sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Bump ansible-lint from 5.4.0 to 6.0.1 in /.github/workflows/requirements (#499)

Browse Source
This commit is contained in:
dependabot[bot] 2022-03-22 18:27:11 +01:00 committed by GitHub
parent e6f5dda35e
commit ff7ade6f4c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
47 changed files with 190 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/requirements/requirements_molecule.txt vendored
View File

@ -1,6 +1,6 @@
ansible-core==2.12.3 ansible-core==2.12.3
jinja2==3.0.3 jinja2==3.0.3
ansible-lint==5.4.0 ansible-lint==6.0.1
yamllint==1.26.3 yamllint==1.26.3
molecule[docker]==3.6.1 molecule[docker]==3.6.1
docker==5.0.3 docker==5.0.3

12
handlers/main.yml
View File

@ -1,10 +1,10 @@
--- ---
- name: (Handler) Systemd daemon-reload - name: (Handler) Systemd daemon-reload
systemd: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true
- name: (Handler) Start/reload NGINX - name: (Handler) Start/reload NGINX
service: ansible.builtin.service:
name: nginx name: nginx
state: reloaded state: reloaded
enabled: true enabled: true
@ -15,7 +15,7 @@
listen: (Handler) Run NGINX listen: (Handler) Run NGINX
- name: (Handler) Check NGINX - name: (Handler) Check NGINX
command: nginx -t ansible.builtin.command: nginx -t
args: args:
chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}" chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}"
register: config_check register: config_check
@ -26,7 +26,7 @@
listen: (Handler) Run NGINX listen: (Handler) Run NGINX
- name: (Handler) Print NGINX error if syntax check fails - name: (Handler) Print NGINX error if syntax check fails
debug: ansible.builtin.debug:
var: config_check.stderr_lines var: config_check.stderr_lines
failed_when: config_check.rc != 0 failed_when: config_check.rc != 0
when: when:
@ -37,9 +37,9 @@
listen: (Handler) Run NGINX listen: (Handler) Run NGINX
- name: (Handler) Start NGINX Amplify agent - name: (Handler) Start NGINX Amplify agent
service: ansible.builtin.service:
name: amplify-agent name: amplify-agent
state: started state: started
- name: (Handler) Run logrotate - name: (Handler) Run logrotate
command: logrotate -f /etc/logrotate.d/nginx ansible.builtin.command: logrotate -f /etc/logrotate.d/nginx

8
molecule/default/converge.yml
View File

@ -3,20 +3,20 @@
hosts: all hosts: all
pre_tasks: pre_tasks:
- name: Set repo if Alpine - name: Set repo if Alpine
set_fact: ansible.builtin.set_fact:
version: "=1.21.5-r1" version: "=1.21.5-r1"
when: ansible_facts['os_family'] == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: Set repo if Debian - name: Set repo if Debian
set_fact: ansible.builtin.set_fact:
version: "=1.21.5-1~{{ ansible_facts['distribution_release'] }}" version: "=1.21.5-1~{{ ansible_facts['distribution_release'] }}"
when: ansible_facts['os_family'] == "Debian" when: ansible_facts['os_family'] == "Debian"
- name: Set repo if Red Hat - name: Set repo if Red Hat
set_fact: ansible.builtin.set_fact:
version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
when: ansible_facts['os_family'] == "RedHat" when: ansible_facts['os_family'] == "RedHat"
tasks: tasks:
- name: Install NGINX - name: Install NGINX
include_role: ansible.builtin.include_role:
name: ansible-role-nginx name: ansible-role-nginx
vars: vars:
nginx_version: "{{ version }}" nginx_version: "{{ version }}"

8
molecule/default/verify.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Check if NGINX is installed - name: Check if NGINX is installed
package: ansible.builtin.package:
name: nginx name: nginx
state: present state: present
check_mode: true check_mode: true
@ -11,7 +11,7 @@
failed_when: (install is changed) or (install is failed) failed_when: (install is changed) or (install is failed)
- name: Check if NGINX service is running - name: Check if NGINX service is running
service: ansible.builtin.service:
name: nginx name: nginx
state: started state: started
enabled: true enabled: true
@ -20,12 +20,12 @@
failed_when: (service is changed) or (service is failed) failed_when: (service is changed) or (service is failed)
- name: Verify NGINX is up and running - name: Verify NGINX is up and running
uri: ansible.builtin.uri:
url: http://localhost url: http://localhost
status_code: 200 status_code: 200
- name: Verify correct version of NGINX has been installed - name: Verify correct version of NGINX has been installed
command: nginx -v ansible.builtin.command: nginx -v
args: args:
chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}" chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}"
changed_when: false changed_when: false

8
molecule/downgrade/converge.yml
View File

@ -3,20 +3,20 @@
hosts: all hosts: all
pre_tasks: pre_tasks:
- name: Set repo if Alpine - name: Set repo if Alpine
set_fact: ansible.builtin.set_fact:
version: "=1.20.2-r1" version: "=1.20.2-r1"
when: ansible_facts['os_family'] == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: Set repo if Debian - name: Set repo if Debian
set_fact: ansible.builtin.set_fact:
version: "=1.20.2-1~{{ ansible_facts['distribution_release'] }}" version: "=1.20.2-1~{{ ansible_facts['distribution_release'] }}"
when: ansible_facts['os_family'] == "Debian" when: ansible_facts['os_family'] == "Debian"
- name: Set repo if Red Hat - name: Set repo if Red Hat
set_fact: ansible.builtin.set_fact:
version: "-1.20.2-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" version: "-1.20.2-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
when: ansible_facts['os_family'] == "RedHat" when: ansible_facts['os_family'] == "RedHat"
tasks: tasks:
- name: Install NGINX - name: Install NGINX
include_role: ansible.builtin.include_role:
name: ansible-role-nginx name: ansible-role-nginx
vars: vars:
nginx_version: "{{ version }}" nginx_version: "{{ version }}"

8
molecule/downgrade/prepare.yml
View File

@ -3,20 +3,20 @@
hosts: all hosts: all
pre_tasks: pre_tasks:
- name: Set repo if Alpine - name: Set repo if Alpine
set_fact: ansible.builtin.set_fact:
version: "=1.21.5-r1" version: "=1.21.5-r1"
when: ansible_facts['os_family'] == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: Set repo if Debian - name: Set repo if Debian
set_fact: ansible.builtin.set_fact:
version: "=1.21.5-1~{{ ansible_facts['distribution_release'] }}" version: "=1.21.5-1~{{ ansible_facts['distribution_release'] }}"
when: ansible_facts['os_family'] == "Debian" when: ansible_facts['os_family'] == "Debian"
- name: Set repo if Red Hat - name: Set repo if Red Hat
set_fact: ansible.builtin.set_fact:
version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
when: ansible_facts['os_family'] == "RedHat" when: ansible_facts['os_family'] == "RedHat"
tasks: tasks:
- name: Install NGINX - name: Install NGINX
include_role: ansible.builtin.include_role:
name: ansible-role-nginx name: ansible-role-nginx
vars: vars:
nginx_version: "{{ version }}" nginx_version: "{{ version }}"

20
molecule/downgrade/verify.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Check if NGINX is installed - name: Check if NGINX is installed
package: ansible.builtin.package:
name: nginx name: nginx
state: present state: present
check_mode: true check_mode: true
@ -11,7 +11,7 @@
failed_when: (install is changed) or (install is failed) failed_when: (install is changed) or (install is failed)
- name: Check if NGINX service is running - name: Check if NGINX service is running
service: ansible.builtin.service:
name: nginx name: nginx
state: started state: started
enabled: true enabled: true
@ -20,14 +20,14 @@
failed_when: (service is changed) or (service is failed) failed_when: (service is changed) or (service is failed)
- name: Verify NGINX is up and running - name: Verify NGINX is up and running
uri: ansible.builtin.uri:
url: http://localhost url: http://localhost
status_code: 200 status_code: 200
# - name: Verify NGINX has been downgraded - name: Verify NGINX has been downgraded
# command: nginx -v ansible.builtin.command: nginx -v
# args: args:
# chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}" chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}"
# changed_when: false changed_when: false
# register: version register: version
# failed_when: version is not search('1.21.3') failed_when: version is not search('1.20.2')

