diff --git a/.travis.yml b/.travis.yml index b8bdfcd..bf92a4f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,17 +1,4 @@ env: - - PLATFORM='docker-debian-jessie' ANSIBLE_VERSION='ansible>=2.2,<2.3' - - PLATFORM='docker-debian-jessie-backports' ANSIBLE_VERSION='ansible>=2.2,<2.3' - - PLATFORM='docker-debian-jessie-dotdeb' ANSIBLE_VERSION='ansible>=2.2,<2.3' - - PLATFORM='docker-debian-jessie' ANSIBLE_VERSION='ansible>=2.3,<2.4' - - PLATFORM='docker-debian-jessie-backports' ANSIBLE_VERSION='ansible>=2.3,<2.4' - - PLATFORM='docker-debian-jessie-dotdeb' ANSIBLE_VERSION='ansible>=2.3,<2.4' - - PLATFORM='docker-debian-stretch' ANSIBLE_VERSION='ansible>=2.3,<2.4' - - PLATFORM='docker-debian-stretch-sury' ANSIBLE_VERSION='ansible>=2.3,<2.4' - - PLATFORM='docker-debian-jessie' ANSIBLE_VERSION='ansible>=2.4,<2.5' - - PLATFORM='docker-debian-jessie-backports' ANSIBLE_VERSION='ansible>=2.4,<2.5' - - PLATFORM='docker-debian-jessie-dotdeb' ANSIBLE_VERSION='ansible>=2.4,<2.5' - - PLATFORM='docker-debian-stretch' ANSIBLE_VERSION='ansible>=2.4,<2.5' - - PLATFORM='docker-debian-stretch-sury' ANSIBLE_VERSION='ansible>=2.4,<2.5' - PLATFORM='docker-debian-jessie' ANSIBLE_VERSION='ansible>=2.5,<2.6' - PLATFORM='docker-debian-jessie-backports' ANSIBLE_VERSION='ansible>=2.5,<2.6' - PLATFORM='docker-debian-jessie-dotdeb' ANSIBLE_VERSION='ansible>=2.5,<2.6' diff --git a/README.md b/README.md index 80b85e5..c9a4bef 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ Supported OS: Requirements ------------ -None. If you set true to `nginx_backports`, you must install backports repository before lauching this role. +Ansible 2.5+. If you set true to `nginx_backports`, you must install backports repository before lauching this role. Role Variables -------------- diff --git a/meta/main.yml b/meta/main.yml index 5809257..856d6ce 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,14 +1,15 @@ --- galaxy_info: author: Emilien Mantel - description: Nginx for Debian + description: Nginx for Debian / FreeBSD company: license: GPLv2 - min_ansible_version: 2.2 + min_ansible_version: 2.5 platforms: - name: Debian versions: - jessie + - stretch - name: FreeBSD versions: - 11.0 diff --git a/tasks/config.yml b/tasks/config.yml index 00af866..df19f13 100644 --- a/tasks/config.yml +++ b/tasks/config.yml @@ -24,13 +24,14 @@ regexp: '{{ item.0.regexp }}' line: '{{ item.0.line }}' dest: '{{ item.1 }}' - with_nested: - - + loop: "{{ list_one | product(list_two) | list }}" + vars: + list_one: - regexp: '^fastcgi_param SCRIPT_FILENAME' line: 'fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;' - regexp: '^fastcgi_param DOCUMENT_ROOT' line: 'fastcgi_param DOCUMENT_ROOT $realpath_root;' - - + list_two: - '{{ nginx_etc_dir }}/fastcgi.conf' when: nginx_fastcgi_fix_realpath diff --git a/tasks/install_Debian.yml b/tasks/install_Debian.yml index fb8fe03..84ecf00 100644 --- a/tasks/install_Debian.yml +++ b/tasks/install_Debian.yml @@ -1,13 +1,5 @@ --- -- name: FAIL | Check possible issues - fail: - msg: "This ansible version ({{ ansible_version.full}}) is not compatible with your needs (Debian Stretch + htpasswd). Please see https://github.com/HanXHX/ansible-nginx/issues/28" - when: - ansible_distribution_major_version | version_compare('9', 'ge') and - ansible_version.full | version_compare('2.3.2', 'lt') and - nginx_htpasswd | length > 0 - - name: APT | Update cache apt: update_cache: yes @@ -29,11 +21,10 @@ - name: APT | Install nginx modules apt: - pkg: "{{ item }}" + pkg: "{{ nginx_module_packages }}" state: present - with_items: "{{ nginx_module_packages }}" when: - ansible_distribution_major_version | version_compare('9', 'ge') or + ansible_distribution_major_version is version('9', 'ge') or nginx_backports - name: APT | Install python-passlib diff --git a/tasks/site.yml b/tasks/site.yml index 915e2ef..be2439c 100644 --- a/tasks/site.yml +++ b/tasks/site.yml @@ -30,7 +30,7 @@ owner: "{{ item.owner | default(nginx_user) }}" group: "{{ item.group | default(nginx_user) }}" mode: "{{ item.mode | default('0755') }}" - with_items: "{{ nginx_sites }}" + loop: "{{ nginx_sites }}" when: > item.root is not defined and (item.template is defined and item.template not in nginx_templates_no_dir) and @@ -43,9 +43,9 @@ template: src: "etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2" dest: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}" - with_items: "{{ nginx_sites }}" notify: ['reload nginx', 'restart nginx freebsd'] when: item.state is not defined or item.state != 'absent' + loop: "{{ nginx_sites }}" loop_control: label: "{{ item | nginx_site_name }}" diff --git a/tasks/upstream.yml b/tasks/upstream.yml index 9aecbfd..649fd97 100644 --- a/tasks/upstream.yml +++ b/tasks/upstream.yml @@ -17,7 +17,7 @@ template: src: "etc/nginx/conf.d/_upstream.conf.j2" dest: "{{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf" - with_items: "{{ nginx_upstreams }}" + loop: "{{ nginx_upstreams }}" when: item.state is not defined or item.state == 'present' notify: reload nginx diff --git a/templates/etc/nginx/conf.d/_upstream.conf.j2 b/templates/etc/nginx/conf.d/_upstream.conf.j2 index 7fedf6e..c62269d 100644 --- a/templates/etc/nginx/conf.d/_upstream.conf.j2 +++ b/templates/etc/nginx/conf.d/_upstream.conf.j2 @@ -1,5 +1,5 @@ {%- macro s(key, value, is_bool, min_version) %} -{% if nginx_version.stdout | version_compare(min_version, 'ge') %} +{% if nginx_version.stdout is version(min_version, 'ge') %} {% if is_bool and value %} {{ key }}{% elif not is_bool %} {{ key }}={{ value }}{% endif %} {% endif %} {%- endmacro -%} diff --git a/templates/etc/nginx/helper/ssl-legacy.j2 b/templates/etc/nginx/helper/ssl-legacy.j2 index 709d4fa..e0aab8b 100644 --- a/templates/etc/nginx/helper/ssl-legacy.j2 +++ b/templates/etc/nginx/helper/ssl-legacy.j2 @@ -3,10 +3,10 @@ # ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; -ssl_protocols TLSv1 TLSv1.1 TLSv1.2{% if nginx_version.stdout | version_compare('1.13.0', 'ge') %} TLSv1.3{% endif %}; +ssl_protocols TLSv1 TLSv1.1 TLSv1.2{% if nginx_version.stdout is version('1.13.0', 'ge') %} TLSv1.3{% endif %}; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; -add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"{% if nginx_version.stdout | version_compare('1.7.5', 'ge') %} always{% endif %}; +add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"{% if nginx_version.stdout is version('1.7.5', 'ge') %} always{% endif %}; ssl_stapling on; ssl_stapling_verify on; resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }}; diff --git a/templates/etc/nginx/helper/ssl-strong.j2 b/templates/etc/nginx/helper/ssl-strong.j2 index 50ca343..3527fac 100644 --- a/templates/etc/nginx/helper/ssl-strong.j2 +++ b/templates/etc/nginx/helper/ssl-strong.j2 @@ -3,10 +3,10 @@ # ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; -ssl_protocols TLSv1 TLSv1.1 TLSv1.2{% if nginx_version.stdout | version_compare('1.13.0', 'ge') %} TLSv1.3{% endif %}; +ssl_protocols TLSv1 TLSv1.1 TLSv1.2{% if nginx_version.stdout is version('1.13.0', 'ge') %} TLSv1.3{% endif %}; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; -add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"{% if nginx_version.stdout | version_compare('1.7.5', 'ge') %} always{% endif %}; +add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"{% if nginx_version.stdout is version('1.7.5', 'ge') %} always{% endif %}; ssl_stapling on; ssl_stapling_verify on; resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }}; diff --git a/templates/etc/nginx/nginx.conf.j2 b/templates/etc/nginx/nginx.conf.j2 index 96c4799..6e558a4 100644 --- a/templates/etc/nginx/nginx.conf.j2 +++ b/templates/etc/nginx/nginx.conf.j2 @@ -5,7 +5,7 @@ user {{ nginx_user }}; worker_processes {{ nginx_worker_processes }}; pid {{ nginx_pid }}; -{% if nginx_version.stdout | version_compare('1.9.11', 'ge') %} +{% if nginx_version.stdout is version('1.9.11', 'ge') %} include {{ nginx_etc_dir }}/modules-enabled/*.conf; {% endif %} diff --git a/templates/etc/nginx/sites-available/_base.j2 b/templates/etc/nginx/sites-available/_base.j2 index c671903..12f8933 100644 --- a/templates/etc/nginx/sites-available/_base.j2 +++ b/templates/etc/nginx/sites-available/_base.j2 @@ -83,7 +83,7 @@ server { {% block template_headers %} # --> Custom headers {% for key, value in __headers.iteritems() %} - add_header {{ key }} "{{ value | replace(' always', '') }}"{% if nginx_version.stdout | version_compare('1.7.5', 'ge') and ' always' in value %} always{% endif %}; + add_header {{ key }} "{{ value | replace(' always', '') }}"{% if nginx_version.stdout is version('1.7.5', 'ge') and ' always' in value %} always{% endif %}; {% endfor %} # <-- Custom headers {% endblock %} diff --git a/tests/includes/post_Debian.yml b/tests/includes/post_Debian.yml index 571ee93..80de3ef 100644 --- a/tests/includes/post_Debian.yml +++ b/tests/includes/post_Debian.yml @@ -2,11 +2,12 @@ - name: APT | Install webapps apt: - pkg: "{{ item }}" + pkg: "{{ packages }}" state: present install_recommends: no - with_items: - - backuppc + vars: + packages: + - backuppc - name: SERVICE | Ensure backuppc is started service: diff --git a/tests/includes/pre_Debian.yml b/tests/includes/pre_Debian.yml index 59eab2d..b0a3315 100644 --- a/tests/includes/pre_Debian.yml +++ b/tests/includes/pre_Debian.yml @@ -45,19 +45,20 @@ - name: APT | Install needed packages apt: - pkg: "{{ item }}" + pkg: "{{ packages }}" update_cache: yes cache_valid_time: 3600 state: present - with_items: - - cron - - curl - - fcgiwrap - - jq - - nghttp2 - - strace - - vim - - unzip + vars: + packages: + - cron + - curl + - fcgiwrap + - jq + - nghttp2 + - strace + - vim + - unzip - name: APT | Install daemonize from Stretch apt: @@ -69,7 +70,7 @@ update_cache: yes cache_valid_time: 3600 state: present - with_items: "{{ nginx_php }}" + loop: "{{ nginx_php }}" register: apt_php - name: SERVICE | Force start fcgiwrap @@ -77,10 +78,11 @@ name: "fcgiwrap" state: started -# Bypasses Ansible 2.4 issue (cannot use service module)... With service module... php is not really started! - name: COMMAND | Force start PHP - command: "service {{ item.version | php_fpm_service }} start" - with_items: "{{ nginx_php }}" + service: + name: "{{ item.version | php_fpm_service }}" + state: started + loop: "{{ nginx_php }}" when: apt_php.changed - name: GET_URL | Download ngrok diff --git a/tests/includes/pre_FreeBSD.yml b/tests/includes/pre_FreeBSD.yml index 80bfbe5..44e5e2a 100644 --- a/tests/includes/pre_FreeBSD.yml +++ b/tests/includes/pre_FreeBSD.yml @@ -15,17 +15,18 @@ - name: PKGNG | Install needed packages pkgng: - pkg: "{{ item }}" + pkg: "{{ packages }}" state: present - with_items: - - curl - - daemonize - - fcgiwrap - - GeoIP - - jq - - nghttp2 - - php72 - - vim + vars: + packages: + - curl + - daemonize + - fcgiwrap + - GeoIP + - jq + - nghttp2 + - php72 + - vim - name: COMMAND | Get geoip database command: geoipupdate.sh @@ -38,7 +39,7 @@ state: started enabled: yes register: sf - with_items: + loop: - php-fpm - fcgiwrap diff --git a/tests/includes/pre_common.yml b/tests/includes/pre_common.yml index 46e4fec..bd55371 100644 --- a/tests/includes/pre_common.yml +++ b/tests/includes/pre_common.yml @@ -14,6 +14,8 @@ - name: SHELL | Get ngrok public address shell: curl 'http://127.0.0.1:4040/api/tunnels/command_line' | jq '.public_url' | grep -oE '[[:alnum:]]+\.ngrok\.io' + args: + warn: false register: ngrok changed_when: false @@ -22,6 +24,6 @@ line: "set mouse=" dest: "{{ item }}/.vimrc" create: yes - with_items: + loop: - /root - /home/vagrant diff --git a/tests/test.yml b/tests/test.yml index 47d0b41..006da9b 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -276,7 +276,7 @@ copy: dest: "{{ nginx_root }}/{{ item }}/public/index.php" content: " item.template is defined and (item.template == '_php' or item.template == '_php_index' or item.template == '_php_index2') @@ -430,7 +430,7 @@ validate_certs: no register: sslok failed_when: sslok.content.find('Index HTML test OK') == -1 - with_items: + loop: - 'test-ssl-predeployed.local' - 'test-ssl-selfsigned.local' - 'test-ssl.local' @@ -445,7 +445,7 @@ follow_redirects: none register: sslredirok failed_when: '"https://%s%s" % (item.name, ":" + item.port if item.port is defined else "") not in sslredirok.location' - with_items: + loop: - name: 'test-ssl-redirect.local' - name: 'test-ssl-redirect-many.local' port: '8443'