DNTSK/dalab-django
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial

Browse Source
This commit is contained in:
Silver Ghost 2023-03-09 18:02:25 +03:00
commit a81f423baa
No known key found for this signature in database
93 changed files with 2357 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
venv

40
Readme.md Normal file
View File

@ -0,0 +1,40 @@
# Ansible playbook to deploy stack for Django
## Virtualenv
Setup virtualenv locally
```
python3.11 -m venv ./venv
source ./venv/bin/activate
pip install --upgrade pip
```
After that setup ansible and all requirements
```
pip install -r ./requirements.txt
```
## Configure remote servers list
Edit invetory file `hosts`. Replace domain and IP address at least.
## Configure playbook
Edit variables in `setup.yaml` to install and configure needed software
## Run
```
ansible-playbook -i hosts ./setup.yaml
```
If you don't have authorization via ssh keys you may add `-k` option to ask ssh password.
If you don't have passwordless sudo access you may add `-K` option to ask sudo password.
So, the command will be like
```
ansible-playbook -i hosts ./setup.yaml -kK
```

2
hosts Normal file
View File

@ -0,0 +1,2 @@
[appservers]
example.com ansible_ssh_host=51.158.242.117 ansible_ssh_user=ubuntu

2
requirements.txt Normal file
View File

@ -0,0 +1,2 @@
ansible
ansible-lint

4
roles/geerlingguy.postgresql/.ansible-lint Normal file
View File

@ -0,0 +1,4 @@
skip_list:
- 'yaml'
- 'no-handler'
- 'role-name'

4
roles/geerlingguy.postgresql/.github/FUNDING.yml vendored Normal file
View File

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

57
roles/geerlingguy.postgresql/.github/stale.yml vendored Normal file
View File

@ -0,0 +1,57 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- bug
- pinned
- security
- planned
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
unmarkComment: >-
This pull request is no longer marked for closure.
closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
issues:
markComment: |-
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
unmarkComment: >-
This issue is no longer marked for closure.
closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

73
roles/geerlingguy.postgresql/.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,73 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "0 3 * * 5"
defaults:
run:
working-directory: 'geerlingguy.postgresql'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.postgresql'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint
- name: Lint code.
run: |
yamllint .
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
fail-fast: ${{ !contains(github.event_name, 'pull_request') }}
matrix:
distro:
- rockylinux8
- rockylinux9
- fedora36
- ubuntu2204
- ubuntu2004
- ubuntu1804
- debian10
- debian11
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.postgresql'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}

40
roles/geerlingguy.postgresql/.github/workflows/release.yml vendored Normal file
View File

@ -0,0 +1,40 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.postgresql'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.postgresql'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-core
- name: Trigger a new import on Galaxy.
run: >-
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

5
roles/geerlingguy.postgresql/.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
*.retry
*/__pycache__
*.pyc
.cache

11
roles/geerlingguy.postgresql/.yamllint Normal file
View File

@ -0,0 +1,11 @@
---
extends: default
rules:
line-length:
max: 120
level: warning
ignore: |
.github/stale.yml
.travis.yml

20
roles/geerlingguy.postgresql/LICENSE Normal file
View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

152
roles/geerlingguy.postgresql/README.md Normal file
View File

@ -0,0 +1,152 @@
# Ansible Role: PostgreSQL
[![CI](https://github.com/geerlingguy/ansible-role-postgresql/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-postgresql/actions?query=workflow%3ACI)
Installs and configures PostgreSQL server on RHEL/CentOS or Debian/Ubuntu servers.
## Requirements
No special requirements; note that this role requires root access, so either run it in a playbook with a global `become: yes`, or invoke the role in your playbook like:
- hosts: database
roles:
- role: geerlingguy.postgresql
become: yes
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
postgresql_enablerepo: ""
(RHEL/CentOS only) You can set a repo to use for the PostgreSQL installation by passing it in here.
postgresql_restarted_state: "restarted"
Set the state of the service when configuration changes are made. Recommended values are `restarted` or `reloaded`.
postgresql_python_library: python-psycopg2
Library used by Ansible to communicate with PostgreSQL. If you are using Python 3 (e.g. set via `ansible_python_interpreter`), you should change this to `python3-psycopg2`.
postgresql_user: postgres
postgresql_group: postgres
The user and group under which PostgreSQL will run.
postgresql_unix_socket_directories:
- /var/run/postgresql
The directories (usually one, but can be multiple) where PostgreSQL's socket will be created.
postgresql_service_state: started
postgresql_service_enabled: true
Control the state of the postgresql service and whether it should start at boot time.
postgresql_global_config_options:
- option: unix_socket_directories
value: '{{ postgresql_unix_socket_directories | join(",") }}'
- option: log_directory
value: 'log'
Global configuration options that will be set in `postgresql.conf`.
For PostgreSQL versions older than 9.3 you need to at least override this variable and set the `option` to `unix_socket_directory`.
If you override the value of `option: log_directory` with another path, relative or absolute, then this role will create it for you.
postgresql_hba_entries:
- { type: local, database: all, user: postgres, auth_method: peer }
- { type: local, database: all, user: all, auth_method: peer }
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`. Options for entries include:
- `type` (required)
- `database` (required)
- `user` (required)
- `address` (one of this or the following two are required)
- `ip_address`
- `ip_mask`
- `auth_method` (required)
- `auth_options` (optional)
If overriding, make sure you copy all of the existing entries from `defaults/main.yml` if you need to preserve existing entries.
postgresql_locales:
- 'en_US.UTF-8'
(Debian/Ubuntu only) Used to generate the locales used by PostgreSQL databases.
postgresql_databases:
- name: exampledb # required; the rest are optional
lc_collate: # defaults to 'en_US.UTF-8'
lc_ctype: # defaults to 'en_US.UTF-8'
encoding: # defaults to 'UTF-8'
template: # defaults to 'template0'
login_host: # defaults to 'localhost'
login_password: # defaults to not set
login_user: # defaults to 'postgresql_user'
login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
port: # defaults to not set
owner: # defaults to postgresql_user
state: # defaults to 'present'
A list of databases to ensure exist on the server. Only the `name` is required; all other properties are optional.
postgresql_users:
- name: jdoe #required; the rest are optional
password: # defaults to not set
encrypted: # defaults to not set
priv: # defaults to not set
role_attr_flags: # defaults to not set
db: # defaults to not set
login_host: # defaults to 'localhost'
login_password: # defaults to not set
login_user: # defaults to '{{ postgresql_user }}'
login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
port: # defaults to not set
state: # defaults to 'present'
A list of users to ensure exist on the server. Only the `name` is required; all other properties are optional.
postgres_users_no_log: true
Whether to output user data (which may contain sensitive information, like passwords) when managing users.
postgresql_version: [OS-specific]
postgresql_data_dir: [OS-specific]
postgresql_bin_path: [OS-specific]
postgresql_config_path: [OS-specific]
postgresql_daemon: [OS-specific]
postgresql_packages: [OS-specific]
OS-specific variables that are set by include files in this role's `vars` directory. These shouldn't be overridden unless you're using a version of PostgreSQL that wasn't installed using system packages.
## Dependencies
None.
## Example Playbook
- hosts: database
become: yes
vars_files:
- vars/main.yml
roles:
- geerlingguy.postgresql
*Inside `vars/main.yml`*:
postgresql_databases:
- name: example_db
postgresql_users:
- name: example_user
password: supersecure
## License
MIT / BSD
## Author Information
This role was created in 2016 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

