From 2bf8c497281a379d27c8f10901b1a11fe1a74aaa Mon Sep 17 00:00:00 2001 From: "ansible-code-bot[bot]" <145416087+ansible-code-bot[bot]@users.noreply.github.com> Date: Thu, 3 Oct 2024 18:23:51 +0000 Subject: [PATCH] Fix ansible-lint rule violations --- defaults/main/agent.yml | 2 - defaults/main/amplify.yml | 2 +- defaults/main/logrotate.yml | 2 +- meta/main.yml | 2 +- molecule/agent/cleanup.yml | 3 +- molecule/agent/converge.yml | 4 +- molecule/downgrade-plus/converge.yml | 3 +- molecule/downgrade-plus/molecule.yml | 16 ++++---- molecule/downgrade/converge.yml | 3 +- molecule/upgrade-plus/molecule.yml | 16 ++++---- molecule/upgrade-plus/prepare.yml | 3 +- molecule/upgrade/prepare.yml | 3 +- molecule/version/converge.yml | 6 ++- tasks/agent/install-agent.yml | 5 ++- tasks/agent/setup-debian.yml | 3 +- tasks/agent/setup-redhat.yml | 3 +- tasks/amplify/setup-debian.yml | 3 +- tasks/main.yml | 3 +- tasks/modules/install-modules.yml | 31 +++++++------- tasks/opensource/install-redhat.yml | 3 +- tasks/opensource/install-source.yml | 3 +- tasks/plus/install-redhat.yml | 6 ++- tasks/plus/setup-license.yml | 2 +- tasks/validate/validate.yml | 20 +++++++--- vars/main.yml | 60 ++++++++++++++++++---------- 25 files changed, 122 insertions(+), 85 deletions(-) diff --git a/defaults/main/agent.yml b/defaults/main/agent.yml index de693da0c6..0f62e69912 100644 --- a/defaults/main/agent.yml +++ b/defaults/main/agent.yml @@ -3,7 +3,6 @@ # Requires access to either the NGINX stub_status or the NGINX Plus REST API. nginx_agent_enable: false - ######################################################################################################################## # The following parameters let you configure the static configuration file of NGINX Agent. # # By default, the config produced is as close a match to the default config provided by NGINX Agent upon installation. # @@ -86,7 +85,6 @@ nginx_agent_metrics: # report_interval: 15s # precompiled_publication: true - ############################################################################################# # The following parameters let you configure the dynamic configuration file of NGINX Agent. # # By default, nothing is configured. # diff --git a/defaults/main/amplify.yml b/defaults/main/amplify.yml index 872bd8b8e1..ae2dfc1dae 100644 --- a/defaults/main/amplify.yml +++ b/defaults/main/amplify.yml @@ -4,4 +4,4 @@ # Use your NGINX Amplify API key. # Default is null. nginx_amplify_enable: false -nginx_amplify_api_key: null +nginx_amplify_api_key: diff --git a/defaults/main/logrotate.yml b/defaults/main/logrotate.yml index 5e8f8dedb5..4716d6c2f2 100644 --- a/defaults/main/logrotate.yml +++ b/defaults/main/logrotate.yml @@ -3,7 +3,7 @@ nginx_logrotate_conf_enable: false nginx_logrotate_conf: paths: /var/log/nginx/*.log # String or list of strings - # - /var/log/nginx/*.log + # - /var/log/nginx/*.log options: # daily # String or a list of strings - daily - missingok diff --git a/meta/main.yml b/meta/main.yml index 3003173d02..d8481839ad 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -7,7 +7,7 @@ galaxy_info: license: Apache License, Version 2.0 - min_ansible_version: '2.16' + min_ansible_version: "2.16" galaxy_tags: - nginx diff --git a/molecule/agent/cleanup.yml b/molecule/agent/cleanup.yml index a265c8dca0..b4e2db2451 100644 --- a/molecule/agent/cleanup.yml +++ b/molecule/agent/cleanup.yml @@ -25,7 +25,8 @@ - name: Get list of NGINX One dangling instance IDs ansible.builtin.uri: - url: https://{{ lookup('env', 'ONE_TENANT') }}.console.ves.volterra.io/api/nginx/one/namespaces/default/instances?paginated=false&filter_fields=hostname&filter_ops=IN&filter_values=almalinux-8|almalinux-9|alpine-3.17|alpine-3.18|alpine-3.19|alpine-3.20|amazonlinux-2|amazonlinux-2023|debian-bullseye|debian-bookworm|oraclelinux-8|oraclelinux-9|rhel-8|rhel-9|rockylinux-8|rockylinux-9|sles-15|ubuntu-focal|ubuntu-jammy|ubuntu-noble + url: https://{{ lookup('env', 'ONE_TENANT') + }}.console.ves.volterra.io/api/nginx/one/namespaces/default/instances?paginated=false&filter_fields=hostname&filter_ops=IN&filter_values=almalinux-8|almalinux-9|alpine-3.17|alpine-3.18|alpine-3.19|alpine-3.20|amazonlinux-2|amazonlinux-2023|debian-bullseye|debian-bookworm|oraclelinux-8|oraclelinux-9|rhel-8|rhel-9|rockylinux-8|rockylinux-9|sles-15|ubuntu-focal|ubuntu-jammy|ubuntu-noble method: GET headers: Authorization: APIToken {{ lookup('env', 'ONE_API_TOKEN') }} diff --git a/molecule/agent/converge.yml b/molecule/agent/converge.yml index 651a272998..dec5b62e47 100644 --- a/molecule/agent/converge.yml +++ b/molecule/agent/converge.yml @@ -21,10 +21,10 @@ treat_warnings_as_errors: false nginx_agent_config_dirs: '"/etc/nginx:/usr/local/etc/nginx:/usr/share/nginx/modules"' nginx_agent_queue_size: 100 - nginx_agent_extensions: ['metrics'] + nginx_agent_extensions: [metrics] nginx_agent_api: host: 127.0.0.1 port: 8081 nginx_agent_configure_dynamic: true nginx_agent_instance_group: ansible_instance_group - nginx_agent_tags: ['ansible', 'dev'] + nginx_agent_tags: [ansible, dev] diff --git a/molecule/downgrade-plus/converge.yml b/molecule/downgrade-plus/converge.yml index 24e73acb79..47e814d766 100644 --- a/molecule/downgrade-plus/converge.yml +++ b/molecule/downgrade-plus/converge.yml @@ -14,7 +14,8 @@ when: ansible_facts['os_family'] == "Debian" - name: Set repo if Red Hat ansible.builtin.set_fact: - version: -31-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx + version: -31-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] + | string)) }}.ngx cacheable: true when: ansible_facts['os_family'] == "RedHat" - name: Set repo if SLES diff --git a/molecule/downgrade-plus/molecule.yml b/molecule/downgrade-plus/molecule.yml index 9f014a2cb7..a34f47cfab 100644 --- a/molecule/downgrade-plus/molecule.yml +++ b/molecule/downgrade-plus/molecule.yml @@ -157,14 +157,14 @@ platforms: # Ubuntu noble only has one version of NGINX Plus available (at the m volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw command: /sbin/init - # - name: ubuntu-noble - # image: ubuntu:noble - # dockerfile: ../common/Dockerfile.j2 - # privileged: true - # cgroupns_mode: host - # volumes: - # - /sys/fs/cgroup:/sys/fs/cgroup:rw - # command: /sbin/init +# - name: ubuntu-noble +# image: ubuntu:noble +# dockerfile: ../common/Dockerfile.j2 +# privileged: true +# cgroupns_mode: host +# volumes: +# - /sys/fs/cgroup:/sys/fs/cgroup:rw +# command: /sbin/init provisioner: name: ansible playbooks: diff --git a/molecule/downgrade/converge.yml b/molecule/downgrade/converge.yml index 56a8c1e9ad..36b1330c2c 100644 --- a/molecule/downgrade/converge.yml +++ b/molecule/downgrade/converge.yml @@ -14,7 +14,8 @@ when: ansible_facts['os_family'] == "Debian" - name: Set repo if Red Hat ansible.builtin.set_fact: - version: -1.25.5-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx + version: -1.25.5-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] + | string)) }}.ngx cacheable: true when: ansible_facts['os_family'] == "RedHat" - name: Set repo if SLES diff --git a/molecule/upgrade-plus/molecule.yml b/molecule/upgrade-plus/molecule.yml index 9094c75a69..4fcfa7fa15 100644 --- a/molecule/upgrade-plus/molecule.yml +++ b/molecule/upgrade-plus/molecule.yml @@ -157,14 +157,14 @@ platforms: # Ubuntu noble only has one version of NGINX Plus available (at the m volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw command: /sbin/init - # - name: ubuntu-noble - # image: ubuntu:noble - # dockerfile: ../common/Dockerfile.j2 - # privileged: true - # cgroupns_mode: host - # volumes: - # - /sys/fs/cgroup:/sys/fs/cgroup:rw - # command: /sbin/init +# - name: ubuntu-noble +# image: ubuntu:noble +# dockerfile: ../common/Dockerfile.j2 +# privileged: true +# cgroupns_mode: host +# volumes: +# - /sys/fs/cgroup:/sys/fs/cgroup:rw +# command: /sbin/init provisioner: name: ansible playbooks: diff --git a/molecule/upgrade-plus/prepare.yml b/molecule/upgrade-plus/prepare.yml index 01cae639cc..dea10014b1 100644 --- a/molecule/upgrade-plus/prepare.yml +++ b/molecule/upgrade-plus/prepare.yml @@ -30,7 +30,8 @@ when: ansible_facts['os_family'] == "Debian" - name: Set repo if Red Hat ansible.builtin.set_fact: - version: -31-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx + version: -31-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] + | string)) }}.ngx when: ansible_facts['os_family'] == "RedHat" - name: Set repo if SLES ansible.builtin.set_fact: diff --git a/molecule/upgrade/prepare.yml b/molecule/upgrade/prepare.yml index e1da093a8c..5387692ac1 100644 --- a/molecule/upgrade/prepare.yml +++ b/molecule/upgrade/prepare.yml @@ -12,7 +12,8 @@ when: ansible_facts['os_family'] == "Debian" - name: Set repo if Red Hat ansible.builtin.set_fact: - version: -1.25.5-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx + version: -1.25.5-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] + | string)) }}.ngx when: ansible_facts['os_family'] == "RedHat" - name: Set repo if SLES ansible.builtin.set_fact: diff --git a/molecule/version/converge.yml b/molecule/version/converge.yml index dcecb549fb..59eacc2154 100644 --- a/molecule/version/converge.yml +++ b/molecule/version/converge.yml @@ -16,8 +16,10 @@ when: ansible_facts['os_family'] == "Debian" - name: Set repo if Red Hat ansible.builtin.set_fact: - ngx_version: -1.27.0-2.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx - njs_version: -1.27.0+0.8.5-2.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx + ngx_version: -1.27.0-2.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] + | string)) }}.ngx + njs_version: -1.27.0+0.8.5-2.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + + ansible_facts['distribution_major_version'] | string)) }}.ngx cacheable: true when: ansible_facts['os_family'] == "RedHat" - name: Set repo if SLES diff --git a/tasks/agent/install-agent.yml b/tasks/agent/install-agent.yml index 426fdefea3..043914e362 100644 --- a/tasks/agent/install-agent.yml +++ b/tasks/agent/install-agent.yml @@ -37,7 +37,7 @@ - name: Check if the NGINX Agent dynamic configuration file has been modified ansible.builtin.lineinfile: path: /var/lib/nginx-agent/agent-dynamic.conf - line: '# agent-dynamic.conf' + line: "# agent-dynamic.conf" state: present check_mode: true changed_when: false @@ -49,7 +49,8 @@ - name: Dynamically generate NGINX Agent dynamic configuration file if it has not been externally modified ansible.builtin.template: src: nginx-agent/agent-dynamic.conf.j2 - dest: "{{ (ansible_facts['system'] | lower is not search('bsd')) | ternary('/var/lib/nginx-agent/agent-dynamic.conf', '/var/db/nginx-agent/agent-dynamic.conf') }}" + dest: "{{ (ansible_facts['system'] | lower is not search('bsd')) | ternary('/var/lib/nginx-agent/agent-dynamic.conf', '/var/db/nginx-agent/agent-dynamic.conf') + }}" mode: "0644" backup: true when: diff --git a/tasks/agent/setup-debian.yml b/tasks/agent/setup-debian.yml index 8fb6a7d685..4bf660acc9 100644 --- a/tasks/agent/setup-debian.yml +++ b/tasks/agent/setup-debian.yml @@ -2,6 +2,7 @@ - name: (Debian/Ubuntu) Configure NGINX Agent repository ansible.builtin.apt_repository: filename: nginx-agent - repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.nginx.org/nginx-agent/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} agent + repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.nginx.org/nginx-agent/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] + | lower }} agent update_cache: true mode: "0644" diff --git a/tasks/agent/setup-redhat.yml b/tasks/agent/setup-redhat.yml index 384c507f5b..5cb6f7c8c9 100644 --- a/tasks/agent/setup-redhat.yml +++ b/tasks/agent/setup-redhat.yml @@ -3,7 +3,8 @@ ansible.builtin.yum_repository: name: nginx-agent file: nginx-agent - baseurl: https://packages.nginx.org/nginx-agent/{{ (ansible_facts['distribution'] == 'Amazon') | ternary((ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('amzn2', 'amzn'), 'centos') }}/{{ ansible_facts['distribution_major_version'] }}/$basearch + baseurl: https://packages.nginx.org/nginx-agent/{{ (ansible_facts['distribution'] == 'Amazon') | ternary((ansible_facts['distribution_major_version'] is version('2', + '==')) | ternary('amzn2', 'amzn'), 'centos') }}/{{ ansible_facts['distribution_major_version'] }}/$basearch description: NGINX Agent enabled: true gpgcheck: true diff --git a/tasks/amplify/setup-debian.yml b/tasks/amplify/setup-debian.yml index f7c76b812a..b9601a71db 100644 --- a/tasks/amplify/setup-debian.yml +++ b/tasks/amplify/setup-debian.yml @@ -2,6 +2,7 @@ - name: (Debian/Ubuntu) Add NGINX Amplify agent repository ansible.builtin.apt_repository: filename: nginx-amplify - repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.amplify.nginx.com/py3/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} amplify-agent + repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.amplify.nginx.com/py3/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] + | lower }} amplify-agent update_cache: true mode: "0644" diff --git a/tasks/main.yml b/tasks/main.yml index 87def845b4..ffc792732a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -10,8 +10,7 @@ - name: Set up signing keys ansible.builtin.include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml" - when: (nginx_enable | bool and nginx_install_from == 'nginx_repository') - or nginx_amplify_enable | bool + when: (nginx_enable | bool and nginx_install_from == 'nginx_repository') or nginx_amplify_enable | bool tags: nginx_key - name: "{{ nginx_setup | capitalize }} NGINX" diff --git a/tasks/modules/install-modules.yml b/tasks/modules/install-modules.yml index dcb6bcbdd2..c890257de4 100644 --- a/tasks/modules/install-modules.yml +++ b/tasks/modules/install-modules.yml @@ -27,23 +27,20 @@ - name: Install NGINX modules ansible.builtin.package: - name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item['name'] | default(item) }}\ - {{ (nginx_repository is not defined and ansible_facts['os_family'] == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}{{ item['version'] | default('') }}" + name: nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item['name'] | default(item) }}{{ (nginx_repository is not defined and ansible_facts['os_family'] + == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}{{ item['version'] | default('') }} state: "{{ item['state'] | default('present') }}" loop: "{{ nginx_modules }}" when: - - (item['name'] | default(item) in nginx_modules_list and nginx_type == 'opensource') - or (item['name'] | default(item) in nginx_plus_modules_list and nginx_type == 'plus') - - not (item['name'] | default(item) == 'brotli') - or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12', '==')) - - not (item['name'] | default(item) == "geoip") - or not ((ansible_facts['os_family'] == 'FreeBSD') - or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution'] != 'Amazon' and ansible_facts['distribution_major_version'] is version('8', '>=')) - or (ansible_facts['distribution'] == 'Amazon' and ansible_facts['distribution_major_version'] is version('2023', '=='))) - - not (item['name'] | default(item) == 'geoip2') - or not ((ansible_facts['os_family'] == 'Suse') - or (ansible_facts['distribution'] == 'Amazon' and ansible_facts['distribution_major_version'] is version('2', '=='))) - - not (item['name'] | default(item) == 'lua') - or not (ansible_facts['architecture'] == 's390x') - - not (item['name'] | default(item) == 'opentracing') - or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12', '==')) + - (item['name'] | default(item) in nginx_modules_list and nginx_type == 'opensource') or (item['name'] | default(item) in nginx_plus_modules_list and nginx_type + == 'plus') + - not (item['name'] | default(item) == 'brotli') or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12', + '==')) + - not (item['name'] | default(item) == "geoip") or not ((ansible_facts['os_family'] == 'FreeBSD') or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution'] + != 'Amazon' and ansible_facts['distribution_major_version'] is version('8', '>=')) or (ansible_facts['distribution'] == 'Amazon' and ansible_facts['distribution_major_version'] + is version('2023', '=='))) + - not (item['name'] | default(item) == 'geoip2') or not ((ansible_facts['os_family'] == 'Suse') or (ansible_facts['distribution'] == 'Amazon' and ansible_facts['distribution_major_version'] + is version('2', '=='))) + - not (item['name'] | default(item) == 'lua') or not (ansible_facts['architecture'] == 's390x') + - not (item['name'] | default(item) == 'opentracing') or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12', + '==')) diff --git a/tasks/opensource/install-redhat.yml b/tasks/opensource/install-redhat.yml index 3942ce0d8d..74b198dca4 100644 --- a/tasks/opensource/install-redhat.yml +++ b/tasks/opensource/install-redhat.yml @@ -2,7 +2,8 @@ - name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository ansible.builtin.yum_repository: name: nginx - baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) }}" + baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) + }}" description: NGINX Repository enabled: true gpgcheck: true diff --git a/tasks/opensource/install-source.yml b/tasks/opensource/install-source.yml index 20f6fd6a73..37bcb214b2 100644 --- a/tasks/opensource/install-source.yml +++ b/tasks/opensource/install-source.yml @@ -131,7 +131,8 @@ block: - name: Download PCRE dependency ansible.builtin.get_url: - url: "{{ (pcre_release == 2) | ternary('https://github.com/PCRE2Project/pcre2/releases/download/pcre2-' ~ pcre_version ~ '/pcre2-' ~ pcre_version ~ '.tar.gz', 'https://ftp.exim.org/pub/pcre/pcre-' ~ pcre_version ~ '.tar.gz') }}" + url: "{{ (pcre_release == 2) | ternary('https://github.com/PCRE2Project/pcre2/releases/download/pcre2-' ~ pcre_version ~ '/pcre2-' ~ pcre_version ~ '.tar.gz', + 'https://ftp.exim.org/pub/pcre/pcre-' ~ pcre_version ~ '.tar.gz') }}" dest: /tmp mode: "0600" register: pcre_source diff --git a/tasks/plus/install-redhat.yml b/tasks/plus/install-redhat.yml index 5a86c879cd..dcc984f140 100644 --- a/tasks/plus/install-redhat.yml +++ b/tasks/plus/install-redhat.yml @@ -1,8 +1,10 @@ --- -- name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) {{ (nginx_license_status is defined or nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX Plus repository +- name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) {{ (nginx_license_status is defined or nginx_setup == 'uninstall') | ternary('Remove', 'Configure') + }} NGINX Plus repository ansible.builtin.yum_repository: name: nginx-plus - baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_plus_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) }}" + baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_plus_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) + }}" description: NGINX Plus Repository sslclientcert: /etc/ssl/nginx/nginx-repo.crt sslclientkey: /etc/ssl/nginx/nginx-repo.key diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml index 139d75dc9e..5d3c7d4dc0 100644 --- a/tasks/plus/setup-license.yml +++ b/tasks/plus/setup-license.yml @@ -70,7 +70,7 @@ - name: (OracleLinux 8) Install cryptography package ansible.builtin.package: - name: "python3.11-cryptography" + name: python3.11-cryptography when: - ansible_facts['distribution'] == "OracleLinux" - ansible_facts['distribution_major_version'] == "8" diff --git a/tasks/validate/validate.yml b/tasks/validate/validate.yml index 35b4b1d4b3..025a42a62b 100644 --- a/tasks/validate/validate.yml +++ b/tasks/validate/validate.yml @@ -5,7 +5,9 @@ - ansible_version['full'] is version(nginx_ansible_version, '>=') - ansible_version['full'] is version('2.18', '<') success_msg: Ansible {{ ansible_version['full'] }} is supported. - fail_msg: ({{ ansible_version['full'] is version('2.18', '>=') }} | ternary('Ansible {{ ansible_version['full'] }} is not yet supported. Please downgrade to a supported Ansible release', 'Ansible {{ ansible_version['full'] }} has reached End of Life (EoL). Please upgrade to a supported Ansible release.') Check the README for more details. + fail_msg: ({{ ansible_version['full'] is version('2.18', '>=') }} | ternary('Ansible {{ ansible_version['full'] }} is not yet supported. Please downgrade to a + supported Ansible release', 'Ansible {{ ansible_version['full'] }} has reached End of Life (EoL). Please upgrade to a supported Ansible release.') Check the + README for more details. delegate_to: localhost ignore_errors: true # noqa ignore-errors @@ -20,7 +22,8 @@ ansible.builtin.assert: that: (jinja2_version['stdout'] | regex_search('jinja version = ([\\d.]+)', '\\1') | first) is version(nginx_jinja2_version, '>=') success_msg: Jinja2 {{ jinja2_version['stdout'] | regex_search('jinja version = ([\d.]+)', '\1') | first }} is supported. - fail_msg: Jinja2 {{ jinja2_version['stdout'] | regex_search('jinja version = ([\d.]+)', '\1') | first }} is not supported. Please upgrade to Jinja2 3.1. Check the README for more details. + fail_msg: Jinja2 {{ jinja2_version['stdout'] | regex_search('jinja version = ([\d.]+)', '\1') | first }} is not supported. Please upgrade to Jinja2 3.1. Check + the README for more details. delegate_to: localhost become: false @@ -91,10 +94,14 @@ ansible.builtin.assert: that: - ansible_facts['distribution'] | lower in nginx_distributions.keys() | list - - (ansible_facts['distribution_version'] | regex_search('\\d{1,2}\\.\\d{2}') | float in nginx_distributions[ansible_facts['distribution'] | lower]['versions'] | map('float') if ansible_facts['distribution'] | lower in ['alpine', 'ubuntu'] else ansible_facts['distribution_major_version'] in nginx_distributions[ansible_facts['distribution'] | lower]['versions'] | string) + - (ansible_facts['distribution_version'] | regex_search('\\d{1,2}\\.\\d{2}') | float in nginx_distributions[ansible_facts['distribution'] | lower]['versions'] + | map('float') if ansible_facts['distribution'] | lower in ['alpine', 'ubuntu'] else ansible_facts['distribution_major_version'] in nginx_distributions[ansible_facts['distribution'] + | lower]['versions'] | string) - ansible_facts['architecture'] in nginx_distributions[ansible_facts['distribution'] | lower]['architectures'] - success_msg: Your distribution, {{ nginx_distributions[ansible_facts['distribution'] | lower]['name'] }} {{ ansible_facts['distribution_version'] }} ({{ ansible_facts['architecture'] }}), is supported by NGINX {{ (nginx_type == 'opensource') | ternary('Open Source', 'Plus') }}. - fail_msg: Your distribution, {{ nginx_distributions[ansible_facts['distribution'] | lower]['name'] }} {{ ansible_facts['distribution_version'] }} ({{ ansible_facts['architecture'] }}), is not supported by NGINX {{ (nginx_type == 'opensource') | ternary('Open Source', 'Plus') }}. + success_msg: Your distribution, {{ nginx_distributions[ansible_facts['distribution'] | lower]['name'] }} {{ ansible_facts['distribution_version'] }} ({{ ansible_facts['architecture'] + }}), is supported by NGINX {{ (nginx_type == 'opensource') | ternary('Open Source', 'Plus') }}. + fail_msg: Your distribution, {{ nginx_distributions[ansible_facts['distribution'] | lower]['name'] }} {{ ansible_facts['distribution_version'] }} ({{ ansible_facts['architecture'] + }}), is not supported by NGINX {{ (nginx_type == 'opensource') | ternary('Open Source', 'Plus') }}. when: - nginx_enable | bool - (nginx_install_from == "nginx_repository" or nginx_type == "plus") @@ -102,7 +109,8 @@ - name: Verify that you are installing a supported NGINX dynamic module ansible.builtin.assert: - that: (nginx_modules | difference(nginx_modules_list) == [] if nginx_type == 'opensource') or (nginx_modules | difference(nginx_plus_modules_list) == [] if nginx_type == 'plus') + that: (nginx_modules | difference(nginx_modules_list) == [] if nginx_type == 'opensource') or (nginx_modules | difference(nginx_plus_modules_list) == [] if nginx_type + == 'plus') success_msg: The NGINX module(s) you are installing are supported. fail_msg: The NGINX module(s) you are installing are not supported. Please check the README for more details. when: diff --git a/vars/main.yml b/vars/main.yml index e929d7f4b4..5179c9a9eb 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -5,11 +5,8 @@ nginx_jinja2_version: 3.1 # Set the values allowed for various variables nginx_setup_vars: [install, uninstall, upgrade] - nginx_install_from_vars: [nginx_repository, source, os_repository] - nginx_branch_vars: [mainline, stable] - # Determine the current value of 'nginx_state' nginx_state_vals: install: present @@ -60,7 +57,8 @@ nginx_supported_distributions: ubuntu: name: Ubuntu versions: [20.04, 22.04, 23.10, 24.04] - architectures: "{{ ['x86_64', 'aarch64', 's390x'] if ((ansible_facts['distribution_version'] is version('20.04', '==')) or (ansible_facts['distribution_version'] is version('22.04', '=='))) else ['x86_64', 'aarch64'] }}" + architectures: "{{ ['x86_64', 'aarch64', 's390x'] if ((ansible_facts['distribution_version'] is version('20.04', '==')) or (ansible_facts['distribution_version'] + is version('22.04', '=='))) else ['x86_64', 'aarch64'] }}" # Supported NGINX Plus distributions # https://docs.nginx.com/nginx/technical-specs/ @@ -104,44 +102,48 @@ nginx_plus_supported_distributions: ubuntu: name: Ubuntu versions: [20.04, 22.04, 24.04] - architectures: "{{ ['x86_64', 'aarch64', 's390x'] if ((ansible_facts['distribution_version'] is version('20.04', '==')) or (ansible_facts['distribution_version'] is version('22.04', '=='))) else ['x86_64', 'aarch64'] }}" + architectures: "{{ ['x86_64', 'aarch64', 's390x'] if ((ansible_facts['distribution_version'] is version('20.04', '==')) or (ansible_facts['distribution_version'] + is version('22.04', '=='))) else ['x86_64', 'aarch64'] }}" # Default NGINX signing key nginx_default_signing_key_pgp: https://nginx.org/keys/nginx_signing.key nginx_default_signing_key_rsa_pub: https://nginx.org/keys/nginx_signing.rsa.pub # Default NGINX Open Source repositories -nginx_default_repository_alpine: "@nginx https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main" -nginx_default_repository_amazon: https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}/amzn{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2/$releasever', '/2023') }}/$basearch +nginx_default_repository_alpine: "@nginx https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}alpine/v{{ ansible_facts['distribution_version'] + | regex_search('^[0-9]+\\.[0-9]+') }}/main" +nginx_default_repository_amazon: https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}/amzn{{ (ansible_facts['distribution_major_version'] + is version('2', '==')) | ternary('2/$releasever', '/2023') }}/$basearch nginx_default_repository_debian: - - deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx - - deb-src [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx -nginx_default_repository_redhat: https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}rhel/{{ ansible_facts['distribution_major_version'] }}/$basearch -nginx_default_repository_suse: https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}sles/{{ ansible_facts['distribution_major_version'] }} + - deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ ansible_facts['distribution'] + | lower }}/ {{ ansible_facts['distribution_release'] }} nginx + - deb-src [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ ansible_facts['distribution'] + | lower }}/ {{ ansible_facts['distribution_release'] }} nginx +nginx_default_repository_redhat: https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}rhel/{{ ansible_facts['distribution_major_version'] + }}/$basearch +nginx_default_repository_suse: https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}sles/{{ ansible_facts['distribution_major_version'] + }} # Default NGINX Plus repositories nginx_plus_default_repository_alpine: https://pkgs.nginx.com/plus/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main -nginx_plus_default_repository_amazon: https://pkgs.nginx.com/plus/amzn{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2/$releasever', '/2023') }}/$basearch -nginx_plus_default_repository_debian: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus +nginx_plus_default_repository_amazon: https://pkgs.nginx.com/plus/amzn{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2/$releasever', + '/2023') }}/$basearch +nginx_plus_default_repository_debian: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/{{ ansible_facts['distribution'] | + lower }} {{ ansible_facts['distribution_release'] }} nginx-plus nginx_plus_default_repository_freebsd: https://pkgs.nginx.com/plus/freebsd/${ABI}/latest nginx_plus_default_repository_redhat: https://pkgs.nginx.com/plus/rhel/{{ ansible_facts['distribution_major_version'] }}/$basearch nginx_plus_default_repository_suse: https://pkgs.nginx.com/plus/sles/{{ ansible_facts['distribution_major_version'] }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=peer # Alpine dependencies nginx_alpine_dependencies: [ca-certificates, coreutils, openssl, pcre2] - # Debian dependencies nginx_debian_dependencies: [apt-transport-https, ca-certificates, gnupg, gpg-agent] - # FreeBSD dependencies nginx_freebsd_dependencies: [security/ca_root_nss] - # Red Hat dependencies nginx_redhat_dependencies: [ca-certificates] - # SLES dependencies nginx_sles_dependencies: [ca-certificates] - # Default locations and versions when 'nginx_install_from' is set to 'source'. # Set 'pcre_release' to 1 to install PCRE 1, modify the 'openssl_version' to move back to 1.1.1. pcre_release: 2 @@ -151,6 +153,24 @@ openssl_version: 3.0.7 # Supported NGINX Open Source dynamic modules nginx_modules_list: [geoip, image-filter, njs, perl, xslt] - # Supported NGINX Plus dynamic modules -nginx_plus_modules_list: [auth-spnego, brotli, encrypted-session, geoip, geoip2, ha-keepalived, headers-more, image-filter, lua, ndk, njs, opentracing, passenger, perl, prometheus, rtmp, set-misc, subs-filter, xslt] +nginx_plus_modules_list: + - auth-spnego + - brotli + - encrypted-session + - geoip + - geoip2 + - ha-keepalived + - headers-more + - image-filter + - lua + - ndk + - njs + - opentracing + - passenger + - perl + - prometheus + - rtmp + - set-misc + - subs-filter + - xslt