Merge pull request #14 from HanXHX/freebsd

Freebsd support
pull/22/head
E Mantel 2016-03-08 18:59:38 +01:00
commit 29a40fc0a8
22 changed files with 233 additions and 64 deletions

View File

@ -1,9 +1,9 @@
Nginx for Debian Ansible role
=============================
Nginx for Debian/FreeBSD Ansible role
=====================================
[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.nginx-blue.svg)](https://galaxy.ansible.com/list#/roles/4399) [![Build Status](https://travis-ci.org/HanXHX/ansible-nginx.svg?branch=master)](https://travis-ci.org/HanXHX/ansible-nginx)
Install and configure Nginx on Debian.
Install and configure Nginx on Debian/FreeBSD.
Features:
@ -24,9 +24,15 @@ Role Variables
### Packaging
Debian:
- `nginx_apt_package`: APT nginx package (try: apt-cache search ^nginx)
- `nginx_backports`: Install nginx from backport repository (bool)
FreeBSD:
- `nginx_pkgng_package`: PKGNG nginx package (should be "nginx" or "nginx-devel")
### Shared
- `nginx_root`: root directory where you want to have your files
@ -57,6 +63,15 @@ Fine configuration
[Basic Auth](doc/auth.md)
[FreeBSD](doc/freebsd.md)
Note
----
- Active support for Debian.
- FreeBSD support is experimental (no Travis). I only test (for the moment) 10.2 (but it can work on other versions).
- I don't manage BackupPC for FreeBSD (PR welcome).
Dependencies
------------

17
Vagrantfile vendored
View File

@ -6,6 +6,7 @@
Vagrant.configure("2") do |config|
vms = [
[ "freebsd-10.2", "freebsd/FreeBSD-10.2-STABLE" ],
[ "debian-wheezy", "debian/wheezy64" ],
[ "debian-jessie", "debian/jessie64" ],
[ "debian-stretch", "sharlak/debian_stretch_64" ]
@ -21,11 +22,27 @@ Vagrant.configure("2") do |config|
m.vm.box = vm[1]
m.vm.network "private_network", type: "dhcp"
# See: https://forums.freebsd.org/threads/52717/
if vm[0] = "freebsd-10.2"
m.vm.guest = :freebsd
m.vm.synced_folder ".", "/vagrant", id: "vagrant-root", disabled: true
m.ssh.shell = "sh"
#m.vm.base_mac = "0800278DFFF5"
m.vm.base_mac = "080027D14C66"
#m.vm.network "public_network", bridge: 'enp4s0', auto_config: false
m.vm.provision "shell", inline: "pkg install -y python bash"
end
m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.groups = { "test" => [ vm[0] ] }
ansible.verbose = 'vv'
ansible.sudo = true
if vm[0] = "freebsd-10.2"
ansible.extra_vars = {
ansible_python_interpreter: '/usr/local/bin/python'
}
end
end
end
end

View File

@ -1,14 +1,16 @@
---
# Debian
nginx_apt_package: nginx-full
nginx_backports: false
# FreeBSD
nginx_pkgng_package: nginx
#
# Nginx shared variables
#
nginx_root: "/srv/www"
nginx_log_dir: '/var/log/nginx'
nginx_pid: '/run/nginx.pid'
nginx_resolver_hosts: ['8.8.8.8', '8.8.4.4']
nginx_resolver_valid: '300s'
nginx_resolver_timeout: '5s'
@ -20,9 +22,9 @@ nginx_default_vhost_ssl: null
#
# Nginx directories
#
nginx_htpasswd_dir: '/etc/nginx/htpasswd'
nginx_ssl_dir: '/etc/nginx/ssl'
nginx_helper_dir: '/etc/nginx/helper'
nginx_htpasswd_dir: '{{ nginx_etc_dir }}/htpasswd'
nginx_ssl_dir: '{{ nginx_etc_dir }}/ssl'
nginx_helper_dir: '{{ nginx_etc_dir}}/helper'
#
# Load upstream
@ -45,7 +47,6 @@ nginx_worker_processes: '{{ ansible_processor_vcpus }}'
#
nginx_events_worker_connections: '512'
nginx_events_multi_accept: 'on'
nginx_events_use: 'epoll'
#
# Nginx HTTP

4
doc/freebsd.md 100644
View File

@ -0,0 +1,4 @@
Freebsd
=======
Due to Ansible + FreeBSD limitations (`ansible_processor_vcpus`), You must explicitely set `nginx_worker_processes`.

