Improve role handling (#128)

* Improve role handling

* Add defaults to some tasks

* Improve template conditionals

Author: alessfg

README.md

@@ -86,10 +86,10 @@ RedHat:
     - 6.5+
     - 7.4+
     - 8
-    SUSE/SLES:
-      versions:
-        - 12
-        - 15
+SUSE/SLES:
+  versions:
+    - 12
+    - 15
 Ubuntu:
   versions:
     - trusty
@@ -115,7 +115,7 @@ Ubuntu:
   versions:
     - trusty
     - xenial
-        - bionic
+    - bionic
 RedHat:
   versions:
     - 6
@@ -211,23 +211,33 @@ nginx_install_from: nginx_repository
 
 # Choose where to fetch the NGINX signing key from.
 # Default is the official NGINX signing key host.
-nginx_signing_key: http://nginx.org/keys/nginx_signing.key
+# nginx_signing_key: http://nginx.org/keys/nginx_signing.key
 
 # Specify source repository for NGINX Open Source.
-# Only works if 'nginx_install_from' is set to 'nginx_repository'.
+# Only works if 'install_from' is set to 'nginx_repository'.
 # Defaults are the official NGINX repositories.
 nginx_repository:
+  alpine: >-
+      https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+      | ternary('mainline/', '') }}alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main
   debian:
-    - deb https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
-    - deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
-  redhat:
-    - https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat") | ternary('rhel/', 'centos/') }}{{ ansible_distribution_major_version|int }}/$basearch/
-  suse:
-    - https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}sles/12
+    - >-
+      deb https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+      | ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
+    - >-
+      deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+      | ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
+  redhat: >-
+      https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+      | ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat")
+      | ternary('rhel', 'centos') }}/{{ ansible_distribution_major_version }}/$basearch/
+  suse: >-
+      https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+      | ternary('mainline/', '') }}sles/{{ ansible_distribution_major_version }}
 
 # Specify which branch of NGINX Open Source you want to install.
 # Options are 'mainline' or 'stable'.
-# Only works if 'nginx_install_from' is set to 'nginx_repository'.
+# Only works if 'install_from' is set to 'nginx_repository'.
 # Default is mainline.
 nginx_branch: mainline
 
@@ -353,10 +363,12 @@ nginx_http_template:
     autoindex: false
     auth_basic: null
     auth_basic_user_file: null
+    try_files: $uri $uri/index.html $uri.html =404
     #auth_request: /auth
     ssl:
       cert: /etc/ssl/certs/default.crt
       key: /etc/ssl/private/default.key
+      dhparam: /etc/ssl/private/dh_param.pem
       protocols: TLSv1 TLSv1.1 TLSv1.2
       ciphers: HIGH:!aNULL:!MD5
       session_cache: none
@@ -370,7 +382,8 @@ nginx_http_template:
           autoindex: false
           auth_basic: null
           auth_basic_user_file: null
-          #auth_req: /auth
+          try_files: $uri $uri/index.html $uri.html =404
+          #auth_request: /auth
           #returns:
             #return302:
               #code: 302
@@ -432,9 +445,6 @@ nginx_http_template:
             cert: /etc/ssl/certs/proxy_default.crt
             key: /etc/ssl/private/proxy_default.key
             trusted_cert: /etc/ssl/certs/proxy_ca.crt
-            dhparam: /etc/ssl/private/dh_param.pem
-            server_name: false
-            name: server_name
             protocols: TLSv1 TLSv1.1 TLSv1.2
             ciphers: HIGH:!aNULL:!MD5
             verify: false
@@ -452,10 +462,10 @@ nginx_http_template:
           proxy_ignore_headers:
             - Vary
             - Cache-Control
-          proxy_redirect: false
           websocket: false
           auth_basic: null
           auth_basic_user_file: null
+          try_files: $uri $uri/index.html $uri.html =404
           #auth_req: /auth
           #returns:
             #return302:
@@ -494,7 +504,7 @@ nginx_status_port: 8080
 # Requires NGINX Plus.
 # Default is false.
 nginx_rest_api_enable: false
-nginx_rest_api_src: api.conf.j2
+nginx_rest_api_src: http/api.conf.j2
 nginx_rest_api_location: /etc/nginx/conf.d/api.conf
 nginx_rest_api_port: 8080
 nginx_rest_api_write: false
@@ -522,8 +532,6 @@ nginx_stream_template:
           cert: /etc/ssl/certs/proxy_default.crt
           key: /etc/ssl/private/proxy_default.key
           trusted_cert: /etc/ssl/certs/proxy_ca.crt
-          server_name: false
-          name: server_name
           protocols: TLSv1 TLSv1.1 TLSv1.2
           ciphers: HIGH:!aNULL:!MD5
           verify: false
@@ -713,6 +721,8 @@ License
 Author Information
 ------------------
 
-Alessandro Fael Garcia
+[Alessandro Fael Garcia](https://github.com/alessfg)
+
+[Grzegorz Dzien](https://github.com/gdzien)
 
-[NGINX Inc](https://www.nginx.com/)
+© [NGINX, Inc.](https://www.nginx.com/) 2018 - 2019

defaults/main.yml

@@ -4,7 +4,7 @@
 nginx_enable: true
 
 # Start NGINX service.
-# Default is true
+# Default is true.
 nginx_start: true
 
 # Print NGINX configuration file to terminal after executing playbook.
@@ -316,7 +316,7 @@ nginx_status_port: 8080
 # Requires NGINX Plus.
 # Default is false.
 nginx_rest_api_enable: false
-nginx_rest_api_src: api.conf.j2
+nginx_rest_api_src: http/api.conf.j2
 nginx_rest_api_location: /etc/nginx/conf.d/api.conf
 nginx_rest_api_port: 8080
 nginx_rest_api_write: false

tasks/conf/debug-output.yml

@@ -6,4 +6,4 @@
 
 - name: "(Setup: All OSs) Print NGINX configuration"
   debug:
-    var:  nginx_configuration.stdout_lines
+    var: nginx_configuration.stdout_lines

tasks/conf/setup-status.yml

@@ -5,7 +5,7 @@
     create: yes
     block: |
       server {
-          listen 127.0.0.1:{{ nginx_status_port }};
+          listen 127.0.0.1:{{ nginx_status_port | default('8080') }};
           location /nginx_status {
               stub_status on;
               allow 127.0.0.1;
@@ -21,7 +21,7 @@
     create: yes
     block: |
       server {
-          listen 127.0.0.1:{{ nginx_status_port }};
+          listen 127.0.0.1:{{ nginx_status_port | default('8080') }};
           location /status {
               status;
               allow 127.0.0.1;

tasks/conf/template-config.yml

@@ -1,39 +1,45 @@
 ---
 - name: "(Setup: All NGINX) Ensure HTML Directory Exists"
   file:
-    path: "{{ item.value.html_file_location }}"
+    path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}"
     state: directory
   with_dict: "{{ nginx_html_demo_template }}"
   when: nginx_html_demo_template_enable
 
 - name: "(Setup: All NGINX) Dynamically Generate HTML Files"
   template:
-    src: "{{ item.value.template_file }}"
-    dest: "{{ item.value.html_file_location }}/{{ item.value.html_file_name }}"
+    src: "{{ item.value.template_file | default('www/index.html.j2') }}"
+    dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}"
     backup: yes
   with_dict: "{{ nginx_html_demo_template }}"
   when: nginx_html_demo_template_enable
 
+- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
+  file:
+    path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}"
+    state: directory
+  when: nginx_main_template_enable
+
 - name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File"
   template:
-    src: "{{ nginx_main_template.template_file }}"
-    dest: "{{ nginx_main_template.conf_file_location }}/{{ nginx_main_template.conf_file_name }}"
+    src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}"
+    dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}"
     backup: yes
   when: nginx_main_template_enable
   notify: "(Handler: All OSs) Reload NGINX"
 
 - name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists"
   file:
-    path: "{{ item.value.conf_file_location }}"
+    path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}"
     state: directory
   with_dict: "{{ nginx_http_template }}"
   when: nginx_http_template_enable
 
-- name: "(Setup: All NGINX) Ensure NGINX Proxy Cache Directories Exists"
+- name: "(Setup: All NGINX) Ensure NGINX Proxy Cache Directories Exist"
   file:
     path: "{{ item.1.path }}"
     state: directory
-    owner: "{{ nginx_main_template.user }}"
+    owner: "{{ nginx_main_template.user | default('nginx') }}"
   with_subelements:
     - "{{ nginx_http_template }}"
     - reverse_proxy.proxy_cache_path
@@ -42,33 +48,33 @@
 
 - name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files"
   template:
-    src: "{{ item.value.template_file }}"
-    dest: "{{ item.value.conf_file_location }}/{{ item.value.conf_file_name }}"
+    src: "{{ item.value.template_file | default('http/default.conf.j2') }}"
+    dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
     backup: yes
   with_dict: "{{ nginx_http_template }}"
   when: nginx_http_template_enable
   notify: "(Handler: All OSs) Reload NGINX"
 
+- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File"
+  template:
+    src: "{{ nginx_rest_api_src | default('http/api.conf.j2') }}"
+    dest: "{{ nginx_rest_api_location | default('/etc/nginx/conf.d/api.conf') }}"
+    backup: yes
+  notify: "(Handler: All OSs) Reload NGINX"
+  when: nginx_rest_api_enable
+
 - name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
   file:
-    path: "{{ item.value.conf_file_location }}"
+    path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}"
     state: directory
   with_dict: "{{ nginx_stream_template }}"
   when: nginx_stream_template_enable
 
 - name: "(Setup: All NGINX) Dynamically Generate NGINX Stream Configuration Files"
   template:
-    src: "{{ item.value.template_file }}"
-    dest: "{{ item.value.conf_file_location }}/{{ item.value.conf_file_name }}"
+    src: "{{ item.value.template_file | default('stream/default.conf.j2') }}"
+    dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
     backup: yes
   with_dict: "{{ nginx_stream_template }}"
   when: nginx_stream_template_enable
   notify: "(Handler: All OSs) Reload NGINX"
-
-- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File"
-  template:
-    src: "{{ nginx_rest_api_src }}"
-    dest: "{{ nginx_rest_api_location }}"
-    backup: yes
-  notify: "(Handler: All OSs) Reload NGINX"
-  when: nginx_rest_api_enable

tasks/conf/upload-config.yml

@@ -1,73 +1,79 @@
 ---
+- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
+  file:
+    path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
+    state: directory
+  when: nginx_main_upload_enable
+
 - name: "(Setup: All NGINX) Upload NGINX Main Configuration File"
   copy:
-    src: "{{ nginx_main_upload_src }}"
-    dest: "{{ nginx_main_upload_dest }}"
+    src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}"
+    dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
     backup: yes
   notify: "(Handler: All OSs) Reload NGINX"
   when: nginx_main_upload_enable
 
 - name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists"
   file:
-    path: "{{ nginx_http_upload_dest }}"
+    path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
     state: directory
   when: nginx_http_upload_enable
 
 - name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files"
   copy:
     src: "{{ item }}"
-    dest: "{{ nginx_http_upload_dest }}"
+    dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
     backup: yes
   with_fileglob: "{{ nginx_http_upload_src }}"
   notify: "(Handler: All OSs) Reload NGINX"
   when: nginx_http_upload_enable
 
 - name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
   file:
-    path: "{{ nginx_stream_upload_dest }}"
+    path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
     state: directory
   when: nginx_stream_upload_enable
 
 - name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files"
   copy:
     src: "{{ item }}"
-    dest: "{{ nginx_stream_upload_dest }}"
+    dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
     backup: yes
   with_fileglob: "{{ nginx_stream_upload_src }}"
   notify: "(Handler: All OSs) Reload NGINX"
   when: nginx_stream_upload_enable
 
 - name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists"
   file:
-    path: "{{ nginx_html_upload_dest }}"
+    path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
     state: directory
   when: nginx_html_upload_enable
 
 - name: "(Setup: All NGINX) Upload NGINX HTML Files"
   copy:
     src: "{{ item }}"
-    dest: "{{ nginx_html_upload_dest }}"
+    dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
     backup: yes
   with_fileglob: "{{ nginx_html_upload_src }}"
   notify: "(Handler: All OSs) Reload NGINX"
   when: nginx_html_upload_enable
 
 - name: "(Setup: All NGINX) Ensure SSL Certificate Directory Exists"
   file:
-    path: "{{ nginx_ssl_crt_upload_dest }}"
+    path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
     state: directory
   when: nginx_ssl_upload_enable
 
 - name: "(Setup: All NGINX) Ensure SSL Key Directory Exists"
   file:
-    path: "{{ nginx_ssl_key_upload_dest }}"
+    path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
     state: directory
   when: nginx_ssl_upload_enable
 
 - name: "(Setup: All NGINX) Upload NGINX SSL Certificates"
   copy:
     src: "{{ item }}"
-    dest: "{{ nginx_ssl_crt_upload_dest }}"
+    dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
     mode: 0640
     decrypt: yes
     backup: yes
@@ -77,7 +83,7 @@
 - name: "(Setup: All NGINX) Upload NGINX SSL Keys"
   copy:
     src: "{{ item }}"
-    dest: "{{ nginx_ssl_key_upload_dest }}"
+    dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
     mode: 0640
     decrypt: yes
     backup: yes

tasks/controller/setup-debian.yml

@@ -2,4 +2,4 @@
 - name: "(Install: Debian/Ubuntu) Add NGINX Controller Agent Repository"
   apt_repository:
     filename: nginx-controller
-    repo: deb http://packages.nginx.org/controller/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} controller
+    repo: deb http://packages.nginx.org/controller/{{ ansible_distribution | lower }}/ {{ ansible_distribution_release | lower }} controller

tasks/plus/setup-debian.yml

@@ -1,7 +1,7 @@
 ---
 - name: "(Install: Debian/Ubuntu) Add NGINX Plus Repository"
   apt_repository:
-    repo: deb https://plus-pkgs.nginx.com/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} nginx-plus
+    repo: deb https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus
     filename: nginx-plus
     update_cache: no