From 42bb4a3e2b5a2e59d071aa14d5c6a8888cd8d283 Mon Sep 17 00:00:00 2001 From: Emilien Mantel Date: Wed, 12 Oct 2016 18:13:59 +0200 Subject: [PATCH] Dynamic module management (closes #23) --- README.md | 2 ++ defaults/main.yml | 5 +++++ tasks/dyn_modules.yml | 16 ++++++++++++++++ tasks/main.yml | 4 ++++ tasks/prepare.yml | 2 +- templates/etc/nginx/nginx.conf.j2 | 5 +++++ tests/test.yml | 8 ++++++++ 7 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 tasks/dyn_modules.yml diff --git a/README.md b/README.md index c0ba0df..f30f52f 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ Features: - Fast PHP configuration - Preconfigured vhost templates (should work on many app) - Auto-configure HTTP2 on SSL/TLS vhosts +- Manage dynamic modules (install and loading) Requirements ------------ @@ -50,6 +51,7 @@ FreeBSD: - `nginx_events_*`: all variables in events block - `nginx_http_*`: all variables in http block - `nginx_custom_http`: instructions list (will put data in `/etc/nginx/conf.d/custom.conf`) +- `nginx_dyn_modules`: dynamic module list to load Fine configuration ------------------ diff --git a/defaults/main.yml b/defaults/main.yml index bdd1aa1..bce97d7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -105,6 +105,11 @@ nginx_htpasswd: [] # nginx_ssl_pairs: [] +# +# Dynamic modules +# +nginx_dyn_modules: [] + # # Diffie-Hellman # diff --git a/tasks/dyn_modules.yml b/tasks/dyn_modules.yml new file mode 100644 index 0000000..4646c1d --- /dev/null +++ b/tasks/dyn_modules.yml @@ -0,0 +1,16 @@ +--- + +- name: FAIL | If Dynamic module is not available + fail: msg="{{ item }} dynamic module is not available" + with_items: "{{ nginx_dyn_modules }}" + when: "'{{ item }}=dynamic' not in nginx_modules" + +- name: APT | Install nginx modules + apt: > + pkg="libnginx-mod-{{ item | replace('_', '-') }}" + state=present + default_release={{ ansible_distribution_release + '-backports' if nginx_backports else ansible_distribution_release }} + with_items: "{{ nginx_dyn_modules }}" + when: ansible_distribution == 'Debian' + +# TODO: manage freebsd diff --git a/tasks/main.yml b/tasks/main.yml index 39b7cf5..b486859 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -9,6 +9,10 @@ - name: INCLUDE | Prepare include: prepare.yml +- name: INCLUDE | Manage dynamic modules + include: dyn_modules.yml + when: nginx_version.stdout | version_compare('1.9.1', 'ge') + - name: INCLUDE | Install include: config.yml diff --git a/tasks/prepare.yml b/tasks/prepare.yml index 45e87fd..3cb75db 100644 --- a/tasks/prepare.yml +++ b/tasks/prepare.yml @@ -8,7 +8,7 @@ changed_when: false - name: SHELL | Get module list - shell: nginx -V 2>&1 | tr -- - '\n' | grep -A 1 with | grep _module | sed 's/_module[[:space:]]*//g' | sort + shell: nginx -V 2>&1 | tr -- - '\n' | grep -A 1 with | grep _module | sed -r 's/_module//g; s/\s+//g' | sort args: executable: /bin/sh register: shell_modules diff --git a/templates/etc/nginx/nginx.conf.j2 b/templates/etc/nginx/nginx.conf.j2 index 4d21ebc..c123368 100644 --- a/templates/etc/nginx/nginx.conf.j2 +++ b/templates/etc/nginx/nginx.conf.j2 @@ -5,6 +5,11 @@ user {{ nginx_user }}; worker_processes {{ nginx_worker_processes }}; pid {{ nginx_pid }}; +{% if nginx_version.stdout | version_compare('1.9.1', 'ge') %} +{% for module in nginx_dyn_modules -%} +load_module "modules/ngx_{{ module }}_module.so"; +{% endfor %} +{% endif %} events { worker_connections {{ nginx_events_worker_connections }}; diff --git a/tests/test.yml b/tests/test.yml index 65c2a56..1842af6 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -19,6 +19,7 @@ nginx_backports: true nginx_php56: true nginx_php70: true + nginx_dyn_modules: ['http_geoip'] nginx_upstreams: - name: 'test' servers: @@ -106,6 +107,13 @@ -----END CERTIFICATE----- nginx_custom_http: - 'add_header X-ansible 1;' + - 'geoip_country /usr/share/GeoIP/GeoIP.dat;' + - 'map $geoip_country_code $allowed_country {' + - ' default yes;' + - ' MA no;' + - ' DZ no;' + - ' TN no;' + - '}' nginx_default_vhost: 'first-test' nginx_default_vhost_ssl: 'test-ssl-predeployed.local' nginx_vhosts: