DNTSK/dalab-django
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial

Browse Source
This commit is contained in:
Silver Ghost
2023-03-09 18:02:25 +03:00
commit a81f423baa
93 changed files with 2357 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/nginxinc.nginx_unit/.ansible-lint Normal file
View File

@ -0,0 +1,2 @@
skip_list:
- '106'

28
roles/nginxinc.nginx_unit/.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@ -0,0 +1,28 @@
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**To reproduce**
Steps to reproduce the behavior:
1. Deploy NGINX Unit role using playbook.yml
2. View output/logs/configuration on '...'
3. See error
**Expected behavior**
A clear and concise description of what you expected to happen.
**Your environment:**
- Version of the NGINX Unit role or specific commit
- Version of Ansible
- Target deployment platform
**Additional context**
Add any other context about the problem here.

20
roles/nginxinc.nginx_unit/.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View File

@ -0,0 +1,20 @@
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: ''
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.

10
roles/nginxinc.nginx_unit/.github/pull_request_template.md vendored Normal file
View File

@ -0,0 +1,10 @@
### Proposed changes
Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) here in this description (not in the title of the PR).
### Checklist
Before creating a PR, run through this checklist and mark each as complete.
- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/CONTRIBUTING.md) document
- [ ] I have added Molecule tests that prove my fix is effective or that my feature works
- [ ] I have checked that all Molecule tests pass after adding my changes
- [ ] I have updated any relevant documentation (`defaults/main/*.yml`, `README.md` and `CHANGELOG.md`)

24
roles/nginxinc.nginx_unit/.github/workflows/galaxy.yml vendored Normal file
View File

@ -0,0 +1,24 @@
---
name: Ansible Galaxy import
on:
push:
tags:
- '*'
jobs:
galaxy:
name: Galaxy
runs-on: ubuntu-latest
steps:
- name: Check out the codebase
uses: actions/checkout@v2
- name: Set up Python 3
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Ansible
run: pip3 install ansible-base==2.10.3
- name: Import release to Ansible Galaxy
run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

41
roles/nginxinc.nginx_unit/.github/workflows/molecule.yml vendored Normal file
View File

@ -0,0 +1,41 @@
---
name: Molecule CI/CD
on:
pull_request:
push:
branches:
- main
schedule:
- cron: "0 0 1 * *"
jobs:
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
scenario:
- default
- default_centos
steps:
- name: Check out the codebase
uses: actions/checkout@v2
- name: Set up Python 3
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Molecule dependencies
run: |
pip3 install ansible-base==2.10.3
pip3 install ansible==2.10.3
pip3 install ansible-lint==4.3.7
pip3 install yamllint==1.25.0
pip3 install 'molecule[docker]'==3.2.1
pip3 install docker==4.4.0
- name: Run Molecule tests
run: molecule test -s ${{ matrix.scenario }}
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'

17
roles/nginxinc.nginx_unit/.gitignore vendored Normal file
View File

@ -0,0 +1,17 @@
# Any private crt and keys #
############################
*.crt
*.key
*~
\#*
# OS Specific
Thumbs.db
.DS_Store
.vscode
# Ansible specific
*.retry
# Python specific
__pycache__

13
roles/nginxinc.nginx_unit/.yamllint Normal file
View File

@ -0,0 +1,13 @@
---
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
comments-indentation: disable
line-length: disable
truthy: disable

45
roles/nginxinc.nginx_unit/CHANGELOG.md Normal file
View File

@ -0,0 +1,45 @@
# Changelog
## 0.2.2 (December 22, 2020)
ENHANCEMENTS:
* Update Molecule to `3.2.1` and Docker Python SDK to `4.4.0`.
* Remove CentOS/RHEL `6` from supported platforms due to EOL.
* Replace TravisCI with GitHub actions.
BUG FIXES:
Fix issue whereas SELinux state would not be correctly set back to `enforcing` when `nginx_unit_selinux: true`.
## 0.2.1 (November 19, 2020)
ENHANCEMENTS:
* Update Ansible (now Ansible base) to `2.10.3`, Ansible (now Ansible Community Distribution) to `2.10.3`, Ansible Lint to `4.3.7`, Molecule to `3.1.5`, and yamllint to `1.25.0`.
* Moved "constant" variables to `vars/main.yml`.
* Switch to using `ansible_facts` wherever possible.
* Major backend refactoring to reduce the number of files and tasks.
* Improved tasks naming conventions.
* Add survey to README.
* Improve README structure and use tables where relevant.
## 0.2.0 (August 27, 2020)
BREAKING CHANGES:
The repository names in Debian and RedHat based distros have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source.
FEATURES:
TravisCI now always uses the latest version of Docker.
ENHANCEMENTS:
* Update Ansible to `2.9.12` and Ansible Lint to `4.3.2`.
* Explicitly define `mode` in relevant tasks.
* Explicitly define the `nginx-unit` `apt_repository` and `yum_repository` filename in Debian and RedHat based distros.
## 0.1.0 (August 19, 2020)
Initial release of the NGINX Unit role. Contains all NGINX Unit related features previously available on the [NGINX Ansible role](https://github.com/nginxinc/ansible-role-nginx).

76
roles/nginxinc.nginx_unit/CODE_OF_CONDUCT.md Normal file
View File

@ -0,0 +1,76 @@
# Contributor Covenant Code of Conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, sex characteristics, gender identity and expression,
level of experience, education, socio-economic status, nationality, personal
appearance, race, religion, or sexual identity and orientation.
## Our Standards
Examples of behavior that contributes to creating a positive environment
include:
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery and unwelcome sexual attention or
advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at nginx@nginx.org. All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see
https://www.contributor-covenant.org/faq

73
roles/nginxinc.nginx_unit/CONTRIBUTING.md Normal file
View File

@ -0,0 +1,73 @@
# Contributing Guidelines
The following is a set of guidelines for contributing to the NGINX Ansible role. We really appreciate that you are considering contributing!
#### Table Of Contents
[Ask a Question](#ask-a-question)
[Getting Started](#getting-started)
[Contributing](#contributing)
[Code Guidelines](#code-guidelines)
* [Git Guidelines](#git-guidelines)
* [Ansible Guidelines](#ansible-guidelines)
[Code of Conduct](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/CODE_OF_CONDUCT.md)
## Ask a Question
Don't know how something works? Curious if the role can achieve your desired functionality? Please open an Issue on GitHub with the label `question`.
## Getting Started
Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Ansible role.
### Project Structure
* The NGINX Ansible role is written in `yaml` and supports NGINX Unit.
* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html):
* The main code is found in `tasks/`.
* The main variables can be found in `defaults/main/*.yml`.
* "Constant" variables can be found in `vars/main.yml`.
* Configuration templates for NGINX can be found in `templates/`.
* [Molecule](https://molecule.readthedocs.io/) tests can be found in `molecule/`..
* CI/CD is done via Travis using `.travis.yml` deployment `yaml` files
## Contributing
### Report a Bug
To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the issue has not already been reported.
### Suggest an Enhancement
To suggest an enhancement, please create an issue on GitHub with the label `enhancement` using the available feature issue template.
### Open a Pull Request
* Fork the repo, create a branch, submit a PR when your changes are **tested** (ideally using Molecule) and ready for review.
* Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/.github/PULL_REQUEST_TEMPLATE.md).
Note: if youd like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature.
## Code Guidelines
### Ansible Guidelines
* Run `molecule lint` over your code to automatically resolve a lot of `yaml` and Ansible style issues.
* Run `molecule test --all` on your code before you submit a PR to catch any potential issues.
* Follow these guides on some good practices for Ansible:
* <https://www.ansible.com/blog/ansible-best-practices-essentials>
* <https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html>
### Git Guidelines
* Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR.
* Follow the guidelines of writing a good commit message as described here <https://chris.beams.io/posts/git-commit/> and summarised in the next few points:
* In the subject line, use the present tense ("Add feature" not "Added feature").
* In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...").
* Limit the subject line to 72 characters or less.
* Reference issues and pull requests liberally after the subject line.
* Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`).

201
roles/nginxinc.nginx_unit/LICENSE Normal file
View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

107
roles/nginxinc.nginx_unit/README.md Normal file
View File

@ -0,0 +1,107 @@
[![Ansible Galaxy](https://img.shields.io/badge/galaxy-nginxinc.nginx__unit-5bbdbf.svg)](https://galaxy.ansible.com/nginxinc/nginx_unit)
[![Molecule CI/CD](https://github.com/nginxinc/ansible-role-nginx-unit/workflows/Molecule%20CI/CD/badge.svg)](https://github.com/nginxinc/ansible-role-nginx-unit/actions)
[![License](https://img.shields.io/badge/License-Apache--2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
# 👾 *Help make the NGINX Unit Ansible role better by participating in our [survey](https://forms.office.com/Pages/ResponsePage.aspx?id=L_093Ttq0UCb4L-DJ9gcUKLQ7uTJaE1PitM_37KR881UM0NCWkY5UlE5MUYyWU1aTUcxV0NRUllJSC4u)!* 👾
# Ansible NGINX Unit Role
This role installs NGINX Unit on your target host.
**Note:** This role is still in active development. There may be unidentified issues and the role variables may change as development continues.
## Requirements
### Ansible
* This role is developed and tested with [maintained](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#release-status) versions of Ansible. Backwards compatibility is not guaranteed.
* Instructions on how to install Ansible can be found in the [Ansible website](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html).
### Molecule
* Molecule `3.x` is used to test the various functionalities of the role.
* Instructions on how to install Molecule can be found in the [Molecule website](https://molecule.readthedocs.io/en/latest/installation.html).
## Installation
### Ansible Galaxy
Use `ansible-galaxy install nginxinc.nginx_unit` to install the latest stable release of the role on your system.
### Git
Use `git clone https://github.com/nginxinc/ansible-role-nginx-unit.git` to pull the latest edge commit of the role from GitHub.
## Platforms
The NGINX Ansible role supports all platforms supported by [NGINX Unit](https://unit.nginx.org/installation/#official-packages):
```yaml
Amazon Linux:
versions:
- 2018.03
Amazon Linux 2:
versions:
- any
CentOS:
versions:
- 6
- 7
- 8
Debian:
versions:
- stretch
- buster
RedHat:
versions:
- 6
- 7
- 8
Ubuntu:
versions:
- xenial
- bionic
- focal
```
## Role Variables
This role has multiple variables. The descriptions and defaults for all these variables can be found in the **[`defaults/main/`](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/defaults/main/)** folder in the following files:
|Name|Description|
|----|-----------|
|**[`defaults/main/main.yml`](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/defaults/main/main.yml)**|NGINX Unit installation variables|
|**[`defaults/main/selinux.yml`](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/defaults/main/unit.yml)**|NGINX Unit SELinux variables|
|**[`defaults/main/bsd.yml`](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/defaults/main/bsd.yml)**|BSD specific installation variables|
## Example Playbooks
A working functional playbook example can be found in the **[`molecule/common/playbooks`](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/molecule/common/)** folder in the following file:
|Name|Description|
|----|-----------|
|**[`molecule/common/playbooks/default_converge.yml`](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/molecule/common/playbooks/default_converge.yml)**|Install NGINX Unit|
Do note that if you install this repository via Ansible Galaxy, you will have to replace the role variable in the sample playbooks from `ansible-role-nginx-unit` to `nginxinc.nginx_unit`.
## Other NGINX Ansible Collections and Roles
You can find the Ansible NGINX Core collection of roles to install and configure NGINX Open Source, NGINX Plus, and NGINX App Protect [here](https://github.com/nginxinc/ansible-collection-nginx).
You can find the Ansible NGINX role to install NGINX [here](https://github.com/nginxinc/ansible-role-nginx).
You can find the Ansible NGINX configuration role to configure NGINX [here](https://github.com/nginxinc/ansible-role-nginx-config).
You can find the Ansible NGINX App Protect role to install and configure NGINX App Protect [here](https://github.com/nginxinc/ansible-role-nginx-app-protect).
You can find the Ansible NGINX Controller collection of roles to install and configure NGINX Controller [here](https://github.com/nginxinc/ansible-collection-nginx_controller).
## License
[Apache License, Version 2.0](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/LICENSE)
## Author Information
[Alessandro Fael Garcia](https://github.com/alessfg)
&copy; [F5 Networks, Inc.](https://www.f5.com/) 2020

10
roles/nginxinc.nginx_unit/defaults/main/bsd.yml Normal file
View File

@ -0,0 +1,10 @@
---
# Choose to install BSD packages or ports.
# Options are true for packages or False for ports.
# Default is true.
nginx_unit_bsd_install_packages: true
# Choose to install packages built from BSD ports collection if available.
# Options are true for use packages or false for do not use packages.
# Default is true.
nginx_unit_bsd_portinstall_use_packages: true

10
roles/nginxinc.nginx_unit/defaults/main/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
# Install NGINX Unit and NGINX Unit modules.
# Use a list of supported NGINX Unit modules.
# Default is false.
nginx_unit_enable: false
nginx_unit_modules: []
# Choose where to fetch the NGINX signing key from.
# Default is the official NGINX signing key host.
# nginx_unit_signing_key: http://nginx.org/keys/nginx_signing.key

13
roles/nginxinc.nginx_unit/defaults/main/selinux.yml Normal file
View File

@ -0,0 +1,13 @@
---
# Set SELinux enforcing for NGINX Unit (Centos/Redhat only) - you may need to open ports on your own
nginx_unit_selinux: false
# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_unit_selinux: true)
nginx_unit_selinux_enforcing: true
# List of TCP ports to add to http_port_t type (80 and 443 have this type already)
# nginx_unit_selinux_tcp_ports:
# - 80
# - 443
# List of UDP ports to add to http_port_t type
# nginx_unit_selinux_udp_ports:
# - 80
# - 443

0
roles/nginxinc.nginx_unit/files/.gitkeep Normal file
View File

12
roles/nginxinc.nginx_unit/handlers/main.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: (Handler - Amazon Linux/CentOS/Debian/RedHat/Ubuntu) Start NGINX Unit
service:
name: unit
state: started
enabled: yes
- name: (Handler - FreeBSD) Start NGINX Unit
service:
name: unitd
state: started
enabled: yes

3
roles/nginxinc.nginx_unit/meta/.galaxy_install_info Normal file
View File

@ -0,0 +1,3 @@
install_date: "\u0447\u0435\u0442\u0432\u0435\u0440\u0433, 9 \u043C\u0430\u0440\u0442\u0430
2023 \u0433. 12:55:18"
version: 0.2.2

51
roles/nginxinc.nginx_unit/meta/main.yml Normal file
View File

@ -0,0 +1,51 @@
---
galaxy_info:
author: Alessandro Fael Garcia
description: Official Ansible role for NGINX Unit
role_name: nginx_unit
company: F5 Networks, Inc.
license: Apache License, Version 2.0
min_ansible_version: 2.9
platforms:
- name: Alpine
versions:
- any
- name: Amazon
versions:
- 2018.03
- name: Amazon Linux 2
versions:
- any
- name: Debian
versions:
- stretch
- buster
- name: EL
versions:
- 7
- name: FreeBSD
versions:
- 11.2
- 12.0
- name: Ubuntu
versions:
- xenial
- bionic
- focal
- name: SLES
versions:
- 12
- 15
galaxy_tags:
- nginx
- unit
- web
- server
- application
- development
dependencies: []

43
roles/nginxinc.nginx_unit/molecule/common/Dockerfile.j2 Normal file
View File

@ -0,0 +1,43 @@
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
{% if item.env is defined %}
{% for var, value in item.env.items() %}
{% if value %}
ENV {{ var }} {{ value }}
{% endif %}
{% endfor %}
{% endif %}
RUN \
if [ $(command -v apt-get) ]; then \
apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y aptitude bash ca-certificates curl iproute2 python-apt python3 python3-apt procps sudo systemd systemd-sysv vim \
&& apt-get clean; \
elif [ $(command -v dnf) ]; then \
dnf makecache \
&& dnf --assumeyes install bash iproute /usr/bin/dnf-3 /usr/bin/python3 /usr/bin/python3-config vim \
&& dnf clean all; \
elif [ $(command -v yum) ]; then \
yum makecache fast \
&& yum install -y bash iproute /usr/bin/python /usr/bin/python2-config sudo vim yum-plugin-ovl \
&& sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \
&& yum clean all; \
elif [ $(command -v zypper) ]; then \
zypper refresh \
&& zypper install -y bash iproute2 python3 sudo vim \
&& zypper clean -a; \
elif [ $(command -v apk) ]; then \
apk update \
&& apk add --no-cache bash ca-certificates curl openrc python3 sudo vim; \
echo 'rc_provide="loopback net"' >> /etc/rc.conf; \
elif [ $(command -v xbps-install) ]; then \
xbps-install -Syu \
&& xbps-install -y bash ca-certificates iproute2 python3 sudo vim \
&& xbps-remove -O; \
fi

32
roles/nginxinc.nginx_unit/molecule/common/playbooks/default_converge.yml Normal file
View File

@ -0,0 +1,32 @@
---
- name: Converge
hosts: all
pre_tasks:
- name: Set module if Alpine
set_fact:
module:
- unit-perl
- unit-php7
- unit-python3
when: ansible_facts['os_family'] == "Alpine"
- name: Set module if Debian
set_fact:
module:
- unit-perl
- unit-php
- unit-ruby
when: ansible_facts['os_family'] == "Debian"
- name: Set module if Red Hat
set_fact:
module:
- unit-php
- unit-go
when: ansible_facts['os_family'] == "RedHat"
tasks:
- name: Install NGINX Unit
include_role:
name: ansible-role-nginx-unit
vars:
nginx_enable: false
nginx_unit_enable: true
nginx_unit_modules: "{{ module }}"

47
roles/nginxinc.nginx_unit/molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,47 @@
---
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint --force-color
platforms:
- name: debian-stretch
image: debian:stretch-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-xenial
image: ubuntu:xenial
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-bionic
image: ubuntu:bionic
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-focal
image: ubuntu:focal
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
provisioner:
name: ansible
playbooks:
converge: ../common/playbooks/default_converge.yml

26
roles/nginxinc.nginx_unit/molecule/default_centos/molecule.yml Normal file
View File

@ -0,0 +1,26 @@
---
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint --force-color
platforms:
- name: centos-7
image: centos:7
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: centos-8
image: centos:8
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
provisioner:
name: ansible
playbooks:
converge: ../common/playbooks/default_converge.yml

17
roles/nginxinc.nginx_unit/tasks/keys/setup-keys.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: (Debian/Red Hat OSs) Set up NGINX signing key URL
set_fact:
keysite: "{{ nginx_unit_signing_key | default(nginx_unit_default_signing_key) }}"
- name: (Debian/Ubuntu) Add NGINX signing key
apt_key:
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
url: "{{ keysite }}"
when: ansible_facts['os_family'] == "Debian"
- name: (Amazon Linux/CentOS/RHEL) Add NGINX signing key
rpm_key:
fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
key: "{{ keysite }}"
validate_certs: "{{ (ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}"
when: ansible_facts['os_family'] in ['RedHat', 'Suse']

16
roles/nginxinc.nginx_unit/tasks/main.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Setup prerequisites
include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml"
tags: nginx_unit_prerequisites
- name: Setup keys
include_tasks: keys/setup-keys.yml
when:
- ansible_facts['os_family'] in ['Debian', 'RedHat']
- nginx_unit_enable | bool
tags: nginx_unit_key
- name: Install NGINX Unit
include_tasks: "{{ role_path }}/tasks/unit/install-unit.yml"
when: nginx_unit_enable | bool
tags: nginx_unit_install

26
roles/nginxinc.nginx_unit/tasks/prerequisites/install-dependencies.yml Normal file
View File

@ -0,0 +1,26 @@
---
- name: (Debian/Ubuntu) Install dependencies
apt:
name: "{{ nginx_unit_debian_dependencies }}"
update_cache: yes
when: ansible_facts['os_family'] == "Debian"
- name: (Amazon Linux/CentOS/RHEL) Install dependencies
yum:
name: "{{ nginx_unit_redhat_dependencies }}"
when: ansible_facts['os_family'] == "RedHat"
- name: (FreeBSD) Install dependencies
block:
- name: (FreeBSD) Install dependencies using package(s)
pkgng:
name: "{{ nginx_unit_freebsd_dependencies }}"
when: nginx_bsd_install_packages | bool
- name: (FreeBSD) Install dependencies using port(s)
portinstall:
name: "{{ item }}"
use_packages: "{{ nginx_unit_bsd_portinstall_use_packages | default(omit) }}"
loop: "{{ nginx_unit_freebsd_dependencies }}"
when: not nginx_bsd_install_packages | bool
when: ansible_facts['distribution'] == "FreeBSD"

19
roles/nginxinc.nginx_unit/tasks/prerequisites/prerequisites.yml Normal file
View File

@ -0,0 +1,19 @@
---
- name: Install dependencies
include_tasks: "{{ role_path }}/tasks/prerequisites/install-dependencies.yml"
- name: Set up SELinux
block:
- name: Check if SELinux is enabled
debug:
msg: You need to enable SELinux, if it was disabled you need to reboot
when: ansible_facts['selinux'] is undefined
- name: Configure SELinux
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
when: ansible_facts['selinux']['mode'] is defined
when:
- nginx_unit_selinux | bool
- "'selinux' in ansible_facts"
- ansible_facts['os_family'] in ['RedHat']
- ansible_facts['distribution'] not in ['Amazon']

57
roles/nginxinc.nginx_unit/tasks/prerequisites/setup-selinux.yml Normal file
View File

@ -0,0 +1,57 @@
---
- name: (CentOS/RHEL) Install dependencies
block:
- name: (CentOS/RHEL 6/7) Install dependencies
yum:
name:
- policycoreutils-python
- setools
when: ansible_facts['distribution_major_version'] is version('8', '!=')
- name: (CentOS/RHEL 8) Install dependencies
yum:
name:
- libselinux-utils
- policycoreutils
- selinux-policy-targeted
when: ansible_facts['distribution_major_version'] is version('8', '==')
when: ansible_facts['os_family'] == "RedHat"
- name: Set SELinux mode to permissive
selinux:
state: permissive
policy: targeted
- name: Allow SELinux HTTP network connections
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
- name: Allow SELinux HTTP network connections
seboolean:
name: httpd_can_network_relay
state: yes
persistent: yes
- name: Allow SELinux TCP connections on specific ports
seport:
ports: "{{ nginx_unit_selinux_tcp_ports }}"
proto: tcp
setype: http_port_t
state: present
when: nginx_unit_selinux_tcp_ports is defined
- name: Allow SELinux UDP connections on specific ports
seport:
ports: "{{ nginx_unit_selinux_udp_ports }}"
proto: udp
setype: http_port_t
state: present
when: nginx_unit_selinux_udp_ports is defined
- name: Set SELinux mode to enforcing
selinux:
state: enforcing
policy: targeted
when: nginx_unit_selinux_enforcing | bool

16
roles/nginxinc.nginx_unit/tasks/unit/install-modules.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: (Amazon Linux/CentOS/Debian/RedHat/Ubuntu) Install NGINX Unit modules
package:
name: "{{ item }}"
state: present
loop: "{{ nginx_unit_modules }}"
when: ansible_facts['os_family'] != "FreeBSD"
notify: (Handler - Amazon Linux/CentOS/Debian/RedHat/Ubuntu) Start NGINX Unit
- name: (FreeBSD) Install NGINX Unit modules
portinstall:
name: "{{ item }}"
state: present
loop: "{{ nginx_unit_modules }}"
when: ansible_facts['os_family'] == "FreeBSD"
notify: (Handler - FreeBSD) Start NGINX Unit

22
roles/nginxinc.nginx_unit/tasks/unit/install-unit.yml Normal file
View File

@ -0,0 +1,22 @@
---
- name: Configure NGINX Unit repository
include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_facts['os_family'] | lower }}.yml"
when: ansible_facts['os_family'] in ['Debian', 'FreeBSD', 'RedHat']
- name: (Amazon Linux/CentOS/Debian/RedHat/Ubuntu) Install NGINX Unit
package:
name: unit
state: present
when: ansible_facts['os_family'] != "FreeBSD"
notify: (Handler - Amazon Linux/CentOS/Debian/RedHat/Ubuntu) Start NGINX Unit
- name: (FreeBSD) Install NGINX Unit
portinstall:
name: unit
state: present
when: ansible_facts['os_family'] == "FreeBSD"
notify: (Handler - FreeBSD) Start NGINX Unit
- name: Install NGINX Unit modules
include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml"
when: nginx_unit_modules is defined

10
roles/nginxinc.nginx_unit/tasks/unit/setup-debian.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: "(Debian/Ubuntu) Add NGINX Unit repository"
apt_repository:
filename: nginx-unit
repo: "{{ item }}"
update_cache: yes
mode: 0644
loop:
- deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} unit
- deb-src https://packages.nginx.org/unit/{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} unit

10
roles/nginxinc.nginx_unit/tasks/unit/setup-freebsd.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: (FreeBSD) fetch ports
command: portsnap fetch --interactive
args:
creates: /var/db/portsnap/INDEX
- name: (FreeBSD) Extract ports
command: portsnap extract
args:
creates: /usr/ports

21
roles/nginxinc.nginx_unit/tasks/unit/setup-redhat.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: (CentOS/RHEL) Add NGINX Unit repository
yum_repository:
name: nginx-unit
baseurl: "https://packages.nginx.org/unit/{{ (ansible_facts['distribution'] == 'RedHat') | ternary('rhel/', 'centos/') }}$releasever/$basearch/"
description: NGINX Unit Repository
enabled: yes
gpgcheck: yes
mode: 0644
when: ansible_facts['distribution'] != "Amazon"
- name: (Amazon Linux) Add NGINX Unit repository
yum_repository:
name: nginx-unit
baseurl: "https://packages.nginx.org/unit/amzn\
{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch/"
description: NGINX Unit Repository
enabled: yes
gpgcheck: yes
mode: 0644
when: ansible_facts['distribution'] == "Amazon"

0
roles/nginxinc.nginx_unit/templates/.gitkeep Normal file
View File

18
roles/nginxinc.nginx_unit/vars/main.yml Normal file
View File

@ -0,0 +1,18 @@
---
# Default NGINX Unit signing key
nginx_unit_default_signing_key: https://nginx.org/keys/nginx_signing.key
# Debian dependencies
nginx_unit_debian_dependencies: [
'apt-transport-https', 'ca-certificates', 'dirmngr',
]
# Red Hat dependencies
nginx_unit_redhat_dependencies: [
'ca-certificates', 'openssl',
]
# FreeBSD dependencies
nginx_unit_freebsd_dependencies: [
'security/ca_root_nss',
]