fix: Use correct JWT location in FreeBSD

* And add the option to specify the a destination location for the JWT file
nginxinc · Nov 22, 2024 · 91aeac4 · 91aeac4
1 parent 24c87c3
commit 91aeac4
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 8 deletions.
diff --git a/defaults/main/main.yml b/defaults/main/main.yml
@@ -79,12 +79,16 @@ nginx_static_modules: [http_ssl_module]
 # Default is mainline.
 nginx_branch: mainline
 
-# Location of your NGINX Plus license (certificate, key, and JWT) in your local machine. The license JWT is only required with NGINX Plus R33 and later.
+# Location of your NGINX Plus license (certificate, key, and JWT) in your local machine. The license JWT is only required starting with NGINX Plus R33 and later.
+# For the license JWT, you can optionally specify a custom destination path for the JWT by using the 'src' and 'dest' parameters.
 # Default is the files folder within the NGINX Ansible role.
 nginx_license:
   certificate: license/nginx-repo.crt
   key: license/nginx-repo.key
   jwt: license/license.jwt
+  # jwt:
+  #   src: license/license.jwt
+  #   dest: /etc/nginx/license.jwt
 
 # Set up NGINX Plus license before installation.
 # Default is true.

diff --git a/molecule/uninstall-plus/prepare.yml b/molecule/uninstall-plus/prepare.yml
@@ -35,4 +35,5 @@
         nginx_license:
           certificate: license/nginx-repo.crt
           key: license/nginx-repo.key
-          jwt: license/license.jwt
+          jwt:
+            src: license/license.jwt
diff --git a/molecule/upgrade-plus/converge.yml b/molecule/upgrade-plus/converge.yml
@@ -10,6 +10,8 @@
         nginx_license:
           certificate: license/nginx-repo.crt
           key: license/nginx-repo.key
-          jwt: license/license.jwt
+          jwt:
+            src: license/license.jwt
+            dest: /etc/nginx/license.jwt
         nginx_remove_license: false
         nginx_setup: upgrade
diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml
@@ -144,16 +144,16 @@
 
         - name: Copy NGINX Plus JWT
           ansible.builtin.copy:
-            src: "{{ nginx_license['jwt'] }}"
-            dest: /etc/nginx/license.jwt
+            src: "{{ nginx_license['jwt']['src'] | default(nginx_license['jwt']) }}"
+            dest: "{{ nginx_license['jwt']['dest'] | default((ansible_facts['os_family'] == 'FreeBSD') | ternary('/usr/local/etc/nginx/license.jwt', '/etc/nginx/license.jwt')) }}"
             decrypt: true
             mode: "0444"
 
         - name: Verify NGINX Plus JWT claims
           block:
             - name: Read JWT file
               ansible.builtin.slurp:
-                src: /etc/nginx/license.jwt
+                src: "{{ nginx_license['jwt']['dest'] | default((ansible_facts['os_family'] == 'FreeBSD') | ternary('/usr/local/etc/nginx/license.jwt', '/etc/nginx/license.jwt')) }}"
               register: jwt_file
 
             - name: Decode JWT payload using base64url
@@ -179,5 +179,5 @@
                   - jwt_payload['aud'] == 'urn:f5:teem'
                   - (ansible_facts['date_time']['epoch'] | int) >= jwt_payload['iat']
                   - (ansible_facts['date_time']['epoch'] | int) <= jwt_payload['f5_sat']
-                success_msg: 'JWT is valid'
-                fail_msg: 'JWT is invalid. Double check that the JWT data is correct.'
+                success_msg: Your NGINX Plus license JWT is valid!
+                fail_msg: Something went wrong! Make sure your NGINX Plus license JWT is valid!