diff --git a/README.md b/README.md index 2c7dc19..00dd1b6 100644 --- a/README.md +++ b/README.md @@ -102,15 +102,6 @@ Dependencies See: [requirements.yml](requirements.yml). -If you need to dev this role locally on Vagrant ------------------------------------------------- - -Before use vagrant, run once: - -```commandline -ansible-galaxy install -p ./tests/ HanXHX.php,master -``` - If you need to dev this role locally with molecule -------------------------------------------------- @@ -122,11 +113,6 @@ With `debian-12` scenario: molecule -v -c molecule/_shared/base.yml verify -s debian-12 ``` -Example Playbook ----------------- - -See [tests/test.yml](tests/test.yml). - License ------- diff --git a/Vagrantfile b/Vagrantfile deleted file mode 100644 index 8cf523b..0000000 --- a/Vagrantfile +++ /dev/null @@ -1,87 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : -# vi: set tabstop=2 : -# vi: set shiftwidth=2 : - -Vagrant.configure("2") do |config| - - vms_debian = [ - { :name => "debian-buster", :box => "debian/buster64", :vars => {} }, - { :name => "debian-bullseye", :box => "debian/bullseye64", :vars => {} } - ] - - vms_freebsd = [ - { :name => "freebsd-11", :box => "freebsd/FreeBSD-11.3-STABLE", :vars => {} }, - { :name => "freebsd-12", :box => "freebsd/FreeBSD-12.1-STABLE", :vars => {} } - ] - - conts = [ - { :name => "docker-debian-buster", :docker => "hanxhx/vagrant-ansible:debian10", :vars => {} }, - { :name => "docker-debian-bullseye", :docker => "hanxhx/vagrant-ansible:debian11", :vars => {} }, - ] - - config.vm.network "private_network", type: "dhcp" - config.vm.synced_folder ".", "/vagrant", id: "vagrant-root", disabled: true - - conts.each do |opts| - config.vm.define opts[:name] do |m| - m.vm.provider "docker" do |d| - d.image = opts[:docker] - d.remains_running = true - d.has_ssh = true - end - - if opts[:name].include? "bullseye" - m.vm.provision "shell", inline: "[ -f '/root/first_provision' ] || (apt-get update -qq && apt-get -y dist-upgrade && touch /root/first_provision)" - end - - m.vm.provision "ansible" do |ansible| - ansible.playbook = "tests/test.yml" - ansible.verbose = 'vv' - ansible.become = true - ansible.extra_vars = opts[:vars].merge({ "nginx_debug_role": true, is_docker: true }) - end - end - end - - vms_debian.each do |opts| - config.vm.define opts[:name] do |m| - m.vm.box = opts[:box] - m.vm.provider "virtualbox" do |v| - v.cpus = 1 - v.memory = 256 - end - - if opts[:name].include? "bullseye" - m.vm.provision "shell", inline: "[ -f '/root/first_provision' ] || (apt-get update -qq && apt-get -y dist-upgrade && touch /root/first_provision)" - end - - m.vm.provision "ansible" do |ansible| - ansible.playbook = "tests/test.yml" - ansible.verbose = 'vv' - ansible.become = true - ansible.extra_vars = opts[:vars].merge({ "nginx_debug_role": true }) - end - end - end - - vms_freebsd.each do |opts| - config.vm.base_mac = "080027D14C66" - config.vm.define opts[:name] do |m| - m.vm.box = opts[:box] - m.vm.provider "virtualbox" do |v, override| - override.ssh.shell = "csh" - v.cpus = 2 - v.memory = 512 - end - m.vm.provision "shell", inline: "[ -e /usr/local/bin/bash ] || pkg install -y python bash" - m.vm.provision "ansible" do |ansible| - ansible.playbook = "tests/test.yml" - ansible.verbose = 'vv' - ansible.become = true - ansible.extra_vars = opts[:vars].merge({ "nginx_debug_role": true, "ansible_python_interpreter": '/usr/local/bin/python' }) - end - end - end - -end diff --git a/tests/includes/post_Debian.yml b/tests/includes/post_Debian.yml deleted file mode 100644 index ed97d53..0000000 --- a/tests/includes/post_Debian.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/tests/includes/post_FreeBSD.yml b/tests/includes/post_FreeBSD.yml deleted file mode 100644 index ed97d53..0000000 --- a/tests/includes/post_FreeBSD.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/tests/includes/post_common.yml b/tests/includes/post_common.yml deleted file mode 100644 index 275ee43..0000000 --- a/tests/includes/post_common.yml +++ /dev/null @@ -1,262 +0,0 @@ ---- - -# -------------------------------- -# Deploy index files -# -------------------------------- -- name: -- Add PHP file -- - ansible.builtin.copy: - dest: "{{ nginx_root }}/{{ item }}/public/index.php" - content: " - item.template is defined and - (item.template == '_php' or item.template == '_php_index' or item.template == '_php_index2') - failed_when: p.content.find('PHP Version') == -1 - -- name: -- VERIFY INDEX2 -- - ansible.builtin.uri: - url: "http://test-php-index2.local/lorem.php?ipsum=sit&dolor=amet" - return_content: true - register: p2 - failed_when: p2.content.find('PHP Version') == -1 - -# -------------------------------- -# Basic Auth -# -------------------------------- -- name: -- VERIFY AUTH BASIC NONE -- - ansible.builtin.uri: - url: "http://test-htpasswd.local/hello/" - status_code: 401 - -- name: -- VERIFY AUTH BASIC FAIL -- - ansible.builtin.uri: - url: "http://test-htpasswd.local/hello/" - status_code: 401 - user: "fail" - password: "fail" - force_basic_auth: true - -- name: -- VERIFY AUTH BASIC OK -- - ansible.builtin.uri: - url: "http://test-htpasswd.local/hello/" - user: "hanx" - password: "qwerty" - force_basic_auth: true - -- name: -- VERIFY AUTH BASIC FAIL GLOBAL -- - ansible.builtin.uri: - url: "http://test-htpasswd-all.local/" - status_code: 401 - user: "fail" - password: "fail" - force_basic_auth: true - -- name: -- VERIFY AUTH BASIC OK GLOBAL -- - ansible.builtin.uri: - url: "http://test-htpasswd-all.local/" - user: "hanx" - password: "qwerty" - force_basic_auth: true - -# -------------------------------- -# SSL -# -------------------------------- -- name: -- VERIFY SSL -- - ansible.builtin.uri: - url: "https://{{ item }}/" - return_content: true - validate_certs: false - register: sslok - failed_when: sslok.content.find('Index HTML test OK') == -1 - loop: - - 'test-ssl-predeployed.local' - - 'test-ssl-selfsigned.local' - - 'test-ssl.local' - - '{{ ngrok.stdout }}' - -- name: -- VERIFY SSL REDIRECT -- - ansible.builtin.uri: - url: "http://{{ item.name }}/" - validate_certs: false - status_code: 301 - return_content: true - follow_redirects: none - register: sslredirok - failed_when: '"https://%s%s" % (item.name, ":" + item.port if item.port is defined else "") not in sslredirok.location' - loop: - - name: 'test-ssl-redirect.local' - - name: 'test-ssl-redirect-many.local' - port: '8443' - - name: 'test-ssl-redirect-many2.local' - port: '8443' - -# -------------------------------- -# Default sites -# -------------------------------- -- name: -- VERIFY DEFAULT SITE -- - ansible.builtin.uri: - url: 'http://127.0.0.1/' - return_content: true - register: vdefault - failed_when: > - vdefault.content.find('Index HTML test OK') == -1 or - vdefault.x_ansible_default is not defined - -- name: -- VERIFY DEFAULT SITE + STUB STATUS-- - ansible.builtin.uri: - url: 'http://127.0.0.1/status' - return_content: true - register: vdefault_status - failed_when: > - vdefault_status.content.find('Active connections') == -1 or - vdefault_status.x_ansible_default is not defined - -- name: -- VERIFY DEFAULT SSL SITE -- - ansible.builtin.uri: - url: 'https://127.0.0.1/' - return_content: true - validate_certs: false - register: vdefault - failed_when: > - vdefault.content.find('Index HTML test OK') == -1 or - vdefault.x_ansible_default is not defined - -- name: -- VERIFY NOT DEFAULT SITE -- - ansible.builtin.uri: - url: 'http://test-php.local/' - return_content: true - register: vphp - failed_when: vphp.x_ansible_default is defined - -- name: -- VERIFY NOT DEFAULT SSL SITE -- - ansible.builtin.uri: - url: 'https://test-ssl.local/' - return_content: true - validate_certs: false - register: notdefaultssl - failed_when: notdefaultssl.x_ansible_default is defined - -# -------------------------------- -# Check Proxy protocol -# -------------------------------- -- name: SHELL | Check HTTP proxy protocol - ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol' - args: - executable: /bin/bash - changed_when: false - -- name: SHELL | Check HTTPS proxy protocol - ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol' - args: - executable: /bin/bash - changed_when: false - -# -------------------------------- -# Check HTTP2 -# -------------------------------- -- name: SHELL | Check HTTP2 - ansible.builtin.shell: set -o pipefail && nghttp -nv https://localhost 2> /dev/null | grep -q h2 - args: - executable: /bin/bash - changed_when: false diff --git a/tests/includes/pre_Debian.yml b/tests/includes/pre_Debian.yml deleted file mode 100644 index 6e9edfe..0000000 --- a/tests/includes/pre_Debian.yml +++ /dev/null @@ -1,82 +0,0 @@ ---- - -- name: APT_REPOSITORY | Install backports - ansible.builtin.apt_repository: - repo: 'deb http://httpredir.debian.org/debian {{ ansible_distribution_release }}-backports main' - state: present - when: nginx_backports is defined and nginx_backports - -- name: APT | Install needed packages - ansible.builtin.apt: - pkg: "{{ packages }}" - update_cache: true - cache_valid_time: 3600 - state: present - vars: - packages: - - cron - - curl - - daemonize - - jq - - nghttp2 - - strace - - vim - - unzip - -- name: APT | Install PHP - ansible.builtin.apt: - pkg: "{{ pkgs }}" - update_cache: true - cache_valid_time: 3600 - state: present - vars: - pkgs: - - php-cli - - php-fpm - -- name: SHELL | Get current PHP version - ansible.builtin.shell: php --version | awk '/^PHP/ { print $2 }' | grep -o -E '^.{3}' - changed_when: false - register: cur_php_version - -# Bypasses Ansible+Docker issue. With service module... php is not really started! -- name: COMMAND | Force start PHP - ansible.builtin.command: "service php{{ cur_php_version.stdout }}-fpm start" - args: - creates: "/run/php/php{{ cur_php_version.stdout }}-fpm.pid" - -- name: GET_URL | Download ngrok - ansible.builtin.get_url: - url: "https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-amd64.tgz" - dest: "/tmp/ngrok.zip" - -- name: UNARCHIVE | Uncompress ngrok - ansible.builtin.unarchive: - src: "/tmp/ngrok.zip" - dest: "/tmp" - remote_src: true - -- name: SET_FACT | ngrok_path - ansible.builtin.set_fact: - ngrok_path: '/tmp/ngrok' - -- name: USER | Create PHP User foo - ansible.builtin.user: - name: foo - system: true - -- name: INCLUDE_ROLE | hanxhx.php # TODO: repair vagrant - ansible.builtin.include_role: - name: "hanxhx.php" - vars: - php_version: "{{ cur_php_version.stdout }}" - php_autoremove_default_pool: false - php_fpm_poold: - - name: 'hx_unix' - user: 'foo' - php_value: - display_errors: 'Off' - php_admin_value: - memory_limit: '98M' - - name: 'hx_ip' - listen: '127.0.0.1:9636' diff --git a/tests/includes/pre_FreeBSD.yml b/tests/includes/pre_FreeBSD.yml deleted file mode 100644 index 84003fe..0000000 --- a/tests/includes/pre_FreeBSD.