radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compat with modern ansible versions

pull/38/head
Emilien Mantel 2019-02-04 21:25:25 +01:00
parent 8218e5c972
commit c399bf35b5
11 changed files with 48 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tasks/htpasswd.yml
View File

@ -4,7 +4,7 @@
file: file:
path: "{{ nginx_htpasswd_dir }}/{{ item.name }}" path: "{{ nginx_htpasswd_dir }}/{{ item.name }}"
state: absent state: absent
with_items: "{{ nginx_htpasswd }}" loop: "{{ nginx_htpasswd }}"
when: item.state is defined and item.state == 'absent' when: item.state is defined and item.state == 'absent'
no_log: not nginx_debug_role no_log: not nginx_debug_role
@ -14,8 +14,6 @@
password: "{{ item.1.password }}" password: "{{ item.1.password }}"
state: "{{ item.1.state | default('present') }}" state: "{{ item.1.state | default('present') }}"
path: "{{ nginx_htpasswd_dir }}/{{ item.0.name }}" path: "{{ nginx_htpasswd_dir }}/{{ item.0.name }}"
with_subelements: loop: "{{ nginx_htpasswd | subelements(users) }}"
- "{{ nginx_htpasswd }}"
- users
when: item.0.state is not defined or item.0.state == 'present' when: item.0.state is not defined or item.0.state == 'present'
no_log: not nginx_debug_role no_log: not nginx_debug_role

4
tasks/install_FreeBSD.yml
View File

@ -4,7 +4,7 @@
pkgng: pkgng:
name: "{{ item }}" name: "{{ item }}"
state: present state: present
with_items: loop:
- acme.sh - acme.sh
- "{{ nginx_pkgng_package }}" - "{{ nginx_pkgng_package }}"
- py27-passlib - py27-passlib
@ -40,7 +40,7 @@
file: file:
path: "{{ nginx_etc_dir }}/{{ item }}" path: "{{ nginx_etc_dir }}/{{ item }}"
state: directory state: directory
with_items: loop:
- conf.d - conf.d
- sites-available - sites-available
- sites-enabled - sites-enabled

28
tasks/main.yml
View File

@ -4,27 +4,27 @@
include_vars: "{{ ansible_distribution }}.yml" include_vars: "{{ ansible_distribution }}.yml"
tags: ['nginx::site', 'nginx::ssl'] tags: ['nginx::site', 'nginx::ssl']
- name: INCLUDE | Install - name: INCLUDE_TASKS | Install
include: "install_{{ ansible_distribution }}.yml" include_tasks: "install_{{ ansible_distribution }}.yml"
tags: ['nginx::site', 'nginx::ssl'] tags: ['nginx::site', 'nginx::ssl']
- name: INCLUDE | Prepare - name: IMPORT_TASKS| Prepare
include: prepare.yml import_tasks: prepare.yml
tags: ['nginx::site', 'nginx::ssl'] tags: ['nginx::site', 'nginx::ssl']
- name: INCLUDE | Install - name: IMPORT_TASKS| Install
include: config.yml import_tasks: config.yml
- name: INCLUDE | Upstream configuration - name: IMPORT_TASKS| Upstream configuration
include: upstream.yml import_tasks: upstream.yml
- name: INCLUDE | htpasswd configuration - name: IMPORT_TASKS| htpasswd configuration
include: htpasswd.yml import_tasks: htpasswd.yml
- name: INCLUDE | SSL configuration - name: IMPORT_TASKS| SSL configuration
include: ssl/main.yml import_tasks: ssl/main.yml
tags: ['nginx::ssl'] tags: ['nginx::ssl']
- name: INCLUDE | Sites configuration - name: IMPORT_TASKS| Sites configuration
include: site.yml import_tasks: site.yml
tags: ['nginx::site'] tags: ['nginx::site']

2
tasks/prepare.yml
View File

@ -26,7 +26,7 @@
owner: "{{ item.owner }}" owner: "{{ item.owner }}"
mode: "{{ item.mode }}" mode: "{{ item.mode }}"
state: directory state: directory
with_items: "{{ nginx_dirs }}" loop: "{{ nginx_dirs }}"
- name: FILE | Create ansible facts dir - name: FILE | Create ansible facts dir
file: file:

12
tasks/site.yml
View File

@ -4,7 +4,7 @@
fail: fail:
msg: "Forbidden keyword default on site {{ item | nginx_site_name }}" msg: "Forbidden keyword default on site {{ item | nginx_site_name }}"
when: item.filename is defined and item.filename == 'default' when: item.filename is defined and item.filename == 'default'
with_items: "{{ nginx_sites }}" loop: "{{ nginx_sites }}"
loop_control: loop_control:
label: "{{ item | nginx_site_name }}" label: "{{ item | nginx_site_name }}"
@ -14,7 +14,7 @@
when: when:
((item.proto is defined and 'http' in item.proto) or (item.proto is not defined)) and ((item.proto is defined and 'http' in item.proto) or (item.proto is not defined)) and
(item.redirect_http is defined and item.redirect_http) (item.redirect_http is defined and item.redirect_http)
with_items: "{{ nginx_sites }}" loop: "{{ nginx_sites }}"
loop_control: loop_control:
label: "{{ item | nginx_site_name }}" label: "{{ item | nginx_site_name }}"
@ -53,9 +53,7 @@
file: file:
path: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0 | nginx_site_filename }}" path: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0 | nginx_site_filename }}"
state: absent state: absent
with_nested: loop: "{{ nginx_sites | product(['sites-available', 'sites-enabled']) }}"
- "{{ nginx_sites }}"
- ['sites-available', 'sites-enabled']
notify: ['reload nginx', 'restart nginx freebsd'] notify: ['reload nginx', 'restart nginx freebsd']
when: item.0.state is defined and item.0.state == 'absent' when: item.0.state is defined and item.0.state == 'absent'
loop_control: loop_control:
@ -66,7 +64,7 @@
src: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}" src: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}"
dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_filename }}" dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_filename }}"
state: link state: link
with_items: "{{ nginx_sites }}" loop: "{{ nginx_sites }}"
notify: ['reload nginx', 'restart nginx freebsd'] notify: ['reload nginx', 'restart nginx freebsd']
when: > when: >
item.state is not defined or item.state == 'present' item.state is not defined or item.state == 'present'
@ -77,7 +75,7 @@
file: file:
path: "{{ nginx_etc_dir}}/sites-enabled/{{ item | nginx_site_filename }}" path: "{{ nginx_etc_dir}}/sites-enabled/{{ item | nginx_site_filename }}"
state: absent state: absent
with_items: "{{ nginx_sites }}" loop: "{{ nginx_sites }}"
notify: ['reload nginx', 'restart nginx freebsd'] notify: ['reload nginx', 'restart nginx freebsd']
when: item.state is defined and item.state == 'disabled' when: item.state is defined and item.state == 'disabled'
loop_control: loop_control:

16
tasks/ssl/acme.yml
View File

@ -7,28 +7,28 @@
- name: STAT | Check if certificates are already installed - name: STAT | Check if certificates are already installed
stat: stat:
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt" path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt"
with_items: "{{ nginx_ssl_pairs }}" loop: "{{ nginx_ssl_pairs }}"
when: item.acme is defined and item.acme when: item.acme is defined and item.acme
register: acme_installed_certs register: acme_installed_certs
- name: SET_FACT | Assign var with certificates to create - name: SET_FACT | Assign var with certificates to create
set_fact: set_fact:
acme_create: "{{ acme_create | default([]) + [ (item.item) ] }}" acme_create: "{{ acme_create | default([]) + [ (item.item) ] }}"
with_items: "{{ acme_installed_certs.results }}" loop: "{{ acme_installed_certs.results }}"
when: item.skipped is not defined and not item.stat.exists when: item.skipped is not defined and not item.stat.exists
- name: TEMPLATE | Create fake site - name: TEMPLATE | Create fake site
template: template:
src: "etc/nginx/conf.d/FAKESITE.conf.j2" src: "etc/nginx/conf.d/FAKESITE.conf.j2"
dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf" dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
with_items: "{{ acme_create }}" loop: "{{ acme_create }}"
register: fake_site register: fake_site
- name: FILE | Delete current site if needed - name: FILE | Delete current site if needed
file: file:
path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}" path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}"
state: absent state: absent
with_items: "{{ acme_create }}" loop: "{{ acme_create }}"
when: fake_site.changed when: fake_site.changed
- name: SERVICE | Restart nginx - name: SERVICE | Restart nginx
@ -47,7 +47,7 @@
shell: '{{ nginx_acmesh_bin }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}' shell: '{{ nginx_acmesh_bin }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}'
args: args:
creates: "/root/.acme.sh/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key" creates: "/root/.acme.sh/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
with_items: "{{ acme_create }}" loop: "{{ acme_create }}"
register: acme_get register: acme_get
failed_when: acme_get.rc != 0 and acme_get.rc != 2 failed_when: acme_get.rc != 0 and acme_get.rc != 2
no_log: not nginx_debug_role no_log: not nginx_debug_role
@ -55,13 +55,13 @@
- name: FILE | Create SSL dir per site - name: FILE | Create SSL dir per site
file: file:
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}" path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
with_items: "{{ acme_create }}" loop: "{{ acme_create }}"
- name: SHELL | Install certificates - name: SHELL | Install certificates
shell: '{{ nginx_acmesh_bin }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key --reloadcmd "service nginx restart"' shell: '{{ nginx_acmesh_bin }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key --reloadcmd "service nginx restart"'
args: args:
creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key" creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
with_items: "{{ nginx_ssl_pairs }}" loop: "{{ nginx_ssl_pairs }}"
when: item.acme is defined and item.acme when: item.acme is defined and item.acme
notify: restart nginx notify: restart nginx
@ -69,4 +69,4 @@
file: file:
path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf" path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
state: absent state: absent
with_items: "{{ acme_create }}" loop: "{{ acme_create }}"

