radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

🚨 Fix linter

feature/add_main_opts
Emilien Mantel 2023-05-30 15:28:55 +02:00
parent 6649b63460
commit 93461d2a80
9 changed files with 58 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
handlers/main.yml
View File

@ -1,12 +1,12 @@
--- ---
- name: Reload nginx - name: Reload nginx # noqa: no-changed-when
ansible.builtin.command: nginx -t ansible.builtin.command: nginx -t
notify: notify:
- Real-reload nginx - Real-reload nginx
- Docker reload nginx - Docker reload nginx
- name: Restart nginx - name: Restart nginx # noqa: no-changed-when
ansible.builtin.command: nginx -t ansible.builtin.command: nginx -t
notify: notify:
- Real-restart nginx - Real-restart nginx
@ -24,16 +24,12 @@
state: restarted state: restarted
when: ansible_virtualization_type != 'docker' when: ansible_virtualization_type != 'docker'
- name: Docker reload nginx - name: Docker reload nginx # noqa: no-changed-when command-instead-of-module
ansible.builtin.command: service nginx reload ansible.builtin.command: service nginx reload
args:
warn: false
when: ansible_virtualization_type == 'docker' when: ansible_virtualization_type == 'docker'
- name: Docker restart nginx - name: Docker restart nginx # noqa: no-changed-when command-instead-of-module
ansible.builtin.command: service nginx restart ansible.builtin.command: service nginx restart
args:
warn: false
when: ansible_virtualization_type == 'docker' when: ansible_virtualization_type == 'docker'
- name: Restart nginx freebsd - name: Restart nginx freebsd

13
tasks/install/FreeBSD.yml
View File

@ -21,20 +21,17 @@
ansible.builtin.command: touch /usr/local/etc/fdfs/http.conf ansible.builtin.command: touch /usr/local/etc/fdfs/http.conf
args: args:
creates: /usr/local/etc/fdfs/http.conf creates: /usr/local/etc/fdfs/http.conf
register: fd1 notify: Restart nginx
- name: LINEINFILE | Tune fdfs - name: LINEINFILE | Tune fdfs
ansible.builtin.lineinansible.builtin.file: ansible.builtin.lineinfile:
regexp: ^load_fdfs_parameters_from_tracker regexp: ^load_fdfs_parameters_from_tracker
line: load_fdfs_parameters_from_tracker=false line: load_fdfs_parameters_from_tracker=false
path: /usr/local/etc/fdfs/mod_fastdfs.conf path: /usr/local/etc/fdfs/mod_fastdfs.conf
register: fd2 notify: Restart nginx
- name: SERVICE | Restart nginx when fdfs is tuned - name: META | Flush handlers (Restart nginx when fdfs is tuned)
ansible.builtin.service: ansible.builtin.meta: flush_handlers
name: nginx
state: restarted
when: fd1.changed or fd2.changed
- name: FILE | Create configuration dir (like Debian) - name: FILE | Create configuration dir (like Debian)
ansible.builtin.file: ansible.builtin.file:

26
tasks/ssl/acme.yml
View File

@ -29,25 +29,27 @@
group: root group: root
loop: "{{ acme_create }}" loop: "{{ acme_create }}"
register: fake_site register: fake_site
notify: Restart nginx
- name: FILE | Delete current site if needed - name: TEMPLATE | Create fake site
ansible.builtin.template:
src: "etc/nginx/conf.d/FAKESITE.conf.j2"
dest: "/tmp/FAKESITE_{{ item | nginx_site_name }}.conf"
mode: 0644
owner: root
group: root
loop: "{{ acme_create }}"
- name: FILE | Delete current site if needed # noqa: no-handler
ansible.builtin.file: ansible.builtin.file:
path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}" path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}"
state: absent state: absent
loop: "{{ acme_create }}" loop: "{{ acme_create }}"
when: fake_site.changed when: fake_site.changed
notify: Restart nginx
- name: SERVICE | Restart nginx - name: META | Ensure nginx is restarted if needed
ansible.builtin.service: ansible.builtin.meta: flush_handlers
name: nginx
state: restarted
when: fake_site.changed and ansible_virtualization_type != 'docker'
- name: COMMAND | Restart nginx
ansible.builtin.command: service nginx restart
args:
warn: false
when: fake_site.changed and ansible_virtualization_type == 'docker'
- name: COMMAND | Get certificates - name: COMMAND | Get certificates
ansible.builtin.command: | ansible.builtin.command: |

32
tasks/ssl/standard.yml
View File

@ -4,22 +4,26 @@
when: nginx_dh is not string when: nginx_dh is not string
block: block:
- name: STAT | Get info about DH file - name: STAT | Get info about DH file
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ nginx_dh_path }}" path: "{{ nginx_dh_path }}"
get_checksum: false get_checksum: false
register: stat_dh_file register: stat_dh_file
- name: SHELL | Get info about DH file - name: SHELL | Get info about DH file
ansible.builtin.shell: openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }' ansible.builtin.shell: |
changed_when: false set -o pipefail &&
register: dh_info openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }'
when: stat_dh_file.stat.exists args:
executable: /bin/bash
changed_when: false
register: dh_info
when: stat_dh_file.stat.exists
- name: COMMAND | Generate DH file - name: COMMAND | Generate DH file # noqa: no-changed-when
ansible.builtin.command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }} ansible.builtin.command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
when: not stat_dh_file.stat.exists or (dh_info.stdout | int != nginx_dh_length | int) when: not stat_dh_file.stat.exists or (dh_info.stdout | int != nginx_dh_length | int)
notify: Restart nginx notify: Restart nginx
- name: COPY | Deploy DH file from vars - name: COPY | Deploy DH file from vars
ansible.builtin.copy: ansible.builtin.copy:

2
tests/group_vars/all.yml
View File

@ -246,5 +246,5 @@ nginx_sites:
custom_template: 'templates/custom_template.conf.j2' custom_template: 'templates/custom_template.conf.j2'
root: '/tmp/custom-template' root: '/tmp/custom-template'
nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636' }] }] }}" nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636'}]}] }}"
nginx_dh_length: 1024 nginx_dh_length: 1024

2
tests/includes/post_common.yml
View File

@ -244,14 +244,12 @@
ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol' ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol'
args: args:
executable: /bin/bash executable: /bin/bash
warn: false
changed_when: false changed_when: false
- name: SHELL | Check HTTPS proxy protocol - name: SHELL | Check HTTPS proxy protocol
ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol' ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol'
args: args:
executable: /bin/bash executable: /bin/bash
warn: false
changed_when: false changed_when: false
# -------------------------------- # --------------------------------

