Improve uninstalling NGINX capabilities (#472)

Author: alessfg

.github/workflows/molecule.yml

@@ -23,6 +23,9 @@ jobs:
           - module
           - plus
           - source
+          - uninstall
+          - uninstall_plus
+          - upgrade
     steps:
       - name: Check out the codebase
         if: "!(contains(matrix.scenario, 'plus') && github.event.pull_request.head.repo.full_name != github.repository)"

.gitignore

@@ -19,3 +19,7 @@ Thumbs.db
 # Python specific #
 ###################
 __pycache__
+
+# Logs #
+########
+*.log

CHANGELOG.md

@@ -1,6 +1,11 @@
 # Changelog
 
-## 0.21.4 (Unreleased)
+## 0.22.0 (Unreleased)
+
+BREAKING CHANGES:
+
+* The `nginx_state` variable has been replaced with `nginx_setup` and instead of using `present`, `absent`, `latest` you should now use `install`, `uninstall` and `upgrade`.
+* `nginx_install` variable is no more. Use `nginx_enable` instead.
 
 FEATURES:
 
@@ -12,7 +17,8 @@ Add Alpine Linux 3.15 to list of tested and supported platforms.
 
 BUG FIXES:
 
-When building NGINX from source, the original source FTP repository `ftp.pcre.org` is not available anymore, according to <http://pcre.org>. The FTP repository has been updated to use `ftp.exim.org` instead.
+* When building NGINX from source, the original source FTP repository `ftp.pcre.org` is not available anymore, according to <http://pcre.org>. The FTP repository has been updated to use `ftp.exim.org` instead.
+* Uninstalling NGINX should now work correctly under most scenarios.
 
 ## 0.21.3 (October 25, 2021)
 
@@ -217,7 +223,7 @@ FEATURES:
 * A new variable has been introduced:
   * `nginx_setup_license` -- Determine whether you want to use this role to upload your NGINX license to your target host.
 * The role will now fail automatically if you try to deploy NGINX from an official repository in an unsupported distribution. You can find a list of supported distributions for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml)
-* Three new tags have been introduced -- `nginx_setup_license`, `nginx_install` and `nginx_check_support`.
+* Three new tags have been introduced -- `nginx_setup_license`, `nginx_enable` and `nginx_check_support`.
 * Add Alpine 3.12 to the list of supported platforms.
 * Remove Alpine 3.8 from the list of supported platforms.
 * Add NGINX Plus tests to TravisCI
@@ -301,7 +307,7 @@ FEATURES:
 * Add support to configure logrotate.
 * Add support for Ubuntu Focal.
 * Add support to configure SELinux.
-* Two new variables have been introduced -- `nginx_install` and `nginx_configure` -- to let you choose whether you want to install NGINX, configure NGINX, or both.
+* Two new variables have been introduced -- `nginx_enable` and `nginx_configure` -- to let you choose whether you want to install NGINX, configure NGINX, or both.
 
 ENHANCEMENTS:
 

defaults/main/main.yml

@@ -1,16 +1,8 @@
 ---
-# Enable NGINX options -- `nginx_install` and `nginx_configure`.
-# Default is true.
-nginx_enable: true
-
-# Install NGINX and NGINX modules.
+# Enable NGINX and NGINX modules.
 # Variables for these options can be found below.
 # Default is true.
-nginx_install: true
-
-# Start NGINX service.
-# Default is true.
-nginx_start: true
+nginx_enable: true
 
 # Print NGINX configuration file to terminal after executing playbook.
 nginx_debug_output: false
@@ -26,13 +18,17 @@ nginx_type: opensource
 # For NGINX Plus and modules you'll need a wilcard like below (which installs plus-20 and modules)
 # nginx_version: "-20*"
 
+# Start NGINX service.
+# Default is true.
+nginx_start: true
+
 # Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX.
-# Can be used with `nginx_version` to fine tune control on which version of NGINX is installed/used on each playbook execution.
-# Using 'present' will install the latest version (or 'nginx_version') of NGINX on a fresh install.
-# Using 'latest' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution.
-# Using 'absent' will remove NGINX from your system.
-# Default is present.
-nginx_state: present
+# Can be used with `nginx_version` to fine tune control which version of NGINX is installed/used on each playbook execution.
+# Using 'install' will install the latest version (or 'nginx_version') of NGINX on a fresh install.
+# Using 'upgrade' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution. Does not work on Alpine Linux.
+# Using 'uninstall' will remove NGINX from your system.
+# Default is install.
+nginx_setup: install
 
 # Specify whether or not you want to manage the NGINX repositories.
 # Using 'true' will manage NGINX repositories.

defaults/main/selinux.yml

@@ -1,12 +1,15 @@
 ---
 # Set SELinux enforcing for NGINX (CentOS/Red Hat only) - you may need to open ports on your own
 nginx_selinux: false
+
 # Enable enforcing mode if true.  Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
+
 nginx_selinux_enforcing: true
 # List of TCP ports to add to http_port_t type (80 and 443 have this type already)
 # nginx_selinux_tcp_ports:
 #   - 80
 #   - 443
+
 # List of UDP ports to add to http_port_t type
 # nginx_selinux_udp_ports:
 #   - 80

handlers/main.yml

@@ -10,6 +10,7 @@
     enabled: true
   when:
     - nginx_start | bool
+    - nginx_state != "absent"
     - not ansible_check_mode | bool
   listen: (Handler) Run NGINX
 
@@ -21,6 +22,7 @@
   ignore_errors: true
   check_mode: false
   changed_when: false
+  when: nginx_state != "absent"
   listen: (Handler) Run NGINX
 
 - name: (Handler) Print NGINX error if syntax check fails
@@ -30,6 +32,7 @@
   when:
     - config_check.stderr_lines is defined
     - config_check.rc != 0
+    - nginx_state != "absent"
   listen: (Handler) Run NGINX
 
 - name: (Handler) Start NGINX Amplify agent

molecule/default/converge.yml

@@ -32,7 +32,6 @@
           - 80
           - 443
         nginx_version: "{{ version }}"
-        nginx_configure: false
         nginx_logrotate_conf_enable: true
         nginx_logrotate_conf:
           paths:

molecule/default/verify.yml

@@ -23,3 +23,11 @@
       uri:
         url: http://localhost
         status_code: 200
+
+    - name: Verify correct version of NGINX has been installed
+      command: nginx -v
+      args:
+        chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}"
+      changed_when: false
+      register: version
+      failed_when: version is not search('1.21.4')

molecule/uninstall/converge.yml

@@ -0,0 +1,9 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: Uninstall NGINX
+      include_role:
+        name: ansible-role-nginx
+      vars:
+        nginx_setup: uninstall

molecule/uninstall/molecule.yml

@@ -0,0 +1,91 @@
+---
+driver:
+  name: docker
+lint: |
+  set -e
+  yamllint .
+  ansible-lint --force-color
+platforms:
+  - name: alpine-3.12
+    image: alpine:3.12
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.13
+    image: alpine:3.13
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.14
+    image: alpine:3.14
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.15
+    image: alpine:3.15
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: amazonlinux-2
+    image: amazonlinux:2
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: centos-7
+    image: centos:7
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: centos-8
+    image: centos:8
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: debian-buster
+    image: debian:buster-slim
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: debian-bullseye
+    image: debian:bullseye-slim
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: ubuntu-bionic
+    image: ubuntu:bionic
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: ubuntu-focal
+    image: ubuntu:focal
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+provisioner:
+  name: ansible
+  playbooks:
+    prepare: prepare.yml
+    converge: converge.yml
+    verify: verify.yml

molecule/uninstall/prepare.yml

@@ -0,0 +1,7 @@
+---
+- name: Prepare
+  hosts: all
+  tasks:
+    - name: Install NGINX
+      include_role:
+        name: ansible-role-nginx

molecule/uninstall/verify.yml

@@ -0,0 +1,11 @@
+---
+- name: Verify
+  hosts: all
+  tasks:
+    - name: Check if NGINX is installed
+      package:
+        name: nginx
+        state: absent
+      check_mode: true
+      register: install
+      failed_when: (install is changed) or (install is failed)

molecule/uninstall_plus/converge.yml

@@ -0,0 +1,11 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: Uninstall NGINX
+      include_role:
+        name: ansible-role-nginx
+      vars:
+        nginx_setup: uninstall
+        nginx_type: plus
+        nginx_setup_license: false

molecule/uninstall_plus/molecule.yml

@@ -0,0 +1,91 @@
+---
+driver:
+  name: docker
+lint: |
+  set -e
+  yamllint .
+  ansible-lint --force-color
+platforms:
+  - name: alpine-3.11
+    image: alpine:3.11
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.12
+    image: alpine:3.12
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.13
+    image: alpine:3.13
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.14
+    image: alpine:3.14
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: amazonlinux-2
+    image: amazonlinux:2
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: centos-7
+    image: centos:7
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: centos-8
+    image: centos:8
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+  - name: debian-buster
+    image: debian:buster-slim
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: debian-bullseye
+    image: debian:bullseye-slim
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: ubuntu-bionic
+    image: ubuntu:bionic
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: ubuntu-focal
+    image: ubuntu:focal
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+provisioner:
+  name: ansible
+  playbooks:
+    prepare: prepare.yml
+    converge: converge.yml
+    verify: verify.yml