minor udpates on docs and permissions

Author: jessegoodier

.gitignore

@@ -36,3 +36,7 @@ default.pem
 
 # Scratch Directory
 scratch/
+
+# nginx keys
+sample-playbook/license/nginx-repo.key
+sample-playbook/license/nginx-repo.crt

README.md

@@ -98,11 +98,11 @@ Example Playbook
 
 This is a sample playbook file for using the role to install NGINX App Protect on NGINX Plus and configure it using basic settings to all `wafs` inventory hosts.
 
+A copy of this is in the sample-playbook directory in this repo.
+
+First create a file for all the varialbles as `nginx-app-protect-vars.yml`
 ```yaml
 ---
-- hosts: wafs
-  become: true
-  vars:
 
     # Specify whether you want to maintain your version of NGINX App Protect, upgrade to the latest version, or remove NGINX App Protect.
     # Can be used with `app_protect_version` to achieve fine grained control on which version of NGINX App Protect is installed/used on each playbook execution.
@@ -169,31 +169,24 @@ This is a sample playbook file for using the role to install NGINX App Protect o
       certificate: "{{playbook_dir}}/license/nginx-repo.crt"
       key: "{{playbook_dir}}/license/nginx-repo.key"
 
-  roles:
-    - role: nginxinc.nginx_app_protect
 ```
 
 This is a sample playbook file for deploying the Ansible Galaxy NGINX App Protect role in a localhost and installing NGINX App Protect on NGINX Plus.
 
 ```yaml
 ---
-- hosts: localhost
-  become: true
+- hosts: wafs
+  remote_user: centos  
+  pre_tasks:
+  - name: load the vars
+    include_vars: 
+      file: "{{playbook_dir}}/nginx-app-protect-vars.yml"
   roles:
-    - role: nginxinc.nginx_app_protect
+    - nginxinc.nginx_app_protect
 ```
 
-This is a sample playbook file for deploying the Ansible Galaxy NGINX App Protect role to a dynamic inventory containing the `nginx_plus` tag.
-
-```yaml
----
-- hosts: tag_nginx_plus
-  remote_user: root
-  roles:
-    - role: nginxinc.nginx_app_protect
-```
 
-To run any of the above sample playbooks create a `setup-nginx-app-protect.yml` file and paste the contents. Executing the Ansible Playbook is then as simple as executing `ansible-playbook setup-nginx.yml`.
+To run any of the above sample playbooks create a `nginx-app-protect-playbook.yml` file and paste the contents. Executing the Ansible Playbook is then as simple as executing `ansible-playbook nginx-app-protect-playbook.yml -b -i inventory`.
 
 Alternatively, you can also clone this repository instead of installing it from Ansible Galaxy. If you decide to do so, replace the role variable in the previous sample playbooks from `nginxinc.nginx_app_protect` to `ansible-role-nginx-app-protect`.
 

sample-playbook

@@ -0,0 +1 @@
+Subproject commit 62c40da4b1ea1c00d77081867026d6ba2fce3681

tasks/configure-app-protect.yml

@@ -17,13 +17,15 @@
   template:
     src: "{{ app_protect_security_policy_template.template_file }}"
     dest: "{{ app_protect_security_policy_template.out_file_location }}{{ app_protect_security_policy_template.out_file_name }}"
+    mode: "0644"
     backup: true
   when: app_protect_security_policy_template_enable
 
 - name: "Dynamically Generate NGINX App Protect log policy file"
   template:
     src: "{{ app_protect_log_policy_template.template_file }}"
     dest: "{{ app_protect_log_policy_template.out_file_location }}{{ app_protect_log_policy_template.out_file_name }}"
+    mode: '0644'
     backup: true
   when: app_protect_log_policy_template_enable