23
tests/includes/pre_Debian.yml
View File

@ -1,13 +1,13 @@
--- ---
- name: APT_REPOSITORY | Install backports - name: APT_REPOSITORY | Install backports
apt_repository: ansible.builtin.apt_repository:
repo: 'deb http://httpredir.debian.org/debian {{ ansible_distribution_release }}-backports main' repo: 'deb http://httpredir.debian.org/debian {{ ansible_distribution_release }}-backports main'
state: present state: present
when: nginx_backports when: nginx_backports
- name: APT | Install needed packages - name: APT | Install needed packages
apt: ansible.builtin.apt:
pkg: "{{ packages }}" pkg: "{{ packages }}"
update_cache: true update_cache: true
cache_valid_time: 3600 cache_valid_time: 3600
@ -24,7 +24,7 @@
- unzip - unzip
- name: APT | Install PHP - name: APT | Install PHP
apt: ansible.builtin.apt:
pkg: "{{ pkgs }}" pkg: "{{ pkgs }}"
update_cache: true update_cache: true
cache_valid_time: 3600 cache_valid_time: 3600
@ -35,39 +35,38 @@
- php-fpm - php-fpm
- name: SHELL | Get current PHP version - name: SHELL | Get current PHP version
shell: php --version | awk '/^PHP/ { print $2 }' | grep -o -E '^.{3}' ansible.builtin.shell: php --version | awk '/^PHP/ { print $2 }' | grep -o -E '^.{3}'
changed_when: false changed_when: false
register: cur_php_version register: cur_php_version
# Bypasses Ansible+Docker issue. With service module... php is not really started! # Bypasses Ansible+Docker issue. With service module... php is not really started!
- name: COMMAND | Force start PHP - name: COMMAND | Force start PHP
command: "service php{{ cur_php_version.stdout }}-fpm start" ansible.builtin.command: "service php{{ cur_php_version.stdout }}-fpm start"
args: args:
creates: "/run/php/php{{ cur_php_version.stdout }}-fpm.pid" creates: "/run/php/php{{ cur_php_version.stdout }}-fpm.pid"
warn: false
- name: GET_URL | Download ngrok - name: GET_URL | Download ngrok
get_url: ansible.builtin.get_url:
url: "https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip" url: "https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-amd64.tgz"
dest: "/tmp/ngrok.zip" dest: "/tmp/ngrok.zip"
- name: UNARCHIVE | Uncompress ngrok - name: UNARCHIVE | Uncompress ngrok
unarchive: ansible.builtin.unarchive:
src: "/tmp/ngrok.zip" src: "/tmp/ngrok.zip"
dest: "/tmp" dest: "/tmp"
remote_src: true remote_src: true
- name: SET_FACT | ngrok_path - name: SET_FACT | ngrok_path
set_fact: ansible.builtin.set_fact:
ngrok_path: '/tmp/ngrok' ngrok_path: '/tmp/ngrok'
- name: USER | Create PHP User foo - name: USER | Create PHP User foo
user: ansible.builtin.user:
name: foo name: foo
system: true system: true
- name: INCLUDE_ROLE | hanxhx.php - name: INCLUDE_ROLE | hanxhx.php
include_role: ansible.builtin.include_role:
name: "{{ playbook_dir }}/hanxhx.php" name: "{{ playbook_dir }}/hanxhx.php"
vars: vars:
php_version: "{{ cur_php_version.stdout }}" php_version: "{{ cur_php_version.stdout }}"

9
tests/includes/pre_common.yml
View File

@ -1,27 +1,26 @@
--- ---
- name: SHELL | Start ngrok - name: SHELL | Start ngrok
shell: daemonize -l /tmp/ngrok.lock {{ ngrok_path }} http 80 -bind-tls=false ansible.builtin.shell: daemonize -l /tmp/ngrok.lock {{ ngrok_path }} http 80 --scheme http
failed_when: false failed_when: false
changed_when: ngrok.stderr.find("Can't lock the lock file") == -1 changed_when: ngrok.stderr.find("Can't lock the lock file") == -1
register: ngrok register: ngrok
- name: WAIT_FOR | ngrok started - name: WAIT_FOR | ngrok started
wait_for: ansible.builtin.wait_for:
delay: 2 delay: 2
port: 4040 port: 4040
when: ngrok.changed when: ngrok.changed
- name: SHELL | Get ngrok public address - name: SHELL | Get ngrok public address
shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3 ansible.builtin.shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3
args: args:
executable: /bin/bash executable: /bin/bash
warn: false
register: ngrok register: ngrok
changed_when: false changed_when: false
- name: LINEINFILE | Tune vimrc - name: LINEINFILE | Tune vimrc
lineinfile: ansible.builtin.lineinfile:
line: "set mouse=" line: "set mouse="
dest: "{{ item }}/.vimrc" dest: "{{ item }}/.vimrc"
create: true create: true

2
tests/test.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Launch tests - name: Launch tests # noqa: role-name[path]
hosts: all hosts: all
pre_tasks: pre_tasks:
- name: INCLUDE_TASKS | Pre_tasks related to OS version - name: INCLUDE_TASKS | Pre_tasks related to OS version