Fix idempotence

README.md

@@ -5,7 +5,7 @@ Nginx for Debian Ansible role
 
 Install and configure Nginx on Debian.
 
-This role is not production ready. SSL management wille come later.
+SSL management will come later.
 
 Requirements
 ------------
@@ -44,6 +44,7 @@ Socket:
   - `nginx_worker_processes`
   - `nginx_events`: key/value in events block
   - `nginx_http`: key/value in http block
+  - `nginx_pid`: daemon pid file 
 
 ### Vhost management
 
@@ -53,7 +54,7 @@ You can see many examples in: [tests/test.yml](tests/test.yml).
 
 #### Common
 
-  - `name`: (M) List of domain used. The first occurence is the most important!
+  - `name`: (M) Domain or list of domain used.
   - `template`: (M) template used to create vhost
   - `enable`: (O) Enable the vhost (default is true)
   - `delete`: (O) Delete the vhost (default is false)
@@ -70,10 +71,12 @@ You can see many examples in: [tests/test.yml](tests/test.yml).
 #### Templates
 
   - `base`: static template
-  - `php`: PHP base template. Can work with many frameworks/tools.
-  - `wordpress`
   - `dokuwiki`
+  - `phalcon`: Phalcon PHP Framework
+  - `php`: PHP base template. Can work with many frameworks/tools
+  - `php_index`: Same as above. But you can only run index.php
   - `proxy`
+  - `wordpress`
 
 Templates works as parent-child.
 
@@ -136,6 +139,4 @@ GPLv2
 Author Information
 ------------------
 
-  - You can find many other roles in my GitHub "lab": https://github.com/HanXHX/my-ansible-playbooks
+- Twitter: https://twitter.com/hanxhx
-  - All issues, pull-request are welcome :)
-

defaults/main.yml

@@ -8,8 +8,9 @@ nginx_apt_package: nginx-full
 nginx_root: "/srv/www"
 nginx_log_dir: '/var/log/nginx'
 nginx_ssl_dir: '/etc/nginx/ssl'
+nginx_pid: '/run/nginx.pid'
 nginx_resolver:
-  hosts: ['208.67.222.222', '208.67.220.220'] # OpenDNS
+  hosts: ['8.8.8.8', '8.8.4.4'] # OpenDNS
   valid: '300'
   timeout: '5'
 nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#error_log

handlers/main.yml

@@ -1,6 +1,4 @@
 ---
-- name: restart nginx
-  action: service name=nginx state=restarted enabled=yes
 
 - name: reload nginx
   action: service name=nginx state=reloaded enabled=yes

meta/main.yml

@@ -4,7 +4,7 @@ galaxy_info:
   description: Nginx for Debian 
   company:
   license: GPLv2 
-  min_ansible_version: 1.2
+  min_ansible_version: 1.6
   platforms:
   - name: Debian
     versions:

tasks/main.yml

@@ -9,8 +9,10 @@
   changed_when: false
 
 - name: TEMPLATE | Deploy nginx.conf
-  template: src=etc/nginx/nginx.conf.j2 dest=/etc/nginx/nginx.conf validate= "nginx -t"
+  template: >
-  notify: restart nginx
+    src=etc/nginx/nginx.conf.j2
+    dest=/etc/nginx/nginx.conf
+  notify: reload nginx
 
 - name: FILE | Create /etc/nginx/helpers
   file: dest=/etc/nginx/helpers owner=root mode=0755 state=directory
@@ -24,7 +26,9 @@
 #    creates: "{{ nginx_dh_path }}"
 
 - name: TEMPLATE | Deploy all helpers
-  template: src={{ item }} dest=/etc/nginx/helpers/{{ item | basename | regex_replace('\.j2$','') }}
+  template: >
+    src={{ item }}
+    dest=/etc/nginx/helpers/{{ item | basename | regex_replace('\.j2$','') }}
   with_fileglob: '../templates/etc/nginx/helpers/*.j2'
   notify: reload nginx
 

tasks/vhost.yml

@@ -2,7 +2,7 @@
 
 - name: FILE | Create root folders (foreach nginx_vhosts)
   file: >
-    path={{ nginx_root }}/{{ item.name[0] }}/public
+    path={{ nginx_root }}/{{ item.name if item.name is string else item.name[0] }}/public
     state=directory
     owner={{ item.owner | default('www-data') }}
     group={{ item.group | default('www-data') }}
@@ -13,7 +13,7 @@
 - name: TEMPLATE | Create vhosts
   template: >
     src=etc/nginx/sites-available/{{ item.template }}.j2
-    dest=/etc/nginx/sites-available/{{ item.name[0] }}
+    dest=/etc/nginx/sites-available/{{ item.name if item.name is string else item.name[0] }}
   with_items: nginx_vhosts
   notify: reload nginx
   when: item.delete is not defined or not item.delete
@@ -23,16 +23,16 @@
 #  with_fileglob: "web/*"
 
 - name: FILE | Delete vhosts
-  file: dest=/etc/nginx/sites-enabled/{{ item.name[0] }} state=absent
+  file: dest=/etc/nginx/sites-enabled/{{ item.name if item.name is string else item.name[0] }} state=absent
-  file: dest=/etc/nginx/sites-available/{{ item.name[0] }} state=absent
+  file: dest=/etc/nginx/sites-available/{{ item.name if item.name is string else item.name[0] }} state=absent
   with_items: nginx_vhosts
   notify: reload nginx
   when: item.delete is defined and item.delete
 
 - name: FILE | Enable vhosts
   file: >
-    src=/etc/nginx/sites-available/{{ item.name[0] }}
+    src=/etc/nginx/sites-available/{{ item.name if item.name is string else item.name[0] }}
-    dest=/etc/nginx/sites-enabled/{{ item.name[0] }}
+    dest=/etc/nginx/sites-enabled/{{ item.name if item.name is string else item.name[0] }}
     state=link
   with_items: nginx_vhosts
   notify: reload nginx
@@ -42,7 +42,7 @@
     (item.delete is not defined or not item.delete)
 
 - name: FILE | Disable vhosts
-  file: dest=/etc/nginx/sites-enabled/{{ item.name[0] }} state=absent
+  file: dest=/etc/nginx/sites-enabled/{{ item.name if item.name is string else item.name[0] }} state=absent
   with_items: nginx_vhosts
   notify: reload nginx
   when: item.enable is defined and not item.enable

templates/etc/nginx/nginx.conf.j2

@@ -4,7 +4,7 @@
 
 user {{ nginx_user }};
 worker_processes {{ nginx_worker_processes }};
-pid /run/nginx.pid;
+pid {{ nginx_pid }};
 
 events {
 {% for key, value in nginx_events.iteritems() %}

templates/etc/nginx/sites-available/_base.j2

@@ -12,11 +12,11 @@ server {
 {% for port in __listen %}
 	listen {{ port }};
 {% endfor %}
-	server_name {{ item.name | join(' ') }};
+	server_name {% if item.name is string %}{{ item.name }}{% else %}{{ item.name | join(' ') }}{% endif %};
 {% if item.root is defined %}
 	root {{ item.root }};
 {% else %}
-	root {{ nginx_root }}/{{ item.name[0] }}/public;
+	root {{ nginx_root }}/{{ item.name if item.name is string else item.name[0] }}/public;
 {% endif %}
 {% block template_index %}
 	index {{ item.index | default('index.html index.htm') }};
@@ -28,11 +28,13 @@ server {
 {% endfor %}
 {% endif %}
 
+{% if not __location.has_key('/') %}
 	location / {
 {% block template_try_files %}
 		try_files {{ override_try_files | default('$uri $uri/ =404') }};
 {% endblock %}
 	}
+{% endif %}
 
 {% block template_upstream_location %}
 {% endblock %}
@@ -44,7 +46,7 @@ server {
 	}
 
 {% block template_local_content %}
-{% if manage_local_content is defined and not manage_local_content %}
+{% if item.manage_local_content is not defined or item.manage_local_content %}
 	location = /favicon.ico {
 		expires 30d;
 		access_log off;

templates/etc/nginx/sites-available/_php_index.j2

@@ -0,0 +1,24 @@
+{% extends "_php.j2" %}
+
+{% block template_upstream_location %}
+	location = /index.php {
+		fastcgi_pass php;
+		fastcgi_index index.php;
+{% if item.upstream_params is defined and item.upstream_params is iterable %}
+{% for param in item.upstream_params %}
+		{{ param }}
+{% endfor %}
+{% endif %}
+{% if nginx_version.stdout | version_compare('1.6.1', 'lt') %}
+		include fastcgi_params;
+{% else %}
+		include fastcgi.conf;
+{% endif %}
+	}
+{% endblock %}
+
+{% block template_custom_location %}
+	location ~ \.(php\d?|phtml)$ {
+		return 403;
+	}
+{% endblock %}

tests/debian-jessie.Dockerfile

@@ -2,5 +2,3 @@ FROM williamyeh/ansible:debian8-onbuild
 
 RUN apt-get update
 CMD ["sh", "tests/test.sh"]
-
-EXPOSE 6379

tests/debian-wheezy.Dockerfile

@@ -2,5 +2,3 @@ FROM williamyeh/ansible:debian7-onbuild
 
 RUN apt-get update
 CMD ["sh", "tests/test.sh"]
-
-EXPOSE 6379

tests/test.yml

@@ -30,37 +30,50 @@
             - 'return 403;'
           '/gunther':
             - 'return 404;'
-      - name:
+      - name: 'test-location.local'
-          - 'test-php.local'
+        template: '_base'
+        location:
+          '/':
+            - 'alias /var/tmp;'
+      - name: 'test-php.local'
         upstream_params:
           - 'fastcgi_param FOO bar;'
         redirect_from:
           - 'www.test-php.local'
         template: '_php'
-      - name:
+      - name: 'test-php-index.local'
-          - 'test-proxy.local'
+        template: '_php_index'
+      - name: 'test-proxy.local'
         listen:
           - 8080
         template: '_proxy'
         upstream_name: 'test'
-      - name:
+      - name: 'deleted.local'
-          - 'deleted.local'
         template: '_base'
         delete: true
   roles:
     - ../../
   post_tasks:
     - name: -- Add PHP file --
-      copy: dest="{{ nginx_root }}/test-php.local/public/index.php" content="<?php phpinfo();"
+      copy: dest="{{ nginx_root }}/{{ item }}/public/index.php" content="<?php phpinfo();"
+      with_items: ['test-php.local', 'test-php-index.local']
     - name: -- Add HTML file --
-      copy: dest="{{ nginx_root }}/test.local/public/index.html" content="Index HTML test OK\n"
+      copy: dest="{{ item }}/index.html" content="Index HTML test OK\n"
+      with_items: ['{{ nginx_root }}/test.local/public', '/var/tmp']
     - name: -- VERIFY VHOSTS --
-      shell: "curl -H 'Host: {{ item.name[0] }}' http://127.0.0.1{% if item.listen is defined and item.listen is iterable %}:{{ item.listen[0] }}{% endif %}/"
+      command: "curl -H 'Host: {{ item.name if item.name is string else item.name[0] }}' http://127.0.0.1{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
       with_items: nginx_vhosts
       when: item.delete is undefined or not item.delete
       changed_when: false
+    - name: -- VERIFY FORBIDDEN --
+      command: "curl -H 'Host: test-php-index.local' http://127.0.0.1/phpinfo.php"
+      register: f
+      failed_when: f.stdout.find('403 Forbidden') == -1
+      changed_when: false
     - name: -- VERIFY REDIRECT VHOSTS --
-      shell: "curl -H 'Host: {{ item.redirect_from[0] }}' http://127.0.0.1/"
+      command: "curl -H 'Host: {{ item.redirect_from[0] }}' http://127.0.0.1/"
       with_items: nginx_vhosts
       when: item.redirect_from is defined and (item.delete is undefined or not item.delete)
       changed_when: false
+      register: r
+      failed_when: r.stdout.find('301 Moved Permanently') == -1