8
tasks/ssl/main.yml
View File

@ -1,8 +1,8 @@
--- ---
- name: INCLUDE | standard.yml - name: IMPORT_TASKS | standard.yml
include: standard.yml import_tasks: standard.yml
- name: INCLUDE | acme.yml - name: IMPORT_TASKS | acme.yml
include: acme.yml import_tasks: acme.yml
when: nginx_acmesh when: nginx_acmesh

8
tasks/ssl/standard.yml
View File

@ -20,7 +20,7 @@
file: file:
path: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}" path: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
state: directory state: directory
with_items: "{{ nginx_ssl_pairs }}" loop: "{{ nginx_ssl_pairs }}"
when: item.dest_key is not defined or item.dest_cert is not defined when: item.dest_key is not defined or item.dest_cert is not defined
no_log: not nginx_debug_role no_log: not nginx_debug_role
@ -29,7 +29,7 @@
content: "{{ item.key }}" content: "{{ item.key }}"
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.key' if item.dest_key is not defined else item.dest_key }}" dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.key' if item.dest_key is not defined else item.dest_key }}"
mode: 0640 mode: 0640
with_items: "{{ nginx_ssl_pairs }}" loop: "{{ nginx_ssl_pairs }}"
when: item.key is defined when: item.key is defined
notify: restart nginx notify: restart nginx
no_log: not nginx_debug_role no_log: not nginx_debug_role
@ -39,7 +39,7 @@
content: "{{ item.cert }}" content: "{{ item.cert }}"
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' if item.dest_cert is not defined else item.dest_cert }}" dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' if item.dest_cert is not defined else item.dest_cert }}"
mode: 0644 mode: 0644
with_items: "{{ nginx_ssl_pairs }}" loop: "{{ nginx_ssl_pairs }}"
when: item.cert is defined when: item.cert is defined
notify: restart nginx notify: restart nginx
no_log: not nginx_debug_role no_log: not nginx_debug_role
@ -49,7 +49,7 @@
args: args:
chdir: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}" chdir: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
creates: "{% if item.force is defined and item.force %}/tmp/dummy{% else %}{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' }}{% endif %}" creates: "{% if item.force is defined and item.force %}/tmp/dummy{% else %}{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' }}{% endif %}"
with_items: "{{ nginx_ssl_pairs }}" loop: "{{ nginx_ssl_pairs }}"
when: item.self_signed is defined when: item.self_signed is defined
notify: restart nginx notify: restart nginx
no_log: not nginx_debug_role no_log: not nginx_debug_role

2
tasks/upstream.yml
View File

@ -25,6 +25,6 @@
file: file:
path: "{{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf" path: "{{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf"
state: absent state: absent
with_items: "{{ nginx_upstreams }}" loop: "{{ nginx_upstreams }}"
when: item.state is defined and item.state == 'absent' when: item.state is defined and item.state == 'absent'
notify: reload nginx notify: reload nginx

4
tests/includes/post_FreeBSD.yml
View File

@ -2,10 +2,8 @@
#- name: APT | Install web apps #- name: APT | Install web apps
# pkgng: # pkgng:
# pkg: "{{ item }}" # name: "backuppc"
# state: present # state: present
# with_items:
# - backuppc
# #
#- name: COMMAND | Activate backuppc config #- name: COMMAND | Activate backuppc config
# command: > # command: >

12
tests/test.yml
View File

@ -2,11 +2,11 @@
- hosts: all - hosts: all
pre_tasks: pre_tasks:
- name: INCLUDE | Pre_tasks related to OS version - name: INCLUDE_TASKS | Pre_tasks related to OS version
include: "includes/pre_{{ ansible_distribution }}.yml" include_tasks: "includes/pre_{{ ansible_distribution }}.yml"
- name: INCLUDE | Pre_tasks common - name: IMPORT_TASKS | Pre_tasks common
include: "includes/pre_common.yml" import_tasks: "includes/pre_common.yml"
- name: FILE | Create an internal SSL dir - name: FILE | Create an internal SSL dir
file: file:
@ -266,8 +266,8 @@
# -------------------------------- # --------------------------------
# Apps # Apps
# -------------------------------- # --------------------------------
- name: INCLUDE | Post_tasks related to OS version - name: INCLUDE_TASKS | Post_tasks related to OS version
include: "includes/post_{{ ansible_distribution }}.yml" include_tasks: "includes/post_{{ ansible_distribution }}.yml"
# -------------------------------- # --------------------------------
# Deploy index files # Deploy index files