commit b313baee16bd5606f793dea1b367f1ec07fbeefd
author Zack Williams <zdw@opennetworking.org> Wed Apr 22 22:00:53 2020 -0700
committer Zack Williams <zdw@opennetworking.org> Fri Oct 02 18:04:14 2020 -0700
tree cc4d2a62cc306b14e38e26ffdc216191df70beb0

INF-113 - nginx ansible role

Initial commit
disabled the default site, and added default_site as an option
Use nginx repo for newer version

Change-Id: I994a1f2f2f18cc2d1c42a2d9bb7321835a5dd1a1

molecule/default/converge.yml

diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
new file mode 100644
index 0000000..791dac6
--- /dev/null
+++ b/molecule/default/converge.yml
@@ -0,0 +1,43 @@
+---
+# nginx molecule/default/verify.yml
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+- name: Converge
+  hosts: all
+  vars:
+    acme_username: "www-data"  # make independent of the acme role
+    vhosts:
+      - name: "static.example.com"
+        default_server: true
+        extra_config: |
+          location /teapot {
+            return 418;
+          }
+      - name: "autoindex.example.com"
+        autoindex: true
+      - name: "authenticated.example.com"
+        auth_scope: "mysite"
+      - name: "proxy.example.com"
+        proxy_pass: "http://localhost:8000"
+      - name: "redirects"
+        aliases:
+          - "redirect.example.com"
+        redirect_url: "https://destination.example.com"
+        strip_request_uri: true
+    auth_scopes:
+      - scope: mysite
+        users:
+          - name: ghopper
+            password: verysecurepassword
+          - name: dknuth
+            password: anotherpassword
+      - scope: othersite
+        users:
+          - name: aturing
+            password: yetanotherpw
+  tasks:
+    - name: "Include nginx"
+      include_role:
+        name: "nginx"

molecule/default/molecule.yml

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
new file mode 100644
index 0000000..5c40573
--- /dev/null
+++ b/molecule/default/molecule.yml
@@ -0,0 +1,20 @@
+---
+# nginx molecule/default/molecule.yml
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: "ubuntu-18.04-priv"
+    image: "quay.io/paulfantom/molecule-systemd:ubuntu-18.04"
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+provisioner:
+  name: ansible
+verifier:
+  name: ansible

molecule/default/prepare.yml

diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
new file mode 100644
index 0000000..829bbf1
--- /dev/null
+++ b/molecule/default/prepare.yml
@@ -0,0 +1,15 @@
+---
+# nginx molecule/default/prepare.yml
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+- name: Prepare
+  hosts: all
+
+  tasks:
+  - name: Install GPG to support adding apt repo keys
+    apt:
+      name: "gpg"
+      state: "present"
+      update_cache: true

molecule/default/verify.yml

diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
new file mode 100644
index 0000000..5e2e15c
--- /dev/null
+++ b/molecule/default/verify.yml
@@ -0,0 +1,203 @@
+---
+# nginx molecule/default/verify.yml
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+- name: Verify
+  hosts: all
+  vars:
+    nginx_static_dir: "/srv/sites"
+  tasks:
+
+    # Static site tests
+    - name: Create a test file to be served for the static site
+      lineinfile:
+        path: "{{ nginx_static_dir }}/static.example.com/index.html"
+        line: "This file is served from static.example.com"
+        mode: 0644
+        create: true
+
+    - name: Test that static site is being served with index.yaml
+      uri:
+        url: http://127.0.0.1/
+        headers:
+          Host: "static.example.com"
+        status_code: 200
+        return_content: true
+      register: webpage
+      failed_when: "'This file is served from static.example.com' not in webpage.content"
+
+    - name: Test that the static site is the default site
+      uri:
+        url: http://127.0.0.1/
+        status_code: 200
+        return_content: true
+      register: webpage
+      failed_when: "'This file is served from static.example.com' not in webpage.content"
+
+    - name: Delete static site test file
+      file:
+        path: "{{ nginx_static_dir }}/static.example.com/index.html"
+        mode: 0644
+        state: absent
+
+    - name: Verify that 403 is returned when no index.html file exists and autoindex is off
+      uri:
+        url: http://127.0.0.1/
+        headers:
+          Host: "static.example.com"
+        status_code: 403
+
+    - name: See if extra_config (teapot with code 418 at /teapot) is working
+      uri:
+        url: http://127.0.0.1/teapot
+        headers:
+          Host: "static.example.com"
+        status_code: 418
+
+    - name: Create a yaml file to check that MIME config is working
+      copy:
+        dest: "{{ nginx_static_dir }}/static.example.com/example.yaml"
+        mode: 0644
+        content: |
+          ---
+          # example YAML file
+
+    - name: Retrieve YAML file
+      uri:
+        url: http://127.0.0.1/example.yaml
+        headers:
+          Host: "static.example.com"
+        status_code: 200
+        return_content: true
+      register: webpagey
+
+    - name: Assert that yaml file uses text/yaml MIME type
+      assert:
+        that:
+          - webpagey['content_type'] == 'text/yaml'
+
+    - name: Delete yaml test file
+      file:
+        path: "{{ nginx_static_dir }}/static.example.com/example.yaml"
+        state: absent
+
+    # Test nginx autoindex
+    - name: Create a test dir to be served for the autoindex site
+      file:
+        path: "{{ nginx_static_dir }}/autoindex.example.com/autoindex_example_dir"
+        mode: 0755
+        state: directory
+
+    - name: Test that autoindex is created and lists directory
+      uri:
+        url: http://127.0.0.1/
+        headers:
+          Host: "autoindex.example.com"
+        status_code: 200
+        return_content: true
+      register: webpageai
+      failed_when: "'autoindex_example_dir' not in webpageai.content"
+
+    - name: Delete test dir for autoindex site
+      file:
+        path: "{{ nginx_static_dir }}/autoindex.example.com/autoindex_example_dir"
+        state: absent
+
+    # HTTP Basic Authentication tests
+    - name: Create a test file to be served for the authenticated site
+      lineinfile:
+        path: "{{ nginx_static_dir }}/authenticated.example.com/index.html"
+        line: "This file is served from authenticated.example.com"
+        mode: 0644
+        create: true
+
+    - name: Test that the authenticated file can't be accessed without authentication
+      uri:
+        url: http://127.0.0.1/
+        headers:
+          Host: "authenticated.example.com"
+        status_code: 401
+
+    - name: Test that the authenticated file can be accessed by authorized user
+      uri:
+        url: http://127.0.0.1/
+        url_username: "ghopper"
+        url_password: "verysecurepassword"
+        headers:
+          Host: "authenticated.example.com"
+        status_code: 200
+        return_content: true
+      register: webpage
+      failed_when: "'authenticated.example.com' not in webpage.content"
+
+    - name: Test that the authenticated file can't be accessed by unauthorized user
+      uri:
+        url: http://127.0.0.1/
+        url_username: "aturing"
+        url_password: "yetanotherpw"
+        headers:
+          Host: "authenticated.example.com"
+        status_code: 401
+
+    - name: Delete authenticated site test file
+      file:
+        path: "{{ nginx_static_dir }}/authenticated.example.com/index.html"
+        state: absent
+
+    # Proxy tests
+    - name: Verify that when proxy isn't running, NGINX returns a 502 "Bad Gateway" error
+      uri:
+        url: http://127.0.0.1/
+        headers:
+          Host: "proxy.example.com"
+        status_code: 502
+
+    - name: Create a test file to be served by the proxy
+      lineinfile:
+        path: "/tmp/index.html"
+        line: "This file is served from proxy.example.com"
+        mode: 0644
+        create: true
+
+    - name: Run a python http.server as proxy target for 20 seconds in the background
+      shell: >-
+        (cd /tmp;
+        python3 -m http.server & PY_PID=$!;
+        echo "server running: $PY_PID";
+        sleep 20;
+        kill $PY_PID) &
+      tags:
+        - skip_ansible_lint
+
+    - name: Wait 10 seconds for Python http.server to get started
+      pause:
+        seconds: 10
+
+    - name: Test that the proxy site is being served
+      uri:
+        url: http://127.0.0.1
+        headers:
+          Host: "proxy.example.com"
+        status_code: 200
+        return_content: true
+      register: webpage
+      failed_when: "'proxy.example.com' not in webpage.content"
+
+    - name: Delete proxy site test file
+      file:
+        path: "/tmp/index.html"
+        state: absent
+
+    # Redirect tests
+    - name: Check that 301 redirect is being served
+      uri:
+        url: http://127.0.0.1
+        headers:
+          Host: "redirect.example.com"
+        follow_redirects: "none"
+        status_code: 301
+        return_content: true
+      register: webpage
+      failed_when: "webpage.location != 'https://destination.example.com'"