2
molecule/module/converge.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Install NGINX modules - name: Install NGINX modules
include_role: ansible.builtin.include_role:
name: ansible-role-nginx name: ansible-role-nginx
vars: vars:
nginx_modules: nginx_modules:

6
molecule/module/verify.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Check if NGINX is installed - name: Check if NGINX is installed
package: ansible.builtin.package:
name: nginx name: nginx
state: present state: present
check_mode: true check_mode: true
@ -11,7 +11,7 @@
failed_when: (install is changed) or (install is failed) failed_when: (install is changed) or (install is failed)
- name: Check if NGINX service is running - name: Check if NGINX service is running
service: ansible.builtin.service:
name: nginx name: nginx
state: started state: started
enabled: true enabled: true
@ -20,6 +20,6 @@
failed_when: (service is changed) or (service is failed) failed_when: (service is changed) or (service is failed)
- name: Verify NGINX is up and running - name: Verify NGINX is up and running
uri: ansible.builtin.uri:
url: http://localhost url: http://localhost
status_code: 200 status_code: 200

2
molecule/plus/converge.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Install NGINX Plus - name: Install NGINX Plus
include_role: ansible.builtin.include_role:
name: ansible-role-nginx name: ansible-role-nginx
vars: vars:
nginx_type: plus nginx_type: plus

4
molecule/plus/prepare.yml
View File

@ -4,14 +4,14 @@
gather_facts: false gather_facts: false
tasks: tasks:
- name: Create ephemeral license certificate file from b64 decoded env var - name: Create ephemeral license certificate file from b64 decoded env var
copy: ansible.builtin.copy:
content: "{{ lookup('env','NGINX_CRT') | b64decode }}" content: "{{ lookup('env','NGINX_CRT') | b64decode }}"
dest: ../../files/license/nginx-repo.crt dest: ../../files/license/nginx-repo.crt
force: false force: false
mode: 0444 mode: 0444
- name: Create ephemeral license key file from b64 decoded env var - name: Create ephemeral license key file from b64 decoded env var
copy: ansible.builtin.copy:
content: "{{ lookup('env','NGINX_KEY') | b64decode }}" content: "{{ lookup('env','NGINX_KEY') | b64decode }}"
dest: ../../files/license/nginx-repo.key dest: ../../files/license/nginx-repo.key
force: false force: false

6
molecule/plus/verify.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Check if NGINX Plus is installed - name: Check if NGINX Plus is installed
package: ansible.builtin.package:
name: nginx-plus name: nginx-plus
state: present state: present
check_mode: true check_mode: true
@ -11,7 +11,7 @@
failed_when: (install is changed) or (install is failed) failed_when: (install is changed) or (install is failed)
- name: Check if NGINX Plus service is running - name: Check if NGINX Plus service is running
service: ansible.builtin.service:
name: nginx name: nginx
state: started state: started
enabled: true enabled: true
@ -20,6 +20,6 @@
failed_when: (service is changed) or (service is failed) failed_when: (service is changed) or (service is failed)
- name: Verify NGINX Plus is up and running - name: Verify NGINX Plus is up and running
uri: ansible.builtin.uri:
url: http://localhost url: http://localhost
status_code: 200 status_code: 200

2
molecule/source/converge.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Install NGINX from source - name: Install NGINX from source
include_role: ansible.builtin.include_role:
name: ansible-role-nginx name: ansible-role-nginx
vars: vars:
nginx_install_from: source nginx_install_from: source

4
molecule/source/verify.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Check if NGINX service is running - name: Check if NGINX service is running
service: ansible.builtin.service:
name: nginx name: nginx
state: started state: started
enabled: true enabled: true
@ -12,6 +12,6 @@
failed_when: (service is changed) or (service is failed) failed_when: (service is changed) or (service is failed)
- name: Verify NGINX is up and running - name: Verify NGINX is up and running
uri: ansible.builtin.uri:
url: http://localhost url: http://localhost
status_code: 200 status_code: 200

2
molecule/uninstall/converge.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Uninstall NGINX - name: Uninstall NGINX
include_role: ansible.builtin.include_role:
name: ansible-role-nginx name: ansible-role-nginx
vars: vars:
nginx_setup: uninstall nginx_setup: uninstall

2
molecule/uninstall/prepare.yml
View File

@ -3,5 +3,5 @@
hosts: all hosts: all
tasks: tasks:
- name: Install NGINX - name: Install NGINX
include_role: ansible.builtin.include_role:
name: ansible-role-nginx name: ansible-role-nginx

2
molecule/uninstall/verify.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Check if NGINX is installed - name: Check if NGINX is installed
package: ansible.builtin.package:
name: nginx name: nginx
state: absent state: absent
check_mode: true check_mode: true

2
molecule/uninstall_plus/converge.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Uninstall NGINX - name: Uninstall NGINX
include_role: ansible.builtin.include_role:
name: ansible-role-nginx name: ansible-role-nginx
vars: vars:
nginx_type: plus nginx_type: plus

6
molecule/uninstall_plus/prepare.yml
View File

@ -4,14 +4,14 @@
gather_facts: false gather_facts: false
tasks: tasks:
- name: Create ephemeral license certificate file from b64 decoded env var - name: Create ephemeral license certificate file from b64 decoded env var
copy: ansible.builtin.copy:
content: "{{ lookup('env','NGINX_CRT') | b64decode }}" content: "{{ lookup('env','NGINX_CRT') | b64decode }}"
dest: ../../files/license/nginx-repo.crt dest: ../../files/license/nginx-repo.crt
force: false force: false
mode: 0444 mode: 0444
- name: Create ephemeral license key file from b64 decoded env var - name: Create ephemeral license key file from b64 decoded env var
copy: ansible.builtin.copy:
content: "{{ lookup('env','NGINX_KEY') | b64decode }}" content: "{{ lookup('env','NGINX_KEY') | b64decode }}"
dest: ../../files/license/nginx-repo.key dest: ../../files/license/nginx-repo.key
force: false force: false
@ -21,7 +21,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Install NGINX - name: Install NGINX
include_role: ansible.builtin.include_role:
name: ansible-role-nginx name: ansible-role-nginx
vars: vars:
nginx_type: plus nginx_type: plus

2
molecule/uninstall_plus/verify.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Check if NGINX is installed - name: Check if NGINX is installed
package: ansible.builtin.package:
name: nginx-plus name: nginx-plus
state: absent state: absent
check_mode: true check_mode: true

2
molecule/upgrade/converge.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Install NGINX - name: Install NGINX
include_role: ansible.builtin.include_role:
name: ansible-role-nginx name: ansible-role-nginx
vars: vars:
nginx_setup: upgrade nginx_setup: upgrade

8
molecule/upgrade/prepare.yml
View File

@ -3,20 +3,20 @@
hosts: all hosts: all
pre_tasks: pre_tasks:
- name: Set repo if Alpine - name: Set repo if Alpine
set_fact: ansible.builtin.set_fact:
version: "=1.21.5-r1" version: "=1.21.5-r1"
when: ansible_facts['os_family'] == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: Set repo if Debian - name: Set repo if Debian
set_fact: ansible.builtin.set_fact:
version: "=1.21.5-1~{{ ansible_facts['distribution_release'] }}" version: "=1.21.5-1~{{ ansible_facts['distribution_release'] }}"
when: ansible_facts['os_family'] == "Debian" when: ansible_facts['os_family'] == "Debian"
- name: Set repo if Red Hat - name: Set repo if Red Hat
set_fact: ansible.builtin.set_fact:
version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
when: ansible_facts['os_family'] == "RedHat" when: ansible_facts['os_family'] == "RedHat"
tasks: tasks:
- name: Install NGINX - name: Install NGINX
include_role: ansible.builtin.include_role:
name: ansible-role-nginx name: ansible-role-nginx
vars: vars:
nginx_version: "{{ version }}" nginx_version: "{{ version }}"

