radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

🔥 Drop legacy test suite

modernize
Emilien Mantel 2025-06-02 10:42:54 +02:00
parent 1aaf0351b4
commit 8ec630284a
10 changed files with 0 additions and 608 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -102,15 +102,6 @@ Dependencies
See: [requirements.yml](requirements.yml). See: [requirements.yml](requirements.yml).
If you need to dev this role locally on Vagrant
------------------------------------------------
Before use vagrant, run once:
```commandline
ansible-galaxy install -p ./tests/ HanXHX.php,master
```
If you need to dev this role locally with molecule If you need to dev this role locally with molecule
-------------------------------------------------- --------------------------------------------------
@ -122,11 +113,6 @@ With `debian-12` scenario:
molecule -v -c molecule/_shared/base.yml verify -s debian-12 molecule -v -c molecule/_shared/base.yml verify -s debian-12
``` ```
Example Playbook
----------------
See [tests/test.yml](tests/test.yml).
License License
------- -------

87
Vagrantfile vendored
View File

@ -1,87 +0,0 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# vi: set tabstop=2 :
# vi: set shiftwidth=2 :
Vagrant.configure("2") do |config|
vms_debian = [
{ :name => "debian-buster", :box => "debian/buster64", :vars => {} },
{ :name => "debian-bullseye", :box => "debian/bullseye64", :vars => {} }
]
vms_freebsd = [
{ :name => "freebsd-11", :box => "freebsd/FreeBSD-11.3-STABLE", :vars => {} },
{ :name => "freebsd-12", :box => "freebsd/FreeBSD-12.1-STABLE", :vars => {} }
]
conts = [
{ :name => "docker-debian-buster", :docker => "hanxhx/vagrant-ansible:debian10", :vars => {} },
{ :name => "docker-debian-bullseye", :docker => "hanxhx/vagrant-ansible:debian11", :vars => {} },
]
config.vm.network "private_network", type: "dhcp"
config.vm.synced_folder ".", "/vagrant", id: "vagrant-root", disabled: true
conts.each do |opts|
config.vm.define opts[:name] do |m|
m.vm.provider "docker" do |d|
d.image = opts[:docker]
d.remains_running = true
d.has_ssh = true
end
if opts[:name].include? "bullseye"
m.vm.provision "shell", inline: "[ -f '/root/first_provision' ] || (apt-get update -qq && apt-get -y dist-upgrade && touch /root/first_provision)"
end
m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv'
ansible.become = true
ansible.extra_vars = opts[:vars].merge({ "nginx_debug_role": true, is_docker: true })
end
end
end
vms_debian.each do |opts|
config.vm.define opts[:name] do |m|
m.vm.box = opts[:box]
m.vm.provider "virtualbox" do |v|
v.cpus = 1
v.memory = 256
end
if opts[:name].include? "bullseye"
m.vm.provision "shell", inline: "[ -f '/root/first_provision' ] || (apt-get update -qq && apt-get -y dist-upgrade && touch /root/first_provision)"
end
m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv'
ansible.become = true
ansible.extra_vars = opts[:vars].merge({ "nginx_debug_role": true })
end
end
end
vms_freebsd.each do |opts|
config.vm.base_mac = "080027D14C66"
config.vm.define opts[:name] do |m|
m.vm.box = opts[:box]
m.vm.provider "virtualbox" do |v, override|
override.ssh.shell = "csh"
v.cpus = 2
v.memory = 512
end
m.vm.provision "shell", inline: "[ -e /usr/local/bin/bash ] || pkg install -y python bash"
m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv'
ansible.become = true
ansible.extra_vars = opts[:vars].merge({ "nginx_debug_role": true, "ansible_python_interpreter": '/usr/local/bin/python' })
end
end
end
end

1
tests/includes/post_Debian.yml
View File

@ -1 +0,0 @@
---

1
tests/includes/post_FreeBSD.yml
View File

@ -1 +0,0 @@
---

262
tests/includes/post_common.yml
View File

@ -1,262 +0,0 @@
---
# --------------------------------
# Deploy index files
# --------------------------------
- name: -- Add PHP file --
ansible.builtin.copy:
dest: "{{ nginx_root }}/{{ item }}/public/index.php"
content: "<?php phpinfo();"
mode: 0644
owner: root
group: root
loop:
- 'test-php.local'
- 'test-php-index.local'
- 'test-php-index2.local'
- name: -- Add Directories --
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: 0755
loop:
- "{{ nginx_root }}/test-htpasswd.local/public/hello"
- "/tmp/custom-template"
- name: -- Add HTML file --
ansible.builtin.copy:
dest: "{{ item }}/index.html"
content: "Index HTML test OK\n"
mode: 0644
owner: root
group: root
loop:
- '{{ nginx_root }}/first-test/public'
- '/var/tmp'
- '{{ nginx_root }}/test-htpasswd-all.local/public'
- '{{ nginx_root }}/test-ssl.local/public'
- '{{ nginx_root }}/test-ssl-selfsigned.local/public'
- '{{ nginx_root }}/test-ssl-predeployed.local/public'
- '{{ nginx_root }}/test-ssl-proxy-protocol.local/public'
- '{{ nginx_root }}/{{ ngrok.stdout }}/public'
- name: -- Create directory --
ansible.builtin.file:
path: "{{ nginx_root }}/test-htpasswd.local/public/hello"
state: directory
mode: 0755
owner: root
group: root
- name: -- Add HTML file hello --
ansible.builtin.copy:
dest: "{{ nginx_root }}/test-htpasswd.local/public/hello/index.html"
content: "hello\n"
mode: 0644
owner: root
group: root
# --------------------------------
# Test custom facts
# --------------------------------
- name: -- CHECK FACTS --
ansible.builtin.assert:
that: "'{{ ansible_local.nginx.fact_nginx_sites[0].name[0] }}' == 'test.local'"
# --------------------------------
# Simple sites tests
# --------------------------------
- name: -- VERIFY SITES --
ansible.builtin.uri:
url: "http://{{ item | nginx_site_name }}{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
status_code: '200,301,302,401,403'
follow_redirects: none
loop: "{{ nginx_sites }}"
when: item.state is undefined or item.state != "absent"
changed_when: false
- name: -- VERIFY FORBIDDEN --
ansible.builtin.uri:
url: "http://test-php-index.local/phpinfo.php"
status_code: 403
- name: -- VERIFY REDIRECT SITES --
ansible.builtin.uri:
url: "http://{{ item.redirect_from[0] }}/"
status_code: 301
follow_redirects: none
loop: "{{ nginx_sites }}"
when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") and (item.proto is not defined or 'https' not in item.proto)
changed_when: false
- name: -- VERIFY REDIRECT HTTPS SITES --
ansible.builtin.uri:
url: "https://{{ item.redirect_from[0] }}:{{ item.listen_ssl[0] | default(443) }}/"
status_code: 301
follow_redirects: none
validate_certs: false
loop: "{{ nginx_sites }}"
when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") and item.proto is defined and 'https' in item.proto
changed_when: false
# --------------------------------
# PHP
# --------------------------------
- name: -- VERIFY PHP SITES --
ansible.builtin.uri:
url: "http://{{ item.name }}/"
return_content: true
register: p
loop: "{{ nginx_sites }}"
when: >
item.template is defined and
(item.template == '_php' or item.template == '_php_index' or item.template == '_php_index2')
failed_when: p.content.find('PHP Version') == -1
- name: -- VERIFY INDEX2 --
ansible.builtin.uri:
url: "http://test-php-index2.local/lorem.php?ipsum=sit&dolor=amet"
return_content: true
register: p2
failed_when: p2.content.find('PHP Version') == -1
# --------------------------------
# Basic Auth
# --------------------------------
- name: -- VERIFY AUTH BASIC NONE --
ansible.builtin.uri:
url: "http://test-htpasswd.local/hello/"
status_code: 401
- name: -- VERIFY AUTH BASIC FAIL --
ansible.builtin.uri:
url: "http://test-htpasswd.local/hello/"
status_code: 401
user: "fail"
password: "fail"
force_basic_auth: true
- name: -- VERIFY AUTH BASIC OK --
ansible.builtin.uri:
url: "http://test-htpasswd.local/hello/"
user: "hanx"
password: "qwerty"
force_basic_auth: true
- name: -- VERIFY AUTH BASIC FAIL GLOBAL --
