Gitiles
Code Review Sign In
gerrit.opencord.org / ansible / role / nginx / ed7880c3aa7d1b8e1c618be00735398d76f0f507 / . / tasks / main.yml
blob: f88f50ebbf206a536fed197e1dd554b25ef9300d [file] [log] [blame]
Zack Williamsb313bae2020-04-22 22:00:53 -0700[diff] [blame]1---
2# nginx tasks/main.yml
3#
4# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
5# SPDX-License-Identifier: Apache-2.0
6
7- name: include OS-specific vars
8 include_vars: "{{ ansible_os_family }}.yml"
9
10- name: include OS-specific tasks
11 include_tasks: "{{ ansible_os_family }}.yml"
12
13- name: Create Static Virtualhost root directories
14 when: >
15 (item.proxy_pass is not defined or not item.proxy_pass) and
16 (item.redirect_url is not defined)
17 file:
18 state: directory
19 path: "{{ nginx_static_dir }}/{{ item.name }}"
20 owner: "{{ item.owner | default('root') }}"
21 group: "{{ nginx_groupname }}"
22 mode: 0755
23 with_items: "{{ vhosts }}"
24
25- name: Create directory for ACME challenges files
26 file:
27 state: directory
28 path: "{{ acme_challenge_dir }}"
29 owner: "{{ acme_username }}"
30 group: "{{ nginx_groupname }}"
31 mode: 0755
32
33- name: Create directory for auth_basic htpasswd files
34 file:
35 state: directory
36 path: "{{ nginx_auth_basic_dir }}"
37 owner: root
38 group: "{{ nginx_groupname }}"
39 mode: 0750
40
41- name: Create auth_basic htpasswd files
42 htpasswd:
43 name: "{{ item.1.name }}"
44 password: "{{ item.1.password }}"
45 path: "{{ nginx_auth_basic_dir }}/{{ item.0.scope }}.htpasswd"
46 owner: root
47 group: "{{ nginx_groupname }}"
48 mode: 0640
49 crypt_scheme: ldap_salted_sha1
50 with_subelements:
51 - "{{ auth_scopes }}"
52 - users
53 no_log: true
54
55# file obtained on 2020-07-05 from https://ssl-config.mozilla.org/ffdhe2048.txt
56- name: Copy over Mozilla-supplied dhparam config file
57 copy:
58 src: "ffdhe2048.txt"
59 dest: "{{ nginx_conf_dir }}/dhparam"
60 owner: root
61 group: "{{ nginx_groupname }}"
62 mode: 0644
63
64- name: Global NGINX configuration from template
65 template:
66 src: "nginx.conf.j2"
67 dest: "{{ nginx_conf_dir }}/nginx.conf"
68 owner: root
69 group: "{{ nginx_groupname }}"
70 mode: 0644
71 backup: true
72 validate: "nginx -t -c %s"
73 notify:
74 - test-nginx-config
75 - reload-nginx
76
77# this is needed when using the NGINX apt repo, already exists in the
78# ubuntu/debian distro version
79- name: Create sites-available and sites-enabled directories
80 file:
81 state: directory
82 path: "{{ nginx_conf_dir }}/{{ item }}"
83 owner: root
84 group: "{{ nginx_groupname }}"
85 mode: 0755
86 with_items:
87 - "sites-available"
88 - "sites-enabled"
89
90- name: Create VirtualHost configurations from template
91 template:
92 src: "vhost.conf.j2"
93 dest: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf"
94 owner: root
95 group: "{{ nginx_groupname }}"
96 mode: 0644
97 backup: true
98 with_items: "{{ vhosts }}"
99 notify:
100 - test-nginx-config
101 - reload-nginx
102
103- name: Disable default host
104 file:
105 state: absent
106 path: "{{ nginx_conf_dir }}/sites-enabled/default"
107
108- name: Enable VirtualHosts via symlink
109 file:
110 state: link
111 src: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf"
112 dest: "{{ nginx_conf_dir }}/sites-enabled/{{ item.name }}.conf"
113 owner: root
114 group: "{{ nginx_groupname }}"
115 with_items: "{{ vhosts }}"
116 notify:
117 - test-nginx-config
118 - reload-nginx
119
120- name: Flush handlers to reconfigure before dependent roles run (acme, etc.)
121 meta: flush_handlers