12
molecule/upgrade/verify.yml
View File

@ -3,7 +3,7 @@
hosts: all hosts: all
tasks: tasks:
- name: Check if NGINX is installed - name: Check if NGINX is installed
package: ansible.builtin.package:
name: nginx name: nginx
state: present state: present
check_mode: true check_mode: true
@ -11,7 +11,7 @@
failed_when: (install is changed) or (install is failed) failed_when: (install is changed) or (install is failed)
- name: Check if NGINX service is running - name: Check if NGINX service is running
service: ansible.builtin.service:
name: nginx name: nginx
state: started state: started
enabled: true enabled: true
@ -20,23 +20,23 @@
failed_when: (service is changed) or (service is failed) failed_when: (service is changed) or (service is failed)
- name: Verify NGINX is up and running - name: Verify NGINX is up and running
uri: ansible.builtin.uri:
url: http://localhost url: http://localhost
status_code: 200 status_code: 200
- name: Fetch NGINX version - name: Fetch NGINX version
uri: ansible.builtin.uri:
url: https://version.nginx.com/nginx/mainline url: https://version.nginx.com/nginx/mainline
return_content: true return_content: true
check_mode: false check_mode: false
register: nginx_versions register: nginx_versions
- name: Set NGINX version - name: Set NGINX version
set_fact: ansible.builtin.set_fact:
nginx_version: "{{ nginx_versions.content | regex_search('([0-9]+\\.){2}[0-9]+') }}" nginx_version: "{{ nginx_versions.content | regex_search('([0-9]+\\.){2}[0-9]+') }}"
- name: Verify NGINX has been upgraded - name: Verify NGINX has been upgraded
command: nginx -v ansible.builtin.command: nginx -v
args: args:
chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}" chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}"
changed_when: false changed_when: false

8
tasks/amplify/install-amplify.yml
View File

@ -1,22 +1,22 @@
--- ---
- name: Configure NGINX Amplify agent repository - name: Configure NGINX Amplify agent repository
include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_facts['os_family'] | lower }}.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_facts['os_family'] | lower }}.yml"
when: ansible_facts['os_family'] in ['Debian', 'RedHat'] when: ansible_facts['os_family'] in ['Debian', 'RedHat']
- name: Install NGINX Amplify agent - name: Install NGINX Amplify agent
package: ansible.builtin.package:
name: nginx-amplify-agent name: nginx-amplify-agent
state: present state: present
- name: Copy NGINX Amplify configurator agent configuration template - name: Copy NGINX Amplify configurator agent configuration template
copy: ansible.builtin.copy:
remote_src: true remote_src: true
src: /etc/amplify-agent/agent.conf.default src: /etc/amplify-agent/agent.conf.default
dest: /etc/amplify-agent/agent.conf dest: /etc/amplify-agent/agent.conf
mode: 0644 mode: 0644
- name: Configure NGINX Amplify agent API key - name: Configure NGINX Amplify agent API key
lineinfile: ansible.builtin.lineinfile:
dest: /etc/amplify-agent/agent.conf dest: /etc/amplify-agent/agent.conf
regexp: api_key =.* regexp: api_key =.*
line: "api_key = {{ nginx_amplify_api_key }}" line: "api_key = {{ nginx_amplify_api_key }}"

2
tasks/amplify/setup-debian.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: (Debian/Ubuntu) Add NGINX Amplify agent repository - name: (Debian/Ubuntu) Add NGINX Amplify agent repository
apt_repository: ansible.builtin.apt_repository:
filename: nginx-amplify filename: nginx-amplify
repo: "deb [arch=amd64 signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.amplify.nginx.com/py3/{{ ansible_facts['distribution'] | lower }}/ repo: "deb [arch=amd64 signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.amplify.nginx.com/py3/{{ ansible_facts['distribution'] | lower }}/
{{ ansible_facts['distribution_release'] | lower }} amplify-agent" {{ ansible_facts['distribution_release'] | lower }} amplify-agent"

2
tasks/amplify/setup-redhat.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: (Amazon Linux/CentOS/RHEL) Add NGINX Amplify agent repository - name: (Amazon Linux/CentOS/RHEL) Add NGINX Amplify agent repository
yum_repository: ansible.builtin.yum_repository:
name: nginx-amplify name: nginx-amplify
baseurl: https://packages.amplify.nginx.com/{{ (ansible_facts['distribution_major_version'] == "7") | ternary('', 'py3/') }}{{ (ansible_facts['distribution'] == "Amazon") | ternary('amzn', 'centos') }}/$releasever/$basearch/ baseurl: https://packages.amplify.nginx.com/{{ (ansible_facts['distribution_major_version'] == "7") | ternary('', 'py3/') }}{{ (ansible_facts['distribution'] == "Amazon") | ternary('amzn', 'centos') }}/$releasever/$basearch/
description: NGINX Amplify Agent description: NGINX Amplify Agent

4
tasks/config/debug-output.yml
View File

@ -1,12 +1,12 @@
--- ---
- name: Register NGINX config - name: Register NGINX config
command: nginx -T ansible.builtin.command: nginx -T
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: "{{ ansible_check_mode }}"
check_mode: false check_mode: false
changed_when: false changed_when: false
register: config_full register: config_full
- name: Print NGINX config - name: Print NGINX config
debug: ansible.builtin.debug:
var: config_full.stdout_lines var: config_full.stdout_lines
when: config_full.stdout_lines is defined when: config_full.stdout_lines is defined

8
tasks/config/modify-systemd.yml
View File

@ -1,12 +1,12 @@
--- ---
- name: Create override directory for NGINX systemd service - name: Create override directory for NGINX systemd service
file: ansible.builtin.file:
path: "{{ nginx_service_overridepath }}" path: "{{ nginx_service_overridepath }}"
state: directory state: directory
mode: 0755 mode: 0755
- name: Create override for NGINX systemd service - name: Create override for NGINX systemd service
template: ansible.builtin.template:
src: "{{ role_path }}/templates/services/nginx.service.override.conf.j2" src: "{{ role_path }}/templates/services/nginx.service.override.conf.j2"
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
owner: root owner: root
@ -18,7 +18,7 @@
notify: (Handler) Systemd daemon-reload notify: (Handler) Systemd daemon-reload
- name: Customize override for NGINX systemd service - name: Customize override for NGINX systemd service
copy: ansible.builtin.copy:
src: "{{ nginx_service_custom_file }}" src: "{{ nginx_service_custom_file }}"
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
owner: root owner: root
@ -30,7 +30,7 @@
notify: (Handler) Systemd daemon-reload notify: (Handler) Systemd daemon-reload
- name: Remove override for NGINX systemd service - name: Remove override for NGINX systemd service
file: ansible.builtin.file:
path: "{{ nginx_service_overridepath }}" path: "{{ nginx_service_overridepath }}"
state: absent state: absent
when: nginx_service_clean | bool when: nginx_service_clean | bool

6
tasks/config/setup-logrotate.yml
View File

@ -5,13 +5,13 @@
when: ansible_facts['os_family'] == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: (Debian/Ubuntu) Install logrotate - name: (Debian/Ubuntu) Install logrotate
apt: ansible.builtin.apt:
name: logrotate name: logrotate
state: present state: present
when: ansible_facts['os_family'] == "Debian" when: ansible_facts['os_family'] == "Debian"
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Install logrotate - name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Install logrotate
yum: ansible.builtin.yum:
name: logrotate name: logrotate
state: present state: present
when: ansible_facts['os_family'] == "RedHat" when: ansible_facts['os_family'] == "RedHat"
@ -29,7 +29,7 @@
when: ansible_facts['os_family'] == "Suse" when: ansible_facts['os_family'] == "Suse"
- name: Create logrotate config - name: Create logrotate config
template: ansible.builtin.template:
src: logrotate/nginx.j2 src: logrotate/nginx.j2
dest: /etc/logrotate.d/nginx dest: /etc/logrotate.d/nginx
mode: 0644 mode: 0644

