diff --git a/CHANGELOG.md b/CHANGELOG.md index 425ff2c32..bc955a3b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## 0.23.3 (Unreleased) +## 0.24.0 (Unreleased) BREAKING CHANGES: @@ -27,6 +27,8 @@ FEATURES: ENHANCEMENTS: +* Standardize code from dot to array notation to keep in with the standards set by the other roles in the Ansible NGINX core collection. +* Bump the minimum version of Ansible core required to run the role to `2.12` (`2.11` is no longer supported by Ansible). * Improve validation of supported distributions when installing NGINX from the official repository. * Bump the Ansible `community.general` collection to `6.2.0`, `community.crypto` collection to `2.10.0` and `community.docker` collection to `3.4.0`. * Use the official GitHub repositories as the source for the various packages required to compile NGINX OSS from source. diff --git a/handlers/main.yml b/handlers/main.yml index e318545e1..ecab36e56 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -10,7 +10,7 @@ enabled: true when: - nginx_start | bool - - nginx_state != "absent" + - nginx_state != 'absent' - not ansible_check_mode | bool listen: (Handler) Run NGINX @@ -22,18 +22,18 @@ ignore_errors: true check_mode: false changed_when: false - when: nginx_state != "absent" + when: nginx_state != 'absent' listen: (Handler) Run NGINX - name: (Handler) Print NGINX error if syntax check fails ansible.builtin.debug: var: config_check.stderr_lines - failed_when: config_check.rc != 0 + failed_when: config_check['rc'] != 0 when: - - config_check.stderr_lines is defined - - config_check.stderr_lines != [] - - config_check.rc != 0 - - nginx_state != "absent" + - config_check['stderr_lines'] is defined + - config_check['stderr_lines'] != [] + - config_check['rc'] != 0 + - nginx_state != 'absent' listen: (Handler) Run NGINX - name: (Handler) Start NGINX Amplify agent diff --git a/meta/main.yml b/meta/main.yml index 51c9e2d28..e28b1f7dc 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,42 +1,29 @@ --- galaxy_info: author: nginxinc - description: Official Ansible role for NGINX + description: Official Ansible role for installing NGINX role_name: nginx company: F5, Inc. license: Apache License, Version 2.0 - min_ansible_version: "2.12" + min_ansible_version: '2.12' platforms: - name: Alpine - versions: - - all + versions: [all] - name: Amazon Linux 2 - versions: - - all + versions: [all] - name: Debian - versions: - - bullseye + versions: [bullseye] - name: EL - versions: - - "7" - - "8" - - "9" + versions: ['7', '8', '9'] - name: FreeBSD - versions: - - "12.1" + versions: ['12.1'] - name: Ubuntu - versions: - - bionic - - focal - - impish - - jammy + versions: [bionic, focal, impish, jammy] - name: SLES - versions: - - "12" - - "15" + versions: ['12', '15'] galaxy_tags: - nginx diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 9bd245268..38d9df10a 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -7,7 +7,6 @@ name: ansible-role-nginx vars: nginx_modules: - - brotli - geoip - image-filter - njs diff --git a/tasks/amplify/setup-redhat.yml b/tasks/amplify/setup-redhat.yml index 10e759d8f..7960c3376 100644 --- a/tasks/amplify/setup-redhat.yml +++ b/tasks/amplify/setup-redhat.yml @@ -2,7 +2,7 @@ - name: (Amazon Linux/CentOS/RHEL) Add NGINX Amplify agent repository ansible.builtin.yum_repository: name: nginx-amplify - baseurl: https://packages.amplify.nginx.com/{{ (ansible_facts['distribution_major_version'] == "7") | ternary('', 'py3/') }}{{ (ansible_facts['distribution'] == "Amazon") | ternary('amzn', 'centos') }}/$releasever/$basearch/ + baseurl: https://packages.amplify.nginx.com/{{ (ansible_facts['distribution_major_version'] is version('7', '==')) | ternary('', 'py3/') }}{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn', 'centos') }}/$releasever/$basearch/ description: NGINX Amplify Agent enabled: true gpgcheck: true diff --git a/tasks/config/setup-logrotate.yml b/tasks/config/setup-logrotate.yml index ed1f09485..200f7e414 100644 --- a/tasks/config/setup-logrotate.yml +++ b/tasks/config/setup-logrotate.yml @@ -2,25 +2,25 @@ - name: (Alpine Linux) Install logrotate community.general.apk: name: logrotate - when: ansible_facts['os_family'] == "Alpine" + when: ansible_facts['os_family'] == 'Alpine' - name: (Debian/Ubuntu) Install logrotate ansible.builtin.apt: name: logrotate state: present - when: ansible_facts['os_family'] == "Debian" + when: ansible_facts['os_family'] == 'Debian' - name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Install logrotate ansible.builtin.yum: name: logrotate state: present - when: ansible_facts['os_family'] == "RedHat" + when: ansible_facts['os_family'] == 'RedHat' - name: (SLES) Install Logrotate community.general.zypper: name: logrotate state: present - when: ansible_facts['os_family'] == "Suse" + when: ansible_facts['os_family'] == 'Suse' - name: Create logrotate config ansible.builtin.template: diff --git a/tasks/keys/setup-keys.yml b/tasks/keys/setup-keys.yml index b79937469..f886e6954 100644 --- a/tasks/keys/setup-keys.yml +++ b/tasks/keys/setup-keys.yml @@ -1,6 +1,6 @@ --- - name: (Alpine Linux) Set up signing key - when: ansible_facts['os_family'] == "Alpine" + when: ansible_facts['os_family'] == 'Alpine' block: - name: (Alpine Linux) Set up NGINX signing key URL ansible.builtin.set_fact: @@ -15,14 +15,14 @@ - name: (Debian/Red Hat/SLES OSs) Set up NGINX signing key URL ansible.builtin.set_fact: keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_pgp) }}" - when: ansible_facts['os_family'] != "Alpine" + when: ansible_facts['os_family'] != 'Alpine' - name: (Debian/Ubuntu) Add NGINX signing key ansible.builtin.apt_key: id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 keyring: /usr/share/keyrings/nginx-archive-keyring.gpg url: "{{ keysite }}" - when: ansible_facts['os_family'] == "Debian" + when: ansible_facts['os_family'] == 'Debian' - name: (Red Hat/SLES OSs) Add NGINX signing key ansible.builtin.rpm_key: diff --git a/tasks/main.yml b/tasks/main.yml index bb0ce8266..9f988a63b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -5,12 +5,12 @@ - name: Set up prerequisites ansible.builtin.include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml" - when: nginx_state != "absent" + when: nginx_state != 'absent' tags: nginx_prerequisites - name: Set up signing keys ansible.builtin.include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml" - when: (nginx_enable | bool and nginx_install_from == "nginx_repository") + when: (nginx_enable | bool and nginx_install_from == 'nginx_repository') or nginx_amplify_enable | bool tags: nginx_key @@ -20,19 +20,19 @@ block: - name: "{{ nginx_setup | capitalize }} NGINX Open Source" ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml" - when: nginx_type == "opensource" + when: nginx_type == 'opensource' tags: nginx_install_oss - name: Set up NGINX Plus license ansible.builtin.include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml" when: - - nginx_type == "plus" + - nginx_type == 'plus' - nginx_setup_license | bool tags: nginx_setup_license - name: "{{ nginx_setup | capitalize }} NGINX Plus" ansible.builtin.include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml" - when: nginx_type == "plus" + when: nginx_type == 'plus' tags: nginx_install_plus - name: "{{ nginx_setup | capitalize }} NGINX dynamic modules" @@ -45,14 +45,14 @@ - name: Remove NGINX Plus license ansible.builtin.include_tasks: "{{ role_path }}/tasks/plus/remove-license.yml" when: - - nginx_type == "plus" + - nginx_type == 'plus' - nginx_remove_license | bool tags: nginx_remove_license - name: Modify systemd parameters ansible.builtin.include_tasks: "{{ role_path }}/tasks/config/modify-systemd.yml" when: - - ansible_facts['service_mgr'] == "systemd" + - ansible_facts['service_mgr'] == 'systemd' - nginx_service_modify | bool tags: nginx_modify_systemd @@ -64,14 +64,14 @@ when: - nginx_enable | bool - nginx_debug_output | bool - - nginx_state != "absent" + - nginx_state != 'absent' tags: nginx_debug_output - name: Configure logrotate for NGINX ansible.builtin.include_tasks: "{{ role_path }}/tasks/config/setup-logrotate.yml" when: - nginx_logrotate_conf_enable | bool - - nginx_state != "absent" + - nginx_state != 'absent' tags: nginx_logrotate_config - name: Install NGINX Amplify diff --git a/tasks/modules/install-modules.yml b/tasks/modules/install-modules.yml index 1309507cb..6944fd469 100644 --- a/tasks/modules/install-modules.yml +++ b/tasks/modules/install-modules.yml @@ -21,12 +21,12 @@ - name: (Amazon Linux/RHEL 7) Install libmaxminddb ansible.builtin.yum: name: https://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/libmaxminddb-1.2.0-6.el7.x86_64.rpm - when: '"libmaxminddb" not in packages.results' + when: "'libmaxminddb' not in packages['results']" - name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) Install GeoIP2 and/or OpenTracing EPEL dependency when: - ansible_facts['os_family'] == "RedHat" - - ('"opentracing" in nginx_modules') + - ('opentracing' in nginx_modules) - nginx_install_epel_release | bool block: - name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) Import EPEL GPG key @@ -43,27 +43,27 @@ name: nginx-plus-module-ndk when: - nginx_type == 'plus' - - ansible_facts['os_family'] == "Alpine" + - ansible_facts['os_family'] == 'Alpine' - ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') is version('3.17', '==') - - ('"encrypted-sessions" in nginx_modules') or ('"lua" in nginx_modules') or ('"set-misc" in nginx_modules') + - ('encrypted-sessions' in nginx_modules) or ('lua' in nginx_modules) or ('set-misc' in nginx_modules) - name: Install NGINX modules ansible.builtin.package: - name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item.name | default(item) }}\ - {{ (nginx_repository is not defined and ansible_facts['os_family'] == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}{{ item.version | default('') }}" - state: "{{ item.state | default('present') }}" + name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item['name'] | default(item) }}\ + {{ (nginx_repository is not defined and ansible_facts['os_family'] == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}{{ item['version'] | default('') }}" + state: "{{ item['state'] | default('present') }}" loop: "{{ nginx_modules }}" when: - - (item.name | default(item) in nginx_modules_list and nginx_type == 'opensource') - or (item.name | default(item) in nginx_plus_modules_list and nginx_type == 'plus') - - not (item.name | default(item) == "brotli") - or not (ansible_facts['os_family'] == "Suse" and ansible_facts['distribution_major_version'] is version('12', '==')) - - not (item.name | default(item) == "geoip") - or not ((ansible_facts['os_family'] == "FreeBSD") - or (ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '>='))) - - not (item.name | default(item) == "geoip2") - or not (ansible_facts['os_family'] == "Suse") - - not (item.name | default(item) == "lua") - or not (ansible_facts['architecture'] == "s390x") - - not (item.name | default(item) == "opentracing") - or not (ansible_facts['os_family'] == "Suse" and ansible_facts['distribution_major_version'] is version('12', '==')) + - (item['name'] | default(item) in nginx_modules_list and nginx_type == 'opensource') + or (item['name'] | default(item) in nginx_plus_modules_list and nginx_type == 'plus') + - not (item['name'] | default(item) == 'brotli') + or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12', '==')) + - not (item['name'] | default(item) == "geoip") + or not ((ansible_facts['os_family'] == 'FreeBSD') + or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>='))) + - not (item['name'] | default(item) == 'geoip2') + or not (ansible_facts['os_family'] == 'Suse') + - not (item['name'] | default(item) == 'lua') + or not (ansible_facts['architecture'] == 's390x') + - not (item['name'] | default(item) == 'opentracing') + or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12', '==')) diff --git a/tasks/opensource/install-bsd.yml b/tasks/opensource/install-bsd.yml index dfd3fda23..944b6ba96 100644 --- a/tasks/opensource/install-bsd.yml +++ b/tasks/opensource/install-bsd.yml @@ -1,21 +1,21 @@ --- - name: (FreeBSD) Update ports when: - - ansible_facts['system'] == "FreeBSD" + - ansible_facts['system'] == 'FreeBSD' - nginx_bsd_update_ports | bool block: - name: (FreeBSD) Fetch ports - ansible.builtin.command: portsnap fetch --interactive - args: + ansible.builtin.command: + cmd: portsnap fetch --interactive creates: /var/db/portsnap/INDEX - name: (FreeBSD) Extract ports - ansible.builtin.command: portsnap extract - args: + ansible.builtin.command: + cmd: portsnap extract creates: /usr/ports - name: (FreeBSD) {{ nginx_setup | capitalize }} NGINX - when: ansible_facts['system'] == "FreeBSD" + when: ansible_facts['system'] == 'FreeBSD' block: - name: (FreeBSD) {{ nginx_setup | capitalize }} NGINX package community.general.pkgng: @@ -33,7 +33,7 @@ notify: (Handler) Run NGINX - name: (OpenBSD) {{ nginx_setup | capitalize }} NGINX - when: ansible_facts['system'] == "OpenBSD" + when: ansible_facts['system'] == 'OpenBSD' block: - name: (OpenBSD) {{ nginx_setup | capitalize }} NGINX package community.general.openbsd_pkg: @@ -52,7 +52,7 @@ notify: (Handler) Run NGINX - name: (NetBSD) {{ nginx_setup | capitalize }} NGINX - when: ansible_facts['system'] == "NetBSD" + when: ansible_facts['system'] == 'NetBSD' block: - name: (NetBSD) {{ nginx_setup | capitalize }} NGINX package ansible.builtin.command: pkg_add www/nginx{{ nginx_version | default('') }} diff --git a/tasks/opensource/install-debian.yml b/tasks/opensource/install-debian.yml index c3327ed82..6ae759de1 100644 --- a/tasks/opensource/install-debian.yml +++ b/tasks/opensource/install-debian.yml @@ -27,6 +27,6 @@ name: nginx{{ nginx_version | default('') }} state: "{{ nginx_state }}" update_cache: true - allow_downgrade: "{{ omit if ansible_version.full is version('2.12', '<') else true }}" + allow_downgrade: "{{ omit if ansible_version['full'] is version('2.12', '<') else true }}" ignore_errors: "{{ ansible_check_mode }}" notify: (Handler) Run NGINX diff --git a/tasks/opensource/install-distribution.yml b/tasks/opensource/install-distribution.yml index da66bd260..a44570950 100644 --- a/tasks/opensource/install-distribution.yml +++ b/tasks/opensource/install-distribution.yml @@ -1,7 +1,7 @@ --- - name: (CentOS/RHEL 7) Set up the EPEL repository when: - - ansible_facts['distribution'] in ["CentOS", "RedHat"] + - ansible_facts['distribution'] in ['CentOS', 'RedHat'] - ansible_facts['distribution_major_version'] is version('7', '==') - nginx_install_epel_release | bool block: @@ -18,7 +18,7 @@ ansible.builtin.yum: name: oracle-epel-release-el7 when: - - ansible_facts['distribution'] == "OracleLinux" + - ansible_facts['distribution'] == 'OracleLinux' - ansible_facts['distribution_major_version'] is version('7', '==') - nginx_install_epel_release | bool @@ -28,14 +28,14 @@ state: absent line: tsflags=nodocs when: - - ansible_facts['distribution'] == "CentOS" + - ansible_facts['distribution'] == 'CentOS' - ansible_facts['distribution_major_version'] is version('7', '==') - name: (Amazon Linux) Enable the NGINX Amazon extras package repository - ansible.builtin.command: amazon-linux-extras enable nginx1 - args: + ansible.builtin.command: + cmd: amazon-linux-extras enable nginx1 creates: /usr/sbin/nginx - when: ansible_facts['distribution'] == "Amazon" + when: ansible_facts['distribution'] == 'Amazon' - name: "{{ nginx_setup | capitalize }} NGINX from the distribution's package repository" ansible.builtin.package: diff --git a/tasks/opensource/install-oss.yml b/tasks/opensource/install-oss.yml index ef22766ca..144e48a32 100644 --- a/tasks/opensource/install-oss.yml +++ b/tasks/opensource/install-oss.yml @@ -4,15 +4,15 @@ block: - name: "{{ nginx_setup | capitalize }} NGINX from the official package repository" ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml" - when: nginx_install_from == "nginx_repository" + when: nginx_install_from == 'nginx_repository' - name: "{{ nginx_setup | capitalize }} NGINX from the distribution's package repository" ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-distribution.yml" - when: nginx_install_from == "os_repository" + when: nginx_install_from == 'os_repository' - name: "{{ nginx_setup | capitalize }} NGINX from source" ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-source.yml" - when: nginx_install_from == "source" + when: nginx_install_from == 'source' - name: "{{ nginx_setup | capitalize }} NGINX in Unix systems" ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-bsd.yml" diff --git a/tasks/opensource/install-redhat.yml b/tasks/opensource/install-redhat.yml index 455e3f853..0058aae32 100644 --- a/tasks/opensource/install-redhat.yml +++ b/tasks/opensource/install-redhat.yml @@ -7,7 +7,7 @@ enabled: true gpgcheck: true mode: 0644 - module_hotfixes: "{{ omit if ansible_version.full is version('2.11', '<') else true }}" + module_hotfixes: true state: "{{ (nginx_state == 'uninstall') | ternary('absent', 'present') }}" when: nginx_manage_repo | bool @@ -21,6 +21,6 @@ name: nginx{{ nginx_version | default('') }} state: "{{ nginx_state }}" update_cache: true - allow_downgrade: "{{ omit if ansible_version.full is version('2.12', '<') else true }}" + allow_downgrade: "{{ omit if ansible_version['full'] is version('2.12', '<') else true }}" ignore_errors: "{{ ansible_check_mode }}" notify: (Handler) Run NGINX diff --git a/tasks/opensource/install-source.yml b/tasks/opensource/install-source.yml index b26bccfbf..419aaa8b6 100644 --- a/tasks/opensource/install-source.yml +++ b/tasks/opensource/install-source.yml @@ -15,10 +15,10 @@ - tar - wget update_cache: true - when: ansible_facts['os_family'] == "Alpine" + when: ansible_facts['os_family'] == 'Alpine' - name: (AlmaLinux/Amazon Linux/CentOS/Oracle Linux/RHEL/Rocky Linux) Set up build tools - when: ansible_facts['os_family'] == "RedHat" + when: ansible_facts['os_family'] == 'RedHat' block: - name: (Oracle Linux 7) Enable Oracle Linux 7 optional repositories ansible.builtin.yum_repository: @@ -27,7 +27,9 @@ baseurl: https://yum.oracle.com/repo/OracleLinux/OL7/optional/latest/$basearch/ gpgcheck: true enabled: true - when: ansible_facts['distribution'] == "OracleLinux" and ansible_facts['distribution_major_version'] is version('7', '==') + when: + - ansible_facts['distribution'] == 'OracleLinux' + - ansible_facts['distribution_major_version'] is version('7', '==') - name: (RHEL 8) Install Python 3 ansible.builtin.yum: @@ -74,7 +76,7 @@ - tar - zlib1g-dev update_cache: true - when: ansible_facts['os_family'] == "Debian" + when: ansible_facts['os_family'] == 'Debian' - name: (SLES) Install build tools community.general.zypper: @@ -86,7 +88,7 @@ - tar - zlib-devel update_cache: true - when: ansible_facts['os_family'] == "Suse" + when: ansible_facts['os_family'] == 'Suse' - name: Check for source installs block: @@ -112,29 +114,29 @@ community.general.apk: name: "{{ (pcre_release == 2) | ternary('pcre2-dev', 'pcre-dev') }}" update_cache: true - when: ansible_facts['os_family'] == "Alpine" + when: ansible_facts['os_family'] == 'Alpine' - name: (AlmaLinux/Amazon Linux/CentOS/Oracle Linux/RHEL/Rocky Linux) Install PCRE dependency from package ansible.builtin.yum: name: "{{ (pcre_release == 2) | ternary('pcre2-devel', 'pcre-devel') }}" update_cache: true - when: ansible_facts['os_family'] == "RedHat" + when: ansible_facts['os_family'] == 'RedHat' - name: (Debian/Ubuntu) Install PCRE dependency from package ansible.builtin.apt: name: "{{ (pcre_release == 2) | ternary('libpcre2-dev', 'libpcre3-dev') }}" update_cache: true - when: ansible_facts['os_family'] == "Debian" + when: ansible_facts['os_family'] == 'Debian' - name: (SLES) Install PCRE dependency from package community.general.zypper: name: "{{ (pcre_release == 2) | ternary('pcre2-devel', 'pcre-devel') }}" update_cache: true - when: ansible_facts['os_family'] == "Suse" + when: ansible_facts['os_family'] == 'Suse' - name: Install PCRE dependence from source when: - - not pcre_result.stat.exists | bool + - not pcre_result['stat']['exists'] | bool - nginx_install_source_pcre | bool - not ansible_check_mode | bool block: @@ -154,14 +156,14 @@ - name: Unpack PCRE dependency ansible.builtin.unarchive: copy: false - src: "{{ pcre_source.dest }}" + src: "{{ pcre_source['dest'] }}" dest: /tmp/pcre-{{ pcre_version }}/ mode: 0700 extra_opts: [--strip-components=1] - name: Configure PCRE dependency - ansible.builtin.command: ./configure - args: + ansible.builtin.command: + cmd: ./configure chdir: /tmp/pcre-{{ pcre_version }} creates: /tmp/makefile @@ -181,29 +183,29 @@ community.general.apk: name: zlib-dev update_cache: true - when: ansible_facts['os_family'] == "Alpine" + when: ansible_facts['os_family'] == 'Alpine' - name: (AlmaLinux/Amazon Linux/CentOS/Oracle Linux/RHEL/Rocky Linux) Install ZLib dependency from package ansible.builtin.yum: name: zlib-devel update_cache: true - when: ansible_facts['os_family'] == "RedHat" + when: ansible_facts['os_family'] == 'RedHat' - name: (Debian/Ubuntu) Install ZLib dependency from package ansible.builtin.apt: name: zlib1g-dev update_cache: true - when: ansible_facts['os_family'] == "Debian" + when: ansible_facts['os_family'] == 'Debian' - name: (SLES) Install ZLib dependency from package community.general.zypper: name: zlib-devel update_cache: true - when: ansible_facts['os_family'] == "Suse" + when: ansible_facts['os_family'] == 'Suse' - name: Install ZLib dependency from source when: - - not zlib_result.stat.exists | bool + - not zlib_result['stat']['exists'] | bool - nginx_install_source_zlib | bool - not ansible_check_mode | bool block: @@ -223,14 +225,14 @@ - name: Unpack ZLib dependency ansible.builtin.unarchive: copy: false - src: "{{ zlib_source.dest }}" + src: "{{ zlib_source['dest'] }}" dest: /tmp/zlib-{{ zlib_version }} mode: 0700 extra_opts: [--strip-components=1] - name: Configure ZLib dependency - ansible.builtin.command: ./configure - args: + ansible.builtin.command: + cmd: ./configure chdir: /tmp/zlib-{{ zlib_version }} creates: /tmp/makefile @@ -250,29 +252,29 @@ community.general.apk: name: openssl-dev update_cache: true - when: ansible_facts['os_family'] == "Alpine" + when: ansible_facts['os_family'] == 'Alpine' - name: (AlmaLinux/Amazon Linux/CentOS/Oracle Linux/RHEL/Rocky Linux) Install OpenSSL dependency from package ansible.builtin.yum: name: openssl-devel update_cache: true - when: ansible_facts['os_family'] == "RedHat" + when: ansible_facts['os_family'] == 'RedHat' - name: (Debian/Ubuntu) Install OpenSSL dependency from package ansible.builtin.apt: name: libssl-dev update_cache: true - when: ansible_facts['os_family'] == "Debian" + when: ansible_facts['os_family'] == 'Debian' - name: (SLES) Install OpenSSL dependency from package community.general.zypper: name: openssl-devel update_cache: true - when: ansible_facts['os_family'] == "Suse" + when: ansible_facts['os_family'] == 'Suse' - name: Install OpenSSL dependency from source when: - - not openssl_result.stat.exists | bool + - not openssl_result['stat']['exists'] | bool - nginx_install_source_openssl | bool - not ansible_check_mode | bool block: @@ -292,14 +294,14 @@ - name: Unpack OpenSSL dependency ansible.builtin.unarchive: copy: false - src: "{{ openssl_source.dest }}" + src: "{{ openssl_source['dest'] }}" dest: /tmp/openssl-{{ openssl_version }} mode: 0700 extra_opts: [--strip-components=1] - name: Configure OpenSSL dependency - ansible.builtin.command: ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib - args: + ansible.builtin.command: + cmd: ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib chdir: /tmp/openssl-{{ openssl_version }} creates: /tmp/makefile @@ -323,7 +325,7 @@ - name: Set NGINX version ansible.builtin.set_fact: - nginx_version: "{{ 'nginx-' + (nginx_versions.content | regex_search('([0-9]+\\.){2}[0-9]+')) }}" + nginx_version: "{{ 'nginx-' + (nginx_versions['content'] | regex_search('([0-9]+\\.){2}[0-9]+')) }}" - name: Check for NGINX install ansible.builtin.stat: @@ -345,7 +347,7 @@ - name: Install NGINX when: - - not nginx_result.stat.exists | bool + - not nginx_result['stat']['exists'] | bool - not ansible_check_mode | bool block: - name: Download NGINX @@ -368,23 +370,23 @@ loop: "{{ nginx_static_modules }}" - name: Configure NGINX - ansible.builtin.command: >- - ./configure - --conf-path=/etc/nginx/nginx.conf - --error-log-path=/var/log/nginx/error.log - --http-log-path=/var/log/nginx/access.log - --lock-path=/var/lock/nginx.lock - --modules-path=/usr/lib/nginx/modules - --prefix=/usr - --pid-path=/var/run/nginx.pid - --user=nginx - --with-mail=dynamic - --with-stream - {{ nginx_install_source_pcre | ternary('--with-pcre=../pcre-' + pcre_version | string, '') }} - {{ nginx_install_source_zlib | ternary('--with-zlib=../zlib-' + zlib_version | string, '') }} - {{ nginx_install_source_openssl | ternary('--with-openssl=../openssl-' + openssl_version | string, '') }} - {{ nginx_install_source_static_modules | default('') }} - args: + ansible.builtin.command: + cmd: >- + ./configure + --conf-path=/etc/nginx/nginx.conf + --error-log-path=/var/log/nginx/error.log + --http-log-path=/var/log/nginx/access.log + --lock-path=/var/lock/nginx.lock + --modules-path=/usr/lib/nginx/modules + --prefix=/usr + --pid-path=/var/run/nginx.pid + --user=nginx + --with-mail=dynamic + --with-stream + {{ nginx_install_source_pcre | ternary('--with-pcre=../pcre-' + pcre_version | string, '') }} + {{ nginx_install_source_zlib | ternary('--with-zlib=../zlib-' + zlib_version | string, '') }} + {{ nginx_install_source_openssl | ternary('--with-openssl=../openssl-' + openssl_version | string, '') }} + {{ nginx_install_source_static_modules | default('') }} chdir: /tmp/{{ nginx_version }} creates: /tmp/makefile register: nginx_configure @@ -399,7 +401,7 @@ target: install - name: Set up systemd - when: ansible_facts['service_mgr'] == "systemd" + when: ansible_facts['service_mgr'] == 'systemd' notify: (Handler) Run NGINX block: - name: Upload systemd NGINX service file @@ -418,7 +420,7 @@ enabled: true - name: Set up Upstart - when: ansible_facts['service_mgr'] == "upstart" + when: ansible_facts['service_mgr'] == 'upstart' notify: (Handler) Run NGINX block: - name: Upload Upstart NGINX service file @@ -450,11 +452,11 @@ owner: root group: root mode: 0755 - when: ansible_facts['service_mgr'] == "sysvinit" + when: ansible_facts['service_mgr'] == 'sysvinit' notify: (Handler) Run NGINX - name: Set up OpenRC - when: ansible_facts['service_mgr'] == "openrc" + when: ansible_facts['service_mgr'] == 'openrc' notify: (Handler) Run NGINX block: - name: Enable OpenRC @@ -481,8 +483,8 @@ path: "{{ item }}" state: absent loop: - - "{{ pcre_source.dest }}" - - "{{ zlib_source.dest }}" - - "{{ openssl_source.dest }}" - - "{{ nginx_source.dest }}" + - "{{ pcre_source['dest'] }}" + - "{{ zlib_source['dest'] }}" + - "{{ openssl_source['dest'] }}" + - "{{ nginx_source['dest'] }}" when: item is defined diff --git a/tasks/plus/install-debian.yml b/tasks/plus/install-debian.yml index bac48db12..657db4bb5 100644 --- a/tasks/plus/install-debian.yml +++ b/tasks/plus/install-debian.yml @@ -25,7 +25,7 @@ name: nginx-plus{{ nginx_version | default('') }} state: "{{ nginx_state }}" update_cache: true - allow_downgrade: "{{ omit if ansible_version.full is version('2.12', '<') else true }}" + allow_downgrade: "{{ omit if ansible_version['full'] is version('2.12', '<') else true }}" ignore_errors: "{{ ansible_check_mode }}" when: nginx_license_status is not defined notify: (Handler) Run NGINX diff --git a/tasks/plus/install-redhat.yml b/tasks/plus/install-redhat.yml index 57fd136cc..848f3abce 100644 --- a/tasks/plus/install-redhat.yml +++ b/tasks/plus/install-redhat.yml @@ -22,7 +22,7 @@ name: nginx-plus{{ nginx_version | default('') }} state: "{{ nginx_state }}" update_cache: true - allow_downgrade: "{{ omit if ansible_version.full is version('2.12', '<') else true }}" + allow_downgrade: "{{ omit if ansible_version['full'] is version('2.12', '<') else true }}" ignore_errors: "{{ ansible_check_mode }}" when: nginx_license_status is not defined notify: (Handler) Run NGINX diff --git a/tasks/plus/remove-license.yml b/tasks/plus/remove-license.yml index 30ebbad77..de0c84e71 100644 --- a/tasks/plus/remove-license.yml +++ b/tasks/plus/remove-license.yml @@ -7,7 +7,7 @@ ansible.builtin.file: path: /etc/ssl/nginx state: absent - when: ansible_facts['distribution'] != "Alpine" + when: ansible_facts['distribution'] != 'Alpine' - name: (Alpine Linux) Delete NGINX Plus license ansible.builtin.file: @@ -16,7 +16,7 @@ loop: - /etc/apk/cert.key - /etc/apk/cert.pem - when: ansible_facts['distribution'] == "Alpine" + when: ansible_facts['distribution'] == 'Alpine' - name: Remove NGINX Plus repository data ansible.builtin.include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml" diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml index deb021fe6..fe6ea663c 100644 --- a/tasks/plus/setup-license.yml +++ b/tasks/plus/setup-license.yml @@ -45,7 +45,7 @@ fail_msg: Something went wrong! Make sure your NGINX Plus license is valid! - name: (Debian/Red Hat/SLES OSs) Set up NGINX Plus license - when: ansible_facts['os_family'] != "Alpine" + when: ansible_facts['os_family'] != 'Alpine' block: - name: (Debian/Red Hat/SLES OSs) Create SSL directory ansible.builtin.file: @@ -86,7 +86,7 @@ fail_msg: Something went wrong! Make sure your NGINX Plus license is valid! - name: (SLES) Create NGINX Plus license bundle - when: ansible_facts['os_family'] == "Suse" + when: ansible_facts['os_family'] == 'Suse' block: - name: (SLES) Check combined NGINX Plus license bundle exists ansible.builtin.stat: @@ -98,4 +98,4 @@ src: /etc/ssl/nginx dest: /etc/ssl/nginx/nginx-repo-bundle.crt mode: 0444 - when: not bundle.stat.exists + when: not bundle['stat']['exists'] diff --git a/tasks/prerequisites/install-dependencies.yml b/tasks/prerequisites/install-dependencies.yml index 53cb3efe1..5a841520d 100644 --- a/tasks/prerequisites/install-dependencies.yml +++ b/tasks/prerequisites/install-dependencies.yml @@ -4,31 +4,31 @@ name: "{{ nginx_alpine_dependencies }}" update_cache: true state: latest # noqa package-latest - when: ansible_facts['os_family'] == "Alpine" + when: ansible_facts['os_family'] == 'Alpine' - name: (Debian/Ubuntu) Install dependencies ansible.builtin.apt: name: "{{ nginx_debian_dependencies }}" update_cache: true state: latest # noqa package-latest - when: ansible_facts['os_family'] == "Debian" + when: ansible_facts['os_family'] == 'Debian' - name: (Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies ansible.builtin.yum: name: "{{ nginx_redhat_dependencies }}" update_cache: true state: latest # noqa package-latest - when: ansible_facts['os_family'] == "RedHat" + when: ansible_facts['os_family'] == 'RedHat' - name: (SLES) Install dependencies community.general.zypper: name: "{{ nginx_sles_dependencies }}" update_cache: true state: latest # noqa package-latest - when: ansible_facts['os_family'] == "Suse" + when: ansible_facts['os_family'] == 'Suse' - name: (FreeBSD) Install dependencies - when: ansible_facts['distribution'] == "FreeBSD" + when: ansible_facts['distribution'] == 'FreeBSD' block: - name: (FreeBSD) Install dependencies using package(s) community.general.pkgng: diff --git a/tasks/prerequisites/setup-selinux.yml b/tasks/prerequisites/setup-selinux.yml index 0bd6e7168..ad2a8cc8c 100644 --- a/tasks/prerequisites/setup-selinux.yml +++ b/tasks/prerequisites/setup-selinux.yml @@ -59,7 +59,7 @@ - name: Import SELinux NGINX Plus module ansible.builtin.command: semodule -i {{ nginx_selinux_tempdir }}/nginx-plus-module.pp # noqa no-handler changed_when: false - when: nginx_selinux_module.changed | bool + when: nginx_selinux_module['changed'] | bool - name: Set SELinux mode to enforcing ansible.posix.selinux: