Update Ansible to 2.9.12 and explicitly set mode on relevant tasks (#309)

*   Explicitly define `mode` in relevant tasks.
*   Explicitly define the `nginx` `apt_repository` filename in Debian based distros.
*   Building OpenSSL from source should now work properly in CentOS 8.

Author: alessfg

.travis.yml

@@ -57,15 +57,17 @@ jobs:
     - name: "(CentOS) Install from Source"
       env:
         scenario: source_centos
-before_install: sudo apt-get -qq update
+before_install:
+  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+  - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+  - sudo apt-get update
+  - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
 install:
-  - pip install ansible==2.9.11
-  - pip install molecule==3.0.6
-  - pip install docker==4.2.2
-  - pip install ansible-lint==4.2.0
+  - pip install ansible==2.9.12
+  - pip install ansible-lint==4.3.2
+  - pip install molecule==3.0.8
+  - pip install docker==4.3.1
 script:
-  - molecule --version
-  - ansible --version
   - travis_wait 50 molecule test -s $scenario
 notifications:
   webhooks: https://galaxy.ansible.com/api/v1/notifications/

CHANGELOG.md

@@ -1,5 +1,25 @@
 # Changelog
 
+## 0.16.0 (August 28, 2020)
+
+BREAKING CHANGES:
+
+*   The Debian and Ubuntu repositories have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source.
+
+ENHANCEMENTS:
+
+*   Update Ansible to `2.9.12` and Ansible Lint to `4.3.2`.
+*   Explicitly define `mode` in relevant tasks.
+*   Explicitly define the `nginx` `apt_repository` filename in Debian based distros.
+
+FEATURES:
+
+*   TravisCI now always uses the latest version of Docker.
+
+BUG FIXES:
+
+*   Building OpenSSL from source should now work properly in CentOS 8.
+
 ## 0.15.0 (August 20, 2020)
 
 DEPRECATION WARNING:

README.md

@@ -9,8 +9,9 @@ This role installs NGINX Open Source, NGINX Plus, the NGINX Amplify agent, or NG
 **Note:** This role is still in active development. There may be unidentified issues and the role variables may change as development continues.
 
 **Deprecation Warnings:**
-*   There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release.
-*   NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
+
+*   There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX configuration functionalities included in this role will be removed in an upcoming release.
+*   NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX Unit functionalities included in this role will be removed in an upcoming release.
 
 Requirements
 ------------

defaults/main/linux.yml

@@ -8,6 +8,6 @@ nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
 nginx_plus_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
 
 # Default locations and versions when 'nginx_install_from; is set to 'source'
-pcre_version: pcre-8.43
+pcre_version: pcre-8.44
 zlib_version: zlib-1.2.11
-openssl_version: openssl-1.1.1c
+openssl_version: openssl-1.1.1g

handlers/main.yml

@@ -22,7 +22,7 @@
       changed_when: false
   when:
     - nginx_start | bool
-    - not ansible_check_mode
+    - not ansible_check_mode | bool
 
 - name: "(Handler: All OSs) Start NGINX Amplify Agent"
   service:

molecule/common/playbooks/module_verify.yml

@@ -21,5 +21,6 @@
     - name: Check default.conf does not exist
       stat:
         path: /etc/nginx/conf.d/default.conf
+      check_mode: yes
       register: stat_result
       failed_when: stat_result.stat.exists

molecule/common/playbooks/stable_push_verify.yml

@@ -26,6 +26,7 @@
     - name: Check default.conf exists
       stat:
         path: /etc/nginx/conf.d/default.conf
+      check_mode: yes
       register: stat_result
       failed_when: not stat_result.stat.exists
 

molecule/common/playbooks/template_converge.yml

@@ -6,7 +6,7 @@
       include_role:
         name: ansible-role-nginx
       vars:
-        nginx_debug_output: true
+        # nginx_debug_output: true
 
         nginx_service_modify: true
         nginx_service_timeout: 95

molecule/common/playbooks/template_verify.yml

@@ -26,18 +26,21 @@
     - name: Check default.conf exists
       stat:
         path: /etc/nginx/conf.d/default.conf
+      check_mode: yes
       register: stat_result
       failed_when: not stat_result.stat.exists
 
     - name: Check frontend_default.conf exists
       stat:
         path: /etc/nginx/conf.d/frontend_default.conf
+      check_mode: yes
       register: stat_result
       failed_when: not stat_result.stat.exists
 
     - name: Check backend_default.conf exists
       stat:
         path: /etc/nginx/conf.d/backend_default.conf
+      check_mode: yes
       register: stat_result
       failed_when: not stat_result.stat.exists
 

tasks/amplify/install-amplify.yml

@@ -14,6 +14,7 @@
     remote_src: yes
     src: /etc/amplify-agent/agent.conf.default
     dest: /etc/amplify-agent/agent.conf
+    mode: 0644
 
 - name: "(Setup: All OSs) Configure NGINX Amplify Agent API Key"
   lineinfile:

tasks/amplify/setup-debian.yml

@@ -3,10 +3,14 @@
   apt_repository:
     filename: nginx-amplify
     repo: deb [arch=amd64] http://packages.amplify.nginx.com/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} amplify-agent
+    update_cache: yes
+    mode: 0644
   when: ansible_distribution_release != "focal"
 
 - name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository"
   apt_repository:
     filename: nginx-amplify
     repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent
+    update_cache: yes
+    mode: 0644
   when: ansible_distribution_release == "focal"

tasks/amplify/setup-redhat.yml

@@ -6,3 +6,4 @@
     description: NGINX Amplify Agent
     enabled: yes
     gpgcheck: yes
+    mode: 0644

tasks/conf/logrotate.yml

@@ -31,4 +31,5 @@
   template:
     src: "logrotate/nginx.j2"
     dest: "/etc/logrotate.d/nginx"
+    mode: 0644
   notify: "(Config: All OSs) Run Logrotate"

tasks/conf/template-config.yml

@@ -3,6 +3,7 @@
   file:
     path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}"
     state: directory
+    mode: 0755
   with_dict: "{{ nginx_html_demo_template }}"
   when: nginx_html_demo_template_enable | bool
 
@@ -11,27 +12,31 @@
     src: "{{ item.value.template_file | default('www/index.html.j2') }}"
     dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}"
     backup: yes
+    mode: 0644
   with_dict: "{{ nginx_html_demo_template }}"
   when: nginx_html_demo_template_enable | bool
 
 - name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
   file:
     path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}"
     state: directory
+    mode: 0755
   when: nginx_main_template_enable | bool
 
 - name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File"
   template:
     src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}"
     dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}"
     backup: yes
+    mode: 0644
   when: nginx_main_template_enable | bool
   notify: "(Handler: All OSs) Reload NGINX"
 
 - name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists"
   file:
     path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}"
     state: directory
+    mode: 0755
   with_dict: "{{ nginx_http_template }}"
   when: nginx_http_template_enable | bool
 
@@ -40,6 +45,7 @@
     path: "{{ item.1.path }}"
     state: directory
     owner: "{{ nginx_main_template.user | default('nginx') }}"
+    mode: 0755
   with_subelements:
     - "{{ nginx_http_template }}"
     - proxy_cache.proxy_cache_path
@@ -51,6 +57,7 @@
     src: "{{ item.value.template_file | default('http/default.conf.j2') }}"
     dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
     backup: yes
+    mode: 0644
   with_dict: "{{ nginx_http_template }}"
   when: nginx_http_template_enable | bool
   notify: "(Handler: All OSs) Reload NGINX"
@@ -60,21 +67,24 @@
     src: "{{ nginx_status_template_file | default('http/status.conf.j2') }}"
     dest: "{{ nginx_status_file_location | default('/etc/nginx/conf.d/status.conf') }}"
     backup: yes
-  notify: "(Handler: All OSs) Reload NGINX"
+    mode: 0644
   when: nginx_status_enable | bool
+  notify: "(Handler: All OSs) Reload NGINX"
 
 - name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File"
   template:
     src: "{{ nginx_rest_api_template_file | default('http/api.conf.j2') }}"
     dest: "{{ nginx_rest_api_file_location | default('/etc/nginx/conf.d/api.conf') }}"
     backup: yes
-  notify: "(Handler: All OSs) Reload NGINX"
+    mode: 0644
   when: nginx_rest_api_enable | bool
+  notify: "(Handler: All OSs) Reload NGINX"
 
 - name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
   file:
     path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}"
     state: directory
+    mode: 0755
   with_dict: "{{ nginx_stream_template }}"
   when: nginx_stream_template_enable | bool
 