ansible.builtin.uri:
url: "http://test-htpasswd-all.local/"
status_code: 401
user: "fail"
password: "fail"
force_basic_auth: true
- name: -- VERIFY AUTH BASIC OK GLOBAL --
ansible.builtin.uri:
url: "http://test-htpasswd-all.local/"
user: "hanx"
password: "qwerty"
force_basic_auth: true
# --------------------------------
# SSL
# --------------------------------
- name: -- VERIFY SSL --
ansible.builtin.uri:
url: "https://{{ item }}/"
return_content: true
validate_certs: false
register: sslok
failed_when: sslok.content.find('Index HTML test OK') == -1
loop:
- 'test-ssl-predeployed.local'
- 'test-ssl-selfsigned.local'
- 'test-ssl.local'
- '{{ ngrok.stdout }}'
- name: -- VERIFY SSL REDIRECT --
ansible.builtin.uri:
url: "http://{{ item.name }}/"
validate_certs: false
status_code: 301
return_content: true
follow_redirects: none
register: sslredirok
failed_when: '"https://%s%s" % (item.name, ":" + item.port if item.port is defined else "") not in sslredirok.location'
loop:
- name: 'test-ssl-redirect.local'
- name: 'test-ssl-redirect-many.local'
port: '8443'
- name: 'test-ssl-redirect-many2.local'
port: '8443'
# --------------------------------
# Default sites
# --------------------------------
- name: -- VERIFY DEFAULT SITE --
ansible.builtin.uri:
url: 'http://127.0.0.1/'
return_content: true
register: vdefault
failed_when: >
vdefault.content.find('Index HTML test OK') == -1 or
vdefault.x_ansible_default is not defined
- name: -- VERIFY DEFAULT SITE + STUB STATUS--
ansible.builtin.uri:
url: 'http://127.0.0.1/status'
return_content: true
register: vdefault_status
failed_when: >
vdefault_status.content.find('Active connections') == -1 or
vdefault_status.x_ansible_default is not defined
- name: -- VERIFY DEFAULT SSL SITE --
ansible.builtin.uri:
url: 'https://127.0.0.1/'
return_content: true
validate_certs: false
register: vdefault
failed_when: >
vdefault.content.find('Index HTML test OK') == -1 or
vdefault.x_ansible_default is not defined
- name: -- VERIFY NOT DEFAULT SITE --
ansible.builtin.uri:
url: 'http://test-php.local/'
return_content: true
register: vphp
failed_when: vphp.x_ansible_default is defined
- name: -- VERIFY NOT DEFAULT SSL SITE --
ansible.builtin.uri:
url: 'https://test-ssl.local/'
return_content: true
validate_certs: false
register: notdefaultssl
failed_when: notdefaultssl.x_ansible_default is defined
# --------------------------------
# Check Proxy protocol
# --------------------------------
- name: SHELL | Check HTTP proxy protocol
ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol'
args:
executable: /bin/bash
changed_when: false
- name: SHELL | Check HTTPS proxy protocol
ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol'
args:
executable: /bin/bash
changed_when: false
# --------------------------------
# Check HTTP2
# --------------------------------
- name: SHELL | Check HTTP2
ansible.builtin.shell: set -o pipefail && nghttp -nv https://localhost 2> /dev/null | grep -q h2
args:
executable: /bin/bash
changed_when: false

82
tests/includes/pre_Debian.yml
View File

@ -1,82 +0,0 @@
---
- name: APT_REPOSITORY | Install backports
ansible.builtin.apt_repository:
repo: 'deb http://httpredir.debian.org/debian {{ ansible_distribution_release }}-backports main'
state: present
when: nginx_backports is defined and nginx_backports
- name: APT | Install needed packages
ansible.builtin.apt:
pkg: "{{ packages }}"
update_cache: true
cache_valid_time: 3600
state: present
vars:
packages:
- cron
- curl
- daemonize
- jq
- nghttp2
- strace
- vim
- unzip
- name: APT | Install PHP
ansible.builtin.apt:
pkg: "{{ pkgs }}"
update_cache: true
cache_valid_time: 3600
state: present
vars:
pkgs:
- php-cli
- php-fpm
- name: SHELL | Get current PHP version
ansible.builtin.shell: php --version | awk '/^PHP/ { print $2 }' | grep -o -E '^.{3}'
changed_when: false
register: cur_php_version
# Bypasses Ansible+Docker issue. With service module... php is not really started!
- name: COMMAND | Force start PHP
ansible.builtin.command: "service php{{ cur_php_version.stdout }}-fpm start"
args:
creates: "/run/php/php{{ cur_php_version.stdout }}-fpm.pid"
- name: GET_URL | Download ngrok
ansible.builtin.get_url:
url: "https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-amd64.tgz"
dest: "/tmp/ngrok.zip"
- name: UNARCHIVE | Uncompress ngrok
ansible.builtin.unarchive:
src: "/tmp/ngrok.zip"
dest: "/tmp"
remote_src: true
- name: SET_FACT | ngrok_path
ansible.builtin.set_fact:
ngrok_path: '/tmp/ngrok'
- name: USER | Create PHP User foo
ansible.builtin.user:
name: foo
system: true
- name: INCLUDE_ROLE | hanxhx.php # TODO: repair vagrant
ansible.builtin.include_role:
name: "hanxhx.php"
vars:
php_version: "{{ cur_php_version.stdout }}"
php_autoremove_default_pool: false
php_fpm_poold:
- name: 'hx_unix'
user: 'foo'
php_value:
display_errors: 'Off'
php_admin_value:
memory_limit: '98M'
- name: 'hx_ip'
listen: '127.0.0.1:9636'

66
tests/includes/pre_FreeBSD.yml
View File

@ -1,66 +0,0 @@
---
- name: SET_FACT | FreeBSD web user
set_fact:
nginx_pkgng_package: 'nginx-full'
nginx_user: 'www'
nginx_php:
- upstream_name: 'manual'
sockets:
- host: '127.0.0.1'
port: 9000
- upstream_name: 'hx_unix'
sockets:
- host: '127.0.0.1'
port: 9000
- upstream_name: 'hx_ip'
sockets:
- host: '127.0.0.1'
port: 9000
ngrok_path: '/usr/local/bin/ngrok'
- name: PKGNG | Install needed packages
pkgng:
pkg: "{{ packages }}"
state: present
vars:
packages:
- bash
- curl
- daemonize
- fcgiwrap
- jq
- nghttp2
- php74
- vim
- name: SERVICE | Force start services
service:
name: "{{ item }}"
state: started
enabled: true
register: sf
loop:
- php-fpm
- name: STAT | Check ports
stat:
path: /usr/ports
register: ports
- block:
- name: COMMAND | Get ports
command: portsnap fetch --interactive
- name: COMMAND | Extract ports
command: portsnap extract
no_log: true
when: not ports.stat.exists
- name: SHELL | Install ngrok
shell: make install clean DISABLE_LICENSES=yes
args:
chdir: /usr/ports/security/ngrok
creates: "{{ ngrok_path }}"

59
tests/includes/pre_common.yml
View File

@ -1,59 +0,0 @@
---
- name: COMMAND | Start ngrok
ansible.builtin.command: daemonize -l /tmp/ngrok.lock {{ ngrok_path }} http 80 --scheme http
failed_when: false
changed_when: ngrok.stderr.find("Can't lock the lock file") == -1
register: ngrok
- name: WAIT_FOR | ngrok started # noqa: no-handler
ansible.builtin.wait_for:
delay: 2
port: 4040
when: ngrok.changed
- name: SHELL | Get ngrok public address
ansible.builtin.shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3
args:
executable: /bin/bash
register: ngrok
changed_when: false
- name: FILE | Create an internal SSL dir
ansible.builtin.file:
path: "{{ int_ansible_ssl_dir }}"
state: directory
mode: 0750
owner: root
group: root
- name: COPY | Deploy test cert/key
ansible.builtin.copy:
src: "file/{{ item }}"
dest: "{{ int_ansible_ssl_dir }}/{{ item }}"
mode: 0640
owner: root
group: root
loop:
- 'test.key'
- 'test.crt'
- name: COPY | Add all hosts in /etc/hosts
ansible.builtin.copy:
content: |
127.0.0.1 localhost
{% for s in nginx_sites %}
{% if s.name is string %}
127.0.0.1 {{ s.name }}
{% else %}
127.0.0.1 {% for n in s.name %}{{ n }} {% endfor %}
{% endif %}
{% if s.redirect_from is defined %}
127.0.0.1 {% for rf in s.redirect_from %}{{ rf }} {% endfor %}
{% endif %}
{% endfor %}
dest: "/etc/hosts"
mode: 0644
owner: root
group: root
unsafe_writes: true

16
tests/templates/custom_template.conf.j2
View File

@ -1,16 +0,0 @@
# {{ ansible_managed }} - custom template
server {
listen 80;
listen 8888 http2;
listen 9999 http2 proxy_protocol;
server_name {{ item.name }};
index index.html index.htm;
root {{ item.root }};
location / {
try_files $uri $uri/ =404;
}
}

20
tests/test.yml
View File

@ -1,20 +0,0 @@
---
- name: Launch tests # noqa: role-name[path]
hosts: all
pre_tasks:
- name: INCLUDE_TASKS | Pre_tasks related to OS version
ansible.builtin.include_tasks: "includes/pre_{{ ansible_os_family }}.yml"
- name: IMPORT_TASKS | Pre_tasks common
ansible.builtin.import_tasks: "includes/pre_common.yml"
roles:
- ../../
post_tasks:
- name: INCLUDE_TASKS | Post_tasks related to OS version
ansible.builtin.include_tasks: "includes/post_{{ ansible_os_family }}.yml"
- name: IMPORT_TASKS | Post_tasks common
ansible.builtin.import_tasks: "includes/post_common.yml"