10
tasks/keys/setup-keys.yml
View File

@ -2,30 +2,30 @@
- name: (Alpine Linux) Set up signing key - name: (Alpine Linux) Set up signing key
block: block:
- name: (Alpine Linux) Set up NGINX signing key URL - name: (Alpine Linux) Set up NGINX signing key URL
set_fact: ansible.builtin.set_fact:
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_rsa_pub) }}" keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_rsa_pub) }}"
- name: (Alpine Linux) Download NGINX signing key - name: (Alpine Linux) Download NGINX signing key
get_url: ansible.builtin.get_url:
url: "{{ keysite }}" url: "{{ keysite }}"
dest: /etc/apk/keys/nginx_signing.rsa.pub dest: /etc/apk/keys/nginx_signing.rsa.pub
mode: 0400 mode: 0400
when: ansible_facts['os_family'] == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: (Debian/Red Hat/SLES OSs) Set up NGINX signing key URL - name: (Debian/Red Hat/SLES OSs) Set up NGINX signing key URL
set_fact: ansible.builtin.set_fact:
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_pgp) }}" keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_pgp) }}"
when: ansible_facts['os_family'] != "Alpine" when: ansible_facts['os_family'] != "Alpine"
- name: (Debian/Ubuntu) Add NGINX signing key - name: (Debian/Ubuntu) Add NGINX signing key
apt_key: ansible.builtin.apt_key:
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
keyring: /usr/share/keyrings/nginx-archive-keyring.gpg keyring: /usr/share/keyrings/nginx-archive-keyring.gpg
url: "{{ keysite }}" url: "{{ keysite }}"
when: ansible_facts['os_family'] == "Debian" when: ansible_facts['os_family'] == "Debian"
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL/SLES) Add NGINX signing key - name: (Amazon Linux/CentOS/Oracle Linux/RHEL/SLES) Add NGINX signing key
rpm_key: ansible.builtin.rpm_key:
fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
key: "{{ keysite }}" key: "{{ keysite }}"
when: ansible_facts['os_family'] in ['RedHat', 'Suse'] when: ansible_facts['os_family'] in ['RedHat', 'Suse']

28
tasks/main.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Check whether you are using a supported NGINX distribution - name: Check whether you are using a supported NGINX distribution
assert: ansible.builtin.assert:
that: (nginx_type == "opensource" and ansible_facts['distribution'] in nginx_distributions) that: (nginx_type == "opensource" and ansible_facts['distribution'] in nginx_distributions)
or (nginx_type == "plus" and ansible_facts['distribution'] in nginx_plus_distributions) or (nginx_type == "plus" and ansible_facts['distribution'] in nginx_plus_distributions)
success_msg: "Your OS, {{ ansible_facts['distribution'] }} is supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}" success_msg: "Your OS, {{ ansible_facts['distribution'] }} is supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}"
@ -12,7 +12,7 @@
tags: nginx_check_support tags: nginx_check_support
- name: Check that NGINX setup is an allowed value - name: Check that NGINX setup is an allowed value
assert: ansible.builtin.assert:
that: nginx_setup in nginx_setup_vars that: nginx_setup in nginx_setup_vars
fail_msg: The value {{ nginx_setup }} you used for `nginx_setup` is not allowed. Try one of {{ nginx_setup_vars | join(', ') }}. fail_msg: The value {{ nginx_setup }} you used for `nginx_setup` is not allowed. Try one of {{ nginx_setup_vars | join(', ') }}.
when: nginx_enable | bool when: nginx_enable | bool
@ -20,12 +20,12 @@
tags: nginx_check_support tags: nginx_check_support
- name: Set up prerequisites - name: Set up prerequisites
include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml"
when: nginx_state != "absent" when: nginx_state != "absent"
tags: nginx_prerequisites tags: nginx_prerequisites
- name: Set up signing keys - name: Set up signing keys
include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml"
when: (nginx_enable | bool and nginx_install_from == "nginx_repository") when: (nginx_enable | bool and nginx_install_from == "nginx_repository")
or nginx_amplify_enable | bool or nginx_amplify_enable | bool
tags: nginx_key tags: nginx_key
@ -33,38 +33,38 @@
- name: "{{ nginx_setup | capitalize }} NGINX" - name: "{{ nginx_setup | capitalize }} NGINX"
block: block:
- name: "{{ nginx_setup | capitalize }} NGINX Open Source" - name: "{{ nginx_setup | capitalize }} NGINX Open Source"
include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml"
when: nginx_type == "opensource" when: nginx_type == "opensource"
tags: nginx_install_oss tags: nginx_install_oss
- name: Set up NGINX Plus license - name: Set up NGINX Plus license
include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml"
when: when:
- nginx_type == "plus" - nginx_type == "plus"
- nginx_setup_license | bool - nginx_setup_license | bool
tags: nginx_setup_license tags: nginx_setup_license
- name: "{{ nginx_setup | capitalize }} NGINX Plus" - name: "{{ nginx_setup | capitalize }} NGINX Plus"
include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml"
when: nginx_type == "plus" when: nginx_type == "plus"
tags: nginx_install_plus tags: nginx_install_plus
- name: "{{ nginx_setup | capitalize }} NGINX dynamic modules" - name: "{{ nginx_setup | capitalize }} NGINX dynamic modules"
include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml"
when: when:
- nginx_modules is defined - nginx_modules is defined
- nginx_modules | length > 0 - nginx_modules | length > 0
tags: nginx_install_modules tags: nginx_install_modules
- name: Remove NGINX Plus license - name: Remove NGINX Plus license
include_tasks: "{{ role_path }}/tasks/plus/remove-license.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/plus/remove-license.yml"
when: when:
- nginx_type == "plus" - nginx_type == "plus"
- nginx_remove_license | bool - nginx_remove_license | bool
tags: nginx_remove_license tags: nginx_remove_license
- name: Modify systemd parameters - name: Modify systemd parameters
include_tasks: "{{ role_path }}/tasks/config/modify-systemd.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/config/modify-systemd.yml"
when: when:
- ansible_facts['service_mgr'] == "systemd" - ansible_facts['service_mgr'] == "systemd"
- nginx_service_modify | bool - nginx_service_modify | bool
@ -73,24 +73,24 @@
tags: nginx_enable tags: nginx_enable
- name: Trigger handlers if necessary - name: Trigger handlers if necessary
meta: flush_handlers ansible.builtin.meta: flush_handlers
- name: Debug NGINX output - name: Debug NGINX output
include_tasks: "{{ role_path }}/tasks/config/debug-output.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/config/debug-output.yml"
when: when:
- nginx_debug_output | bool - nginx_debug_output | bool
- nginx_state != "absent" - nginx_state != "absent"
tags: nginx_debug_output tags: nginx_debug_output
- name: Configure logrotate for NGINX - name: Configure logrotate for NGINX
include_tasks: "{{ role_path }}/tasks/config/setup-logrotate.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/config/setup-logrotate.yml"
when: when:
- nginx_logrotate_conf_enable | bool - nginx_logrotate_conf_enable | bool
- nginx_state != "absent" - nginx_state != "absent"
tags: nginx_logrotate_config tags: nginx_logrotate_config
- name: Install NGINX Amplify - name: Install NGINX Amplify
include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml"
when: when:
- nginx_amplify_enable | bool - nginx_amplify_enable | bool
- nginx_amplify_api_key is defined - nginx_amplify_api_key is defined

8
tasks/modules/install-modules.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: (CentOS) Install GeoIP EPEL dependencies - name: (CentOS) Install GeoIP EPEL dependencies
yum: ansible.builtin.yum:
name: epel-release name: epel-release
when: when:
- ansible_facts['distribution'] == "CentOS" - ansible_facts['distribution'] == "CentOS"
@ -10,12 +10,12 @@
- name: (RHEL) Install GeoIP2 and/or OpenTracing EPEL dependencies - name: (RHEL) Install GeoIP2 and/or OpenTracing EPEL dependencies
block: block:
- name: (RHEL) Import EPEL GPG key - name: (RHEL) Import EPEL GPG key
rpm_key: ansible.builtin.rpm_key:
state: present state: present
key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_facts['distribution_major_version'] }} key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_facts['distribution_major_version'] }}
- name: (RHEL) Install package dependencies - name: (RHEL) Install package dependencies
yum: ansible.builtin.yum:
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_facts['distribution_major_version'] }}.noarch.rpm name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_facts['distribution_major_version'] }}.noarch.rpm
when: when:
- ansible_facts['distribution'] == "RedHat" - ansible_facts['distribution'] == "RedHat"
@ -24,7 +24,7 @@
- nginx_install_epel_release | bool - nginx_install_epel_release | bool
- name: Setup NGINX modules - name: Setup NGINX modules
package: ansible.builtin.package:
name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item.name | default(item) }}\ name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item.name | default(item) }}\
{{ item.version | default(nginx_version) | default('') }}{{ (nginx_repository is not defined and ansible_facts['os_family'] == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}" {{ item.version | default(nginx_version) | default('') }}{{ (nginx_repository is not defined and ansible_facts['os_family'] == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}"
state: "{{ item.state | default('present') }}" state: "{{ item.state | default('present') }}"

