radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Manage FreeBSD 11

pull/35/head
Emilien Mantel 2018-03-16 21:56:15 +01:00
parent 8c7d581131
commit 5843d695b3
13 changed files with 197 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
Vagrantfile vendored
View File

@ -14,7 +14,9 @@ Vagrant.configure("2") do |config|
] ]
vms_freebsd = [ vms_freebsd = [
{ :name => "freebsd-10.2", :box => "freebsd/FreeBSD-10.2-STABLE" } { :name => "freebsd-10", :box => "freebsd/FreeBSD-10.4-STABLE", :vars => {} },
{ :name => "freebsd-11", :box => "freebsd/FreeBSD-11.1-STABLE", :vars => {} },
{ :name => "freebsd-12", :box => "freebsd/FreeBSD-12.0-CURRENT", :vars => {} }
] ]
conts = [ conts = [
@ -26,6 +28,7 @@ Vagrant.configure("2") do |config|
] ]
config.vm.network "private_network", type: "dhcp" config.vm.network "private_network", type: "dhcp"
config.vm.synced_folder ".", "/vagrant", id: "vagrant-root", disabled: true
conts.each do |opts| conts.each do |opts|
config.vm.define opts[:name] do |m| config.vm.define opts[:name] do |m|
@ -50,36 +53,32 @@ Vagrant.configure("2") do |config|
v.cpus = 1 v.cpus = 1
v.memory = 256 v.memory = 256
end end
m.vm.provision "ansible" do |ansible| m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml" ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv' ansible.verbose = 'vv'
ansible.become = true ansible.become = true
ansible.extra_vars = opts[:vars].merge({ "nginx_debug_role": true }) ansible.extra_vars = opts[:vars].merge({ "nginx_debug_role": true })
end end
end
end
vms_freebsd.each do |opts|
config.ssh.shell = "csh"
config.vm.base_mac = "080027D14C66"
config.vm.define opts[:name] do |m|
m.vm.box = opts[:box]
m.vm.provider "virtualbox" do |v|
v.cpus = 2
v.memory = 512
end
m.vm.provision "shell", inline: "pkg install -y python bash"
m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv'
ansible.become = true
ansible.extra_vars = opts[:vars].merge({ "nginx_debug_role": true, "ansible_python_interpreter": '/usr/local/bin/python' })
end
end end
end end
# See: https://forums.freebsd.org/threads/52717/
# vms_freebsd.each do |opts|
# config.vm.define opts[:name] do |m|
# m.vm.box = opts[:box]
# m.vm.provider "virtualbox" do |v|
# v.vm.cpus = 1
# v.vm.memory = 256
# v.vm.guest = :freebsd
# v.vm.synced_folder ".", "/vagrant", id: "vagrant-root", disabled: true
# v.vm.base_mac = "080027D14C66"
# end
# config.ssh.shell = "sh"
# m.vm.provision "shell", inline: "pkg install -y python bash"
# m.vm.provision "ansible" do |ansible|
# ansible.playbook = "tests/test.yml"
# ansible.verbose = 'vv'
# ansible.become = true
# ansible.extra_vars = {
# ansible_python_interpreter: '/usr/local/bin/python'
# }
# end
# end
# end
end end

1
defaults/main.yml
View File

@ -108,6 +108,7 @@ nginx_ssl_pairs: []
# Dynamic modules # Dynamic modules
# #
nginx_module_packages: [] nginx_module_packages: []
nginx_load_modules: []
# #
# Diffie-Hellman # Diffie-Hellman

13
tasks/config.yml
View File

@ -30,5 +30,16 @@
line: 'fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;' line: 'fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;'
- regexp: '^fastcgi_param DOCUMENT_ROOT' - regexp: '^fastcgi_param DOCUMENT_ROOT'
line: 'fastcgi_param DOCUMENT_ROOT $realpath_root;' line: 'fastcgi_param DOCUMENT_ROOT $realpath_root;'
- [ '/etc/nginx/fastcgi_params', '/etc/nginx/fastcgi.conf' ] -
- '{{ nginx_etc_dir }}/fastcgi_params'
- '{{ nginx_etc_dir }}/fastcgi.conf'
when: nginx_fastcgi_fix_realpath when: nginx_fastcgi_fix_realpath
- name: COPY | Add modules manually
copy:
content: |
{% for m in nginx_load_modules %}
load_module {{ m }};
{% endfor %}
dest: "{{ nginx_etc_dir }}/modules-enabled/000-modules.conf"
notify: reload nginx

25
tasks/install_Debian.yml
View File

@ -40,3 +40,28 @@
apt: apt:
pkg: python-passlib pkg: python-passlib
state: present state: present
- name: STAT | Check acme.sh is installed
stat:
path: "{{ nginx_acmesh_dir }}"
register: acme
- block:
- name: APT | Install git
apt:
pkg: git
- name: GIT | Get acme.sh
git:
repo: 'https://github.com/Neilpang/acme.sh.git'
dest: '{{ nginx_acmesh_git_dir }}'
update: no
- name: SHELL | Install acme.sh
shell: ./acme.sh --install --home {{ nginx_acmesh_dir }} --cert-home {{ nginx_acmesh_dir }}
args:
chdir: "{{ nginx_acmesh_git_dir }}"
creates: "{{ nginx_acmesh_dir }}"
when: not acme.stat.exists

27
tasks/install_FreeBSD.yml
View File

@ -5,10 +5,37 @@
name: "{{ item }}" name: "{{ item }}"
state: present state: present
with_items: with_items:
- acme.sh
- "{{ nginx_pkgng_package }}" - "{{ nginx_pkgng_package }}"
- py27-passlib - py27-passlib
- curl - curl
#
# Bypass https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224166#c1
#
- block:
- name: COMMAND | Create /usr/local/etc/fdfs/http.conf
command: touch /usr/local/etc/fdfs/http.conf
args:
creates: /usr/local/etc/fdfs/http.conf
register: fd1
- name: LINEINFILE | Tune fdfs
lineinfile:
regexp: ^load_fdfs_parameters_from_tracker
line: load_fdfs_parameters_from_tracker=false
path: /usr/local/etc/fdfs/mod_fastdfs.conf
register: fd2
- name: SERVICE | Restart nginx when fdfs is tuned
service:
name: nginx
state: restarted
when: fd1.changed or fd2.changed
when: true
- name: FILE | Create configuration dir (like Debian) - name: FILE | Create configuration dir (like Debian)
file: file:
path: "{{ nginx_etc_dir }}/{{ item }}" path: "{{ nginx_etc_dir }}/{{ item }}"

24
tasks/ssl/acme.yml
View File

@ -1,33 +1,9 @@
--- ---
- name: APT | Install git
apt: pkg=git
- name: SET_FACT | Assign default.. - name: SET_FACT | Assign default..
set_fact: set_fact:
acme_create: [] acme_create: []
- name: STAT | Check acme.sh is installed
stat:
path: "{{ nginx_acmesh_dir }}"
register: acme
- block:
- name: GIT | Get acme.sh
git:
repo: 'https://github.com/Neilpang/acme.sh.git'
dest: '{{ nginx_acmesh_git_dir }}'
update: no
- name: SHELL | Install acme.sh
shell: ./acme.sh --install --home {{ nginx_acmesh_dir }} --cert-home {{ nginx_acmesh_dir }}
args:
chdir: "{{ nginx_acmesh_git_dir }}"
creates: "{{ nginx_acmesh_dir }}"
when: not acme.stat.exists
- name: STAT | Check if certificates are already installed - name: STAT | Check if certificates are already installed
stat: stat:
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt" path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt"

50
tests/includes/post_FreeBSD.yml
View File

@ -1,30 +1,30 @@
--- ---
- name: APT | Install web apps #- name: APT | Install web apps
pkgng: # pkgng:
pkg: "{{ item }}" # pkg: "{{ item }}"
state: present # state: present
with_items: # with_items:
- nagios # - nagios
- backuppc # - backuppc
#
- name: COMMAND | Activate backuppc config #- name: COMMAND | Activate backuppc config
command: > # command: >
cp /usr/local/etc/backuppc/config.pl.sample /usr/local/etc/backuppc/config.pl # cp /usr/local/etc/backuppc/config.pl.sample /usr/local/etc/backuppc/config.pl
creates=/usr/local/etc/backuppc/config.pl # creates=/usr/local/etc/backuppc/config.pl
#
- name: FILE | Fix backuppc permissions #- name: FILE | Fix backuppc permissions
file: # file:
path: /usr/local/etc/backuppc/config.pl # path: /usr/local/etc/backuppc/config.pl
owner: backuppc # owner: backuppc
group: backuppc # group: backuppc
#
- name: FILE | Fix fcgiwrap permission #- name: FILE | Fix fcgiwrap permission
file: # file:
path: "{{ nginx_fcgiwrap_sock }}" # path: "{{ nginx_fcgiwrap_sock }}"
mode: 0640 # mode: 0640
owner: "{{ nginx_user }}" # owner: "{{ nginx_user }}"
group: "{{ nginx_user }}" # group: "{{ nginx_user }}"
# #
# We don't manage BackupPC on FreeBSD... too dirty. :/ # We don't manage BackupPC on FreeBSD... too dirty. :/