72
roles/geerlingguy.postgresql/defaults/main.yml Normal file
View File

@ -0,0 +1,72 @@
---
# RHEL/CentOS only. Set a repository to use for PostgreSQL installation.
postgresql_enablerepo: ""
# Set postgresql state when configuration changes are made. Recommended values:
# `restarted` or `reloaded`
postgresql_restarted_state: "restarted"
postgresql_python_library: python-psycopg2
postgresql_user: postgres
postgresql_group: postgres
# `md5` or `scram-sha-256` (https://www.postgresql.org/docs/10/auth-methods.html)
postgresql_auth_method: "{{ ansible_fips | ternary('scram-sha-256', 'md5') }}"
postgresql_unix_socket_directories:
- /var/run/postgresql
postgresql_service_state: started
postgresql_service_enabled: true
# Global configuration options that will be set in postgresql.conf.
postgresql_global_config_options:
- option: unix_socket_directories
value: '{{ postgresql_unix_socket_directories | join(",") }}'
- option: log_directory
value: 'log'
# Host based authentication (hba) entries to be added to the pg_hba.conf. This
# variable's defaults reflect the defaults that come with a fresh installation.
postgresql_hba_entries:
- {type: local, database: all, user: postgres, auth_method: peer}
- {type: local, database: all, user: all, auth_method: peer}
- {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: "{{ postgresql_auth_method }}"}
- {type: host, database: all, user: all, address: '::1/128', auth_method: "{{ postgresql_auth_method }}"}
# Debian only. Used to generate the locales used by PostgreSQL databases.
postgresql_locales:
- 'en_US.UTF-8'
# Databases to ensure exist.
postgresql_databases: []
# - name: exampledb # required; the rest are optional
# lc_collate: # defaults to 'en_US.UTF-8'
# lc_ctype: # defaults to 'en_US.UTF-8'
# encoding: # defaults to 'UTF-8'
# template: # defaults to 'template0'
# login_host: # defaults to 'localhost'
# login_password: # defaults to not set
# login_user: # defaults to '{{ postgresql_user }}'
# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
# port: # defaults to not set
# owner: # defaults to postgresql_user
# state: # defaults to 'present'
# Users to ensure exist.
postgresql_users: []
# - name: jdoe #required; the rest are optional
# password: # defaults to not set
# encrypted: # defaults to not set
# priv: # defaults to not set
# role_attr_flags: # defaults to not set
# db: # defaults to not set
# login_host: # defaults to 'localhost'
# login_password: # defaults to not set
# login_user: # defaults to '{{ postgresql_user }}'
# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
# port: # defaults to not set
# state: # defaults to 'present'
# Whether to output user data when managing users.
postgres_users_no_log: true

6
roles/geerlingguy.postgresql/handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: restart postgresql
service:
name: "{{ postgresql_daemon }}"
state: "{{ postgresql_restarted_state }}"
sleep: 5

3
roles/geerlingguy.postgresql/meta/.galaxy_install_info Normal file
View File

@ -0,0 +1,3 @@
install_date: "\u0447\u0435\u0442\u0432\u0435\u0440\u0433, 9 \u043C\u0430\u0440\u0442\u0430
2023 \u0433. 12:28:41"
version: 3.4.3

46
roles/geerlingguy.postgresql/meta/main.yml Normal file
View File

@ -0,0 +1,46 @@
---
dependencies: []
galaxy_info:
role_name: postgresql
author: geerlingguy
description: PostgreSQL server for Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.8
platforms:
- name: ArchLinux
versions:
- all
- name: EL
versions:
- 7
- 8
- 9
- name: Fedora
versions:
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- name: Ubuntu
versions:
- xenial
- bionic
- focal
- jammy
- name: Debian
versions:
- wheezy
- jessie
- stretch
- buster
- bullseye
galaxy_tags:
- database
- postgresql
- postgres
- rdbms

37
roles/geerlingguy.postgresql/molecule/default/converge.yml Normal file
View File

@ -0,0 +1,37 @@
---
- name: Converge
hosts: all
become: true
vars:
postgresql_databases:
- name: example
postgresql_users:
- name: jdoe
pre_tasks:
# The Fedora 30+ container images have only C.UTF-8 installed
- name: Set database locale if using Fedora 30+ or RedHat 8+
set_fact:
postgresql_databases:
- name: example
lc_collate: 'C.UTF-8'
lc_ctype: 'C.UTF-8'
when:
- ( ansible_distribution == 'Fedora' and ansible_distribution_major_version >= '30') or
( ansible_os_family == 'RedHat' and ansible_distribution_major_version in ['8','9'])
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
changed_when: false
when: ansible_os_family == 'Debian'
roles:
- role: geerlingguy.postgresql
post_tasks:
- name: Verify postgres is running.
command: "{{ postgresql_bin_path }}/pg_ctl -D {{ postgresql_data_dir }} status"
changed_when: false
become: true
become_user: postgres