2
tasks/opensource/install-alpine.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: (Alpine Linux) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository - name: (Alpine Linux) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository
lineinfile: ansible.builtin.lineinfile:
path: /etc/apk/repositories path: /etc/apk/repositories
insertafter: EOF insertafter: EOF
line: "{{ nginx_repository | default(nginx_default_repository_alpine) }}" line: "{{ nginx_repository | default(nginx_default_repository_alpine) }}"

12
tasks/opensource/install-bsd.yml
View File

@ -2,12 +2,12 @@
- name: (FreeBSD) Update ports - name: (FreeBSD) Update ports
block: block:
- name: (FreeBSD) Fetch ports - name: (FreeBSD) Fetch ports
command: portsnap fetch --interactive ansible.builtin.command: portsnap fetch --interactive
args: args:
creates: /var/db/portsnap/INDEX creates: /var/db/portsnap/INDEX
- name: (FreeBSD) Extract ports - name: (FreeBSD) Extract ports
command: portsnap extract ansible.builtin.command: portsnap extract
args: args:
creates: /usr/ports creates: /usr/ports
when: when:
@ -54,12 +54,12 @@
- name: (NetBSD) {{ nginx_setup | capitalize }} NGINX - name: (NetBSD) {{ nginx_setup | capitalize }} NGINX
block: block:
- name: (NetBSD) {{ nginx_setup | capitalize }} NGINX package - name: (NetBSD) {{ nginx_setup | capitalize }} NGINX package
command: "pkg_add www/nginx{{ nginx_version | default('') }}" ansible.builtin.command: "pkg_add www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool when: nginx_bsd_install_packages | bool
notify: (Handler) Run NGINX notify: (Handler) Run NGINX
- name: (NetBSD) {{ nginx_setup | capitalize }} NGINX port - name: (NetBSD) {{ nginx_setup | capitalize }} NGINX port
fail: ansible.builtin.fail:
msg: "{{ ansible_facts['system'] }} {{ nginx_setup | capitalize }} NGINX port not implemented." msg: "{{ ansible_facts['system'] }} {{ nginx_setup | capitalize }} NGINX port not implemented."
when: not nginx_bsd_install_packages | bool when: not nginx_bsd_install_packages | bool
when: ansible_facts['system'] == "NetBSD" when: ansible_facts['system'] == "NetBSD"
@ -67,12 +67,12 @@
- name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX - name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX
block: block:
- name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX package - name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX package
command: "pkg install www/nginx{{ nginx_version | default('') }}" ansible.builtin.command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool when: nginx_bsd_install_packages | bool
notify: (Handler) Run NGINX notify: (Handler) Run NGINX
- name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX port - name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX port
fail: ansible.builtin.fail:
msg: "{{ ansible_facts['system'] }} {{ nginx_setup | capitalize }} NGINX port not implemented." msg: "{{ ansible_facts['system'] }} {{ nginx_setup | capitalize }} NGINX port not implemented."
when: not nginx_bsd_install_packages | bool when: not nginx_bsd_install_packages | bool
when: ansible_facts['system'] in ['DragonFlyBSD', 'HardenedBSD'] when: ansible_facts['system'] in ['DragonFlyBSD', 'HardenedBSD']

6
tasks/opensource/install-debian.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: (Debian/Ubuntu) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository - name: (Debian/Ubuntu) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository
apt_repository: ansible.builtin.apt_repository:
filename: nginx filename: nginx
repo: "{{ item }}" repo: "{{ item }}"
update_cache: true update_cache: true
@ -10,7 +10,7 @@
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (Debian/Ubuntu) {{ (nginx_setup == 'uninstall') | ternary('Unpin', 'Pin') }} NGINX repository - name: (Debian/Ubuntu) {{ (nginx_setup == 'uninstall') | ternary('Unpin', 'Pin') }} NGINX repository
blockinfile: ansible.builtin.blockinfile:
path: /etc/apt/preferences.d/99nginx path: /etc/apt/preferences.d/99nginx
create: true create: true
block: | block: |
@ -23,7 +23,7 @@
when: nginx_repository is not defined when: nginx_repository is not defined
- name: (Debian/Ubuntu) {{ nginx_setup | capitalize }} NGINX - name: (Debian/Ubuntu) {{ nginx_setup | capitalize }} NGINX
apt: ansible.builtin.apt:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
update_cache: true update_cache: true

8
tasks/opensource/install-oss.yml
View File

@ -2,15 +2,15 @@
- name: "{{ nginx_setup | capitalize }} NGINX in Linux systems" - name: "{{ nginx_setup | capitalize }} NGINX in Linux systems"
block: block:
- name: "{{ nginx_setup | capitalize }} NGINX from repository" - name: "{{ nginx_setup | capitalize }} NGINX from repository"
include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml"
when: nginx_install_from == "nginx_repository" when: nginx_install_from == "nginx_repository"
- name: "{{ nginx_setup | capitalize }} NGINX from source" - name: "{{ nginx_setup | capitalize }} NGINX from source"
include_tasks: "{{ role_path }}/tasks/opensource/install-source.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-source.yml"
when: nginx_install_from == "source" when: nginx_install_from == "source"
- name: "{{ nginx_setup | capitalize }} NGINX from package" - name: "{{ nginx_setup | capitalize }} NGINX from package"
package: ansible.builtin.package:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
when: nginx_install_from == "os_repository" when: nginx_install_from == "os_repository"
@ -18,5 +18,5 @@
when: ansible_facts['system'] | lower is not search('bsd') when: ansible_facts['system'] | lower is not search('bsd')
- name: "{{ nginx_setup | capitalize }} NGINX in Unix systems" - name: "{{ nginx_setup | capitalize }} NGINX in Unix systems"
include_tasks: "{{ role_path }}/tasks/opensource/install-bsd.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-bsd.yml"
when: ansible_facts['system'] | lower is search('bsd') when: ansible_facts['system'] | lower is search('bsd')

4
tasks/opensource/install-redhat.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: (Amazon Linux/CentOS/RHEL) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository - name: (Amazon Linux/CentOS/RHEL) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository
yum_repository: ansible.builtin.yum_repository:
name: nginx name: nginx
baseurl: "{{ nginx_repository | baseurl: "{{ nginx_repository |
default(lookup('vars', 'nginx_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) }}" default(lookup('vars', 'nginx_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) }}"
@ -13,7 +13,7 @@
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (Amazon Linux/CentOS/RHEL) {{ nginx_setup | capitalize }} NGINX - name: (Amazon Linux/CentOS/RHEL) {{ nginx_setup | capitalize }} NGINX
yum: ansible.builtin.yum:
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
update_cache: true update_cache: true

82
tasks/opensource/install-source.yml
View File

@ -4,7 +4,7 @@
- name: (RHEL 8) Setup Python 3 - name: (RHEL 8) Setup Python 3
block: block:
- name: (RHEL 8) Install Python 3 - name: (RHEL 8) Install Python 3
yum: ansible.builtin.yum:
name: name:
- python3 - python3
- python3-pip - python3-pip
@ -21,7 +21,7 @@
- ansible_facts['distribution_major_version'] is version('8', '==') - ansible_facts['distribution_major_version'] is version('8', '==')
- name: (CentOS/RHEL) Install build tools - name: (CentOS/RHEL) Install build tools
yum: ansible.builtin.yum:
name: name:
- ca-certificates - ca-certificates
- gcc - gcc
@ -39,7 +39,7 @@
when: ansible_facts['os_family'] == "RedHat" when: ansible_facts['os_family'] == "RedHat"
- name: (Debian) Install backports repo for 'buster' - name: (Debian) Install backports repo for 'buster'
apt_repository: ansible.builtin.apt_repository:
filename: buster-backports filename: buster-backports
repo: deb http://ftp.us.debian.org/debian buster-backports main repo: deb http://ftp.us.debian.org/debian buster-backports main
update_cache: true update_cache: true
@ -47,7 +47,7 @@
when: ansible_facts['distribution_release'] == "buster" when: ansible_facts['distribution_release'] == "buster"
- name: (Debian/Ubuntu) Install build tools - name: (Debian/Ubuntu) Install build tools
apt: ansible.builtin.apt:
name: name:
- build-essential - build-essential
- checkinstall - checkinstall
@ -75,7 +75,7 @@
when: ansible_facts['os_family'] == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: (Alpine Linux) Enable OpenRC - name: (Alpine Linux) Enable OpenRC
copy: ansible.builtin.copy:
content: "" content: ""
dest: /run/openrc/softlevel dest: /run/openrc/softlevel
force: false force: false
@ -87,22 +87,22 @@
- name: Check for source installs - name: Check for source installs
block: block:
- name: Check for PCRE install - name: Check for PCRE install
stat: ansible.builtin.stat:
path: /tmp/{{ pcre_version }} path: /tmp/{{ pcre_version }}
register: pcre_result register: pcre_result
- name: Check for ZLib install - name: Check for ZLib install
stat: ansible.builtin.stat:
path: /tmp/{{ zlib_version }} path: /tmp/{{ zlib_version }}
register: zlib_result register: zlib_result
- name: Check for OpenSSL install - name: Check for OpenSSL install
stat: ansible.builtin.stat:
path: /tmp/{{ openssl_version }} path: /tmp/{{ openssl_version }}
register: openssl_result register: openssl_result
- name: (CentOS/RHEL) Install PCRE dependency from package - name: (CentOS/RHEL) Install PCRE dependency from package
yum: ansible.builtin.yum:
name: pcre-devel name: pcre-devel
update_cache: true update_cache: true
when: when:
@ -110,7 +110,7 @@
- ansible_facts['os_family'] == "RedHat" - ansible_facts['os_family'] == "RedHat"
- name: (Debian/Ubuntu) Install PCRE dependency from package - name: (Debian/Ubuntu) Install PCRE dependency from package
apt: ansible.builtin.apt:
name: libpcre3-dev name: libpcre3-dev
update_cache: true update_cache: true
when: when:
@ -128,21 +128,21 @@
- name: Install PCRE dependence from source - name: Install PCRE dependence from source
block: block:
- name: Download PCRE dependency - name: Download PCRE dependency
get_url: ansible.builtin.get_url:
url: "https://ftp.exim.org/pub/pcre/{{ pcre_version }}.tar.gz" url: "https://ftp.exim.org/pub/pcre/{{ pcre_version }}.tar.gz"
dest: "/tmp/{{ pcre_version }}.tar.gz" dest: "/tmp/{{ pcre_version }}.tar.gz"
mode: 0600 mode: 0600
register: pcre_source register: pcre_source
- name: Unpack PCRE dependency - name: Unpack PCRE dependency
unarchive: ansible.builtin.unarchive:
copy: false copy: false
dest: /tmp/ dest: /tmp/
src: "{{ pcre_source.dest }}" src: "{{ pcre_source.dest }}"
mode: 0700 mode: 0700
- name: Configure PCRE dependency - name: Configure PCRE dependency
command: ./configure ansible.builtin.command: ./configure
args: args:
chdir: "/tmp/{{ pcre_version }}" chdir: "/tmp/{{ pcre_version }}"
creates: "/tmp/makefile" creates: "/tmp/makefile"
@ -161,7 +161,7 @@
- not ansible_check_mode | bool - not ansible_check_mode | bool
- name: (CentOS/RHEL) Install ZLib dependency from package - name: (CentOS/RHEL) Install ZLib dependency from package
yum: ansible.builtin.yum:
name: zlib-devel name: zlib-devel
update_cache: true update_cache: true
when: when:
@ -169,7 +169,7 @@
- ansible_facts['os_family'] == "RedHat" - ansible_facts['os_family'] == "RedHat"
- name: (Debian/Ubuntu) Install ZLib dependency from package - name: (Debian/Ubuntu) Install ZLib dependency from package
apt: ansible.builtin.apt:
name: zlib1g-dev name: zlib1g-dev
update_cache: true update_cache: true
when: when:
@ -187,21 +187,21 @@
- name: Install ZLib dependency from source - name: Install ZLib dependency from source
block: block:
- name: Download ZLib dependency - name: Download ZLib dependency
get_url: ansible.builtin.get_url:
url: "https://zlib.net/{{ zlib_version }}.tar.gz" url: "https://zlib.net/{{ zlib_version }}.tar.gz"
dest: "/tmp/{{ zlib_version }}.tar.gz" dest: "/tmp/{{ zlib_version }}.tar.gz"
mode: 0600 mode: 0600
register: zlib_source register: zlib_source
- name: Unpack ZLib dependency - name: Unpack ZLib dependency
unarchive: ansible.builtin.unarchive:
copy: false copy: false
dest: /tmp/ dest: /tmp/
src: "{{ zlib_source.dest }}" src: "{{ zlib_source.dest }}"
mode: 0700 mode: 0700
- name: Configure ZLib dependency - name: Configure ZLib dependency
command: ./configure ansible.builtin.command: ./configure
args: args:
chdir: "/tmp/{{ zlib_version }}" chdir: "/tmp/{{ zlib_version }}"
creates: "/tmp/makefile" creates: "/tmp/makefile"
@ -220,7 +220,7 @@
- not ansible_check_mode | bool - not ansible_check_mode | bool
- name: (CentOS/RHEL) Install OpenSSL dependency from package - name: (CentOS/RHEL) Install OpenSSL dependency from package
yum: ansible.builtin.yum:
name: openssl-devel name: openssl-devel
update_cache: true update_cache: true
when: when:
@ -228,7 +228,7 @@
- ansible_facts['os_family'] == "RedHat" - ansible_facts['os_family'] == "RedHat"
- name: (Debian/Ubuntu) Install OpenSSL dependency from package - name: (Debian/Ubuntu) Install OpenSSL dependency from package
apt: ansible.builtin.apt:
name: libssl-dev name: libssl-dev
update_cache: true update_cache: true
when: when:
@ -246,21 +246,21 @@
- name: Install OpenSSL dependency from source - name: Install OpenSSL dependency from source
block: block:
- name: Download OpenSSL dependency - name: Download OpenSSL dependency
get_url: ansible.builtin.get_url:
url: "https://www.openssl.org/source/{{ openssl_version }}.tar.gz" url: "https://www.openssl.org/source/{{ openssl_version }}.tar.gz"
dest: "/tmp/{{ openssl_version }}.tar.gz" dest: "/tmp/{{ openssl_version }}.tar.gz"
mode: 0600 mode: 0600
register: openssl_source register: openssl_source
- name: Unpack OpenSSL dependency - name: Unpack OpenSSL dependency
unarchive: ansible.builtin.unarchive:
copy: false copy: false
dest: /tmp/ dest: /tmp/
src: "{{ openssl_source.dest }}" src: "{{ openssl_source.dest }}"
mode: 0700 mode: 0700
- name: Configure OpenSSL dependency - name: Configure OpenSSL dependency
command: ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib ansible.builtin.command: ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
args: args:
chdir: "/tmp/{{ openssl_version }}" chdir: "/tmp/{{ openssl_version }}"
creates: "/tmp/makefile" creates: "/tmp/makefile"
@ -281,49 +281,49 @@
- name: Get NGINX version - name: Get NGINX version
block: block:
- name: Fetch NGINX version - name: Fetch NGINX version
uri: ansible.builtin.uri:
url: https://version.nginx.com/nginx/{{ nginx_branch }} url: https://version.nginx.com/nginx/{{ nginx_branch }}
return_content: true return_content: true
check_mode: false check_mode: false
register: nginx_versions register: nginx_versions
- name: Set NGINX version - name: Set NGINX version
set_fact: ansible.builtin.set_fact:
nginx_version: "{{ 'nginx-' + (nginx_versions.content | regex_search('([0-9]+\\.){2}[0-9]+')) }}" nginx_version: "{{ 'nginx-' + (nginx_versions.content | regex_search('([0-9]+\\.){2}[0-9]+')) }}"
- name: Check for NGINX install - name: Check for NGINX install
stat: ansible.builtin.stat:
path: /usr/sbin/nginx path: /usr/sbin/nginx
follow: true follow: true
register: nginx_result register: nginx_result
- name: Add NGINX user - name: Add NGINX user
user: ansible.builtin.user:
name: nginx name: nginx
- name: Install NGINX - name: Install NGINX
block: block:
- name: Download NGINX - name: Download NGINX
get_url: ansible.builtin.get_url:
url: "https://nginx.org/download/{{ nginx_version }}.tar.gz" url: "https://nginx.org/download/{{ nginx_version }}.tar.gz"
dest: "/tmp/{{ nginx_version }}.tar.gz" dest: "/tmp/{{ nginx_version }}.tar.gz"
mode: 0600 mode: 0600
register: nginx_source register: nginx_source
- name: Unpack NGINX - name: Unpack NGINX
unarchive: ansible.builtin.unarchive:
copy: false copy: false
dest: /tmp/ dest: /tmp/
src: "{{ nginx_source.dest }}" src: "{{ nginx_source.dest }}"
mode: 0755 mode: 0755
- name: Set static modules - name: Set static modules
set_fact: ansible.builtin.set_fact:
nginx_install_source_static_modules: "{{ nginx_install_source_static_modules | default('') + ' --with-' + item }}" nginx_install_source_static_modules: "{{ nginx_install_source_static_modules | default('') + ' --with-' + item }}"
loop: "{{ nginx_static_modules }}" loop: "{{ nginx_static_modules }}"
- name: Configure NGINX - name: Configure NGINX
command: >- ansible.builtin.command: >-
./configure ./configure
--conf-path=/etc/nginx/nginx.conf --conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log --error-log-path=/var/log/nginx/error.log
@ -353,7 +353,7 @@
target: install target: install
- name: Upload systemd NGINX service file - name: Upload systemd NGINX service file
copy: ansible.builtin.copy:
src: services/nginx.systemd src: services/nginx.systemd
dest: /lib/systemd/system/nginx.service dest: /lib/systemd/system/nginx.service
owner: root owner: root
@ -362,7 +362,7 @@
when: ansible_facts['service_mgr'] == "systemd" when: ansible_facts['service_mgr'] == "systemd"
- name: Enable systemd NGINX service file - name: Enable systemd NGINX service file
systemd: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true
name: nginx name: nginx
state: restarted state: restarted
@ -371,7 +371,7 @@
notify: "(Handler) Run NGINX" notify: "(Handler) Run NGINX"
- name: Upload upstart NGINX service file - name: Upload upstart NGINX service file
copy: ansible.builtin.copy:
src: services/nginx.upstart src: services/nginx.upstart
dest: /etc/init.d/nginx dest: /etc/init.d/nginx
owner: root owner: root
@ -380,7 +380,7 @@
when: ansible_facts['service_mgr'] == "upstart" when: ansible_facts['service_mgr'] == "upstart"
- name: Upload Upstart NGINX service conf file - name: Upload Upstart NGINX service conf file
copy: ansible.builtin.copy:
src: services/nginx.conf.upstart src: services/nginx.conf.upstart
dest: /etc/init/nginx.conf dest: /etc/init/nginx.conf
owner: root owner: root
@ -389,16 +389,16 @@
when: ansible_facts['service_mgr'] == "upstart" when: ansible_facts['service_mgr'] == "upstart"
- name: Enable Upstart NGINX service reload - name: Enable Upstart NGINX service reload
command: initctl reload-configuration ansible.builtin.command: initctl reload-configuration
when: ansible_facts['service_mgr'] == "upstart" when: ansible_facts['service_mgr'] == "upstart"
- name: Start Upstart NGINX service reload - name: Start Upstart NGINX service reload
command: nginx ansible.builtin.command: nginx
when: ansible_facts['service_mgr'] == "upstart" when: ansible_facts['service_mgr'] == "upstart"
notify: "(Handler) Run NGINX" notify: "(Handler) Run NGINX"
- name: Upload SysVinit NGINX service file - name: Upload SysVinit NGINX service file
copy: ansible.builtin.copy:
src: services/nginx.sysvinit src: services/nginx.sysvinit
dest: /etc/init.d/nginx dest: /etc/init.d/nginx
owner: root owner: root
@ -408,7 +408,7 @@
notify: "(Handler) Run NGINX" notify: "(Handler) Run NGINX"
- name: Upload OpenRC NGINX service file - name: Upload OpenRC NGINX service file
copy: ansible.builtin.copy:
src: services/nginx.openrc src: services/nginx.openrc
dest: /etc/init.d/nginx dest: /etc/init.d/nginx
owner: root owner: root
@ -417,7 +417,7 @@
when: ansible_facts['service_mgr'] == "openrc" when: ansible_facts['service_mgr'] == "openrc"
- name: Enable OpenRC NGINX service - name: Enable OpenRC NGINX service
command: rc-update add nginx default ansible.builtin.command: rc-update add nginx default
when: ansible_facts['service_mgr'] == "openrc" when: ansible_facts['service_mgr'] == "openrc"
notify: (Handler) Run NGINX notify: (Handler) Run NGINX
when: when:
@ -425,7 +425,7 @@
- not ansible_check_mode | bool - not ansible_check_mode | bool
- name: Cleanup downloads - name: Cleanup downloads
file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent
loop: loop:

2
tasks/plus/install-alpine.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: (Alpine Linux) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository - name: (Alpine Linux) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository
lineinfile: ansible.builtin.lineinfile:
path: /etc/apk/repositories path: /etc/apk/repositories
insertafter: EOF insertafter: EOF
line: "{{ nginx_repository | default(nginx_plus_default_repository_alpine) }}" line: "{{ nginx_repository | default(nginx_plus_default_repository_alpine) }}"

6
tasks/plus/install-debian.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: (Debian/Ubuntu) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus license verification - name: (Debian/Ubuntu) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus license verification
blockinfile: ansible.builtin.blockinfile:
path: /etc/apt/apt.conf.d/90nginx path: /etc/apt/apt.conf.d/90nginx
create: true create: true
block: | block: |
@ -12,7 +12,7 @@
mode: 0444 mode: 0444
- name: (Debian/Ubuntu) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository - name: (Debian/Ubuntu) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository
apt_repository: ansible.builtin.apt_repository:
filename: nginx-plus filename: nginx-plus
repo: "{{ nginx_repository | default(nginx_plus_default_repository_debian) }}" repo: "{{ nginx_repository | default(nginx_plus_default_repository_debian) }}"
update_cache: false update_cache: false
@ -21,7 +21,7 @@
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (Debian/Ubuntu) {{ nginx_setup | capitalize }} NGINX Plus - name: (Debian/Ubuntu) {{ nginx_setup | capitalize }} NGINX Plus
apt: ansible.builtin.apt:
name: "nginx-plus{{ nginx_version | default('') }}" name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
update_cache: true update_cache: true

4
tasks/plus/install-freebsd.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: (FreeBSD) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus license verification - name: (FreeBSD) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus license verification
blockinfile: ansible.builtin.blockinfile:
path: /usr/local/etc/pkg.conf path: /usr/local/etc/pkg.conf
block: | block: |
PKG_ENV: { SSL_NO_VERIFY_PEER: "1", PKG_ENV: { SSL_NO_VERIFY_PEER: "1",
@ -9,7 +9,7 @@
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default ('present') }}"
- name: (FreeBSD) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository - name: (FreeBSD) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository
blockinfile: ansible.builtin.blockinfile:
path: /etc/pkg/nginx-plus.conf path: /etc/pkg/nginx-plus.conf
create: true create: true
block: | block: |

4
tasks/plus/install-redhat.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL) {{ (nginx_license_status is defined or nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX Plus repository - name: (Amazon Linux/CentOS/Oracle Linux/RHEL) {{ (nginx_license_status is defined or nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX Plus repository
yum_repository: ansible.builtin.yum_repository:
name: nginx-plus name: nginx-plus
baseurl: "{{ nginx_repository | baseurl: "{{ nginx_repository |
default(lookup('vars', 'nginx_plus_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) }}" default(lookup('vars', 'nginx_plus_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) }}"
@ -14,7 +14,7 @@
when: nginx_manage_repo | bool when: nginx_manage_repo | bool
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL) {{ nginx_setup | capitalize }} NGINX Plus - name: (Amazon Linux/CentOS/Oracle Linux/RHEL) {{ nginx_setup | capitalize }} NGINX Plus
yum: ansible.builtin.yum:
name: "nginx-plus{{ nginx_version | default('') }}" name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
update_cache: true update_cache: true

