1
0
Fork 0
mirror of https://github.com/DO1JLR/ansible_role_nginx.git synced 2024-08-16 16:19:48 +02:00

Fix nginx template copy and linting

+ Improved some linting
+ Using FQCN more often
+ Using absolute path in template copy

SOLVE Issue https://github.com/DO1JLR/ansible_role_nginx/issues/2
This commit is contained in:
L3D 2023-03-07 19:28:51 +01:00
parent 955cf7c6c8
commit 7d5e029961
Signed by: l3d
GPG key ID: CD08445BFF4313D1
9 changed files with 46 additions and 43 deletions

View file

@ -2,7 +2,7 @@
extends: default extends: default
rules: rules:
# 150 chars should be enough, but don't fail if a line is longer # 170 chars should be enough, but don't fail if a line is longer
line-length: line-length:
max: 150 max: 180
level: warning level: warning

View file

@ -8,7 +8,7 @@
state: restarted state: restarted
- name: systemctl reload nginx - name: Run systemctl reload nginx
become: true become: true
ansible.builtin.systemd: ansible.builtin.systemd:
name: 'nginx.service' name: 'nginx.service'

View file

@ -1,7 +1,7 @@
--- ---
- name: Copy shell script to enable tls sites - name: Copy shell script to enable tls sites
become: true become: true
copy: ansible.builtin.copy:
src: 'files/acmetool/enable_tls.sh' src: 'files/acmetool/enable_tls.sh'
dest: '/etc/acme/hooks/enable_tls.sh' dest: '/etc/acme/hooks/enable_tls.sh'
owner: root owner: root
@ -10,13 +10,15 @@
- name: Get certificate for default server - name: Get certificate for default server
become: true become: true
command: acmetool want '{{ inventory_hostname }}' ansible.builtin.command:
cmd: "acmetool want '{{ inventory_hostname }}'"
args: args:
creates: '/var/lib/acme/live/{{ inventory_hostname }}' creates: '/var/lib/acme/live/{{ inventory_hostname }}'
- name: Get certificates for all configured sites - name: Get certificates for all configured sites
become: true become: true
command: acmetool want '{{ ([site.name] + (site.altnames | default([]) )) | join(" ") }}' ansible.builtin.command:
cmd: acmetool want '{{ ([site.name] + (site.altnames | default([]))) | join(" ") }}' -> acmetool want '{{ ([site.name] + (site.altnames | default([]))) | join(" ") }}'
args: args:
creates: '/var/lib/acme/live/{{ site.name }}/' creates: '/var/lib/acme/live/{{ site.name }}/'
with_items: '{{ nginx_sites }}' with_items: '{{ nginx_sites }}'

View file

@ -8,7 +8,7 @@
group: root group: root
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx
- name: Create default site tls https configuration - name: Create default site tls https configuration
become: true become: true
@ -19,7 +19,7 @@
group: root group: root
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx
- name: Enable default site plain http configuration - name: Enable default site plain http configuration
become: true become: true
@ -28,7 +28,7 @@
dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_http' dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_http'
state: link state: link
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx
# Note: Done by acmetool after sucessfully obtaining a suitable certificate # Note: Done by acmetool after sucessfully obtaining a suitable certificate
- name: Enable default site configuration - name: Enable default site configuration
@ -38,5 +38,5 @@
dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_tls' dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_tls'
state: link state: link
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx
when: not nginx__acmetool_enabled when: not nginx__acmetool_enabled

View file

@ -1,24 +1,24 @@
--- ---
- name: simple versionscheck - name: Simple versionscheck
ansible.builtin.include_tasks: versioncheck.yml ansible.builtin.include_tasks: versioncheck.yml
when: submodules_versioncheck | bool when: submodules_versioncheck | bool
- name: Install nginx - name: Install nginx
ansible.builtin.include_tasks: installation.yml ansible.builtin.include_tasks: installation.yml
- name: create nginx user and group - name: Create nginx user and group
ansible.builtin.include_tasks: users.yml ansible.builtin.include_tasks: users.yml
- name: Configure nginx - name: Configure nginx
ansible.builtin.include_tasks: nginx.yml ansible.builtin.include_tasks: nginx.yml
- name: start nginx webserver - name: Start nginx webserver
ansible.builtin.systemd: ansible.builtin.systemd:
name: nginx name: nginx
state: started state: started
enabled: true enabled: true
- name: configure nginx default site - name: Configure nginx default site
ansible.builtin.include_tasks: default_site.yml ansible.builtin.include_tasks: default_site.yml
when: nginx__infrastructure_domain__enabled | bool when: nginx__infrastructure_domain__enabled | bool

View file

@ -3,12 +3,12 @@
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: 'templates/nginx/nginx.conf.j2' src: 'templates/nginx/nginx.conf.j2'
dest: '/etc/nginx/' dest: '/etc/nginx/nginx.conf'
owner: root owner: root
group: root group: root
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx
- name: Create 'private' directory - name: Create 'private' directory
become: true become: true
@ -25,7 +25,7 @@
path: '/etc/nginx/private/dhparam.pem' path: '/etc/nginx/private/dhparam.pem'
size: '{{ nginx__dhparam_size | mandatory }}' size: '{{ nginx__dhparam_size | mandatory }}'
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx
- name: Create 'sites-available' directory - name: Create 'sites-available' directory
become: true become: true
@ -74,4 +74,4 @@
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
with_items: '{{ nginx__snippet_files }}' with_items: '{{ nginx__snippet_files }}'
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx

View file

@ -1,5 +1,5 @@
--- ---
- name: Create '{{ site.name }}' site plain http configuration - name: "Create site plain http configuration for '{{ site.name }}'"
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: 'templates/nginx/sites-available/http_plain_redirect.conf.j2' src: 'templates/nginx/sites-available/http_plain_redirect.conf.j2'
@ -8,9 +8,9 @@
group: root group: root
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx
- name: Create '{{ site.name }}' site tls https configuration - name: "Create site tls https configuration for '{{ site.name }}'"
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: 'files/nginx/sites/{{ site.name }}_tls.conf' src: 'files/nginx/sites/{{ site.name }}_tls.conf'
@ -19,9 +19,9 @@
group: root group: root
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx
- name: Create '{{ site.name }}' site tls parameter configuration - name: "Create site tls parameter configuration for '{{ site.name }}'"
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: 'files/nginx/snippets/tls_parameters.snippet.conf' src: 'files/nginx/snippets/tls_parameters.snippet.conf'
@ -30,9 +30,9 @@
group: root group: root
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx
- name: Create '{{ site.name }}' site tls certificate configuration - name: "Create site tls certificate configuration '{{ site.name }}'"
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: 'files/nginx/snippets/tls_certificate.snippet.conf' src: 'files/nginx/snippets/tls_certificate.snippet.conf'
@ -41,9 +41,9 @@
group: root group: root
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx
- name: Create '{{ site.name }}' site logging configuration - name: "Create site logging configuration '{{ site.name }}'"
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: 'templates/nginx/snippets/logging.snippet.conf.j2' src: 'templates/nginx/snippets/logging.snippet.conf.j2'
@ -52,9 +52,9 @@
group: root group: root
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx
- name: Enable '{{ site.name }}' site plain http configuration - name: "Enable site plain http configuration '{{ site.name }}'"
become: true become: true
ansible.builtin.file: ansible.builtin.file:
src: '/etc/nginx/sites-available/{{ site.name }}_http' src: '/etc/nginx/sites-available/{{ site.name }}_http'
@ -62,15 +62,15 @@
state: link state: link
when: site.http_plain_template | default(True) when: site.http_plain_template | default(True)
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx
# Note: done by acmetool after sucessfully obtaining a suitable certificate # Note: done by acmetool after sucessfully obtaining a suitable certificate
- name: Enable '{{ site.name }}' site tls configuration - name: "Enable site tls configuration '{{ site.name }}'"
become: true become: true
ansible.builtin.file: ansible.builtin.file:
src: '/etc/nginx/sites-available/{{ site.name }}_tls' src: '/etc/nginx/sites-available/{{ site.name }}_tls'
dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls' dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
state: link state: link
notify: notify:
- systemctl reload nginx - Run systemctl reload nginx
when: not nginx__acmetool_enabled when: not nginx__acmetool_enabled

View file

@ -1,12 +1,12 @@
--- ---
- name: "create {{ nginx__group }} Group" - name: "Create Group {{ nginx__group }}"
become: true become: true
ansible.builtin.group: ansible.builtin.group:
name: "{{ nginx__group }}" name: "{{ nginx__group }}"
system: true system: true
state: 'present' state: 'present'
- name: "create {{ nginx__user }} user" - name: "Create user {{ nginx__user }}"
become: true become: true
ansible.builtin.user: ansible.builtin.user:
name: "{{ nginx__user }}" name: "{{ nginx__user }}"

View file

@ -8,37 +8,38 @@
path: '/etc/.ansible-version' path: '/etc/.ansible-version'
state: directory state: directory
mode: 0755 mode: 0755
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
- name: check playbook version - name: Check playbook version
become: true become: true
ansible.builtin.slurp: ansible.builtin.slurp:
src: "/etc/.ansible-version/{{ playbook_version_path }}" src: "/etc/.ansible-version/{{ playbook_version_path }}"
register: playbook_version register: playbook_version
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
ignore_errors: true ignore_errors: true
failed_when: false failed_when: false
- name: Print remote role version - name: Print remote role version
ansible.builtin.debug: ansible.builtin.debug:
msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}" msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
- name: Print locale role version - name: Print locale role version
ansible.builtin.debug: ansible.builtin.debug:
msg: "Local role version: '{{ playbook_version_number|string }}'." msg: "Local role version: '{{ playbook_version_number | string }}'."
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
- name: Check if your version is outdated - name: Check if your version is outdated
ansible.builtin.fail: ansible.builtin.fail:
msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!" msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
when: when:
- playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool
- name: write new version to remote disk - name: Write new version to remote disk
become: true become: true
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ playbook_version_number }}" content: "{{ playbook_version_number }}"
dest: "/etc/.ansible-version/{{ playbook_version_path }}" dest: "/etc/.ansible-version/{{ playbook_version_path }}"
mode: '0644' mode: '0644'
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
tags: skip_ansible_lint_template-instead-of-copy