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- - -- name: SET_FACT | FreeBSD web user - set_fact: - nginx_pkgng_package: 'nginx-full' - nginx_user: 'www' - nginx_php: - - upstream_name: 'manual' - sockets: - - host: '127.0.0.1' - port: 9000 - - upstream_name: 'hx_unix' - sockets: - - host: '127.0.0.1' - port: 9000 - - upstream_name: 'hx_ip' - sockets: - - host: '127.0.0.1' - port: 9000 - ngrok_path: '/usr/local/bin/ngrok' - -- name: PKGNG | Install needed packages - pkgng: - pkg: "{{ packages }}" - state: present - vars: - packages: - - bash - - curl - - daemonize - - fcgiwrap - - jq - - nghttp2 - - php74 - - vim - -- name: SERVICE | Force start services - service: - name: "{{ item }}" - state: started - enabled: true - register: sf - loop: - - php-fpm - -- name: STAT | Check ports - stat: - path: /usr/ports - register: ports - -- block: - - - name: COMMAND | Get ports - command: portsnap fetch --interactive - - - name: COMMAND | Extract ports - command: portsnap extract - no_log: true - - when: not ports.stat.exists - -- name: SHELL | Install ngrok - shell: make install clean DISABLE_LICENSES=yes - args: - chdir: /usr/ports/security/ngrok - creates: "{{ ngrok_path }}" diff --git a/tests/includes/pre_common.yml b/tests/includes/pre_common.yml deleted file mode 100644 index 3af4289..0000000 --- a/tests/includes/pre_common.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- - -- name: COMMAND | Start ngrok - ansible.builtin.command: daemonize -l /tmp/ngrok.lock {{ ngrok_path }} http 80 --scheme http - failed_when: false - changed_when: ngrok.stderr.find("Can't lock the lock file") == -1 - register: ngrok - -- name: WAIT_FOR | ngrok started # noqa: no-handler - ansible.builtin.wait_for: - delay: 2 - port: 4040 - when: ngrok.changed - -- name: SHELL | Get ngrok public address - ansible.builtin.shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3 - args: - executable: /bin/bash - register: ngrok - changed_when: false - -- name: FILE | Create an internal SSL dir - ansible.builtin.file: - path: "{{ int_ansible_ssl_dir }}" - state: directory - mode: 0750 - owner: root - group: root - -- name: COPY | Deploy test cert/key - ansible.builtin.copy: - src: "file/{{ item }}" - dest: "{{ int_ansible_ssl_dir }}/{{ item }}" - mode: 0640 - owner: root - group: root - loop: - - 'test.key' - - 'test.crt' - -- name: COPY | Add all hosts in /etc/hosts - ansible.builtin.copy: - content: | - 127.0.0.1 localhost - {% for s in nginx_sites %} - {% if s.name is string %} - 127.0.0.1 {{ s.name }} - {% else %} - 127.0.0.1 {% for n in s.name %}{{ n }} {% endfor %} - {% endif %} - {% if s.redirect_from is defined %} - 127.0.0.1 {% for rf in s.redirect_from %}{{ rf }} {% endfor %} - {% endif %} - {% endfor %} - dest: "/etc/hosts" - mode: 0644 - owner: root - group: root - unsafe_writes: true diff --git a/tests/templates/custom_template.conf.j2 b/tests/templates/custom_template.conf.j2 deleted file mode 100644 index 9c19619..0000000 --- a/tests/templates/custom_template.conf.j2 +++ /dev/null @@ -1,16 +0,0 @@ -# {{ ansible_managed }} - custom template - -server { - listen 80; - listen 8888 http2; - listen 9999 http2 proxy_protocol; - server_name {{ item.name }}; - - index index.html index.htm; - - root {{ item.root }}; - - location / { - try_files $uri $uri/ =404; - } -} diff --git a/tests/test.yml b/tests/test.yml deleted file mode 100644 index f733884..0000000 --- a/tests/test.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -- name: Launch tests # noqa: role-name[path] - hosts: all - pre_tasks: - - name: INCLUDE_TASKS | Pre_tasks related to OS version - ansible.builtin.include_tasks: "includes/pre_{{ ansible_os_family }}.yml" - - - name: IMPORT_TASKS | Pre_tasks common - ansible.builtin.import_tasks: "includes/pre_common.yml" - - roles: - - ../../ - - post_tasks: - - name: INCLUDE_TASKS | Post_tasks related to OS version - ansible.builtin.include_tasks: "includes/post_{{ ansible_os_family }}.yml" - - - name: IMPORT_TASKS | Post_tasks common - ansible.builtin.import_tasks: "includes/post_common.yml"