19
roles/geerlingguy.postgresql/molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,19 @@
---
role_name_check: 1
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

29
roles/geerlingguy.postgresql/tasks/configure.yml Normal file
View File

@ -0,0 +1,29 @@
---
- name: Configure global settings.
lineinfile:
dest: "{{ postgresql_config_path }}/postgresql.conf"
regexp: "^#?{{ item.option }}.+$"
line: "{{ item.option }} = '{{ item.value }}'"
state: "{{ item.state | default('present') }}"
mode: 0644
with_items: "{{ postgresql_global_config_options }}"
notify: restart postgresql
- name: Configure host based authentication (if entries are configured).
template:
src: "pg_hba.conf.j2"
dest: "{{ postgresql_config_path }}/pg_hba.conf"
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
mode: 0600
notify: restart postgresql
when: postgresql_hba_entries | length > 0
- name: Ensure PostgreSQL unix socket dirs exist.
file:
path: "{{ item }}"
state: directory
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
mode: "{{ postgresql_unix_socket_directories_mode }}"
with_items: "{{ postgresql_unix_socket_directories }}"

21
roles/geerlingguy.postgresql/tasks/databases.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: Ensure PostgreSQL databases are present.
postgresql_db:
name: "{{ item.name }}"
lc_collate: "{{ item.lc_collate | default('en_US.UTF-8') }}"
lc_ctype: "{{ item.lc_ctype | default('en_US.UTF-8') }}"
encoding: "{{ item.encoding | default('UTF-8') }}"
template: "{{ item.template | default('template0') }}"
login_host: "{{ item.login_host | default('localhost') }}"
login_password: "{{ item.login_password | default(omit) }}"
login_user: "{{ item.login_user | default(postgresql_user) }}"
login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
port: "{{ item.port | default(omit) }}"
owner: "{{ item.owner | default(postgresql_user) }}"
state: "{{ item.state | default('present') }}"
with_items: "{{ postgresql_databases }}"
become: true
become_user: "{{ postgresql_user }}"
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
vars:
ansible_ssh_pipelining: true

37
roles/geerlingguy.postgresql/tasks/initialize.yml Normal file
View File

@ -0,0 +1,37 @@
---
- name: Set PostgreSQL environment variables.
template:
src: postgres.sh.j2
dest: /etc/profile.d/postgres.sh
mode: 0644
notify: restart postgresql
- name: Ensure PostgreSQL data directory exists.
file:
path: "{{ postgresql_data_dir }}"
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
state: directory
mode: 0700
- name: Check if PostgreSQL database is initialized.
stat:
path: "{{ postgresql_data_dir }}/PG_VERSION"
register: pgdata_dir_version
- name: Ensure PostgreSQL database is initialized.
command: "{{ postgresql_bin_path }}/initdb -D {{ postgresql_data_dir }}"
when: not pgdata_dir_version.stat.exists
become: true
become_user: "{{ postgresql_user }}"
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
vars:
ansible_ssh_pipelining: true
- name: Ensure PostgreSQL log directory exists.
file:
path: "{{ postgresql_effective_log_dir }}"
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
state: directory
mode: 0700

27
roles/geerlingguy.postgresql/tasks/main.yml Normal file
View File

@ -0,0 +1,27 @@
---
# Variable configuration.
- include_tasks: variables.yml
# Setup/install tasks.
- include_tasks: setup-Archlinux.yml
when: ansible_os_family == 'Archlinux'
- include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian'
- include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include_tasks: initialize.yml
- include_tasks: configure.yml
- name: Ensure PostgreSQL is started and enabled on boot.
service:
name: "{{ postgresql_daemon }}"
state: "{{ postgresql_service_state }}"
enabled: "{{ postgresql_service_enabled }}"
# Configure PostgreSQL.
- import_tasks: users.yml
- import_tasks: databases.yml
- import_tasks: users_props.yml

21
roles/geerlingguy.postgresql/tasks/setup-Archlinux.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: Ensure PostgreSQL Python libraries are installed.
pacman:
name: "{{ postgresql_python_library }}"
state: present
- name: Ensure PostgreSQL packages are installed.
pacman:
name: "{{ postgresql_packages }}"
state: present
- name: Ensure all configured locales are present.
locale_gen: "name={{ item }} state=present"
with_items: "{{ postgresql_locales }}"
register: locale_gen_result
- name: Force-restart PostgreSQL after new locales are generated.
systemd:
name: "{{ postgresql_daemon }}"
state: restarted
when: locale_gen_result.changed

21
roles/geerlingguy.postgresql/tasks/setup-Debian.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: Ensure PostgreSQL Python libraries are installed.
apt:
name: "{{ postgresql_python_library }}"
state: present
- name: Ensure PostgreSQL packages are installed.
apt:
name: "{{ postgresql_packages }}"
state: present
- name: Ensure all configured locales are present.
locale_gen: "name={{ item }} state=present"
with_items: "{{ postgresql_locales }}"
register: locale_gen_result
- name: Force-restart PostgreSQL after new locales are generated.
service:
name: "{{ postgresql_daemon }}"
state: restarted
when: locale_gen_result.changed

16
roles/geerlingguy.postgresql/tasks/setup-RedHat.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Ensure PostgreSQL packages are installed.
yum:
name: "{{ postgresql_packages }}"
state: present
enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}"
# Don't let postgresql-contrib cause the /usr/bin/python symlink
# to be installed, which breaks later Ansible runs on Fedora 30,
# and affects system behavior in multiple ways.
exclude: python-unversioned-command
- name: Ensure PostgreSQL Python libraries are installed.
yum:
name: "{{ postgresql_python_library }}"
state: present
enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}"

19
roles/geerlingguy.postgresql/tasks/users.yml Normal file
View File

@ -0,0 +1,19 @@
---
- name: Ensure PostgreSQL users are present.
postgresql_user:
name: "{{ item.name }}"
password: "{{ item.password | default(omit) }}"
login_host: "{{ item.login_host | default('localhost') }}"
login_password: "{{ item.login_password | default(omit) }}"
login_user: "{{ item.login_user | default(postgresql_user) }}"
login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
port: "{{ item.port | default(omit) }}"
with_items: "{{ postgresql_users }}"
no_log: "{{ postgres_users_no_log }}"
become: true
become_user: "{{ postgresql_user }}"
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
vars:
ansible_ssh_pipelining: true
environment:
PGOPTIONS: "{{ (postgresql_auth_method == 'scram-sha-256') | ternary('-c password_encryption=scram-sha-256', '') }}"

