@ --- - name: (Debian/Ubuntu) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository - apt_repository: + ansible.builtin.apt_repository: filename: nginx repo: "{{ item }}" update_cache: true @@ -10,7 +10,7 @@ when: nginx_manage_repo | bool - name: (Debian/Ubuntu) {{ (nginx_setup == 'uninstall') | ternary('Unpin', 'Pin') }} NGINX repository - blockinfile: + ansible.builtin.blockinfile: path: /etc/apt/preferences.d/99nginx create: true block: | @@ -23,7 +23,7 @@ when: nginx_repository is not defined - name: (Debian/Ubuntu) {{ nginx_setup | capitalize }} NGINX - apt: + ansible.builtin.apt: name: "nginx{{ nginx_version | default('') }}" state: "{{ nginx_state }}" update_cache: true diff --git a/tasks/opensource/install-oss.yml b/tasks/opensource/install-oss.yml index 6605561..ac659fd 100644 --- a/tasks/opensource/install-oss.yml +++ b/tasks/opensource/install-oss.yml @@ -2,15 +2,15 @@ - name: "{{ nginx_setup | capitalize }} NGINX in Linux systems" block: - name: "{{ nginx_setup | capitalize }} NGINX from repository" - include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml" when: nginx_install_from == "nginx_repository" - name: "{{ nginx_setup | capitalize }} NGINX from source" - include_tasks: "{{ role_path }}/tasks/opensource/install-source.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-source.yml" when: nginx_install_from == "source" - name: "{{ nginx_setup | capitalize }} NGINX from package" - package: + ansible.builtin.package: name: "nginx{{ nginx_version | default('') }}" state: "{{ nginx_state }}" when: nginx_install_from == "os_repository" @@ -18,5 +18,5 @@ when: ansible_facts['system'] | lower is not search('bsd') - name: "{{ nginx_setup | capitalize }} NGINX in Unix systems" - include_tasks: "{{ role_path }}/tasks/opensource/install-bsd.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-bsd.yml" when: ansible_facts['system'] | lower is search('bsd') diff --git a/tasks/opensource/install-redhat.yml b/tasks/opensource/install-redhat.yml index 2c62ba4..a0d6f9b 100644 --- a/tasks/opensource/install-redhat.yml +++ b/tasks/opensource/install-redhat.yml @@ -1,6 +1,6 @@ --- - name: (Amazon Linux/CentOS/RHEL) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository - yum_repository: + ansible.builtin.yum_repository: name: nginx baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) }}" @@ -13,7 +13,7 @@ when: nginx_manage_repo | bool - name: (Amazon Linux/CentOS/RHEL) {{ nginx_setup | capitalize }} NGINX - yum: + ansible.builtin.yum: name: "nginx{{ nginx_version | default('') }}" state: "{{ nginx_state }}" update_cache: true diff --git a/tasks/opensource/install-source.yml b/tasks/opensource/install-source.yml index 491c351..3c9aeb8 100644 --- a/tasks/opensource/install-source.yml +++ b/tasks/opensource/install-source.yml @@ -4,7 +4,7 @@ - name: (RHEL 8) Setup Python 3 block: - name: (RHEL 8) Install Python 3 - yum: + ansible.builtin.yum: name: - python3 - python3-pip @@ -21,7 +21,7 @@ - ansible_facts['distribution_major_version'] is version('8', '==') - name: (CentOS/RHEL) Install build tools - yum: + ansible.builtin.yum: name: - ca-certificates - gcc @@ -39,7 +39,7 @@ when: ansible_facts['os_family'] == "RedHat" - name: (Debian) Install backports repo for 'buster' - apt_repository: + ansible.builtin.apt_repository: filename: buster-backports repo: deb http://ftp.us.debian.org/debian buster-backports main update_cache: true @@ -47,7 +47,7 @@ when: ansible_facts['distribution_release'] == "buster" - name: (Debian/Ubuntu) Install build tools - apt: + ansible.builtin.apt: name: - build-essential - checkinstall @@ -75,7 +75,7 @@ when: ansible_facts['os_family'] == "Alpine" - name: (Alpine Linux) Enable OpenRC - copy: + ansible.builtin.copy: content: "" dest: /run/openrc/softlevel force: false @@ -87,22 +87,22 @@ - name: Check for source installs block: - name: Check for PCRE install - stat: + ansible.builtin.stat: path: /tmp/{{ pcre_version }} register: pcre_result - name: Check for ZLib install - stat: + ansible.builtin.stat: path: /tmp/{{ zlib_version }} register: zlib_result - name: Check for OpenSSL install - stat: + ansible.builtin.stat: path: /tmp/{{ openssl_version }} register: openssl_result - name: (CentOS/RHEL) Install PCRE dependency from package - yum: + ansible.builtin.yum: name: pcre-devel update_cache: true when: @@ -110,7 +110,7 @@ - ansible_facts['os_family'] == "RedHat" - name: (Debian/Ubuntu) Install PCRE dependency from package - apt: + ansible.builtin.apt: name: libpcre3-dev update_cache: true when: @@ -128,21 +128,21 @@ - name: Install PCRE dependence from source block: - name: Download PCRE dependency - get_url: + ansible.builtin.get_url: url: "https://ftp.exim.org/pub/pcre/{{ pcre_version }}.tar.gz" dest: "/tmp/{{ pcre_version }}.tar.gz" mode: 0600 register: pcre_source - name: Unpack PCRE dependency - unarchive: + ansible.builtin.unarchive: copy: false dest: /tmp/ src: "{{ pcre_source.dest }}" mode: 0700 - name: Configure PCRE dependency - command: ./configure + ansible.builtin.command: ./configure args: chdir: "/tmp/{{ pcre_version }}" creates: "/tmp/makefile" @@ -161,7 +161,7 @@ - not ansible_check_mode | bool - name: (CentOS/RHEL) Install ZLib dependency from package - yum: + ansible.builtin.yum: name: zlib-devel update_cache: true when: @@ -169,7 +169,7 @@ - ansible_facts['os_family'] == "RedHat" - name: (Debian/Ubuntu) Install ZLib dependency from package - apt: + ansible.builtin.apt: name: zlib1g-dev update_cache: true when: @@ -187,21 +187,21 @@ - name: Install ZLib dependency from source block: - name: Download ZLib dependency - get_url: + ansible.builtin.get_url: url: "https://zlib.net/{{ zlib_version }}.tar.gz" dest: "/tmp/{{ zlib_version }}.tar.gz" mode: 0600 register: zlib_source - name: Unpack ZLib dependency - unarchive: + ansible.builtin.unarchive: copy: false dest: /tmp/ src: "{{ zlib_source.dest }}" mode: 0700 - name: Configure ZLib dependency - command: ./configure + ansible.builtin.command: ./configure args: chdir: "/tmp/{{ zlib_version }}" creates: "/tmp/makefile" @@ -220,7 +220,7 @@ - not ansible_check_mode | bool - name: (CentOS/RHEL) Install OpenSSL dependency from package - yum: + ansible.builtin.yum: name: openssl-devel update_cache: true when: @@ -228,7 +228,7 @@ - ansible_facts['os_family'] == "RedHat" - name: (Debian/Ubuntu) Install OpenSSL dependency from package - apt: + ansible.builtin.apt: name: libssl-dev update_cache: true when: @@ -246,21 +246,21 @@ - name: Install OpenSSL dependency from source block: - name: Download OpenSSL dependency - get_url: + ansible.builtin.get_url: url: "https://www.openssl.org/source/{{ openssl_version }}.tar.gz" dest: "/tmp/{{ openssl_version }}.tar.gz" mode: 0600 register: openssl_source - name: Unpack OpenSSL dependency - unarchive: + ansible.builtin.unarchive: copy: false dest: /tmp/ src: "{{ openssl_source.dest }}" mode: 0700 - name: Configure OpenSSL dependency - command: ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib + ansible.builtin.command: ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib args: chdir: "/tmp/{{ openssl_version }}" creates: "/tmp/makefile" @@ -281,49 +281,49 @@ - name: Get NGINX version block: - name: Fetch NGINX version - uri: + ansible.builtin.uri: url: https://version.nginx.com/nginx/{{ nginx_branch }} return_content: true check_mode: false register: nginx_versions - name: Set NGINX version - set_fact: + ansible.builtin.set_fact: nginx_version: "{{ 'nginx-' + (nginx_versions.content | regex_search('([0-9]+\\.){2}[0-9]+')) }}" - name: Check for NGINX install - stat: + ansible.builtin.stat: path: /usr/sbin/nginx follow: true register: nginx_result - name: Add NGINX user - user: + ansible.builtin.user: name: nginx - name: Install NGINX block: - name: Download NGINX - get_url: + ansible.builtin.get_url: url: "https://nginx.org/download/{{ nginx_version }}.tar.gz" dest: "/tmp/{{ nginx_version }}.tar.gz" mode: 0600 register: nginx_source - name: Unpack NGINX - unarchive: + ansible.builtin.unarchive: copy: false dest: /tmp/ src: "{{ nginx_source.dest }}" mode: 0755 - name: Set static modules - set_fact: + ansible.builtin.set_fact: nginx_install_source_static_modules: "{{ nginx_install_source_static_modules | default('') + ' --with-' + item }}" loop: "{{ nginx_static_modules }}" - name: Configure NGINX - command: >- + ansible.builtin.command: >- ./configure --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log @@ -353,7 +353,7 @@ target: install - name: Upload systemd NGINX service file - copy: + ansible.builtin.copy: src: services/nginx.systemd dest: /lib/systemd/system/nginx.service owner: root @@ -362,7 +362,7 @@ when: ansible_facts['service_mgr'] == "systemd" - name: Enable systemd NGINX service file - systemd: + ansible.builtin.systemd: daemon_reload: true name: nginx state: restarted @@ -371,7 +371,7 @@ notify: "(Handler) Run NGINX" - name: Upload upstart NGINX service file - copy: + ansible.builtin.copy: src: services/nginx.upstart dest: /etc/init.d/nginx owner: root @@ -380,7 +380,7 @@ when: ansible_facts['service_mgr'] == "upstart" - name: Upload Upstart NGINX service conf file - copy: + ansible.builtin.copy: src: services/nginx.conf.upstart dest: /etc/init/nginx.conf owner: root @@ -389,16 +389,16 @@ when: ansible_facts['service_mgr'] == "upstart" - name: Enable Upstart NGINX service reload - command: initctl reload-configuration + ansible.builtin.command: initctl reload-configuration when: ansible_facts['service_mgr'] == "upstart" - name: Start Upstart NGINX service reload - command: nginx + ansible.builtin.command: nginx when: ansible_facts['service_mgr'] == "upstart" notify: "(Handler) Run NGINX" - name: Upload SysVinit NGINX service file - copy: + ansible.builtin.copy: src: services/nginx.sysvinit dest: /etc/init.d/nginx owner: root @@ -408,7 +408,7 @@ notify: "(Handler) Run NGINX" - name: Upload OpenRC NGINX service file - copy: + ansible.builtin.copy: src: services/nginx.openrc dest: /etc/init.d/nginx owner: root @@ -417,7 +417,7 @@ when: ansible_facts['service_mgr'] == "openrc" - name: Enable OpenRC NGINX service - command: rc-update add nginx default + ansible.builtin.command: rc-update add nginx default when: ansible_facts['service_mgr'] == "openrc" notify: (Handler) Run NGINX when: @@ -425,7 +425,7 @@ - not ansible_check_mode | bool - name: Cleanup downloads - file: + ansible.builtin.file: path: "{{ item }}" state: absent loop: diff --git a/tasks/plus/install-alpine.yml b/tasks/plus/install-alpine.yml index bb5d7bb..0e46d37 100644 --- a/tasks/plus/install-alpine.yml +++ b/tasks/plus/install-alpine.yml @@ -1,6 +1,6 @@ --- - name: (Alpine Linux) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository - lineinfile: + ansible.builtin.lineinfile: path: /etc/apk/repositories insertafter: EOF line: "{{ nginx_repository | default(nginx_plus_default_repository_alpine) }}" diff --git a/tasks/plus/install-debian.yml b/tasks/plus/install-debian.yml index 5f7ff31..2490d5d 100644 --- a/tasks/plus/install-debian.yml +++ b/tasks/plus/install-debian.yml @@ -1,6 +1,6 @@ --- - name: (Debian/Ubuntu) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus license verification - blockinfile: + ansible.builtin.blockinfile: path: /etc/apt/apt.conf.d/90nginx create: true block: | @@ -12,7 +12,7 @@ mode: 0444 - name: (Debian/Ubuntu) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository - apt_repository: + ansible.builtin.apt_repository: filename: nginx-plus repo: "{{ nginx_repository | default(nginx_plus_default_repository_debian) }}" update_cache: false @@ -21,7 +21,7 @@ when: nginx_manage_repo | bool - name: (Debian/Ubuntu) {{ nginx_setup | capitalize }} NGINX Plus - apt: + ansible.builtin.apt: name: "nginx-plus{{ nginx_version | default('') }}" state: "{{ nginx_state }}" update_cache: true diff --git a/tasks/plus/install-freebsd.yml b/tasks/plus/install-freebsd.yml index 373ca52..d5a0913 100644 --- a/tasks/plus/install-freebsd.yml +++ b/tasks/plus/install-freebsd.yml @@ -1,6 +1,6 @@ --- - name: (FreeBSD) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus license verification - blockinfile: + ansible.builtin.blockinfile: path: /usr/local/etc/pkg.conf block: | PKG_ENV: { SSL_NO_VERIFY_PEER: "1", @@ -9,7 +9,7 @@ state: "{{ nginx_license_status | default ('present') }}" - name: (FreeBSD) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository - blockinfile: + ansible.builtin.blockinfile: path: /etc/pkg/nginx-plus.conf create: true block: | diff --git a/tasks/plus/install-redhat.yml b/tasks/plus/install-redhat.yml index 8ee7f45..c519eb7 100644 --- a/tasks/plus/install-redhat.yml +++ b/tasks/plus/install-redhat.yml @@ -1,6 +1,6 @@ --- - name: (Amazon Linux/CentOS/Oracle Linux/RHEL) {{ (nginx_license_status is defined or nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX Plus repository - yum_repository: + ansible.builtin.yum_repository: name: nginx-plus baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_plus_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) }}" @@ -14,7 +14,7 @@ when: nginx_manage_repo | bool - name: (Amazon Linux/CentOS/Oracle Linux/RHEL) {{ nginx_setup | capitalize }} NGINX Plus - yum: + ansible.builtin.yum: name: "nginx-plus{{ nginx_version | default('') }}" state: "{{ nginx_state }}" update_cache: true diff --git a/tasks/plus/remove-license.yml b/tasks/plus/remove-license.yml index 27b96d8..30ebbad 100644 --- a/tasks/plus/remove-license.yml +++ b/tasks/plus/remove-license.yml @@ -1,16 +1,16 @@ --- - name: Set NGINX Plus license state to absent - set_fact: + ansible.builtin.set_fact: nginx_license_status: absent - name: (Debian/Red Hat/SLES OSs) Delete NGINX Plus license - file: + ansible.builtin.file: path: /etc/ssl/nginx state: absent when: ansible_facts['distribution'] != "Alpine" - name: (Alpine Linux) Delete NGINX Plus license - file: + ansible.builtin.file: path: "{{ item }}" state: absent loop: @@ -19,4 +19,4 @@ when: ansible_facts['distribution'] == "Alpine" - name: Remove NGINX Plus repository data - include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml" diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml index 7fa6ed2..eba7083 100644 --- a/tasks/plus/setup-license.yml +++ b/tasks/plus/setup-license.yml @@ -2,13 +2,13 @@ - name: (Debian/Red Hat/SLES OSs) Set up NGINX Plus license block: - name: (Debian/Red Hat/SLES OSs) Create SSL directory - file: + ansible.builtin.file: path: /etc/ssl/nginx state: directory mode: 0755 - name: (Debian/Red Hat/SLES OSs) Copy NGINX Plus certificate and license key - copy: + ansible.builtin.copy: src: "{{ item }}" dest: /etc/ssl/nginx decrypt: true @@ -21,20 +21,20 @@ - name: (Alpine Linux) Set up NGINX Plus license block: - name: (Alpine Linux) Create APK directory - file: + ansible.builtin.file: path: /etc/apk state: directory mode: 0755 - name: (Alpine Linux) Copy NGINX Plus key - copy: + ansible.builtin.copy: src: "{{ nginx_license['key'] }}" dest: /etc/apk/cert.key decrypt: true mode: 0444 - name: (Alpine Linux) Copy NGINX Plus certificate - copy: + ansible.builtin.copy: src: "{{ nginx_license['certificate'] }}" dest: /etc/apk/cert.pem decrypt: true @@ -42,7 +42,7 @@ when: ansible_facts['os_family'] == "Alpine" - name: (SLES) Combine NGINX Plus certificate and license key - assemble: + ansible.builtin.assemble: src: /etc/ssl/nginx dest: /etc/ssl/nginx/nginx-repo-bundle.crt mode: 0444 diff --git a/tasks/prerequisites/install-dependencies.yml b/tasks/prerequisites/install-dependencies.yml index 3f0837d..d154ec0 100644 --- a/tasks/prerequisites/install-dependencies.yml +++ b/tasks/prerequisites/install-dependencies.yml @@ -7,14 +7,14 @@ when: ansible_facts['os_family'] == "Alpine" - name: (Debian/Ubuntu) Install dependencies - apt: + ansible.builtin.apt: name: "{{ nginx_debian_dependencies }}" update_cache: true state: latest # noqa package-latest when: ansible_facts['os_family'] == "Debian" - name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies - yum: + ansible.builtin.yum: name: "{{ nginx_redhat_dependencies }}" update_cache: true state: latest # noqa package-latest diff --git a/tasks/prerequisites/prerequisites.yml b/tasks/prerequisites/prerequisites.yml index 03c8a9a..85cf887 100644 --- a/tasks/prerequisites/prerequisites.yml +++ b/tasks/prerequisites/prerequisites.yml @@ -1,16 +1,16 @@ --- - name: Install dependencies - include_tasks: "{{ role_path }}/tasks/prerequisites/install-dependencies.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/prerequisites/install-dependencies.yml" - name: Set up SELinux block: - name: Check if SELinux is enabled - debug: + ansible.builtin.debug: msg: You need to enable SELinux, if it was disabled you need to reboot when: ansible_facts['selinux'] is undefined - name: Configure SELinux - include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml" + ansible.builtin.include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml" when: ansible_facts['selinux']['mode'] is defined when: - nginx_selinux | bool diff --git a/tasks/prerequisites/setup-selinux.yml b/tasks/prerequisites/setup-selinux.yml index dbc40cd..e79f25d 100644 --- a/tasks/prerequisites/setup-selinux.yml +++ b/tasks/prerequisites/setup-selinux.yml @@ -1,15 +1,15 @@ --- - name: (CentOS/RHEL) Install dependencies block: - - name: (CentOS/RHEL 6/7) Install dependencies - yum: + - name: (CentOS/RHEL 7) Install dependencies + ansible.builtin.yum: name: - policycoreutils-python - setools when: ansible_facts['distribution_major_version'] is version('8', '!=') - name: (RHEL 8) Install dependencies - yum: + ansible.builtin.yum: name: - libselinux-utils - policycoreutils @@ -51,26 +51,26 @@ when: nginx_selinux_udp_ports is defined - name: Create SELinux NGINX Plus module - template: + ansible.builtin.template: src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2" dest: "{{ nginx_selinux_tempdir }}/nginx-plus-module.te" mode: 0644 register: nginx_selinux_module - name: Check SELinux NGINX Plus module - command: "checkmodule -M -m -o {{ nginx_selinux_tempdir }}/nginx-plus-module.mod {{ nginx_selinux_tempdir }}/nginx-plus-module.te" + ansible.builtin.command: "checkmodule -M -m -o {{ nginx_selinux_tempdir }}/nginx-plus-module.mod {{ nginx_selinux_tempdir }}/nginx-plus-module.te" args: creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.mod" changed_when: false - name: Compile SELinux NGINX Plus module - command: "semodule_package -o {{ nginx_selinux_tempdir }}/nginx-plus-module.pp -m {{ nginx_selinux_tempdir }}/nginx-plus-module.mod" + ansible.builtin.command: "semodule_package -o {{ nginx_selinux_tempdir }}/nginx-plus-module.pp -m {{ nginx_selinux_tempdir }}/nginx-plus-module.mod" args: creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.pp" changed_when: false - name: Import SELinux NGINX Plus module - command: "semodule -i {{ nginx_selinux_tempdir }}/nginx-plus-module.pp" # noqa no-handler + ansible.builtin.command: "semodule -i {{ nginx_selinux_tempdir }}/nginx-plus-module.pp" # noqa no-handler changed_when: false when: nginx_selinux_module.changed | bool