View File

@ -10,6 +10,9 @@ galaxy_info:
versions:
- wheezy
- jessie
- name: FreeBSD
versions:
- 10.2
categories:
- web
- proxy

View File

@ -3,7 +3,7 @@
- name: TEMPLATE | Deploy nginx.conf
template: >
src=etc/nginx/nginx.conf.j2
dest=/etc/nginx/nginx.conf
dest="{{ nginx_etc_dir }}/nginx.conf"
notify: reload nginx
- name: TEMPLATE | Deploy all helpers
@ -16,6 +16,6 @@
- name: TEMPLATE | Deploy custom http configuration
template: >
src=etc/nginx/conf.d/custom.conf.j2
dest=/etc/nginx/conf.d/custom.conf
dest="{{ nginx_etc_dir }}/conf.d/custom.conf"
notify: reload nginx

View File

@ -1,6 +1,6 @@
---
- name: APT | Update cache
- name: APT | Update cache
apt: >
update_cache=yes
cache_valid_time=3600

View File

@ -0,0 +1,35 @@
---
- name: PKGNG | Install nginx and related tools
pkgng: name={{ item }} state=present
with_items:
- "{{ nginx_pkgng_package }}"
- py27-passlib
- curl
- name: FILE | Create configuration dir (like Debian)
file: path="{{ nginx_etc_dir }}/{{ item }}" state=directory
with_items:
- conf.d
- sites-available
- sites-enabled
- name: STAT | Check fastcgi.conf
stat: path={{ nginx_etc_dir }}/fastcgi.conf
register: conf
- name: COPY | config
command: "cp {{ nginx_etc_dir }}/fastcgi_params {{ nginx_etc_dir }}/fastcgi.conf"
when: not conf.stat.exists
notify: reload nginx
- name: LINEINFILE | Add fastcgi config
lineinfile: >
line="fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;"
dest="{{ nginx_etc_dir }}/fastcgi.conf"
notify: reload nginx
- name: COPY | Populate proxy_params
copy: >
content="proxy_set_header Host $http_host;\nproxy_set_header X-Real-IP $remote_addr;\nproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;"
dest="{{ nginx_etc_dir }}/proxy_params"

View File

@ -1,7 +1,11 @@
---
- name: INCLUDE_VARS | Related to OS
include_vars: "{{ ansible_distribution }}.yml"
- name: INCLUDE | Install
include: install.yml
include: install_{{ ansible_distribution }}.yml
- name: INCLUDE | Prepare
include: prepare.yml

View File

@ -1,11 +1,15 @@
---
- name: TEMPLATE | Deploy PHP upstream to Nginx
template: src=etc/nginx/upstream/php.conf.j2 dest=/etc/nginx/conf.d/php.conf
template: >
src=etc/nginx/upstream/php.conf.j2
dest="{{ nginx_etc_dir }}/conf.d/php.conf"
when: nginx_php
notify: reload nginx
- name: TEMPLATE | Deploy other upstreams
template: src=etc/nginx/upstream/upstream.conf.j2 dest=/etc/nginx/conf.d/upstream-{{ item.name }}.conf
template: >
src=etc/nginx/upstream/upstream.conf.j2
dest={{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf
with_items: "{{ nginx_upstreams }}"
notify: reload nginx