24
roles/geerlingguy.postgresql/tasks/users_props.yml Normal file
View File

@ -0,0 +1,24 @@
---
- name: Ensure PostgreSQL users are configured correctly.
postgresql_user:
name: "{{ item.name }}"
password: "{{ item.password | default(omit) }}"
encrypted: "{{ item.encrypted | default(omit) }}"
priv: "{{ item.priv | default(omit) }}"
role_attr_flags: "{{ item.role_attr_flags | default(omit) }}"
db: "{{ item.db | default(omit) }}"
login_host: "{{ item.login_host | default('localhost') }}"
login_password: "{{ item.login_password | default(omit) }}"
login_user: "{{ item.login_user | default(postgresql_user) }}"
login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
port: "{{ item.port | default(omit) }}"
state: "{{ item.state | default('present') }}"
with_items: "{{ postgresql_users }}"
no_log: "{{ postgres_users_no_log }}"
become: true
become_user: "{{ postgresql_user }}"
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
vars:
ansible_ssh_pipelining: true
environment:
PGOPTIONS: "{{ (postgresql_auth_method == 'scram-sha-256') | ternary('-c password_encryption=scram-sha-256', '') }}"

72
roles/geerlingguy.postgresql/tasks/variables.yml Normal file
View File

@ -0,0 +1,72 @@
---
# Variable configuration.
- name: Include OS-specific variables (Debian).
include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
when: ansible_os_family == 'Debian'
- name: Include OS-specific variables (RedHat).
include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
when:
- ansible_os_family == 'RedHat'
- ansible_distribution != 'Fedora'
- ansible_distribution != 'Amazon'
- name: Include OS-specific variables (Amazon).
include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
when: ansible_distribution == 'Amazon'
- name: Include OS-specific variables (Fedora).
include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
when: ansible_distribution == 'Fedora'
- name: Define postgresql_packages.
set_fact:
postgresql_packages: "{{ __postgresql_packages | list }}"
when: postgresql_packages is not defined
- name: Define postgresql_version.
set_fact:
postgresql_version: "{{ __postgresql_version }}"
when: postgresql_version is not defined
- name: Define postgresql_daemon.
set_fact:
postgresql_daemon: "{{ __postgresql_daemon }}"
when: postgresql_daemon is not defined
- name: Define postgresql_data_dir.
set_fact:
postgresql_data_dir: "{{ __postgresql_data_dir }}"
when: postgresql_data_dir is not defined
- name: Define postgresql_bin_path.
set_fact:
postgresql_bin_path: "{{ __postgresql_bin_path }}"
when: postgresql_bin_path is not defined
- name: Define postgresql_config_path.
set_fact:
postgresql_config_path: "{{ __postgresql_config_path }}"
when: postgresql_config_path is not defined
- name: Define postgresql_unix_socket_directories_mode.
set_fact:
postgresql_unix_socket_directories_mode: >-
{{ __postgresql_unix_socket_directories_mode | default('02775') }}
when: postgresql_unix_socket_directories_mode is not defined
- name: Define postgresql_log_dir.
set_fact:
# postgresql_global_config_options is an array but its keys are unique, so it can be converted to dict,
# to easily get the value under the 'log_directory' key
postgresql_log_dir: "{{ (postgresql_global_config_options | items2dict(key_name='option', value_name='value')).log_directory }}"
- name: Define postgresql_effective_log_dir, if postgresql_log_dir is absolute
set_fact:
postgresql_effective_log_dir: '{{ postgresql_log_dir }}'
when: postgresql_log_dir is match("/")
- name: Define postgresql_effective_log_dir, if postgresql_log_dir is relative
set_fact:
postgresql_effective_log_dir: '{{ postgresql_data_dir }}/{{ postgresql_log_dir }}'
when: postgresql_log_dir is not match("/")

9
roles/geerlingguy.postgresql/templates/pg_hba.conf.j2 Normal file
View File

@ -0,0 +1,9 @@
{{ ansible_managed | comment }}
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
{% for client in postgresql_hba_entries %}
{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
{% endfor %}

2
roles/geerlingguy.postgresql/templates/postgres.sh.j2 Normal file
View File

@ -0,0 +1,2 @@
export PGDATA={{ postgresql_data_dir }}
export PATH=$PATH:{{ postgresql_bin_path }}

11
roles/geerlingguy.postgresql/vars/Amazon-2.yml Normal file
View File

@ -0,0 +1,11 @@
---
__postgresql_version: "9.2"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs

8
roles/geerlingguy.postgresql/vars/Arch.yml Normal file
View File

@ -0,0 +1,8 @@
---
__postgresql_version: "14"
__postgresql_data_dir: "/var/lib/postgres/data"
__postgresql_bin_path: "/usr/sbin"
__postgresql_config_path: "/var/lib/postgres/data"
__postgresql_daemon: "postgresql"
__postgresql_packages:
- postgresql

12
roles/geerlingguy.postgresql/vars/Debian-10.yml Normal file
View File

@ -0,0 +1,12 @@
---
__postgresql_version: "11"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev
# Debian 10 uses Python 3 by default.
postgresql_python_library: python3-psycopg2

11
roles/geerlingguy.postgresql/vars/Debian-11.yml Normal file
View File

@ -0,0 +1,11 @@
---
__postgresql_version: "13"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev
postgresql_python_library: python3-psycopg2

10
roles/geerlingguy.postgresql/vars/Debian-7.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "9.1"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

10
roles/geerlingguy.postgresql/vars/Debian-8.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "9.4"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

10
roles/geerlingguy.postgresql/vars/Debian-9.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "9.6"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

12
roles/geerlingguy.postgresql/vars/Fedora-29.yml Normal file
View File

@ -0,0 +1,12 @@
---
__postgresql_version: "10.5"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
postgresql_python_library: python2-psycopg2

13
roles/geerlingguy.postgresql/vars/Fedora-30.yml Normal file
View File

@ -0,0 +1,13 @@
---
__postgresql_version: "11.2"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
# Fedora 30 containers only have python3 by default
postgresql_python_library: python3-psycopg2

14
roles/geerlingguy.postgresql/vars/Fedora-31.yml Normal file
View File

@ -0,0 +1,14 @@
---
__postgresql_version: "11.5"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
__postgresql_unix_socket_directories_mode: '0755'
# Fedora 31 containers only have python3 by default
postgresql_python_library: python3-psycopg2

14
roles/geerlingguy.postgresql/vars/Fedora-32.yml Normal file
View File

@ -0,0 +1,14 @@
---
__postgresql_version: "12.2"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
__postgresql_unix_socket_directories_mode: '0755'
# Fedora 32 containers only have python3 by default
postgresql_python_library: python3-psycopg2

14
roles/geerlingguy.postgresql/vars/Fedora-34.yml Normal file
View File

@ -0,0 +1,14 @@
---
__postgresql_version: "13.4"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
__postgresql_unix_socket_directories_mode: '0755'
# Fedora 32 containers only have python3 by default
postgresql_python_library: python3-psycopg2

14
roles/geerlingguy.postgresql/vars/Fedora-35.yml Normal file
View File

@ -0,0 +1,14 @@
---
__postgresql_version: "13.4"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
__postgresql_unix_socket_directories_mode: '0755'
# Fedora 32 containers only have python3 by default
postgresql_python_library: python3-psycopg2

14
roles/geerlingguy.postgresql/vars/Fedora-36.yml Normal file
View File

@ -0,0 +1,14 @@
---
__postgresql_version: "14.1"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
__postgresql_unix_socket_directories_mode: '0755'
# Fedora 32 containers only have python3 by default
postgresql_python_library: python3-psycopg2

11
roles/geerlingguy.postgresql/vars/RedHat-7.yml Normal file
View File

@ -0,0 +1,11 @@
---
__postgresql_version: "9.2"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs

12
roles/geerlingguy.postgresql/vars/RedHat-8.yml Normal file
View File

@ -0,0 +1,12 @@
---
__postgresql_version: "10"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
__postgresql_unix_socket_directories_mode: '0755'
postgresql_python_library: python3-psycopg2

12
roles/geerlingguy.postgresql/vars/RedHat-9.yml Normal file
View File

@ -0,0 +1,12 @@
---
__postgresql_version: "10"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
__postgresql_unix_socket_directories_mode: '0755'
postgresql_python_library: python3-psycopg2

10
roles/geerlingguy.postgresql/vars/Ubuntu-16.yml Normal file
View File

@ -0,0 +1,10 @@
---
__postgresql_version: "9.5"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

11
roles/geerlingguy.postgresql/vars/Ubuntu-18.yml Normal file
View File

@ -0,0 +1,11 @@
---
__postgresql_version: "10"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev
postgresql_python_library: python3-psycopg2

11
roles/geerlingguy.postgresql/vars/Ubuntu-20.yml Normal file
View File

@ -0,0 +1,11 @@
---
__postgresql_version: "12"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev
postgresql_python_library: python3-psycopg2

11
roles/geerlingguy.postgresql/vars/Ubuntu-22.yml Normal file
View File

@ -0,0 +1,11 @@
---
__postgresql_version: "14"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev
postgresql_python_library: python3-psycopg2

9
roles/nginx/handlers/main.yaml Normal file
View File

@ -0,0 +1,9 @@
- name: restart nginx
service:
name: nginx
state: restarted
- name: start nginx
service:
name: nginx
state: started

34
roles/nginx/tasks/main.yaml Normal file
View File

@ -0,0 +1,34 @@
- name: Install dependencies
apt:
pkg:
- curl
- gnupg2
- ca-certificates
- lsb-release
- ubuntu-keyring
state: present
update_cache: true
- name: Import nginx key
apt_key:
url: https://nginx.org/keys/nginx_signing.key
state: present
- name: Setup repository
ansible.builtin.apt_repository:
repo: "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.nginx.org/nginx-quic/ubuntu {{ ansible_facts['distribution_release'] }} nginx-quic"
state: present
filename: nginx-quic
- name: Install nginx
apt:
pkg:
- nginx-quic
- nginx-quic-module-geoip
- nginx-quic-module-image-filter
- nginx-quic-module-njs
- nginx-quic-module-perl
- nginx-quic-module-xslt
state: present
update_cache: true
notify: start nginx

2
roles/nginxinc.nginx_unit/.ansible-lint Normal file
View File

@ -0,0 +1,2 @@
skip_list:
- '106'

28
roles/nginxinc.nginx_unit/.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@ -0,0 +1,28 @@
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**To reproduce**
Steps to reproduce the behavior:
1. Deploy NGINX Unit role using playbook.yml
2. View output/logs/configuration on '...'
3. See error
**Expected behavior**
A clear and concise description of what you expected to happen.
**Your environment:**
- Version of the NGINX Unit role or specific commit
- Version of Ansible
- Target deployment platform
**Additional context**
Add any other context about the problem here.

20
roles/nginxinc.nginx_unit/.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View File

@ -0,0 +1,20 @@
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: ''
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.

