diff --git a/handlers/main.yml b/handlers/main.yml index 1bad650..103e24f 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,12 +1,12 @@ --- -- name: Reload nginx +- name: Reload nginx # noqa: no-changed-when ansible.builtin.command: nginx -t notify: - Real-reload nginx - Docker reload nginx -- name: Restart nginx +- name: Restart nginx # noqa: no-changed-when ansible.builtin.command: nginx -t notify: - Real-restart nginx @@ -24,16 +24,12 @@ state: restarted when: ansible_virtualization_type != 'docker' -- name: Docker reload nginx +- name: Docker reload nginx # noqa: no-changed-when command-instead-of-module ansible.builtin.command: service nginx reload - args: - warn: false when: ansible_virtualization_type == 'docker' -- name: Docker restart nginx +- name: Docker restart nginx # noqa: no-changed-when command-instead-of-module ansible.builtin.command: service nginx restart - args: - warn: false when: ansible_virtualization_type == 'docker' - name: Restart nginx freebsd diff --git a/tasks/install/FreeBSD.yml b/tasks/install/FreeBSD.yml index bdec306..f0784a6 100644 --- a/tasks/install/FreeBSD.yml +++ b/tasks/install/FreeBSD.yml @@ -21,20 +21,17 @@ ansible.builtin.command: touch /usr/local/etc/fdfs/http.conf args: creates: /usr/local/etc/fdfs/http.conf - register: fd1 + notify: Restart nginx - name: LINEINFILE | Tune fdfs - ansible.builtin.lineinansible.builtin.file: + ansible.builtin.lineinfile: regexp: ^load_fdfs_parameters_from_tracker line: load_fdfs_parameters_from_tracker=false path: /usr/local/etc/fdfs/mod_fastdfs.conf - register: fd2 + notify: Restart nginx - - name: SERVICE | Restart nginx when fdfs is tuned - ansible.builtin.service: - name: nginx - state: restarted - when: fd1.changed or fd2.changed + - name: META | Flush handlers (Restart nginx when fdfs is tuned) + ansible.builtin.meta: flush_handlers - name: FILE | Create configuration dir (like Debian) ansible.builtin.file: diff --git a/tasks/ssl/acme.yml b/tasks/ssl/acme.yml index 177d5e0..74f0d5e 100644 --- a/tasks/ssl/acme.yml +++ b/tasks/ssl/acme.yml @@ -29,25 +29,27 @@ group: root loop: "{{ acme_create }}" register: fake_site + notify: Restart nginx - - name: FILE | Delete current site if needed + - name: TEMPLATE | Create fake site + ansible.builtin.template: + src: "etc/nginx/conf.d/FAKESITE.conf.j2" + dest: "/tmp/FAKESITE_{{ item | nginx_site_name }}.conf" + mode: 0644 + owner: root + group: root + loop: "{{ acme_create }}" + + - name: FILE | Delete current site if needed # noqa: no-handler ansible.builtin.file: path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}" state: absent loop: "{{ acme_create }}" when: fake_site.changed + notify: Restart nginx - - name: SERVICE | Restart nginx - ansible.builtin.service: - name: nginx - state: restarted - when: fake_site.changed and ansible_virtualization_type != 'docker' - - - name: COMMAND | Restart nginx - ansible.builtin.command: service nginx restart - args: - warn: false - when: fake_site.changed and ansible_virtualization_type == 'docker' + - name: META | Ensure nginx is restarted if needed + ansible.builtin.meta: flush_handlers - name: COMMAND | Get certificates ansible.builtin.command: | diff --git a/tasks/ssl/standard.yml b/tasks/ssl/standard.yml index 0f03c69..14c3605 100644 --- a/tasks/ssl/standard.yml +++ b/tasks/ssl/standard.yml @@ -4,22 +4,26 @@ when: nginx_dh is not string block: - - name: STAT | Get info about DH file - ansible.builtin.stat: - path: "{{ nginx_dh_path }}" - get_checksum: false - register: stat_dh_file + - name: STAT | Get info about DH file + ansible.builtin.stat: + path: "{{ nginx_dh_path }}" + get_checksum: false + register: stat_dh_file - - name: SHELL | Get info about DH file - ansible.builtin.shell: openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }' - changed_when: false - register: dh_info - when: stat_dh_file.stat.exists + - name: SHELL | Get info about DH file + ansible.builtin.shell: | + set -o pipefail && + openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }' + args: + executable: /bin/bash + changed_when: false + register: dh_info + when: stat_dh_file.stat.exists - - name: COMMAND | Generate DH file - ansible.builtin.command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }} - when: not stat_dh_file.stat.exists or (dh_info.stdout | int != nginx_dh_length | int) - notify: Restart nginx + - name: COMMAND | Generate DH file # noqa: no-changed-when + ansible.builtin.command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }} + when: not stat_dh_file.stat.exists or (dh_info.stdout | int != nginx_dh_length | int) + notify: Restart nginx - name: COPY | Deploy DH file from vars ansible.builtin.copy: diff --git a/tests/group_vars/all.yml b/tests/group_vars/all.yml index a8380b9..b5dc0e5 100644 --- a/tests/group_vars/all.yml +++ b/tests/group_vars/all.yml @@ -246,5 +246,5 @@ nginx_sites: custom_template: 'templates/custom_template.conf.j2' root: '/tmp/custom-template' -nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636' }] }] }}" +nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636'}]}] }}" nginx_dh_length: 1024 diff --git a/tests/includes/post_common.yml b/tests/includes/post_common.yml index b7c29b5..42ff3ea 100644 --- a/tests/includes/post_common.yml +++ b/tests/includes/post_common.yml @@ -244,14 +244,12 @@ ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol' args: executable: /bin/bash - warn: false changed_when: false - name: SHELL | Check HTTPS proxy protocol ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol' args: executable: /bin/bash - warn: false changed_when: false # -------------------------------- diff --git a/tests/includes/pre_Debian.yml b/tests/includes/pre_Debian.yml index 24051a4..ff51dee 100644 --- a/tests/includes/pre_Debian.yml +++ b/tests/includes/pre_Debian.yml @@ -1,13 +1,13 @@ --- - name: APT_REPOSITORY | Install backports - apt_repository: + ansible.builtin.apt_repository: repo: 'deb http://httpredir.debian.org/debian {{ ansible_distribution_release }}-backports main' state: present when: nginx_backports - name: APT | Install needed packages - apt: + ansible.builtin.apt: pkg: "{{ packages }}" update_cache: true cache_valid_time: 3600 @@ -24,7 +24,7 @@ - unzip - name: APT | Install PHP - apt: + ansible.builtin.apt: pkg: "{{ pkgs }}" update_cache: true cache_valid_time: 3600 @@ -35,39 +35,38 @@ - php-fpm - name: SHELL | Get current PHP version - shell: php --version | awk '/^PHP/ { print $2 }' | grep -o -E '^.{3}' + ansible.builtin.shell: php --version | awk '/^PHP/ { print $2 }' | grep -o -E '^.{3}' changed_when: false register: cur_php_version # Bypasses Ansible+Docker issue. With service module... php is not really started! - name: COMMAND | Force start PHP - command: "service php{{ cur_php_version.stdout }}-fpm start" + ansible.builtin.command: "service php{{ cur_php_version.stdout }}-fpm start" args: creates: "/run/php/php{{ cur_php_version.stdout }}-fpm.pid" - warn: false - name: GET_URL | Download ngrok - get_url: - url: "https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip" + ansible.builtin.get_url: + url: "https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-amd64.tgz" dest: "/tmp/ngrok.zip" - name: UNARCHIVE | Uncompress ngrok - unarchive: + ansible.builtin.unarchive: src: "/tmp/ngrok.zip" dest: "/tmp" remote_src: true - name: SET_FACT | ngrok_path - set_fact: + ansible.builtin.set_fact: ngrok_path: '/tmp/ngrok' - name: USER | Create PHP User foo - user: + ansible.builtin.user: name: foo system: true - name: INCLUDE_ROLE | hanxhx.php - include_role: + ansible.builtin.include_role: name: "{{ playbook_dir }}/hanxhx.php" vars: php_version: "{{ cur_php_version.stdout }}" diff --git a/tests/includes/pre_common.yml b/tests/includes/pre_common.yml index d137923..e99c30d 100644 --- a/tests/includes/pre_common.yml +++ b/tests/includes/pre_common.yml @@ -1,27 +1,26 @@ --- - name: SHELL | Start ngrok - shell: daemonize -l /tmp/ngrok.lock {{ ngrok_path }} http 80 -bind-tls=false + ansible.builtin.shell: daemonize -l /tmp/ngrok.lock {{ ngrok_path }} http 80 --scheme http failed_when: false changed_when: ngrok.stderr.find("Can't lock the lock file") == -1 register: ngrok - name: WAIT_FOR | ngrok started - wait_for: + ansible.builtin.wait_for: delay: 2 port: 4040 when: ngrok.changed - name: SHELL | Get ngrok public address - shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3 + ansible.builtin.shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3 args: executable: /bin/bash - warn: false register: ngrok changed_when: false - name: LINEINFILE | Tune vimrc - lineinfile: + ansible.builtin.lineinfile: line: "set mouse=" dest: "{{ item }}/.vimrc" create: true diff --git a/tests/test.yml b/tests/test.yml index f1ddf61..aa0891d 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,6 +1,6 @@ --- -- name: Launch tests +- name: Launch tests # noqa: role-name[path] hosts: all pre_tasks: - name: INCLUDE_TASKS | Pre_tasks related to OS version