INF-113 - nginx ansible role
Initial commit
disabled the default site, and added default_site as an option
Use nginx repo for newer version
Change-Id: I994a1f2f2f18cc2d1c42a2d9bb7321835a5dd1a1
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..f88f50e
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,121 @@
+---
+# nginx tasks/main.yml
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+- name: include OS-specific vars
+ include_vars: "{{ ansible_os_family }}.yml"
+
+- name: include OS-specific tasks
+ include_tasks: "{{ ansible_os_family }}.yml"
+
+- name: Create Static Virtualhost root directories
+ when: >
+ (item.proxy_pass is not defined or not item.proxy_pass) and
+ (item.redirect_url is not defined)
+ file:
+ state: directory
+ path: "{{ nginx_static_dir }}/{{ item.name }}"
+ owner: "{{ item.owner | default('root') }}"
+ group: "{{ nginx_groupname }}"
+ mode: 0755
+ with_items: "{{ vhosts }}"
+
+- name: Create directory for ACME challenges files
+ file:
+ state: directory
+ path: "{{ acme_challenge_dir }}"
+ owner: "{{ acme_username }}"
+ group: "{{ nginx_groupname }}"
+ mode: 0755
+
+- name: Create directory for auth_basic htpasswd files
+ file:
+ state: directory
+ path: "{{ nginx_auth_basic_dir }}"
+ owner: root
+ group: "{{ nginx_groupname }}"
+ mode: 0750
+
+- name: Create auth_basic htpasswd files
+ htpasswd:
+ name: "{{ item.1.name }}"
+ password: "{{ item.1.password }}"
+ path: "{{ nginx_auth_basic_dir }}/{{ item.0.scope }}.htpasswd"
+ owner: root
+ group: "{{ nginx_groupname }}"
+ mode: 0640
+ crypt_scheme: ldap_salted_sha1
+ with_subelements:
+ - "{{ auth_scopes }}"
+ - users
+ no_log: true
+
+# file obtained on 2020-07-05 from https://ssl-config.mozilla.org/ffdhe2048.txt
+- name: Copy over Mozilla-supplied dhparam config file
+ copy:
+ src: "ffdhe2048.txt"
+ dest: "{{ nginx_conf_dir }}/dhparam"
+ owner: root
+ group: "{{ nginx_groupname }}"
+ mode: 0644
+
+- name: Global NGINX configuration from template
+ template:
+ src: "nginx.conf.j2"
+ dest: "{{ nginx_conf_dir }}/nginx.conf"
+ owner: root
+ group: "{{ nginx_groupname }}"
+ mode: 0644
+ backup: true
+ validate: "nginx -t -c %s"
+ notify:
+ - test-nginx-config
+ - reload-nginx
+
+# this is needed when using the NGINX apt repo, already exists in the
+# ubuntu/debian distro version
+- name: Create sites-available and sites-enabled directories
+ file:
+ state: directory
+ path: "{{ nginx_conf_dir }}/{{ item }}"
+ owner: root
+ group: "{{ nginx_groupname }}"
+ mode: 0755
+ with_items:
+ - "sites-available"
+ - "sites-enabled"
+
+- name: Create VirtualHost configurations from template
+ template:
+ src: "vhost.conf.j2"
+ dest: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf"
+ owner: root
+ group: "{{ nginx_groupname }}"
+ mode: 0644
+ backup: true
+ with_items: "{{ vhosts }}"
+ notify:
+ - test-nginx-config
+ - reload-nginx
+
+- name: Disable default host
+ file:
+ state: absent
+ path: "{{ nginx_conf_dir }}/sites-enabled/default"
+
+- name: Enable VirtualHosts via symlink
+ file:
+ state: link
+ src: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf"
+ dest: "{{ nginx_conf_dir }}/sites-enabled/{{ item.name }}.conf"
+ owner: root
+ group: "{{ nginx_groupname }}"
+ with_items: "{{ vhosts }}"
+ notify:
+ - test-nginx-config
+ - reload-nginx
+
+- name: Flush handlers to reconfigure before dependent roles run (acme, etc.)
+ meta: flush_handlers