forked from evolix/ansible-roles
merge nginx-light into nginx
This commit is contained in:
parent
a6db2c9428
commit
a179f824f1
|
@ -1,36 +0,0 @@
|
|||
---
|
||||
driver:
|
||||
name: docker
|
||||
privileged: true
|
||||
use_sudo: false
|
||||
|
||||
provisioner:
|
||||
name: ansible_playbook
|
||||
hosts: test-kitchen
|
||||
roles_path: ../
|
||||
ansible_verbose: true
|
||||
require_ansible_source: false
|
||||
require_chef_for_busser: false
|
||||
idempotency_test: true
|
||||
|
||||
platforms:
|
||||
- name: debian
|
||||
driver_config:
|
||||
image: evolix/ansible:2.2.1
|
||||
|
||||
verifier:
|
||||
name: serverspec
|
||||
|
||||
suites:
|
||||
- name: default
|
||||
provisioner:
|
||||
name: ansible_playbook
|
||||
playbook: ./tests/test.yml
|
||||
verifier:
|
||||
patterns:
|
||||
- nginx/tests/spec/nginx_light_spec.rb
|
||||
bundler_path: '/usr/local/bin'
|
||||
rspec_path: '/usr/local/bin'
|
||||
|
||||
transport:
|
||||
max_ssh_sessions: 6
|
|
@ -1,9 +0,0 @@
|
|||
# nginx-light
|
||||
|
||||
Install Nginx light with a simply default vhost config.
|
||||
|
||||
Used for hypervisors and backups servers.
|
||||
|
||||
## Tasks
|
||||
|
||||
Everything is in the `tasks/main.yml` file.
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
- name: reload nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
|
@ -1,9 +0,0 @@
|
|||
require 'net/http'
|
||||
require 'uri'
|
||||
|
||||
require 'serverspec'
|
||||
set :backend, :exec
|
||||
|
||||
describe port(80) do
|
||||
it { should be_listening }
|
||||
end
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
- hosts: test-kitchen
|
||||
roles:
|
||||
- role: nginx-light
|
|
@ -6,10 +6,17 @@ Install Nginx.
|
|||
|
||||
Everything is in the `tasks/main.yml` file.
|
||||
|
||||
There are 2 modes : minimal and regular.
|
||||
|
||||
The minimal mode is for servers without real web apps, and only access to munin graphs…
|
||||
|
||||
The regular mode is for full fledged web services with optimized defaults.
|
||||
|
||||
## Available variables
|
||||
|
||||
Main variables are :
|
||||
|
||||
* `nginx_minimal` : very basic install and config (default: `False`) ;
|
||||
* `nginx_jessie_backports` : on Debian Jessie, we can prefer v1.10 from backports (default: `False`) ;
|
||||
* `nginx_private_ipaddr_whitelist_present` : list of IP addresses to have in the private whitelist ;
|
||||
* `nginx_private_ipaddr_whitelist_absent` : list of IP addresses **not** to have in the whitelist ;
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
---
|
||||
|
||||
nginx_minimal: False
|
||||
nginx_jessie_backports: False
|
||||
|
||||
nginx_private_ipaddr_whitelist_present: []
|
||||
|
|
|
@ -1,193 +1,7 @@
|
|||
---
|
||||
|
||||
- include: packages_jessie.yml
|
||||
when: ansible_distribution_release == "jessie"
|
||||
- include: main_minimal.yml
|
||||
when: nginx_minimal
|
||||
|
||||
- include: packages_stretch.yml
|
||||
when: ansible_distribution_release == "stretch"
|
||||
|
||||
# TODO: find a way to override the main configuration
|
||||
# without touching the main file
|
||||
|
||||
- name: customize worker_connections
|
||||
lineinfile:
|
||||
dest: /etc/nginx/nginx.conf
|
||||
regexp: '^(\s*worker_connections)\s+.+;'
|
||||
line: ' worker_connections 1024;'
|
||||
insertafter: 'events \{'
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: use epoll
|
||||
lineinfile:
|
||||
dest: /etc/nginx/nginx.conf
|
||||
regexp: '^(\s*use)\s+.+;'
|
||||
line: ' use epoll;'
|
||||
insertafter: 'events \{'
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: Install Nginx http configuration
|
||||
copy:
|
||||
src: nginx/evolinux-defaults.conf
|
||||
dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
|
||||
mode: "0640"
|
||||
# force: yes
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
# TODO: verify that those permissions are correct :
|
||||
# not too strict for private_ipaddr_whitelist
|
||||
# and not too loose for private_htpasswd
|
||||
|
||||
- name: Copy private_ipaddr_whitelist
|
||||
copy:
|
||||
src: nginx/snippets/private_ipaddr_whitelist
|
||||
dest: /etc/nginx/snippets/private_ipaddr_whitelist
|
||||
owner: www-data
|
||||
group: www-data
|
||||
directory_mode: "0640"
|
||||
mode: "0640"
|
||||
force: no
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/private_ipaddr_whitelist
|
||||
line: "allow {{ item }};"
|
||||
state: present
|
||||
with_items: "{{ nginx_private_ipaddr_whitelist_present }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: remove IP addresses from private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/private_ipaddr_whitelist
|
||||
line: "allow {{ item }};"
|
||||
state: absent
|
||||
with_items: "{{ nginx_private_ipaddr_whitelist_absent }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: Copy private_htpasswd
|
||||
copy:
|
||||
src: nginx/snippets/private_htpasswd
|
||||
dest: /etc/nginx/snippets/private_htpasswd
|
||||
owner: www-data
|
||||
group: www-data
|
||||
directory_mode: "0640"
|
||||
mode: "0640"
|
||||
force: no
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: add user:pwd to private htpasswd
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ nginx_private_htpasswd_present }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: remove user:pwd from private htpasswd
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ nginx_private_htpasswd_absent }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: nginx vhost is installed
|
||||
template:
|
||||
src: evolinux-default.conf.j2
|
||||
dest: /etc/nginx/sites-available/evolinux-default.conf
|
||||
mode: "0640"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: default vhost is enabled
|
||||
file:
|
||||
src: /etc/nginx/sites-available/evolinux-default.conf
|
||||
dest: /etc/nginx/sites-enabled/default.conf
|
||||
state: link
|
||||
force: yes
|
||||
notify: reload nginx
|
||||
when: nginx_evolinux_default_enabled
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
# - block:
|
||||
# - name: generate random string for phpmyadmin suffix
|
||||
# command: "apg -a 1 -M N -n 1"
|
||||
# changed_when: False
|
||||
# register: random_phpmyadmin_suffix
|
||||
#
|
||||
# - name: overwrite nginx_phpmyadmin_suffix
|
||||
# set_fact:
|
||||
# nginx_phpmyadmin_suffix: "{{ random_phpmyadmin_suffix.stdout }}"
|
||||
# when: nginx_phpmyadmin_suffix == ""
|
||||
#
|
||||
# - name: replace phpmyadmin suffix in default site index
|
||||
# replace:
|
||||
# dest: /var/www/index.html
|
||||
# regexp: '__PHPMYADMIN_SUFFIX__'
|
||||
# replace: "{{ nginx_phpmyadmin_suffix }}"
|
||||
#
|
||||
# - block:
|
||||
# - name: generate random string for serverstatus suffix
|
||||
# command: "apg -a 1 -M N -n 1"
|
||||
# changed_when: False
|
||||
# register: random_serverstatus_suffix
|
||||
#
|
||||
# - name: overwrite nginx_serverstatus_suffix
|
||||
# set_fact:
|
||||
# nginx_serverstatus_suffix: "{{ random_phpmyadmin_suffix.stdout }}"
|
||||
# when: nginx_serverstatus_suffix == ""
|
||||
#
|
||||
# - name: replace server-status suffix in default site index
|
||||
# replace:
|
||||
# dest: /var/www/index.html
|
||||
# regexp: '__SERVERSTATUS_SUFFIX__'
|
||||
# replace: "{{ nginx_serverstatus_suffix }}"
|
||||
|
||||
- name: Verify that the service is enabled and started
|
||||
service:
|
||||
name: nginx
|
||||
enabled: yes
|
||||
state: started
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: Check if Munin is installed
|
||||
stat:
|
||||
path: /etc/munin/plugin-conf.d/munin-node
|
||||
check_mode: no
|
||||
register: stat_munin_node
|
||||
tags:
|
||||
- nginx
|
||||
- munin
|
||||
|
||||
- include: munin_vhost.yml
|
||||
when: stat_munin_node.stat.exists
|
||||
tags:
|
||||
- nginx
|
||||
- munin
|
||||
|
||||
- include: munin_graphs.yml
|
||||
when: stat_munin_node.stat.exists
|
||||
tags:
|
||||
- nginx
|
||||
- munin
|
||||
|
||||
- include: logrotate.yml
|
||||
- include: main_regular.yml
|
||||
when: not nginx_minimal
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
- name: Ensure Nginx (light) is installed
|
||||
- name: Ensure Nginx is installed
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
|
@ -13,8 +13,8 @@
|
|||
|
||||
- name: Copy default vhost
|
||||
template:
|
||||
src: default.j2
|
||||
dest: /etc/nginx/sites-available/default
|
||||
src: evolinux-default.minimal.conf.j2
|
||||
dest: /etc/nginx/sites-available/evolinux-default.minimal.conf
|
||||
mode: 0644
|
||||
notify: reload nginx
|
||||
tags:
|
||||
|
@ -23,8 +23,8 @@
|
|||
|
||||
- name: Enable default vhost
|
||||
file:
|
||||
src: /etc/nginx/sites-available/default
|
||||
dest: /etc/nginx/sites-enabled/default
|
||||
src: /etc/nginx/sites-available/evolinux-default.minimal.conf
|
||||
dest: /etc/nginx/sites-enabled/default.conf
|
||||
state: link
|
||||
notify: reload nginx
|
||||
tags:
|
193
nginx/tasks/main_regular.yml
Normal file
193
nginx/tasks/main_regular.yml
Normal file
|
@ -0,0 +1,193 @@
|
|||
---
|
||||
|
||||
- include: packages_jessie.yml
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- include: packages_stretch.yml
|
||||
when: ansible_distribution_release == "stretch"
|
||||
|
||||
# TODO: find a way to override the main configuration
|
||||
# without touching the main file
|
||||
|
||||
- name: customize worker_connections
|
||||
lineinfile:
|
||||
dest: /etc/nginx/nginx.conf
|
||||
regexp: '^(\s*worker_connections)\s+.+;'
|
||||
line: ' worker_connections 1024;'
|
||||
insertafter: 'events \{'
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: use epoll
|
||||
lineinfile:
|
||||
dest: /etc/nginx/nginx.conf
|
||||
regexp: '^(\s*use)\s+.+;'
|
||||
line: ' use epoll;'
|
||||
insertafter: 'events \{'
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: Install Nginx http configuration
|
||||
copy:
|
||||
src: nginx/evolinux-defaults.conf
|
||||
dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
|
||||
mode: "0640"
|
||||
# force: yes
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
# TODO: verify that those permissions are correct :
|
||||
# not too strict for private_ipaddr_whitelist
|
||||
# and not too loose for private_htpasswd
|
||||
|
||||
- name: Copy private_ipaddr_whitelist
|
||||
copy:
|
||||
src: nginx/snippets/private_ipaddr_whitelist
|
||||
dest: /etc/nginx/snippets/private_ipaddr_whitelist
|
||||
owner: www-data
|
||||
group: www-data
|
||||
directory_mode: "0640"
|
||||
mode: "0640"
|
||||
force: no
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/private_ipaddr_whitelist
|
||||
line: "allow {{ item }};"
|
||||
state: present
|
||||
with_items: "{{ nginx_private_ipaddr_whitelist_present }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: remove IP addresses from private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/private_ipaddr_whitelist
|
||||
line: "allow {{ item }};"
|
||||
state: absent
|
||||
with_items: "{{ nginx_private_ipaddr_whitelist_absent }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: Copy private_htpasswd
|
||||
copy:
|
||||
src: nginx/snippets/private_htpasswd
|
||||
dest: /etc/nginx/snippets/private_htpasswd
|
||||
owner: www-data
|
||||
group: www-data
|
||||
directory_mode: "0640"
|
||||
mode: "0640"
|
||||
force: no
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: add user:pwd to private htpasswd
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ nginx_private_htpasswd_present }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: remove user:pwd from private htpasswd
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ nginx_private_htpasswd_absent }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: nginx vhost is installed
|
||||
template:
|
||||
src: evolinux-default.conf.j2
|
||||
dest: /etc/nginx/sites-available/evolinux-default.conf
|
||||
mode: "0640"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: default vhost is enabled
|
||||
file:
|
||||
src: /etc/nginx/sites-available/evolinux-default.conf
|
||||
dest: /etc/nginx/sites-enabled/default.conf
|
||||
state: link
|
||||
force: yes
|
||||
notify: reload nginx
|
||||
when: nginx_evolinux_default_enabled
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
# - block:
|
||||
# - name: generate random string for phpmyadmin suffix
|
||||
# command: "apg -a 1 -M N -n 1"
|
||||
# changed_when: False
|
||||
# register: random_phpmyadmin_suffix
|
||||
#
|
||||
# - name: overwrite nginx_phpmyadmin_suffix
|
||||
# set_fact:
|
||||
# nginx_phpmyadmin_suffix: "{{ random_phpmyadmin_suffix.stdout }}"
|
||||
# when: nginx_phpmyadmin_suffix == ""
|
||||
#
|
||||
# - name: replace phpmyadmin suffix in default site index
|
||||
# replace:
|
||||
# dest: /var/www/index.html
|
||||
# regexp: '__PHPMYADMIN_SUFFIX__'
|
||||
# replace: "{{ nginx_phpmyadmin_suffix }}"
|
||||
#
|
||||
# - block:
|
||||
# - name: generate random string for serverstatus suffix
|
||||
# command: "apg -a 1 -M N -n 1"
|
||||
# changed_when: False
|
||||
# register: random_serverstatus_suffix
|
||||
#
|
||||
# - name: overwrite nginx_serverstatus_suffix
|
||||
# set_fact:
|
||||
# nginx_serverstatus_suffix: "{{ random_phpmyadmin_suffix.stdout }}"
|
||||
# when: nginx_serverstatus_suffix == ""
|
||||
#
|
||||
# - name: replace server-status suffix in default site index
|
||||
# replace:
|
||||
# dest: /var/www/index.html
|
||||
# regexp: '__SERVERSTATUS_SUFFIX__'
|
||||
# replace: "{{ nginx_serverstatus_suffix }}"
|
||||
|
||||
- name: Verify that the service is enabled and started
|
||||
service:
|
||||
name: nginx
|
||||
enabled: yes
|
||||
state: started
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: Check if Munin is installed
|
||||
stat:
|
||||
path: /etc/munin/plugin-conf.d/munin-node
|
||||
check_mode: no
|
||||
register: stat_munin_node
|
||||
tags:
|
||||
- nginx
|
||||
- munin
|
||||
|
||||
- include: munin_vhost.yml
|
||||
when: stat_munin_node.stat.exists
|
||||
tags:
|
||||
- nginx
|
||||
- munin
|
||||
|
||||
- include: munin_graphs.yml
|
||||
when: stat_munin_node.stat.exists
|
||||
tags:
|
||||
- nginx
|
||||
- munin
|
||||
|
||||
- include: logrotate.yml
|
Loading…
Reference in a new issue