From e1cca772ff1fb703a3ae5e9775ec3b7f1c07239a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Feb 2023 01:05:25 +0000 Subject: [PATCH 1/3] Bump ansible-lint in /.github/workflows/requirements Bumps [ansible-lint](https://github.com/ansible/ansible-lint) from 6.11.0 to 6.13.1. - [Release notes](https://github.com/ansible/ansible-lint/releases) - [Commits](https://github.com/ansible/ansible-lint/compare/v6.11.0...v6.13.1) --- updated-dependencies: - dependency-name: ansible-lint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/requirements/requirements_molecule.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/requirements/requirements_molecule.txt b/.github/workflows/requirements/requirements_molecule.txt index e3d82bf7c..f234d649d 100644 --- a/.github/workflows/requirements/requirements_molecule.txt +++ b/.github/workflows/requirements/requirements_molecule.txt @@ -1,6 +1,6 @@ ansible-core==2.14.2 jinja2==3.1.2 -ansible-lint==6.11.0 +ansible-lint==6.13.1 yamllint==1.29.0 molecule[docker]==4.0.4 docker==6.0.1 From aa40f09fb697e0a00641ff5e7929d3e5ec1cec38 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 2 Mar 2023 00:49:31 +0100 Subject: [PATCH 2/3] fix linter warnings --- molecule/downgrade-plus/prepare.yml | 4 +-- molecule/plus/prepare.yml | 4 +-- molecule/uninstall-plus/prepare.yml | 4 +-- molecule/upgrade-plus/prepare.yml | 4 +-- tasks/amplify/install-amplify.yml | 2 +- tasks/amplify/setup-debian.yml | 2 +- tasks/amplify/setup-redhat.yml | 2 +- tasks/config/modify-systemd.yml | 6 ++-- tasks/config/setup-logrotate.yml | 2 +- tasks/keys/setup-keys.yml | 2 +- tasks/opensource/install-bsd.yml | 41 ++++++++++++--------------- tasks/opensource/install-debian.yml | 4 +-- tasks/opensource/install-redhat.yml | 2 +- tasks/opensource/install-source.yml | 34 +++++++++++----------- tasks/plus/install-debian.yml | 4 +-- tasks/plus/install-freebsd.yml | 2 +- tasks/plus/install-redhat.yml | 2 +- tasks/plus/setup-license.yml | 12 ++++---- tasks/prerequisites/setup-selinux.yml | 2 +- 19 files changed, 65 insertions(+), 70 deletions(-) diff --git a/molecule/downgrade-plus/prepare.yml b/molecule/downgrade-plus/prepare.yml index 8a05f4765..3109a769d 100644 --- a/molecule/downgrade-plus/prepare.yml +++ b/molecule/downgrade-plus/prepare.yml @@ -8,14 +8,14 @@ content: "{{ lookup('env', 'NGINX_CRT') | b64decode }}" dest: ../../files/license/nginx-repo.crt force: false - mode: 0444 + mode: "0444" - name: Create ephemeral license key file from b64 decoded env var # noqa template-instead-of-copy ansible.builtin.copy: content: "{{ lookup('env', 'NGINX_KEY') | b64decode }}" dest: ../../files/license/nginx-repo.key force: false - mode: 0444 + mode: "0444" - name: Prepare NGINX Plus hosts: all diff --git a/molecule/plus/prepare.yml b/molecule/plus/prepare.yml index f3c202ff2..42445dd17 100644 --- a/molecule/plus/prepare.yml +++ b/molecule/plus/prepare.yml @@ -8,11 +8,11 @@ content: "{{ lookup('env', 'NGINX_CRT') | b64decode }}" dest: ../../files/license/nginx-repo.crt force: false - mode: 0444 + mode: "0444" - name: Create ephemeral license key file from b64 decoded env var # noqa template-instead-of-copy ansible.builtin.copy: content: "{{ lookup('env', 'NGINX_KEY') | b64decode }}" dest: ../../files/license/nginx-repo.key force: false - mode: 0444 + mode: "0444" diff --git a/molecule/uninstall-plus/prepare.yml b/molecule/uninstall-plus/prepare.yml index 8a05f4765..3109a769d 100644 --- a/molecule/uninstall-plus/prepare.yml +++ b/molecule/uninstall-plus/prepare.yml @@ -8,14 +8,14 @@ content: "{{ lookup('env', 'NGINX_CRT') | b64decode }}" dest: ../../files/license/nginx-repo.crt force: false - mode: 0444 + mode: "0444" - name: Create ephemeral license key file from b64 decoded env var # noqa template-instead-of-copy ansible.builtin.copy: content: "{{ lookup('env', 'NGINX_KEY') | b64decode }}" dest: ../../files/license/nginx-repo.key force: false - mode: 0444 + mode: "0444" - name: Prepare NGINX Plus hosts: all diff --git a/molecule/upgrade-plus/prepare.yml b/molecule/upgrade-plus/prepare.yml index ec204b547..65f766753 100644 --- a/molecule/upgrade-plus/prepare.yml +++ b/molecule/upgrade-plus/prepare.yml @@ -8,14 +8,14 @@ content: "{{ lookup('env', 'NGINX_CRT') | b64decode }}" dest: ../../files/license/nginx-repo.crt force: false - mode: 0444 + mode: "0444" - name: Create ephemeral license key file from b64 decoded env var # noqa template-instead-of-copy ansible.builtin.copy: content: "{{ lookup('env', 'NGINX_KEY') | b64decode }}" dest: ../../files/license/nginx-repo.key force: false - mode: 0444 + mode: "0444" - name: Prepare NGINX Plus hosts: all diff --git a/tasks/amplify/install-amplify.yml b/tasks/amplify/install-amplify.yml index 0db8a5211..81df7c399 100644 --- a/tasks/amplify/install-amplify.yml +++ b/tasks/amplify/install-amplify.yml @@ -13,7 +13,7 @@ remote_src: true src: /etc/amplify-agent/agent.conf.default dest: /etc/amplify-agent/agent.conf - mode: 0644 + mode: "0644" - name: Configure NGINX Amplify agent API key ansible.builtin.lineinfile: diff --git a/tasks/amplify/setup-debian.yml b/tasks/amplify/setup-debian.yml index aafa31337..70f917e09 100644 --- a/tasks/amplify/setup-debian.yml +++ b/tasks/amplify/setup-debian.yml @@ -4,4 +4,4 @@ filename: nginx-amplify repo: deb [arch=amd64 signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.amplify.nginx.com/py3/{{ ansible_facts['distribution'] | lower }}/{{ ansible_facts['distribution_release'] | lower }} amplify-agent update_cache: true - mode: 0644 + mode: "0644" diff --git a/tasks/amplify/setup-redhat.yml b/tasks/amplify/setup-redhat.yml index 7960c3376..b45e16d35 100644 --- a/tasks/amplify/setup-redhat.yml +++ b/tasks/amplify/setup-redhat.yml @@ -6,4 +6,4 @@ description: NGINX Amplify Agent enabled: true gpgcheck: true - mode: 0644 + mode: "0644" diff --git a/tasks/config/modify-systemd.yml b/tasks/config/modify-systemd.yml index 17458f39b..616ac461a 100644 --- a/tasks/config/modify-systemd.yml +++ b/tasks/config/modify-systemd.yml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "{{ nginx_service_overridepath }}" state: directory - mode: 0755 + mode: "0755" - name: Create override for NGINX systemd service ansible.builtin.template: @@ -11,7 +11,7 @@ dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" owner: root group: root - mode: 0644 + mode: "0644" when: - not nginx_service_custom | bool - not nginx_service_clean | bool @@ -23,7 +23,7 @@ dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" owner: root group: root - mode: 0644 + mode: "0644" when: - nginx_service_custom | bool - not nginx_service_clean | bool diff --git a/tasks/config/setup-logrotate.yml b/tasks/config/setup-logrotate.yml index 200f7e414..029884126 100644 --- a/tasks/config/setup-logrotate.yml +++ b/tasks/config/setup-logrotate.yml @@ -26,5 +26,5 @@ ansible.builtin.template: src: logrotate/nginx.j2 dest: /etc/logrotate.d/nginx - mode: 0644 + mode: "0644" notify: (Handler) Run logrotate diff --git a/tasks/keys/setup-keys.yml b/tasks/keys/setup-keys.yml index f886e6954..e0ce91d7d 100644 --- a/tasks/keys/setup-keys.yml +++ b/tasks/keys/setup-keys.yml @@ -10,7 +10,7 @@ ansible.builtin.get_url: url: "{{ keysite }}" dest: /etc/apk/keys/nginx_signing.rsa.pub - mode: 0400 + mode: "0400" - name: (Debian/Red Hat/SLES OSs) Set up NGINX signing key URL ansible.builtin.set_fact: diff --git a/tasks/opensource/install-bsd.yml b/tasks/opensource/install-bsd.yml index 944b6ba96..2efb7b5a5 100644 --- a/tasks/opensource/install-bsd.yml +++ b/tasks/opensource/install-bsd.yml @@ -14,23 +14,31 @@ cmd: portsnap extract creates: /usr/ports -- name: (FreeBSD) {{ nginx_setup | capitalize }} NGINX - when: ansible_facts['system'] == 'FreeBSD' +- name: (DragonFlyBSD/FreeBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX + when: ansible_facts['system'] in ['DragonFlyBSD', 'FreeBSD' 'HardenedBSD'] block: - - name: (FreeBSD) {{ nginx_setup | capitalize }} NGINX package + - name: (DragonFlyBSD/FreeBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX package community.general.pkgng: name: www/nginx{{ nginx_version | default('') }} state: "{{ nginx_state }}" when: nginx_bsd_install_packages | bool notify: (Handler) Run NGINX - - name: (FreeBSD) {{ nginx_setup | capitalize }} NGINX port - community.general.portinstall: - name: www/nginx{{ nginx_version | default('') }} - use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}" - state: "{{ nginx_state }}" + - name: (DragonFlyBSD/FreeBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX port when: not nginx_bsd_install_packages | bool - notify: (Handler) Run NGINX + block: + - name: (FreeBSD) {{ nginx_setup | capitalize }} NGINX port + community.general.portinstall: + name: www/nginx{{ nginx_version | default('') }} + use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}" + state: "{{ nginx_state }}" + when: ansible_facts['system'] == 'FreeBSD' + notify: (Handler) Run NGINX + + - name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX port + ansible.builtin.fail: + msg: "{{ ansible_facts['system'] }} {{ nginx_setup | capitalize }} NGINX port not implemented." + when: ansible_facts['system'] in ['DragonFlyBSD', 'HardenedBSD'] - name: (OpenBSD) {{ nginx_setup | capitalize }} NGINX when: ansible_facts['system'] == 'OpenBSD' @@ -55,7 +63,7 @@ when: ansible_facts['system'] == 'NetBSD' block: - name: (NetBSD) {{ nginx_setup | capitalize }} NGINX package - ansible.builtin.command: pkg_add www/nginx{{ nginx_version | default('') }} + community.general.pkgin: nginx{{ nginx_version | default('') }} when: nginx_bsd_install_packages | bool notify: (Handler) Run NGINX @@ -63,16 +71,3 @@ ansible.builtin.fail: msg: "{{ ansible_facts['system'] }} {{ nginx_setup | capitalize }} NGINX port not implemented." when: not nginx_bsd_install_packages | bool - -- name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX - when: ansible_facts['system'] in ['DragonFlyBSD', 'HardenedBSD'] - block: - - name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX package - ansible.builtin.command: pkg install www/nginx{{ nginx_version | default('') }} - when: nginx_bsd_install_packages | bool - notify: (Handler) Run NGINX - - - name: (DragonFlyBSD/HardenedBSD) {{ nginx_setup | capitalize }} NGINX port - ansible.builtin.fail: - msg: "{{ ansible_facts['system'] }} {{ nginx_setup | capitalize }} NGINX port not implemented." - when: not nginx_bsd_install_packages | bool diff --git a/tasks/opensource/install-debian.yml b/tasks/opensource/install-debian.yml index 6ae759de1..e5ecfb2e2 100644 --- a/tasks/opensource/install-debian.yml +++ b/tasks/opensource/install-debian.yml @@ -4,7 +4,7 @@ filename: nginx repo: "{{ item }}" update_cache: true - mode: 0644 + mode: "0644" state: "{{ (nginx_state == 'uninstall') | ternary('absent', 'present') }}" loop: "{{ nginx_repository | default(nginx_default_repository_debian) }}" when: nginx_manage_repo | bool @@ -18,7 +18,7 @@ Pin: origin nginx.org Pin: release o=nginx Pin-Priority: 900 - mode: 0644 + mode: "0644" state: "{{ (nginx_state == 'uninstall') | ternary('absent', 'present') }}" when: nginx_repository is not defined diff --git a/tasks/opensource/install-redhat.yml b/tasks/opensource/install-redhat.yml index 0058aae32..2f570343f 100644 --- a/tasks/opensource/install-redhat.yml +++ b/tasks/opensource/install-redhat.yml @@ -6,7 +6,7 @@ description: NGINX Repository enabled: true gpgcheck: true - mode: 0644 + mode: "0644" module_hotfixes: true state: "{{ (nginx_state == 'uninstall') | ternary('absent', 'present') }}" when: nginx_manage_repo | bool diff --git a/tasks/opensource/install-source.yml b/tasks/opensource/install-source.yml index 419aaa8b6..01d0850f4 100644 --- a/tasks/opensource/install-source.yml +++ b/tasks/opensource/install-source.yml @@ -144,21 +144,21 @@ ansible.builtin.get_url: url: "{{ (pcre_release == 2) | ternary('https://github.com/PCRE2Project/pcre2/releases/download/pcre2-' ~ pcre_version ~ '/pcre2-' ~ pcre_version ~ '.tar.gz', 'https://ftp.exim.org/pub/pcre/pcre-' ~ pcre_version ~ '.tar.gz') }}" dest: /tmp - mode: 0600 + mode: "0600" register: pcre_source - name: Ensure PCRE directory exists ansible.builtin.file: path: /tmp/pcre-{{ pcre_version }} state: directory - mode: 0700 + mode: "0700" - name: Unpack PCRE dependency ansible.builtin.unarchive: copy: false src: "{{ pcre_source['dest'] }}" dest: /tmp/pcre-{{ pcre_version }}/ - mode: 0700 + mode: "0700" extra_opts: [--strip-components=1] - name: Configure PCRE dependency @@ -213,21 +213,21 @@ ansible.builtin.get_url: url: https://github.com/madler/zlib/releases/download/v{{ zlib_version }}/zlib-{{ zlib_version }}.tar.gz dest: /tmp - mode: 0600 + mode: "0600" register: zlib_source - name: Ensure ZLib directory exists ansible.builtin.file: path: /tmp/zlib-{{ zlib_version }} state: directory - mode: 0700 + mode: "0700" - name: Unpack ZLib dependency ansible.builtin.unarchive: copy: false src: "{{ zlib_source['dest'] }}" dest: /tmp/zlib-{{ zlib_version }} - mode: 0700 + mode: "0700" extra_opts: [--strip-components=1] - name: Configure ZLib dependency @@ -282,21 +282,21 @@ ansible.builtin.get_url: url: https://github.com/openssl/openssl/archive/refs/tags/openssl-{{ openssl_version }}.tar.gz dest: /tmp/{{ openssl_version }}.tar.gz - mode: 0600 + mode: "0600" register: openssl_source - name: Ensure OpenSSL directory exists ansible.builtin.file: path: /tmp/openssl-{{ openssl_version }} state: directory - mode: 0700 + mode: "0700" - name: Unpack OpenSSL dependency ansible.builtin.unarchive: copy: false src: "{{ openssl_source['dest'] }}" dest: /tmp/openssl-{{ openssl_version }} - mode: 0700 + mode: "0700" extra_opts: [--strip-components=1] - name: Configure OpenSSL dependency @@ -354,7 +354,7 @@ ansible.builtin.get_url: url: https://nginx.org/download/{{ nginx_version }}.tar.gz dest: /tmp/{{ nginx_version }}.tar.gz - mode: 0600 + mode: "0600" register: nginx_source - name: Unpack NGINX @@ -362,7 +362,7 @@ copy: false src: "{{ nginx_source.dest }}" dest: /tmp - mode: 0755 + mode: "0755" - name: Set static modules ansible.builtin.set_fact: @@ -410,7 +410,7 @@ dest: "{{ (ansible_facts['os_family'] == 'Suse') | ternary('usr/lib/systemd/system/nginx.service', '/lib/systemd/system/nginx.service') }}" owner: root group: root - mode: 0644 + mode: "0644" - name: Enable systemd NGINX service file ansible.builtin.systemd: @@ -429,7 +429,7 @@ dest: /etc/init.d/nginx owner: root group: root - mode: 0755 + mode: "0755" - name: Upload Upstart NGINX service conf file ansible.builtin.copy: @@ -437,7 +437,7 @@ dest: /etc/init/nginx.conf owner: root group: root - mode: 0644 + mode: "0644" - name: Enable Upstart NGINX service reload # noqa no-changed-when ansible.builtin.command: initctl reload-configuration @@ -451,7 +451,7 @@ dest: /etc/init.d/nginx owner: root group: root - mode: 0755 + mode: "0755" when: ansible_facts['service_mgr'] == 'sysvinit' notify: (Handler) Run NGINX @@ -465,7 +465,7 @@ dest: /run/openrc/softlevel force: false owner: root - mode: 0644 + mode: "0644" - name: Upload OpenRC NGINX service file ansible.builtin.copy: @@ -473,7 +473,7 @@ dest: /etc/init.d/nginx owner: root group: root - mode: 0755 + mode: "0755" - name: Enable OpenRC NGINX service # noqa no-changed-when ansible.builtin.command: rc-update add nginx default diff --git a/tasks/plus/install-debian.yml b/tasks/plus/install-debian.yml index 657db4bb5..078af7b05 100644 --- a/tasks/plus/install-debian.yml +++ b/tasks/plus/install-debian.yml @@ -9,7 +9,7 @@ Acquire::https::{{ (nginx_repository | default(nginx_plus_default_repository_debian)) | regex_search('(?<=https://)[^/]*') }}::SslCert "/etc/ssl/nginx/nginx-repo.crt"; Acquire::https::{{ (nginx_repository | default(nginx_plus_default_repository_debian)) | regex_search('(?<=https://)[^/]*') }}::SslKey "/etc/ssl/nginx/nginx-repo.key"; state: "{{ nginx_license_status | default((nginx_setup == 'uninstall') | ternary('absent', 'present')) }}" - mode: 0444 + mode: "0444" - name: (Debian/Ubuntu) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository ansible.builtin.apt_repository: @@ -17,7 +17,7 @@ repo: "{{ nginx_repository | default(nginx_plus_default_repository_debian) }}" update_cache: false state: "{{ nginx_license_status | default((nginx_setup == 'uninstall') | ternary('absent', 'present')) }}" - mode: 0644 + mode: "0644" when: nginx_manage_repo | bool - name: (Debian/Ubuntu) {{ nginx_setup | capitalize }} NGINX Plus diff --git a/tasks/plus/install-freebsd.yml b/tasks/plus/install-freebsd.yml index c3e699f42..1c2a7f23f 100644 --- a/tasks/plus/install-freebsd.yml +++ b/tasks/plus/install-freebsd.yml @@ -19,7 +19,7 @@ MIRROR_TYPE: SRV } state: "{{ nginx_license_status | default('present') }}" - mode: 0644 + mode: "0644" when: nginx_manage_repo | bool - name: (FreeBSD) {{ nginx_setup | capitalize }} NGINX Plus diff --git a/tasks/plus/install-redhat.yml b/tasks/plus/install-redhat.yml index 848f3abce..01c4bdcb1 100644 --- a/tasks/plus/install-redhat.yml +++ b/tasks/plus/install-redhat.yml @@ -9,7 +9,7 @@ enabled: true gpgcheck: true state: "{{ nginx_license_status | default((nginx_setup == 'uninstall') | ternary('absent', 'present')) }}" - mode: 0644 + mode: "0644" when: nginx_manage_repo | bool - name: (AlmaLinux/Amazon Linux/CentOS/Oracle Linux/RHEL/Rocky Linux) Force Yum cache refresh diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml index fe6ea663c..7c7e212f1 100644 --- a/tasks/plus/setup-license.yml +++ b/tasks/plus/setup-license.yml @@ -10,21 +10,21 @@ ansible.builtin.file: path: /etc/apk state: directory - mode: 0755 + mode: "0755" - name: (Alpine Linux) Copy NGINX Plus certificate ansible.builtin.copy: src: "{{ nginx_license['certificate'] }}" dest: /etc/apk/cert.pem decrypt: true - mode: 0444 + mode: "0444" - name: (Alpine Linux) Copy NGINX Plus key ansible.builtin.copy: src: "{{ nginx_license['key'] }}" dest: /etc/apk/cert.key decrypt: true - mode: 0444 + mode: "0444" - name: (Alpine Linux) Check that NGINX Plus certificate is valid community.crypto.x509_certificate_info: @@ -51,14 +51,14 @@ ansible.builtin.file: path: /etc/ssl/nginx state: directory - mode: 0755 + mode: "0755" - name: (Debian/Red Hat/SLES OSs) Copy NGINX Plus certificate and license key ansible.builtin.copy: src: "{{ item }}" dest: /etc/ssl/nginx decrypt: true - mode: 0444 + mode: "0444" loop: - "{{ nginx_license['certificate'] }}" - "{{ nginx_license['key'] }}" @@ -97,5 +97,5 @@ ansible.builtin.assemble: src: /etc/ssl/nginx dest: /etc/ssl/nginx/nginx-repo-bundle.crt - mode: 0444 + mode: "0444" when: not bundle['stat']['exists'] diff --git a/tasks/prerequisites/setup-selinux.yml b/tasks/prerequisites/setup-selinux.yml index ad2a8cc8c..5dcdb305c 100644 --- a/tasks/prerequisites/setup-selinux.yml +++ b/tasks/prerequisites/setup-selinux.yml @@ -41,7 +41,7 @@ ansible.builtin.template: src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2" dest: "{{ nginx_selinux_tempdir }}/nginx-plus-module.te" - mode: 0644 + mode: "0644" register: nginx_selinux_module - name: Check SELinux NGINX Plus module From 4c0fe4e1c5a5c42cb5c7b5f0d31063e603002531 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 2 Mar 2023 13:56:55 +0100 Subject: [PATCH 3/3] Update CHANGELOG.md --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 42d80db3f..7d7e510cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 0.24.1 (Unreleased) + +ENHANCEMENTS: + +Refactor the OSS BSD installation process to consolidate tasks and avoid Ansible Lint warnings. + ## 0.24.0 (January 29, 2023) BREAKING CHANGES: