Merge branch 'master' into (feature)/unit

Bring the (feature)/unit branch up to date with the master branch

Author: alessfg

.travis.yml

@@ -1,30 +1,94 @@
 ---
-language: python
-python: "2.7"
-# Use the new container infrastructure
-sudo: false
-# Install ansible
-addons:
-  apt:
-    packages:
-    - python-pip
-install:
-  # Install ansible
-  - pip install ansible
-  # Check ansible version
-  - ansible --version
-  # Create ansible.cfg with correct roles_path
-  - printf '[defaults]\nroles_path=../' >ansible.cfg
+sudo: required
+services:
+  - docker
+env:
+  - distribution: centos
+    version: 6
+    playbook: basic
+  - distribution: centos
+    version: 6
+    playbook: push
+  - distribution: centos
+    version: 6
+    playbook: stable
+  - distribution: centos
+    version: 6
+    playbook: template
+  - distribution: centos
+    version: 7
+    playbook: basic
+  - distribution: centos
+    version: 7
+    playbook: template
+  - distribution: centos
+    version: 7
+    playbook: stable
+  - distribution: centos
+    version: 7
+    playbook: push
+  - distribution: debian
+    version: jessie
+    playbook: basic
+  - distribution: debian
+    version: jessie
+    playbook: template
+  - distribution: debian
+    version: jessie
+    playbook: stable
+  - distribution: debian
+    version: jessie
+    playbook: push
+  - distribution: debian
+    version: stretch
+    playbook: basic
+  - distribution: debian
+    version: stretch
+    playbook: template
+  - distribution: debian
+    version: stretch
+    playbook: stable
+  - distribution: debian
+    version: stretch
+    playbook: push
+  - distribution: ubuntu
+    version: trusty
+    playbook: basic
+  - distribution: ubuntu
+    version: trusty
+    playbook: template
+  - distribution: ubuntu
+    version: trusty
+    playbook: stable
+  - distribution: ubuntu
+    version: trusty
+    playbook: push
+  - distribution: ubuntu
+    version: xenial
+    playbook: basic
+  - distribution: ubuntu
+    version: xenial
+    playbook: template
+  - distribution: ubuntu
+    version: xenial
+    playbook: stable
+  - distribution: ubuntu
+    version: xenial
+    playbook: push
+before_install:
+  - 'sudo docker pull ${distribution}:${version}'
+  - 'sudo docker build --no-cache --rm --file=tests/dockerfiles/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests'
 script:
-  # Basic role syntax check
-  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
-  # Run the role with ansible-playbook.
-  - ansible-playbook tests/test.yml -i tests/inventory --connection=local --sudo
-  # Run the role again, checking to make sure it's idempotent.
+  - container_id=$(mktemp)
+  - 'sudo docker run --detach --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro --volume="${PWD}":/etc/ansible/roles/ansible-role-nginx:ro ${distribution}-${version}:ansible > "${container_id}"'
+  - 'sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/ansible-role-nginx/tests/playbooks/nginx-${playbook}.yml --syntax-check'
+  - 'sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/ansible-role-nginx/tests/playbooks/nginx-${playbook}.yml'
   - >
-    ansible-playbook tests/test.yml -i tests/inventory --connection=local --sudo | grep -q 'changed=0.*failed=0'
-    && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1)
-  # Request a page via the web server, to make sure NGINX is running and responds.
-  - curl http://localhost/
+    sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/ansible-role-nginx/tests/playbooks/nginx-${playbook}.yml
+    | grep -q 'changed=0.*failed=0'
+    && (echo 'Idempotence test: pass' && exit 0)
+    || (echo 'Idempotence test: fail' && exit 1)
+  - 'sudo docker exec "$(cat ${container_id})" curl http://localhost/'
+  - 'sudo docker rm -f "$(cat ${container_id})"'
 notifications:
   webhooks: https://galaxy.ansible.com/api/v1/notifications/

README.md

@@ -4,7 +4,7 @@ Ansible NGINX Role
 [![Ansible Galaxy](https://img.shields.io/badge/galaxy-nginxinc.nginx-5bbdbf.svg)](https://galaxy.ansible.com/nginxinc/nginx)
 [![Build Status](https://travis-ci.org/nginxinc/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/nginxinc/ansible-role-nginx)
 
-This role installs open source NGINX, NGINX Plus, or NGINX Unit on your target host.
+This role installs NGINX Open Source, NGINX Plus, or NGINX Unit on your target host.
 
 Requirements
 ------------
@@ -13,9 +13,9 @@ This role was developed using Ansible 2.4.0.0. Backwards compatibility is not gu
 
 Use `ansible-galaxy install nginxinc.nginx` to install the role on your system.
 
-It supports all platforms supported by [open source NGINX](https://nginx.org/en/linux_packages.html#mainline) and [NGINX Plus](https://www.nginx.com/products/technical-specs/):
+It supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html#mainline) and [NGINX Plus](https://www.nginx.com/products/technical-specs/):
 
-**Open Source NGINX:**
+**NGINX Open Source:**
 
     CentOS:
       versions:
@@ -106,8 +106,27 @@ This role has multiple variables. The defaults for all these variables are the f
     # Default is 'opensource'.
     type: opensource
 
-    # Specify which branch of Open Source NGINX you want to install.
+    # Specify repository origin for NGINX Open Source.
+    # Options are 'nginx_repository' or 'os_repository'.
+    # Only works if 'type' is set to 'opensource'.
+    # Default is nginx_repository.
+    install_from: nginx_repository
+
+    # Specify source repository for NGINX Open Source.
+    # Only works if 'install_from' is set to 'nginx_repository'.
+    # Defaults are the official NGINX repositories.
+    nginx_repository:
+      debian:
+        - 'deb https://nginx.org/packages/{{ "mainline/" if branch == "mainline" }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx'
+        - 'deb-src https://nginx.org/packages/{{ "mainline/" if branch == "mainline" }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx'
+      redhat:
+        - https://nginx.org/packages/{{ "mainline/" if branch == "mainline" }}{{ (ansible_distribution == "RedHat") | ternary('rhel/', 'centos/') }}{{ ansible_distribution_major_version|int }}/$basearch/
+      suse:
+        - https://nginx.org/packages/{{ "mainline/" if branch == "mainline" }}sles/12
+
+    # Specify which branch of NGINX Open Source you want to install.
     # Options are 'mainline' or 'stable'.
+    # Only works if 'install_from' is set to 'nginx_repository'.
     # Default is mainline.
     branch: mainline
 
@@ -116,8 +135,7 @@ This role has multiple variables. The defaults for all these variables are the f
     unit_enable: false
     unit_packages: false
 
-    # Install nginscript, perl, waf (NGINX Plus only), geoip, image-filter, rtmp and/or xslt modules.
-    # Default is false.
+    # Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming, and/or XSLT modules.    # Default is false.
     modules:
       njs: false
       perl: false
@@ -134,18 +152,15 @@ This role has multiple variables. The defaults for all these variables are the f
     amplify_key: null
 
     # Enable NGINX status data.
-    # Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus.
+    # Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.
     # Default is false.
     status_enable: false
 
-    # Enable NGINX Plus REST API and write access.
+    # Enable NGINX Plus REST API, write access to the REST API, and NGINX Plus dashboard.
     # Default is false.
     rest_api_enable: false
     rest_api_write: false
-
-    # Enable NGINX Plus dashboard. REST API also needs to be enabled.
-    # Default is false.
-    dashboard: false
+    rest_api_dashboard: false
 
     # Location of your NGINX Plus license in your local machine.
     # Default is the files folder within the NGINX Ansible role.
@@ -170,8 +185,8 @@ This role has multiple variables. The defaults for all these variables are the f
     main_template_worker_processes: auto
     main_template_error_level: warn
     main_template_worker_connections: 1024
-    main_template_keepalive_timeout: 65
     http_template_enable: false
+    http_template_keepalive_timeout: 65
     http_template_listen: 80
     http_template_server_name: localhost
     stream_template_enable: false

defaults/main.yml

@@ -4,8 +4,27 @@
 # Default is 'opensource'.
 type: opensource
 
-# Specify which branch of Open Source NGINX you want to install.
+# Specify repository origin for NGINX Open Source.
+# Options are 'nginx_repository' or 'os_repository'.
+# Only works if 'type' is set to 'opensource'.
+# Default is nginx_repository.
+install_from: nginx_repository
+
+# Specify source repository for NGINX Open Source.
+# Only works if 'install_from' is set to 'nginx_repository'.
+# Defaults are the official NGINX repositories.
+nginx_repository:
+  debian:
+    - deb https://nginx.org/packages/{{ (branch == 'mainline') | ternary('mainline/','') }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
+    - deb-src https://nginx.org/packages/{{ (branch == 'mainline') | ternary('mainline/','') }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
+  redhat:
+    - https://nginx.org/packages/{{ (branch == 'mainline') | ternary('mainline/','') }}{{ (ansible_distribution == "RedHat") | ternary('rhel/', 'centos/') }}{{ ansible_distribution_major_version|int }}/$basearch/
+  suse:
+    - https://nginx.org/packages/{{ (branch == 'mainline') | ternary('mainline/','') }}sles/12
+
+# Specify which branch of NGINX Open Source you want to install.
 # Options are 'mainline' or 'stable'.
+# Only works if 'install_from' is set to 'nginx_repository'.
 # Default is mainline.
 branch: mainline
 
@@ -14,7 +33,7 @@ branch: mainline
 unit_enable: false
 unit_packages: false
 
-# Install nginscript, perl, waf (NGINX Plus only), geoip, image-filter, rtmp and/or xslt modules.
+# Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming, and/or XSLT modules.
 # Default is false.
 modules:
   njs: false
@@ -32,18 +51,15 @@ amplify_enable: false
 amplify_key: null
 
 # Enable NGINX status data.
-# Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus.
+# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.
 # Default is false.
 status_enable: false
 
-# Enable NGINX Plus REST API and write access.
+# Enable NGINX Plus REST API, write access to the REST API, and NGINX Plus dashboard.
 # Default is false.
 rest_api_enable: false
 rest_api_write: false
-
-# Enable NGINX Plus dashboard. REST API also needs to be enabled.
-# Default is false.
-dashboard: false
+rest_api_dashboard: false
 
 # Location of your NGINX Plus license in your local machine.
 # Default is the files folder within the NGINX Ansible role.
@@ -68,8 +84,8 @@ main_template_user: nginx
 main_template_worker_processes: auto
 main_template_error_level: warn
 main_template_worker_connections: 1024
-main_template_keepalive_timeout: 65
 http_template_enable: false
+http_template_keepalive_timeout: 65
 http_template_listen: 80
 http_template_server_name: localhost
 stream_template_enable: false

tasks/conf/push-config.yml

@@ -1,25 +1,40 @@
 ---
 - name: "(Setup: All NGINX) Upload NGINX Main Configuration File"
   copy:
-    src: "{{ main_upload_location }}"
+    src: "{{ main_push_location }}"
     dest: /etc/nginx/nginx.conf
+    backup: yes
   notify: "(Handler: All OSs) Reload NGINX"
-  when: main_upload_enable
+  when: main_push_enable
+
+- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists"
+  file:
+    path: /etc/nginx/conf.d/http
+    state: directory
+  when: http_push_enable
 
 - name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files"
   copy:
     src: "{{ item }}"
-    dest: /etc/nginx/conf.d/
+    dest: /etc/nginx/conf.d/http
+    backup: yes
   with_fileglob:
-    - "{{ http_upload_location }}"
+    - "{{ http_push_location }}"
   notify: "(Handler: All OSs) Reload NGINX"
-  when: http_upload_enable
+  when: http_push_enable
+
+- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
+  file:
+    path: /etc/nginx/conf.d/stream
+    state: directory
+  when: stream_push_enable
 
 - name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files"
   copy:
     src: "{{ item }}"
-    dest: /etc/nginx/conf.d/
+    dest: /etc/nginx/conf.d/stream
+    backup: yes
   with_fileglob:
-    - "{{ stream_upload_location }}"
+    - "{{ stream_push_location }}"
   notify: "(Handler: All OSs) Reload NGINX"
-  when: stream_upload_enable
+  when: stream_push_enable

tasks/conf/setup-rest-api.yml

@@ -1,6 +1,22 @@
 ---
 - name: "(Setup: NGINX Plus) Setup NGINX Plus API"
-  template:
-    src: api.conf.j2
-    dest: "{{ (http_template_enable) | ternary('/etc/nginx/conf.d/http/api.conf','/etc/nginx/conf.d/api.conf') }}"
+  blockinfile:
+    path: "{{ (http_template_enable) | ternary('/etc/nginx/conf.d/http/api.conf','/etc/nginx/conf.d/api.conf') }}"
+    create: yes
+    block: |
+      server {
+          listen 8080;
+          location /api {
+      {% if rest_api_write %}
+              api write=on;
+      {% else %}
+              api;
+      {% endif %}
+          }
+      {% if rest_api_dashboard %}
+          location = /dashboard.html {
+              root /usr/share/nginx/html;
+          }
+      {% endif %}
+      }
   notify: "(Handler: All OSs) Reload NGINX"

tasks/conf/setup-status.yml

@@ -1,7 +1,7 @@
 ---
-- name: "(Setup: Open Source NGINX) Enable Open Source NGINX Status"
+- name: "(Setup: NGINX Open Source) Enable NGINX Open Source Status"
   blockinfile:
-    path: /etc/nginx/conf.d/stub_status.conf
+    path: "{{ (http_template_enable) | ternary('/etc/nginx/conf.d/http/stub_status.conf','/etc/nginx/conf.d/stub_status.conf') }}"
     create: yes
     block: |
       server {
@@ -17,7 +17,7 @@
 
 - name: "(Setup: NGINX Plus) Enable NGINX Plus Status"
   blockinfile:
-    path: /etc/nginx/conf.d/status.conf
+    path: "{{ (http_template_enable) | ternary('/etc/nginx/conf.d/http/status.conf','/etc/nginx/conf.d/status.conf') }}"
     create: yes
     block: |
       server {