@@ -83,6 +93,7 @@
     src: "{{ item.value.template_file | default('stream/default.conf.j2') }}"
     dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
     backup: yes
+    mode: 0644
   with_dict: "{{ nginx_stream_template }}"
-  notify: "(Handler: All OSs) Reload NGINX"
   when: nginx_stream_template_enable | bool
+  notify: "(Handler: All OSs) Reload NGINX"

tasks/conf/upload-config.yml

@@ -1,29 +1,50 @@
 ---
+- name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists"
+  file:
+    path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
+    state: directory
+    mode: 0755
+  when: nginx_html_upload_enable | bool
+
+- name: "(Setup: All NGINX) Upload NGINX HTML Files"
+  copy:
+    src: "{{ item }}"
+    dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
+    backup: yes
+    mode: 0644
+  with_fileglob: "{{ nginx_html_upload_src }}"
+  when: nginx_html_upload_enable | bool
+  notify: "(Handler: All OSs) Reload NGINX"
+
 - name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
   file:
     path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
     state: directory
+    mode: 0755
   when: nginx_main_upload_enable | bool
 
 - name: "(Setup: All NGINX) Upload NGINX Main Configuration File"
   copy:
     src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}"
     dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
     backup: yes
+    mode: 0644
   when: nginx_main_upload_enable | bool
   notify: "(Handler: All OSs) Reload NGINX"
 
 - name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists"
   file:
     path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
     state: directory
+    mode: 0755
   when: nginx_http_upload_enable | bool
 
 - name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files"
   copy:
     src: "{{ item }}"
     dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
     backup: yes
+    mode: 0644
   with_fileglob: "{{ nginx_http_upload_src }}"
   when: nginx_http_upload_enable | bool
   notify: "(Handler: All OSs) Reload NGINX"
@@ -32,61 +53,50 @@
   file:
     path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
     state: directory
+    mode: 0755
   when: nginx_stream_upload_enable | bool
 
 - name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files"
   copy:
     src: "{{ item }}"
     dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
     backup: yes
+    mode: 0644
   with_fileglob: "{{ nginx_stream_upload_src }}"
   when: nginx_stream_upload_enable | bool
   notify: "(Handler: All OSs) Reload NGINX"
 
-- name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists"
-  file:
-    path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
-    state: directory
-  when: nginx_html_upload_enable | bool
-
-- name: "(Setup: All NGINX) Upload NGINX HTML Files"
-  copy:
-    src: "{{ item }}"
-    dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
-    backup: yes
-  with_fileglob: "{{ nginx_html_upload_src }}"
-  when: nginx_html_upload_enable | bool
-  notify: "(Handler: All OSs) Reload NGINX"
-
 - name: "(Setup: All NGINX) Ensure SSL Certificate Directory Exists"
   file:
     path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
     state: directory
+    mode: 0755
   when: nginx_ssl_upload_enable | bool
 
 - name: "(Setup: All NGINX) Ensure SSL Key Directory Exists"
   file:
     path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
     state: directory
+    mode: 0755
   when: nginx_ssl_upload_enable | bool
 
 - name: "(Setup: All NGINX) Upload NGINX SSL Certificates"
   copy:
     src: "{{ item }}"
     dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
-    mode: 0640
     decrypt: yes
     backup: yes
+    mode: 0640
   with_fileglob: "{{ nginx_ssl_crt_upload_src }}"
   when: nginx_ssl_upload_enable | bool
 
 - name: "(Setup: All NGINX) Upload NGINX SSL Keys"
   copy:
     src: "{{ item }}"
     dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
-    mode: 0640
     decrypt: yes
     backup: yes
+    mode: 0640
   with_fileglob: "{{ nginx_ssl_key_upload_src }}"
   no_log: yes
   when: nginx_ssl_upload_enable | bool

tasks/keys/apk-key.yml

@@ -11,3 +11,4 @@
   get_url:
     url: "{{ keysite }}"
     dest: /etc/apk/keys/nginx_signing.rsa.pub
+    mode: 0400

tasks/opensource/install-oss-linux.yml

@@ -12,7 +12,7 @@
   include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
   when:
     - ansible_service_mgr == "systemd"
-    - nginx_service_modify
+    - nginx_service_modify | bool
 
 - name: "(Install: Linux) Install NGINX From Source"
   include_tasks: "{{ role_path }}/tasks/opensource/setup-source.yml"

tasks/opensource/setup-debian.yml

@@ -15,7 +15,10 @@
 
 - name: "(Install: Debian/Ubuntu) Add NGINX Repository"
   apt_repository:
+    filename: nginx
     repo: "{{ item }}"
+    update_cache: yes
+    mode: 0644
   loop: "{{ repository }}"
 
 - name: "(Install: Debian/Ubuntu) Install NGINX"