nginx Role Enhancements #22
5 changed files with 47 additions and 71 deletions
roles/nginx
|
|
@ -20,10 +20,6 @@ The following distributions are supported:
|
|||
|
||||
For the required arguments look at the [`argument_specs.yaml`](./meta/argument_specs.yaml).
|
||||
|
||||
## Updates
|
||||
|
||||
This role updates NGINX to the latest version covered by the provided version spec., if needed.
|
||||
|
||||
## `hosts`
|
||||
|
||||
The `hosts` for this role need to be the machines, for which you want to make sure the `nginx` package is installed from the NGINX repos and a desirable baseline of NGINX configs is deployed.
|
||||
|
|
|
|||
|
|
@ -1,15 +1,6 @@
|
|||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
nginx__version_spec:
|
||||
description: >-
|
||||
The version specification to use for installing the `nginx` package. The
|
||||
provided version specification will be used like the following: `nginx={{
|
||||
nginx__version_spec }}*`. This makes it possible to e.g. specify
|
||||
until a minor version (like `1.3.`) and then have patch versions be
|
||||
installed automatically (like `1.3.1` and so on).
|
||||
type: str
|
||||
required: true
|
||||
nginx__deploy_redirect_conf:
|
||||
description: >-
|
||||
Whether or not to deploy a `redirect.conf` to
|
||||
|
|
|
|||
|
|
@ -3,12 +3,7 @@
|
|||
name: nginx
|
||||
tasks_from: make_sure_nginx_configuration_names_are_valid
|
||||
|
||||
- name: make sure NGINX repos are setup
|
||||
ansible.builtin.include_role:
|
||||
name: nginx
|
||||
tasks_from: main/repo_setup
|
||||
|
||||
- name: make sure NGINX is installed
|
||||
- name: ensure NGINX is installed
|
||||
ansible.builtin.include_role:
|
||||
name: nginx
|
||||
tasks_from: main/nginx_install
|
||||
|
|
|
|||
|
|
@ -1,13 +1,52 @@
|
|||
- name: make sure the `nginx` package is installed
|
||||
- name: gather package facts
|
||||
ansible.builtin.package_facts:
|
||||
manager: apt
|
||||
|
||||
- name: make sure `gnupg` package is installed
|
||||
ansible.builtin.apt:
|
||||
name: nginx={{ nginx__version_spec }}*
|
||||
name: gnupg
|
||||
state: present
|
||||
allow_change_held_packages: true
|
||||
update_cache: true
|
||||
become: true
|
||||
when: "'gnupg' not in ansible_facts.packages"
|
||||
|
||||
- name: apt-mark hold `nginx`
|
||||
ansible.builtin.dpkg_selections:
|
||||
name: nginx
|
||||
selection: hold
|
||||
- name: make sure NGINX signing key is added
|
||||
ansible.builtin.get_url:
|
||||
url: https://nginx.org/keys/nginx_signing.key
|
||||
dest: /etc/apt/trusted.gpg.d/nginx.asc
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
become: true
|
||||
|
||||
- name: make sure NGINX APT repository is added
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: make sure NGINX APT source repository is added
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb-src [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: set up repository pinning to make sure nginx package gets installed from NGINX repositories
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
Package: *
|
||||
Pin: origin nginx.org
|
||||
Pin: release o=nginx
|
||||
Pin-Priority: 900
|
||||
dest: /etc/apt/preferences.d/99nginx
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
become: true
|
||||
|
||||
- name: Ensure nginx is installed
|
||||
ansible.builtin.apt:
|
||||
name: nginx
|
||||
state: present
|
||||
update_cache: true
|
||||
become: true
|
||||
|
|
|
|||
|
|
@ -1,45 +0,0 @@
|
|||
- name: gather package facts
|
||||
ansible.builtin.package_facts:
|
||||
manager: apt
|
||||
|
||||
- name: make sure `gnupg` package is installed
|
||||
ansible.builtin.apt:
|
||||
name: gnupg
|
||||
state: present
|
||||
update_cache: true
|
||||
become: true
|
||||
when: "'gnupg' not in ansible_facts.packages"
|
||||
|
||||
- name: make sure NGINX signing key is added
|
||||
ansible.builtin.get_url:
|
||||
url: https://nginx.org/keys/nginx_signing.key
|
||||
dest: /etc/apt/trusted.gpg.d/nginx.asc
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
become: true
|
||||
|
||||
- name: make sure NGINX APT repository is added
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: make sure NGINX APT source repository is added
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb-src [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: set up repository pinning to make sure nginx package gets installed from NGINX repositories
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
Package: *
|
||||
Pin: origin nginx.org
|
||||
Pin: release o=nginx
|
||||
Pin-Priority: 900
|
||||
dest: /etc/apt/preferences.d/99nginx
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
become: true
|
||||
Loading…
Add table
Reference in a new issue