10
roles/nginxinc.nginx_unit/.github/pull_request_template.md vendored Normal file
View File

@ -0,0 +1,10 @@
### Proposed changes
Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) here in this description (not in the title of the PR).
### Checklist
Before creating a PR, run through this checklist and mark each as complete.
- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/CONTRIBUTING.md) document
- [ ] I have added Molecule tests that prove my fix is effective or that my feature works
- [ ] I have checked that all Molecule tests pass after adding my changes
- [ ] I have updated any relevant documentation (`defaults/main/*.yml`, `README.md` and `CHANGELOG.md`)

24
roles/nginxinc.nginx_unit/.github/workflows/galaxy.yml vendored Normal file
View File

@ -0,0 +1,24 @@
---
name: Ansible Galaxy import
on:
push:
tags:
- '*'
jobs:
galaxy:
name: Galaxy
runs-on: ubuntu-latest
steps:
- name: Check out the codebase
uses: actions/checkout@v2
- name: Set up Python 3
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Ansible
run: pip3 install ansible-base==2.10.3
- name: Import release to Ansible Galaxy
run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

41
roles/nginxinc.nginx_unit/.github/workflows/molecule.yml vendored Normal file
View File

@ -0,0 +1,41 @@
---
name: Molecule CI/CD
on:
pull_request:
push:
branches:
- main
schedule:
- cron: "0 0 1 * *"
jobs:
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
scenario:
- default
- default_centos
steps:
- name: Check out the codebase
uses: actions/checkout@v2
- name: Set up Python 3
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Molecule dependencies
run: |
pip3 install ansible-base==2.10.3
pip3 install ansible==2.10.3
pip3 install ansible-lint==4.3.7
pip3 install yamllint==1.25.0
pip3 install 'molecule[docker]'==3.2.1
pip3 install docker==4.4.0
- name: Run Molecule tests
run: molecule test -s ${{ matrix.scenario }}
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'

17
roles/nginxinc.nginx_unit/.gitignore vendored Normal file
View File

@ -0,0 +1,17 @@
# Any private crt and keys #
############################
*.crt
*.key
*~
\#*
# OS Specific
Thumbs.db
.DS_Store
.vscode
# Ansible specific
*.retry
# Python specific
__pycache__

13
roles/nginxinc.nginx_unit/.yamllint Normal file
View File

@ -0,0 +1,13 @@
---
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
comments-indentation: disable
line-length: disable
truthy: disable

45
roles/nginxinc.nginx_unit/CHANGELOG.md Normal file
View File

@ -0,0 +1,45 @@
# Changelog
## 0.2.2 (December 22, 2020)
ENHANCEMENTS:
* Update Molecule to `3.2.1` and Docker Python SDK to `4.4.0`.
* Remove CentOS/RHEL `6` from supported platforms due to EOL.
* Replace TravisCI with GitHub actions.
BUG FIXES:
Fix issue whereas SELinux state would not be correctly set back to `enforcing` when `nginx_unit_selinux: true`.
## 0.2.1 (November 19, 2020)
ENHANCEMENTS:
* Update Ansible (now Ansible base) to `2.10.3`, Ansible (now Ansible Community Distribution) to `2.10.3`, Ansible Lint to `4.3.7`, Molecule to `3.1.5`, and yamllint to `1.25.0`.
* Moved "constant" variables to `vars/main.yml`.
* Switch to using `ansible_facts` wherever possible.
* Major backend refactoring to reduce the number of files and tasks.
* Improved tasks naming conventions.
* Add survey to README.
* Improve README structure and use tables where relevant.
## 0.2.0 (August 27, 2020)
BREAKING CHANGES:
The repository names in Debian and RedHat based distros have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source.
FEATURES:
TravisCI now always uses the latest version of Docker.
ENHANCEMENTS:
* Update Ansible to `2.9.12` and Ansible Lint to `4.3.2`.
* Explicitly define `mode` in relevant tasks.
* Explicitly define the `nginx-unit` `apt_repository` and `yum_repository` filename in Debian and RedHat based distros.
## 0.1.0 (August 19, 2020)
Initial release of the NGINX Unit role. Contains all NGINX Unit related features previously available on the [NGINX Ansible role](https://github.com/nginxinc/ansible-role-nginx).

76
roles/nginxinc.nginx_unit/CODE_OF_CONDUCT.md Normal file
View File

@ -0,0 +1,76 @@
# Contributor Covenant Code of Conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, sex characteristics, gender identity and expression,
level of experience, education, socio-economic status, nationality, personal
appearance, race, religion, or sexual identity and orientation.
## Our Standards
Examples of behavior that contributes to creating a positive environment
include:
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery and unwelcome sexual attention or
advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at nginx@nginx.org. All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see
https://www.contributor-covenant.org/faq

73
roles/nginxinc.nginx_unit/CONTRIBUTING.md Normal file
View File

@ -0,0 +1,73 @@
# Contributing Guidelines
The following is a set of guidelines for contributing to the NGINX Ansible role. We really appreciate that you are considering contributing!
#### Table Of Contents
[Ask a Question](#ask-a-question)
[Getting Started](#getting-started)
[Contributing](#contributing)
[Code Guidelines](#code-guidelines)
* [Git Guidelines](#git-guidelines)
* [Ansible Guidelines](#ansible-guidelines)
[Code of Conduct](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/CODE_OF_CONDUCT.md)
## Ask a Question
Don't know how something works? Curious if the role can achieve your desired functionality? Please open an Issue on GitHub with the label `question`.
## Getting Started
Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Ansible role.
### Project Structure
* The NGINX Ansible role is written in `yaml` and supports NGINX Unit.
* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html):
* The main code is found in `tasks/`.
* The main variables can be found in `defaults/main/*.yml`.
* "Constant" variables can be found in `vars/main.yml`.
* Configuration templates for NGINX can be found in `templates/`.
* [Molecule](https://molecule.readthedocs.io/) tests can be found in `molecule/`..
* CI/CD is done via Travis using `.travis.yml` deployment `yaml` files
## Contributing
### Report a Bug
To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the issue has not already been reported.
### Suggest an Enhancement
To suggest an enhancement, please create an issue on GitHub with the label `enhancement` using the available feature issue template.
### Open a Pull Request
* Fork the repo, create a branch, submit a PR when your changes are **tested** (ideally using Molecule) and ready for review.
* Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/.github/PULL_REQUEST_TEMPLATE.md).
Note: if youd like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature.
## Code Guidelines
### Ansible Guidelines
* Run `molecule lint` over your code to automatically resolve a lot of `yaml` and Ansible style issues.
* Run `molecule test --all` on your code before you submit a PR to catch any potential issues.
* Follow these guides on some good practices for Ansible:
* <https://www.ansible.com/blog/ansible-best-practices-essentials>
* <https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html>
### Git Guidelines
* Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR.
* Follow the guidelines of writing a good commit message as described here <https://chris.beams.io/posts/git-commit/> and summarised in the next few points:
* In the subject line, use the present tense ("Add feature" not "Added feature").
* In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...").
* Limit the subject line to 72 characters or less.
* Reference issues and pull requests liberally after the subject line.
* Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`).

201
roles/nginxinc.nginx_unit/LICENSE Normal file
View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

107
roles/nginxinc.nginx_unit/README.md Normal file
View File

@ -0,0 +1,107 @@
[![Ansible Galaxy](https://img.shields.io/badge/galaxy-nginxinc.nginx__unit-5bbdbf.svg)](https://galaxy.ansible.com/nginxinc/nginx_unit)
[![Molecule CI/CD](https://github.com/nginxinc/ansible-role-nginx-unit/workflows/Molecule%20CI/CD/badge.svg)](https://github.com/nginxinc/ansible-role-nginx-unit/actions)
[![License](https://img.shields.io/badge/License-Apache--2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
# 👾 *Help make the NGINX Unit Ansible role better by participating in our [survey](https://forms.office.com/Pages/ResponsePage.aspx?id=L_093Ttq0UCb4L-DJ9gcUKLQ7uTJaE1PitM_37KR881UM0NCWkY5UlE5MUYyWU1aTUcxV0NRUllJSC4u)!* 👾
# Ansible NGINX Unit Role
This role installs NGINX Unit on your target host.
**Note:** This role is still in active development. There may be unidentified issues and the role variables may change as development continues.
## Requirements
### Ansible
* This role is developed and tested with [maintained](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#release-status) versions of Ansible. Backwards compatibility is not guaranteed.
* Instructions on how to install Ansible can be found in the [Ansible website](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html).
### Molecule
* Molecule `3.x` is used to test the various functionalities of the role.
* Instructions on how to install Molecule can be found in the [Molecule website](https://molecule.readthedocs.io/en/latest/installation.html).
## Installation
### Ansible Galaxy
Use `ansible-galaxy install nginxinc.nginx_unit` to install the latest stable release of the role on your system.
### Git
Use `git clone https://github.com/nginxinc/ansible-role-nginx-unit.git` to pull the latest edge commit of the role from GitHub.
## Platforms
The NGINX Ansible role supports all platforms supported by [NGINX Unit](https://unit.nginx.org/installation/#official-packages):
```yaml
Amazon Linux:
versions:
- 2018.03
Amazon Linux 2:
versions:
- any
CentOS:
versions:
- 6
- 7
- 8
Debian:
versions:
- stretch
- buster
RedHat:
versions:
- 6
- 7
- 8
Ubuntu:
versions:
- xenial
- bionic
- focal
```
## Role Variables
This role has multiple variables. The descriptions and defaults for all these variables can be found in the **[`defaults/main/`](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/defaults/main/)** folder in the following files:
|Name|Description|
|----|-----------|
|**[`defaults/main/main.yml`](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/defaults/main/main.yml)**|NGINX Unit installation variables|
|**[`defaults/main/selinux.yml`](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/defaults/main/unit.yml)**|NGINX Unit SELinux variables|
|**[`defaults/main/bsd.yml`](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/defaults/main/bsd.yml)**|BSD specific installation variables|
## Example Playbooks
A working functional playbook example can be found in the **[`molecule/common/playbooks`](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/molecule/common/)** folder in the following file:
|Name|Description|
|----|-----------|
|**[`molecule/common/playbooks/default_converge.yml`](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/molecule/common/playbooks/default_converge.yml)**|Install NGINX Unit|
Do note that if you install this repository via Ansible Galaxy, you will have to replace the role variable in the sample playbooks from `ansible-role-nginx-unit` to `nginxinc.nginx_unit`.
## Other NGINX Ansible Collections and Roles
You can find the Ansible NGINX Core collection of roles to install and configure NGINX Open Source, NGINX Plus, and NGINX App Protect [here](https://github.com/nginxinc/ansible-collection-nginx).
You can find the Ansible NGINX role to install NGINX [here](https://github.com/nginxinc/ansible-role-nginx).
You can find the Ansible NGINX configuration role to configure NGINX [here](https://github.com/nginxinc/ansible-role-nginx-config).
You can find the Ansible NGINX App Protect role to install and configure NGINX App Protect [here](https://github.com/nginxinc/ansible-role-nginx-app-protect).
You can find the Ansible NGINX Controller collection of roles to install and configure NGINX Controller [here](https://github.com/nginxinc/ansible-collection-nginx_controller).
## License
[Apache License, Version 2.0](https://github.com/nginxinc/ansible-role-nginx-unit/blob/main/LICENSE)
## Author Information
[Alessandro Fael Garcia](https://github.com/alessfg)
&copy; [F5 Networks, Inc.](https://www.f5.com/) 2020

10
roles/nginxinc.nginx_unit/defaults/main/bsd.yml Normal file
View File

@ -0,0 +1,10 @@
---
# Choose to install BSD packages or ports.
# Options are true for packages or False for ports.
# Default is true.
nginx_unit_bsd_install_packages: true
# Choose to install packages built from BSD ports collection if available.
# Options are true for use packages or false for do not use packages.
# Default is true.
nginx_unit_bsd_portinstall_use_packages: true

10
roles/nginxinc.nginx_unit/defaults/main/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
# Install NGINX Unit and NGINX Unit modules.
# Use a list of supported NGINX Unit modules.
# Default is false.
nginx_unit_enable: false
nginx_unit_modules: []
# Choose where to fetch the NGINX signing key from.
# Default is the official NGINX signing key host.
# nginx_unit_signing_key: http://nginx.org/keys/nginx_signing.key

13
roles/nginxinc.nginx_unit/defaults/main/selinux.yml Normal file
View File

@ -0,0 +1,13 @@
---
# Set SELinux enforcing for NGINX Unit (Centos/Redhat only) - you may need to open ports on your own
nginx_unit_selinux: false
# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_unit_selinux: true)
nginx_unit_selinux_enforcing: true
# List of TCP ports to add to http_port_t type (80 and 443 have this type already)
# nginx_unit_selinux_tcp_ports:
# - 80
# - 443
# List of UDP ports to add to http_port_t type
# nginx_unit_selinux_udp_ports:
# - 80
# - 443