8
tasks/plus/remove-license.yml
View File

@ -1,16 +1,16 @@
--- ---
- name: Set NGINX Plus license state to absent - name: Set NGINX Plus license state to absent
set_fact: ansible.builtin.set_fact:
nginx_license_status: absent nginx_license_status: absent
- name: (Debian/Red Hat/SLES OSs) Delete NGINX Plus license - name: (Debian/Red Hat/SLES OSs) Delete NGINX Plus license
file: ansible.builtin.file:
path: /etc/ssl/nginx path: /etc/ssl/nginx
state: absent state: absent
when: ansible_facts['distribution'] != "Alpine" when: ansible_facts['distribution'] != "Alpine"
- name: (Alpine Linux) Delete NGINX Plus license - name: (Alpine Linux) Delete NGINX Plus license
file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent
loop: loop:
@ -19,4 +19,4 @@
when: ansible_facts['distribution'] == "Alpine" when: ansible_facts['distribution'] == "Alpine"
- name: Remove NGINX Plus repository data - name: Remove NGINX Plus repository data
include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml"

12
tasks/plus/setup-license.yml
View File

@ -2,13 +2,13 @@
- name: (Debian/Red Hat/SLES OSs) Set up NGINX Plus license - name: (Debian/Red Hat/SLES OSs) Set up NGINX Plus license
block: block:
- name: (Debian/Red Hat/SLES OSs) Create SSL directory - name: (Debian/Red Hat/SLES OSs) Create SSL directory
file: ansible.builtin.file:
path: /etc/ssl/nginx path: /etc/ssl/nginx
state: directory state: directory
mode: 0755 mode: 0755
- name: (Debian/Red Hat/SLES OSs) Copy NGINX Plus certificate and license key - name: (Debian/Red Hat/SLES OSs) Copy NGINX Plus certificate and license key
copy: ansible.builtin.copy:
src: "{{ item }}" src: "{{ item }}"
dest: /etc/ssl/nginx dest: /etc/ssl/nginx
decrypt: true decrypt: true
@ -21,20 +21,20 @@
- name: (Alpine Linux) Set up NGINX Plus license - name: (Alpine Linux) Set up NGINX Plus license
block: block:
- name: (Alpine Linux) Create APK directory - name: (Alpine Linux) Create APK directory
file: ansible.builtin.file:
path: /etc/apk path: /etc/apk
state: directory state: directory
mode: 0755 mode: 0755
- name: (Alpine Linux) Copy NGINX Plus key - name: (Alpine Linux) Copy NGINX Plus key
copy: ansible.builtin.copy:
src: "{{ nginx_license['key'] }}" src: "{{ nginx_license['key'] }}"
dest: /etc/apk/cert.key dest: /etc/apk/cert.key
decrypt: true decrypt: true
mode: 0444 mode: 0444
- name: (Alpine Linux) Copy NGINX Plus certificate - name: (Alpine Linux) Copy NGINX Plus certificate
copy: ansible.builtin.copy:
src: "{{ nginx_license['certificate'] }}" src: "{{ nginx_license['certificate'] }}"
dest: /etc/apk/cert.pem dest: /etc/apk/cert.pem
decrypt: true decrypt: true
@ -42,7 +42,7 @@
when: ansible_facts['os_family'] == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: (SLES) Combine NGINX Plus certificate and license key - name: (SLES) Combine NGINX Plus certificate and license key
assemble: ansible.builtin.assemble:
src: /etc/ssl/nginx src: /etc/ssl/nginx
dest: /etc/ssl/nginx/nginx-repo-bundle.crt dest: /etc/ssl/nginx/nginx-repo-bundle.crt
mode: 0444 mode: 0444

4
tasks/prerequisites/install-dependencies.yml
View File

@ -7,14 +7,14 @@
when: ansible_facts['os_family'] == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: (Debian/Ubuntu) Install dependencies - name: (Debian/Ubuntu) Install dependencies
apt: ansible.builtin.apt:
name: "{{ nginx_debian_dependencies }}" name: "{{ nginx_debian_dependencies }}"
update_cache: true update_cache: true
state: latest # noqa package-latest state: latest # noqa package-latest
when: ansible_facts['os_family'] == "Debian" when: ansible_facts['os_family'] == "Debian"
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies - name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies
yum: ansible.builtin.yum:
name: "{{ nginx_redhat_dependencies }}" name: "{{ nginx_redhat_dependencies }}"
update_cache: true update_cache: true
state: latest # noqa package-latest state: latest # noqa package-latest

6
tasks/prerequisites/prerequisites.yml
View File

@ -1,16 +1,16 @@
--- ---
- name: Install dependencies - name: Install dependencies
include_tasks: "{{ role_path }}/tasks/prerequisites/install-dependencies.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/prerequisites/install-dependencies.yml"
- name: Set up SELinux - name: Set up SELinux
block: block:
- name: Check if SELinux is enabled - name: Check if SELinux is enabled
debug: ansible.builtin.debug:
msg: You need to enable SELinux, if it was disabled you need to reboot msg: You need to enable SELinux, if it was disabled you need to reboot
when: ansible_facts['selinux'] is undefined when: ansible_facts['selinux'] is undefined
- name: Configure SELinux - name: Configure SELinux
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
when: ansible_facts['selinux']['mode'] is defined when: ansible_facts['selinux']['mode'] is defined
when: when:
- nginx_selinux | bool - nginx_selinux | bool

14
tasks/prerequisites/setup-selinux.yml
View File

@ -1,15 +1,15 @@
--- ---
- name: (CentOS/RHEL) Install dependencies - name: (CentOS/RHEL) Install dependencies
block: block:
- name: (CentOS/RHEL 6/7) Install dependencies - name: (CentOS/RHEL 7) Install dependencies
yum: ansible.builtin.yum:
name: name:
- policycoreutils-python - policycoreutils-python
- setools - setools
when: ansible_facts['distribution_major_version'] is version('8', '!=') when: ansible_facts['distribution_major_version'] is version('8', '!=')
- name: (RHEL 8) Install dependencies - name: (RHEL 8) Install dependencies
yum: ansible.builtin.yum:
name: name:
- libselinux-utils - libselinux-utils
- policycoreutils - policycoreutils
@ -51,26 +51,26 @@
when: nginx_selinux_udp_ports is defined when: nginx_selinux_udp_ports is defined
- name: Create SELinux NGINX Plus module - name: Create SELinux NGINX Plus module
template: ansible.builtin.template:
src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2" src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2"
dest: "{{ nginx_selinux_tempdir }}/nginx-plus-module.te" dest: "{{ nginx_selinux_tempdir }}/nginx-plus-module.te"
mode: 0644 mode: 0644
register: nginx_selinux_module register: nginx_selinux_module
- name: Check SELinux NGINX Plus module - name: Check SELinux NGINX Plus module
command: "checkmodule -M -m -o {{ nginx_selinux_tempdir }}/nginx-plus-module.mod {{ nginx_selinux_tempdir }}/nginx-plus-module.te" ansible.builtin.command: "checkmodule -M -m -o {{ nginx_selinux_tempdir }}/nginx-plus-module.mod {{ nginx_selinux_tempdir }}/nginx-plus-module.te"
args: args:
creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.mod" creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.mod"
changed_when: false changed_when: false
- name: Compile SELinux NGINX Plus module - name: Compile SELinux NGINX Plus module
command: "semodule_package -o {{ nginx_selinux_tempdir }}/nginx-plus-module.pp -m {{ nginx_selinux_tempdir }}/nginx-plus-module.mod" ansible.builtin.command: "semodule_package -o {{ nginx_selinux_tempdir }}/nginx-plus-module.pp -m {{ nginx_selinux_tempdir }}/nginx-plus-module.mod"
args: args:
creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.pp" creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.pp"
changed_when: false changed_when: false
- name: Import SELinux NGINX Plus module - name: Import SELinux NGINX Plus module
command: "semodule -i {{ nginx_selinux_tempdir }}/nginx-plus-module.pp" # noqa no-handler ansible.builtin.command: "semodule -i {{ nginx_selinux_tempdir }}/nginx-plus-module.pp" # noqa no-handler
changed_when: false changed_when: false
when: nginx_selinux_module.changed | bool when: nginx_selinux_module.changed | bool