--- - name: Check for build tools block: - name: (CentOS/RHEL 8) Setup Python 3 block: - name: (CentOS/RHEL 8) Install Python 3 yum: name: - python3 - python3-pip - python3-devel update_cache: yes - name: (Centos/RHEL 8) Set Python 3 as default alternatives: name: python path: /usr/bin/python3 link: /usr/bin/python when: - ansible_facts['os_family'] == "RedHat" - ansible_facts['distribution_major_version'] is version('8', '==') - name: (Centos/RHEL) Install build tools yum: name: - "@Development tools" - ca-certificates - gcc - gd - gd-devel - glibc - glibc-common - perl-core - wget - zlib-devel update_cache: yes when: ansible_facts['os_family'] == "RedHat" - name: (Debian) Install backports repo for 'buster' apt_repository: filename: buster-backports repo: deb http://ftp.us.debian.org/debian buster-backports main update_cache: yes mode: 0644 when: ansible_facts['distribution_release'] == "buster" - name: (Debian/Ubuntu) Install build tools apt: name: - build-essential - checkinstall - libtemplate-perl - python3-minimal - perl - tar - zlib1g-dev update_cache: yes when: ansible_facts['os_family'] == "Debian" - name: (Alpine Linux) Install build tools apk: name: - alpine-sdk - build-base - git - openrc - perl - python3 - linux-headers - tar - wget update_cache: yes when: ansible_facts['os_family'] == "Alpine" - name: (Alpine Linux) Enable OpenRC copy: content: "" dest: /run/openrc/softlevel force: no owner: root mode: 0644 when: ansible_facts['os_family'] == "Alpine" when: nginx_install_source_build_tools | bool - name: Check for source installs block: - name: Check for PCRE install stat: path: /tmp/{{ pcre_version }} register: pcre_result - name: Check for ZLib install stat: path: /tmp/{{ zlib_version }} register: zlib_result - name: Check for OpenSSL install stat: path: /tmp/{{ openssl_version }} register: openssl_result - name: (CentOS/RHEL) Install PCRE dependency from package yum: name: pcre-devel update_cache: yes when: - nginx_install_source_pcre | bool - ansible_facts['os_family'] == "RedHat" - name: (Debian/Ubuntu) Install PCRE dependency from package apt: name: libpcre3-dev update_cache: yes when: - nginx_install_source_pcre | bool - ansible_facts['os_family'] == "Debian" - name: (Alpine Linux) Install PCRE dependency from package apk: name: pcre-dev update_cache: yes when: - nginx_install_source_pcre | bool - ansible_facts['os_family'] == "Alpine" - name: Install PCRE dependence from source block: - name: Download PCRE dependency get_url: url: "https://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz" dest: "/tmp/{{ pcre_version }}.tar.gz" mode: 0600 validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}" register: pcre_source - name: Unpack PCRE dependency unarchive: copy: no dest: /tmp/ src: "{{ pcre_source.dest }}" mode: 0700 - name: Configure PCRE dependency command: ./configure args: chdir: "/tmp/{{ pcre_version }}" - name: Make PCRE dependency make: chdir: "/tmp/{{ pcre_version }}" - name: Install PCRE dependency make: chdir: "/tmp/{{ pcre_version }}" target: install when: - not pcre_result.stat.exists | bool - not nginx_install_source_pcre | bool - not ansible_check_mode | bool - name: (Centos/RHEL) Install ZLib dependency from package yum: name: zlib-devel update_cache: yes when: - nginx_install_source_zlib | bool - ansible_facts['os_family'] == "RedHat" - name: (Debian/Ubuntu) Install ZLib dependency from package apt: name: zlib1g-dev update_cache: true when: - nginx_install_source_zlib | bool - ansible_facts['os_family'] == "Debian" - name: (Alpine Linux) Install ZLib dependency from package apk: name: zlib-dev update_cache: yes when: - nginx_install_source_zlib | bool - ansible_facts['os_family'] == "Alpine" - name: Install ZLib dependency from source block: - name: Download ZLib dependency get_url: url: "https://zlib.net/{{ zlib_version }}.tar.gz" dest: "/tmp/{{ zlib_version }}.tar.gz" mode: 0600 validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}" register: zlib_source - name: Unpack ZLib dependency unarchive: copy: no dest: /tmp/ src: "{{ zlib_source.dest }}" mode: 0700 - name: Configure ZLib dependency command: ./configure args: chdir: "/tmp/{{ zlib_version }}" - name: Make ZLib dependency make: chdir: "/tmp/{{ zlib_version }}" - name: Install ZLib dependency make: chdir: "/tmp/{{ zlib_version }}" target: install when: - not zlib_result.stat.exists | bool - not nginx_install_source_zlib | bool - not ansible_check_mode | bool - name: (CentOS/RHEL) Install OpenSSL dependency from package yum: name: openssl-devel update_cache: yes when: - nginx_install_source_openssl | bool - ansible_facts['os_family'] == "RedHat" - name: (Debian/Ubuntu) Install OpenSSL dependency from package apt: name: libssl-dev update_cache: yes when: - nginx_install_source_openssl | bool - ansible_facts['os_family'] == "Debian" - name: (Alpine Linux) Install OpenSSL dependency from package apk: name: openssl-dev update_cache: yes when: - nginx_install_source_openssl | bool - ansible_facts['os_family'] == "Alpine" - name: Install OpenSSL dependency from source block: - name: Download OpenSSL dependency get_url: url: "https://www.openssl.org/source/{{ openssl_version }}.tar.gz" dest: "/tmp/{{ openssl_version }}.tar.gz" mode: 0600 validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}" register: openssl_source - name: Unpack OpenSSL dependency unarchive: copy: no dest: /tmp/ src: "{{ openssl_source.dest }}" mode: 0700 - name: Configure OpenSSL dependency command: ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib args: chdir: "/tmp/{{ openssl_version }}" - name: Make OpenSSL dependency make: chdir: "/tmp/{{ openssl_version }}" - name: Install OpenSSL dependency make: chdir: "/tmp/{{ openssl_version }}" target: install when: - not openssl_result.stat.exists | bool - not nginx_install_source_openssl | bool - not ansible_check_mode | bool - name: Get NGINX version block: - name: Fetch NGINX version uri: url: https://version.nginx.com/nginx/{{ nginx_branch }} return_content: yes validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}" check_mode: no register: nginx_versions - name: Set NGINX version set_fact: nginx_version: "{{ 'nginx-' + (nginx_versions.content | regex_search('([0-9]+\\.){2}[0-9]+')) }}" - name: Check for NGINX install stat: path: /usr/sbin/nginx follow: yes register: nginx_result - name: Add NGINX user user: name: nginx - name: Install NGINX block: - name: Download NGINX get_url: url: "https://nginx.org/download/{{ nginx_version }}.tar.gz" dest: "/tmp/{{ nginx_version }}.tar.gz" mode: 0600 validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}" register: nginx_source - name: Unpack NGINX unarchive: copy: no dest: /tmp/ src: "{{ nginx_source.dest }}" mode: 0755 - name: Configure NGINX command: >- ./configure --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --modules-path=/usr/lib/nginx/modules --prefix=/usr --pid-path=/var/run/nginx.pid --with-http_ssl_module --with-mail=dynamic --with-stream {{ nginx_install_source_pcre | ternary('', '--with-pcre=../' + pcre_version) }} {{ nginx_install_source_zlib | ternary('', '--with-zlib=../' + zlib_version) }} {{ nginx_install_source_openssl | ternary('', '--with-openssl=../' + openssl_version) }} args: chdir: "/tmp/{{ nginx_version }}" register: nginx_configure - name: Make NGINX make: chdir: "/tmp/{{ nginx_version }}" - name: Install NGINX make: chdir: "/tmp/{{ nginx_version }}" target: install - name: Upload systemd NGINX service file copy: src: services/nginx.systemd dest: /lib/systemd/system/nginx.service owner: root group: root mode: 0644 when: ansible_facts['service_mgr'] == "systemd" - name: Enable systemd NGINX service file systemd: daemon_reload: yes name: nginx state: restarted enabled: yes when: ansible_facts['service_mgr'] == "systemd" notify: "(Handler) Run NGINX" - name: Upload upstart NGINX service file copy: src: services/nginx.upstart dest: /etc/init.d/nginx owner: root group: root mode: 0755 when: ansible_facts['service_mgr'] == "upstart" - name: Upload Upstart NGINX service conf file copy: src: services/nginx.conf.upstart dest: /etc/init/nginx.conf owner: root group: root mode: 0644 when: ansible_facts['service_mgr'] == "upstart" - name: Enable Upstart NGINX service reload command: initctl reload-configuration when: ansible_facts['service_mgr'] == "upstart" - name: Start Upstart NGINX service reload command: nginx when: ansible_facts['service_mgr'] == "upstart" notify: "(Handler) Run NGINX" - name: Upload SysVinit NGINX service file copy: src: services/nginx.sysvinit dest: /etc/init.d/nginx owner: root group: root mode: 0755 when: ansible_facts['service_mgr'] == "sysvinit" notify: "(Handler) Run NGINX" - name: Upload OpenRC NGINX service file copy: src: services/nginx.openrc dest: /etc/init.d/nginx owner: root group: root mode: 0755 when: ansible_facts['service_mgr'] == "openrc" - name: Enable OpenRC NGINX service command: rc-update add nginx default when: ansible_facts['service_mgr'] == "openrc" notify: (Handler) Run NGINX when: - not nginx_result.stat.exists | bool - not ansible_check_mode | bool - name: Cleanup downloads file: path: "{{ item }}" state: absent loop: - "{{ pcre_source.dest }}" - "{{ zlib_source.dest }}" - "{{ openssl_source.dest }}" - "{{ nginx_source.dest }}" when: item is defined