25
tests/includes/pre_Debian.yml
View File

@ -94,25 +94,6 @@
dest: "/tmp" dest: "/tmp"
remote_src: yes remote_src: yes
- name: SHELL | Check if ngrok is started - name: SET_FACT | ngrok_path
shell: ps aux | grep -q [n]grok set_fact:
register: psngrok ngrok_path: '/tmp/ngrok'
changed_when: false
failed_when: false
- block:
- name: SHELL | Start ngrok
shell: daemonize /tmp/ngrok http 8888 -bind-tls=false
- name: WAIT_FOR | ngrok started
wait_for:
delay: 2
port: 4040
when: psngrok.rc > 0
- name: SHELL | Get ngrok public address
shell: curl 'http://127.0.0.1:4040/api/tunnels/command_line' | jq '.public_url' | grep -oE '[[:alnum:]]+\.ngrok\.io'
register: ngrok
changed_when: false

40
tests/includes/pre_FreeBSD.yml
View File

@ -2,23 +2,35 @@
- name: SET_FACT | FreeBSD web user - name: SET_FACT | FreeBSD web user
set_fact: set_fact:
nginx_pkgng_package: 'nginx-devel' nginx_pkgng_package: 'nginx-full'
nginx_user: 'www' nginx_user: 'www'
nginx_php: nginx_php:
- version: '5.6' - version: '7.2'
sockets: sockets:
- host: '127.0.0.1' - host: '127.0.0.1'
port: 9000 port: 9000
nginx_load_modules:
- /usr/local/libexec/nginx/ngx_http_geoip_module.so
ngrok_path: '/usr/local/bin/ngrok'
- name: PKGNG | Install needed packages - name: PKGNG | Install needed packages
pkgng: pkgng:
pkg: "{{ item }}" pkg: "{{ item }}"
state: present state: present
with_items: with_items:
- php56
- curl - curl
- daemonize
- fcgiwrap - fcgiwrap
- GeoIP
- jq
- nghttp2 - nghttp2
- php72
- vim
- name: COMMAND | Get geoip database
command: geoipupdate.sh
args:
creates: /usr/local/share/GeoIP/GeoIP.dat
- name: SERVICE | Force start services - name: SERVICE | Force start services
service: service:
@ -29,3 +41,25 @@
with_items: with_items:
- php-fpm - php-fpm
- fcgiwrap - fcgiwrap
- name: STAT | Check ports
stat:
path: /usr/ports
register: ports
- block:
- name: COMMAND | Get ports
command: portsnap fetch --interactive
- name: COMMAND | Extract ports
command: portsnap extract
no_log: true
when: not ports.stat.exists
- name: SHELL | Install ngrok
shell: make install clean DISABLE_LICENSES=yes
args:
chdir: /usr/ports/security/ngrok
creates: "{{ ngrok_path }}"

18
tests/includes/pre_common.yml 100644
View File

@ -0,0 +1,18 @@
---
- name: SHELL | Start ngrok
shell: daemonize -l /tmp/ngrok {{ ngrok_path }} http 8888 -bind-tls=false
failed_when: false
changed_when: ngrok.stderr.find("Can't lock the lock file") == -1
register: ngrok
- name: WAIT_FOR | ngrok started
wait_for:
delay: 2
port: 4040
when: ngrok.changed
- name: SHELL | Get ngrok public address
shell: curl 'http://127.0.0.1:4040/api/tunnels/command_line' | jq '.public_url' | grep -oE '[[:alnum:]]+\.ngrok\.io'
register: ngrok
changed_when: false