View File

@ -17,8 +17,8 @@
file: >
path={{ nginx_root }}/{{ item.name if item.name is string else item.name[0] }}/public
state=directory
owner={{ item.owner | default('www-data') }}
group={{ item.group | default('www-data') }}
owner={{ item.owner | default(nginx_user) }}
group={{ item.group | default(nginx_user) }}
mode={{ item.mode | default('0755') }}
with_items: "{{ nginx_vhosts }}"
when: >
@ -30,21 +30,21 @@
- name: TEMPLATE | Create vhosts
template: >
src=etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2
dest=/etc/nginx/sites-available/{{ item.name if item.name is string else item.name[0] }}
dest={{ nginx_etc_dir }}/sites-available/{{ item.name if item.name is string else item.name[0] }}
with_items: "{{ nginx_vhosts }}"
notify: reload nginx
when: item.delete is not defined or not item.delete
- name: FILE | Delete vhosts
file: path=/etc/nginx/sites-available/{{ item.name if item.name is string else item.name[0] }} state=absent
file: path={{ nginx_etc_dir }}/sites-available/{{ item.name if item.name is string else item.name[0] }} state=absent
with_items: "{{ nginx_vhosts }}"
notify: reload nginx
when: item.delete is defined and item.delete
- name: FILE | Enable vhosts
file: >
src=/etc/nginx/sites-available/{{ item.name if item.name is string else item.name[0] }}
dest=/etc/nginx/sites-enabled/{{ item.name if item.name is string else item.name[0] }}
src={{ nginx_etc_dir }}/sites-available/{{ item.name if item.name is string else item.name[0] }}
dest={{ nginx_etc_dir }}/sites-enabled/{{ item.name if item.name is string else item.name[0] }}
state=link
with_items: "{{ nginx_vhosts }}"
notify: reload nginx
@ -54,22 +54,22 @@
(item.delete is not defined or not item.delete)
- name: FILE | Disable vhosts
file: path=/etc/nginx/sites-enabled/{{ item.name if item.name is string else item.name[0] }} state=absent
file: path={{ nginx_etc_dir}}/sites-enabled/{{ item.name if item.name is string else item.name[0] }} state=absent
with_items: "{{ nginx_vhosts }}"
notify: reload nginx
when: (item.enable is defined and not item.enable) or (item.delete is defined and item.delete)
- name: FILE | Delete default vhost when explicitely defined
file: >
path=/etc/nginx/sites-enabled/default
path={{ nginx_etc_dir }}/sites-enabled/default
state=absent
notify: reload nginx
when: nginx_default_vhost is not none
- name: FILE | Auto set default vhost
file: >
src=/etc/nginx/sites-available/default
dest=/etc/nginx/sites-enabled/default
src={{ nginx_etc_dir }}/sites-available/default
dest={{ nginx_etc_dir }}/sites-enabled/default
state=link
notify: reload nginx
when: nginx_default_vhost is none

View File

@ -14,7 +14,7 @@ events {
http {
types_hash_max_size {{ nginx_http_types_hash_max_size }};
include /etc/nginx/mime.types;
include {{ nginx_etc_dir }}/mime.types;
default_type {{ nginx_http_default_type }};
access_log {{ nginx_http_access_log }};
@ -45,8 +45,8 @@ http {
gzip_vary {{ nginx_http_gzip_vary }};
gzip_disable {{ nginx_http_gzip_disable }};
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
include {{ nginx_etc_dir }}/conf.d/*.conf;
include {{ nginx_etc_dir }}/sites-enabled/*;
}
# vim:filetype=nginx

View File

@ -25,7 +25,7 @@
{% block template_upstream_location %}
location ~ \.cgi$ {
gzip off;
include /etc/nginx/fastcgi_params;
include {{ nginx_etc_dir }}/fastcgi_params;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_index BackupPC_Admin;
fastcgi_param SCRIPT_FILENAME /usr/share/backuppc/cgi-bin$fastcgi_script_name;

View File

@ -1,7 +1,7 @@
{% extends "_base.j2" %}
{% block root %}
root /usr/share/nagios3/htdocs;
root {{ nginx_nagios_root }};
{% endblock %}
{% block template_try_files %}
@ -17,21 +17,27 @@
}
location /stylesheets {
alias /etc/nagios3/stylesheets;
{% if nginx_nagios_stylesheets is defined %}
alias {{ nginx_nagios_stylesheets }};
{% endif %}
expires 60d;
}
{% endblock %}
{% block template_upstream_location %}
{% if ansible_distribution == 'Debian' %}
location /cgi-bin/nagios3 {
root /usr/lib;
{% elif ansible_distribution == 'FreeBSD' %}
location /cgi-bin {
{% endif %}
try_files $uri =404;
{% if nginx_version.stdout | version_compare('1.6.1', 'lt') %}
include fastcgi_params;
{% else %}
include fastcgi.conf;
{% endif %}
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_pass unix:{{ nginx_fcgiwrap_sock }};
fastcgi_param AUTH_USER $remote_user;
fastcgi_param REMOTE_USER $remote_user;
}

View File

@ -7,7 +7,7 @@
{% endblock %}
{% block template_try_files %}
include /etc/nginx/proxy_params;
include {{ nginx_etc_dir }}/proxy_params;
proxy_pass http://{{ item.upstream_name }};
{% if item.proxy_params is defined and item.proxy_params is iterable %}
{% for param in item.proxy_params %}

View File

@ -0,0 +1,10 @@
---
- name: APT | Install web apps
apt: pkg={{ item }} state=present
with_items:
- nagios3
- backuppc
- name: SERVICE | Ensure backuppc is started
service: name=backuppc state=started

View File

@ -0,0 +1,31 @@
---
- name: APT | Install web apps
pkgng: pkg={{ item }} state=present
with_items:
- nagios
- backuppc
- name: COMMAND | Activate backuppc config
command: >
cp /usr/local/etc/backuppc/config.pl.sample /usr/local/etc/backuppc/config.pl
creates=/usr/local/etc/backuppc/config.pl
- name: FILE | Fix backuppc permissions
file: >
path=/usr/local/etc/backuppc/config.pl
owner=backuppc
group=backuppc
- name: FILE | Fix fcgiwrap permission
file: >
path={{ nginx_fcgiwrap_sock }}
mode=0640
owner={{ nginx_user }}
group={{ nginx_user }}
#
# We don't manage BackupPC on FreeBSD... too dirty. :/
#
#- name: SERVICE | Ensure backuppc is started
# service: name=backuppc state=started enabled=yes

View File

@ -0,0 +1,18 @@
---
- name: APT_REPOSITORY | Install backports
apt_repository: repo='deb http://httpredir.debian.org/debian {{ ansible_distribution_release }}-backports main' state=present
- name: APT | Install needed packages
apt: pkg={{ item }} update_cache=yes cache_valid_time=3600 state=present
with_items:
- php5-fpm
- curl
- fcgiwrap
- name: SERVICE | Force start services
service: name={{ item }} state=started
register: sf
with_items:
- php5-fpm
- fcgiwrap

View File

@ -0,0 +1,22 @@
---
- name: SET_FACT | FreeBSD web user
set_fact:
nginx_user: 'www'
nginx_php_sockets:
- host: '127.0.0.1'
port: 9000
- name: PKGNG | Install needed packages
pkgng: pkg={{ item }} state=present
with_items:
- php56
- curl
- fcgiwrap
- name: SERVICE | Force start services
service: name={{ item }} state=started enabled=yes
register: sf
with_items:
- php-fpm
- fcgiwrap

View File

@ -2,23 +2,8 @@
- hosts: all
pre_tasks:
- name: APT_REPOSITORY | Install backports
apt_repository: repo='deb http://httpredir.debian.org/debian {{ ansible_distribution_release }}-backports main' state=present
- name: APT | Install needed packages
apt: pkg={{ item }} update_cache=yes cache_valid_time=3600 state=present
with_items:
- php5-fpm
- curl
- fcgiwrap
- name: SERVICE | Force start services
service: name={{ item }} state=started
register: sf
with_items:
- php5-fpm
- fcgiwrap
- name: PAUSE | Prevent bugs (CGI not fully loaded)
pause: seconds=5
when: sf.changed
- name: INCLUDE | Pre_tasks related to OS version
include: "includes/pre_{{ ansible_distribution }}.yml"
- name: FILE | Create an internal SSL dir
file: path={{ int_ansible_ssl_dir }} state=directory
- name: COPY | Deploy test certificate
@ -29,6 +14,7 @@
# Internal vars
int_ansible_ssl_dir: '/etc/ansible-ssl'
# Role vars
nginx_worker_processes: 1 # Ansible+FreeBSD can't detect CPU number
nginx_backports: true
nginx_php: true
nginx_upstreams:
@ -141,8 +127,6 @@
location:
'/hello':
- htpasswd: 'hello'
- 'default_type "text/html; charset=UTF-8";'
- 'echo hello;'
- name: 'test-htpasswd-all.local'
template: '_base'
htpasswd: 'hello'
@ -157,6 +141,8 @@
redirect_from:
- 'www.test-php.local'
template: '_php'
use_error_log: true
use_access_log: true
- name: 'test-php-index.local'
template: '_php_index'
- name: 'test-proxy.local'
@ -193,14 +179,8 @@
# --------------------------------
# Apps
# --------------------------------
- name: APT | Install web apps
apt: pkg={{ item }} state=present
with_items:
- nagios3
- backuppc
- name: SERVICE | Ensure backuppc is started
service: name=backuppc state=started
- name: INCLUDE | Post_tasks related to OS version
include: "includes/post_{{ ansible_distribution }}.yml"
# --------------------------------
# Deploy index files
# --------------------------------
@ -210,7 +190,10 @@
- name: -- Add HTML file --
copy: dest="{{ item }}/index.html" content="Index HTML test OK\n"
with_items: ['{{ nginx_root }}/test.local/public', '/var/tmp', '{{ nginx_root }}/test-htpasswd-all.local/public', '{{ nginx_root }}/test-ssl.local/public', '{{ nginx_root }}/test-ssl-predeployed.local/public']
- name: -- Create directory --
file: path={{ nginx_root }}/test-htpasswd.local/public/hello state=directory
- name: -- Add HTML file hello --
copy: dest="{{ nginx_root }}/test-htpasswd.local/public/hello/index.html" content="hello\n"
# --------------------------------
# Simple vhosts tests
# --------------------------------
@ -246,17 +229,17 @@
# Basic Auth
# --------------------------------
- name: -- VERIFY AUTH BASIC NONE --
command: "curl -H 'Host: test-htpasswd.local' http://127.0.0.1/hello"
command: "curl -H 'Host: test-htpasswd.local' http://127.0.0.1/hello/"
changed_when: false
register: authnone
failed_when: authnone.stdout.find('401 Authorization Required') == -1
- name: -- VERIFY AUTH BASIC FAIL --
command: "curl -u fail:fail -H 'Host: test-htpasswd.local' http://127.0.0.1/hello"
command: "curl -u fail:fail -H 'Host: test-htpasswd.local' http://127.0.0.1/hello/"
changed_when: false
register: authfail
failed_when: authfail.stdout.find('401 Authorization Required') == -1
- name: -- VERIFY AUTH BASIC OK --
command: "curl -u hanx:qwerty -H 'Host: test-htpasswd.local' http://127.0.0.1/hello"
command: "curl -u hanx:qwerty -H 'Host: test-htpasswd.local' http://127.0.0.1/hello/"
changed_when: false
register: authok
failed_when: authok.stdout.find('hello') == -1
@ -279,6 +262,7 @@
changed_when: false
register: authbpc
failed_when: authbpc.stdout.find('BackupPC Server Status') == -1
when: ansible_distribution != 'FreeBSD'
# --------------------------------
# Nagios
@ -289,7 +273,7 @@
register: nagios_php
failed_when: nagios_php.stdout.find('Nagios Core') == -1
- name: -- VERIFY NAGIOS3 CGI --
command: "curl -u nagiosadmin:nagios -H 'Host: nagios3.local' http://127.0.0.1/cgi-bin/nagios3/summary.cgi"
command: "curl -u nagiosadmin:nagios -H 'Host: nagios3.local' http://127.0.0.1/cgi-bin{% if ansible_distribution == 'Debian' %}/nagios3{% endif %}/summary.cgi"
changed_when: false
register: nagios_cgi
failed_when: nagios_cgi.stdout.find('Nagios Event Summary') == -1

8
vars/Debian.yml 100644
View File

@ -0,0 +1,8 @@
nginx_events_use: 'epoll'
nginx_pid: '/run/nginx.pid'
nginx_etc_dir: '/etc/nginx'
# Specific vhosts
nginx_nagios_root: '/usr/share/nagios3/htdocs'
nginx_nagios_stylesheets: '/etc/nagios3/stylesheets'
nginx_fcgiwrap_sock: '/var/run/fcgiwrap.socket'

7
vars/FreeBSD.yml 100644
View File

@ -0,0 +1,7 @@
nginx_events_use: 'kqueue'
nginx_pid: '/var/run/nginx.pid'
nginx_etc_dir: '/usr/local/etc/nginx'
# Specific vhosts
nginx_nagios_root: '/usr/local/www/nagios'
nginx_fcgiwrap_sock: '/var/run/fcgiwrap/fcgiwrap.sock'