17
tests/test.yml
View File

@ -4,22 +4,29 @@
pre_tasks: pre_tasks:
- name: INCLUDE | Pre_tasks related to OS version - name: INCLUDE | Pre_tasks related to OS version
include: "includes/pre_{{ ansible_distribution }}.yml" include: "includes/pre_{{ ansible_distribution }}.yml"
- name: INCLUDE | Pre_tasks common
include: "includes/pre_common.yml"
- name: FILE | Create an internal SSL dir - name: FILE | Create an internal SSL dir
file: file:
path: "{{ int_ansible_ssl_dir }}" path: "{{ int_ansible_ssl_dir }}"
state: directory state: directory
- name: COPY | Deploy test certificate - name: COPY | Deploy test certificate
copy: copy:
src: "file/test.crt" src: "file/test.crt"
dest: "{{ int_ansible_ssl_dir }}/test.crt" dest: "{{ int_ansible_ssl_dir }}/test.crt"
- name: COPY | Deploy test key - name: COPY | Deploy test key
copy: copy:
src: "file/test.key" src: "file/test.key"
dest: "{{ int_ansible_ssl_dir }}/test.key" dest: "{{ int_ansible_ssl_dir }}/test.key"
- name: LINEINFILE | Add all hosts in /etc/hosts - name: LINEINFILE | Add all hosts in /etc/hosts
lineinfile: lineinfile:
line: "127.0.2.1\t{% for s in nginx_sites %}{% if s.name is string %}{{ s.name }}{% else %}{% for n in s.name %}{{ n }} {% endfor %}{% endif %} {% if s.redirect_from is defined %}{% for rf in s.redirect_from %}{{ rf }} {% endfor %}{% endif %}{% endfor %}" line: "127.0.0.1\tlocalhost {% for s in nginx_sites %}{% if s.name is string %}{{ s.name }}{% else %}{% for n in s.name %}{{ n }} {% endfor %}{% endif %} {% if s.redirect_from is defined %}{% for rf in s.redirect_from %}{{ rf }} {% endfor %}{% endif %}{% endfor %}"
regexp: '^127\.0\.2' regexp: '^127\.0\.0\.1'
dest: "/etc/hosts" dest: "/etc/hosts"
unsafe_writes: yes unsafe_writes: yes
@ -122,7 +129,7 @@
-----END CERTIFICATE----- -----END CERTIFICATE-----
nginx_custom_http: nginx_custom_http:
- 'add_header X-ansible 1;' - 'add_header X-ansible 1;'
- 'geoip_country /usr/share/GeoIP/GeoIP.dat;' - 'geoip_country {% if ansible_distribution == "Debian" %}/usr/share/GeoIP/GeoIP.dat{% else %}/usr/local/share/GeoIP/GeoIP.dat{% endif %};'
- 'map $geoip_country_code $allowed_country {' - 'map $geoip_country_code $allowed_country {'
- ' default yes;' - ' default yes;'
- ' MA no;' - ' MA no;'
@ -414,7 +421,7 @@
failed_when: authbpc.content.find('BackupPC Server Status') == -1 failed_when: authbpc.content.find('BackupPC Server Status') == -1
# -------------------------------- # --------------------------------
# Nagios (not avaiblable on Debian >= 9) # Nagios (not avaiblable on Debian >= 9 and not tested on FreeBSD)
# -------------------------------- # --------------------------------
- block: - block:
@ -438,7 +445,7 @@
register: nagios_cgi register: nagios_cgi
failed_when: nagios_cgi.content.find('Nagios Event Summary') == -1 failed_when: nagios_cgi.content.find('Nagios Event Summary') == -1
when: ansible_distribution_major_version | version_compare('9', 'lt') when: ansible_distribution == 'Debian' and ansible_distribution_major_version | version_compare('9', 'lt')
# -------------------------------- # --------------------------------

2
vars/FreeBSD.yml
View File

@ -5,3 +5,5 @@ nginx_etc_dir: '/usr/local/etc/nginx'
# Specific sites # Specific sites
nginx_nagios_root: '/usr/local/www/nagios' nginx_nagios_root: '/usr/local/www/nagios'
nginx_fcgiwrap_sock: '/var/run/fcgiwrap/fcgiwrap.sock' nginx_fcgiwrap_sock: '/var/run/fcgiwrap/fcgiwrap.sock'
nginx_acmesh_bin: '/usr/local/sbin/acme.sh'

6
vars/main.yml
View File

@ -32,6 +32,12 @@ nginx_dirs:
- dir: "{{ nginx_helper_dir }}" - dir: "{{ nginx_helper_dir }}"
mode: "0755" mode: "0755"
owner: "root" owner: "root"
- dir: "{{ nginx_etc_dir }}/modules-available"
mode: "0755"
owner: "root"
- dir: "{{ nginx_etc_dir }}/modules-enabled"
mode: "0755"
owner: "root"
nginx_templates_no_dir: nginx_templates_no_dir:
- '_backuppc' - '_backuppc'