0
roles/nginxinc.nginx_unit/files/.gitkeep Normal file
View File

12
roles/nginxinc.nginx_unit/handlers/main.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: (Handler - Amazon Linux/CentOS/Debian/RedHat/Ubuntu) Start NGINX Unit
service:
name: unit
state: started
enabled: yes
- name: (Handler - FreeBSD) Start NGINX Unit
service:
name: unitd
state: started
enabled: yes

3
roles/nginxinc.nginx_unit/meta/.galaxy_install_info Normal file
View File

@ -0,0 +1,3 @@
install_date: "\u0447\u0435\u0442\u0432\u0435\u0440\u0433, 9 \u043C\u0430\u0440\u0442\u0430
2023 \u0433. 12:55:18"
version: 0.2.2

51
roles/nginxinc.nginx_unit/meta/main.yml Normal file
View File

@ -0,0 +1,51 @@
---
galaxy_info:
author: Alessandro Fael Garcia
description: Official Ansible role for NGINX Unit
role_name: nginx_unit
company: F5 Networks, Inc.
license: Apache License, Version 2.0
min_ansible_version: 2.9
platforms:
- name: Alpine
versions:
- any
- name: Amazon
versions:
- 2018.03
- name: Amazon Linux 2
versions:
- any
- name: Debian
versions:
- stretch
- buster
- name: EL
versions:
- 7
- name: FreeBSD
versions:
- 11.2
- 12.0
- name: Ubuntu
versions:
- xenial
- bionic
- focal
- name: SLES
versions:
- 12
- 15
galaxy_tags:
- nginx
- unit
- web
- server
- application
- development
dependencies: []

43
roles/nginxinc.nginx_unit/molecule/common/Dockerfile.j2 Normal file
View File

@ -0,0 +1,43 @@
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
{% if item.env is defined %}
{% for var, value in item.env.items() %}
{% if value %}
ENV {{ var }} {{ value }}
{% endif %}
{% endfor %}
{% endif %}
RUN \
if [ $(command -v apt-get) ]; then \
apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y aptitude bash ca-certificates curl iproute2 python-apt python3 python3-apt procps sudo systemd systemd-sysv vim \
&& apt-get clean; \
elif [ $(command -v dnf) ]; then \
dnf makecache \
&& dnf --assumeyes install bash iproute /usr/bin/dnf-3 /usr/bin/python3 /usr/bin/python3-config vim \
&& dnf clean all; \
elif [ $(command -v yum) ]; then \
yum makecache fast \
&& yum install -y bash iproute /usr/bin/python /usr/bin/python2-config sudo vim yum-plugin-ovl \
&& sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \
&& yum clean all; \
elif [ $(command -v zypper) ]; then \
zypper refresh \
&& zypper install -y bash iproute2 python3 sudo vim \
&& zypper clean -a; \
elif [ $(command -v apk) ]; then \
apk update \
&& apk add --no-cache bash ca-certificates curl openrc python3 sudo vim; \
echo 'rc_provide="loopback net"' >> /etc/rc.conf; \
elif [ $(command -v xbps-install) ]; then \
xbps-install -Syu \
&& xbps-install -y bash ca-certificates iproute2 python3 sudo vim \
&& xbps-remove -O; \
fi

32
roles/nginxinc.nginx_unit/molecule/common/playbooks/default_converge.yml Normal file
View File

@ -0,0 +1,32 @@
---
- name: Converge
hosts: all
pre_tasks:
- name: Set module if Alpine
set_fact:
module:
- unit-perl
- unit-php7
- unit-python3
when: ansible_facts['os_family'] == "Alpine"
- name: Set module if Debian
set_fact:
module:
- unit-perl
- unit-php
- unit-ruby
when: ansible_facts['os_family'] == "Debian"
- name: Set module if Red Hat
set_fact:
module:
- unit-php
- unit-go
when: ansible_facts['os_family'] == "RedHat"
tasks:
- name: Install NGINX Unit
include_role:
name: ansible-role-nginx-unit
vars:
nginx_enable: false
nginx_unit_enable: true
nginx_unit_modules: "{{ module }}"

47
roles/nginxinc.nginx_unit/molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,47 @@
---
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint --force-color
platforms:
- name: debian-stretch
image: debian:stretch-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-xenial
image: ubuntu:xenial
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-bionic
image: ubuntu:bionic
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-focal
image: ubuntu:focal
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
provisioner:
name: ansible
playbooks:
converge: ../common/playbooks/default_converge.yml

26
roles/nginxinc.nginx_unit/molecule/default_centos/molecule.yml Normal file
View File

@ -0,0 +1,26 @@
---
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint --force-color
platforms:
- name: centos-7
image: centos:7
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: centos-8
image: centos:8
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
provisioner:
name: ansible
playbooks:
converge: ../common/playbooks/default_converge.yml

17
roles/nginxinc.nginx_unit/tasks/keys/setup-keys.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: (Debian/Red Hat OSs) Set up NGINX signing key URL
set_fact:
keysite: "{{ nginx_unit_signing_key | default(nginx_unit_default_signing_key) }}"
- name: (Debian/Ubuntu) Add NGINX signing key
apt_key:
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
url: "{{ keysite }}"
when: ansible_facts['os_family'] == "Debian"
- name: (Amazon Linux/CentOS/RHEL) Add NGINX signing key
rpm_key:
fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
key: "{{ keysite }}"
validate_certs: "{{ (ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}"
when: ansible_facts['os_family'] in ['RedHat', 'Suse']

16
roles/nginxinc.nginx_unit/tasks/main.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Setup prerequisites
include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml"
tags: nginx_unit_prerequisites
- name: Setup keys
include_tasks: keys/setup-keys.yml
when:
- ansible_facts['os_family'] in ['Debian', 'RedHat']
- nginx_unit_enable | bool
tags: nginx_unit_key
- name: Install NGINX Unit
include_tasks: "{{ role_path }}/tasks/unit/install-unit.yml"
when: nginx_unit_enable | bool
tags: nginx_unit_install

26
roles/nginxinc.nginx_unit/tasks/prerequisites/install-dependencies.yml Normal file
View File

@ -0,0 +1,26 @@
---
- name: (Debian/Ubuntu) Install dependencies
apt:
name: "{{ nginx_unit_debian_dependencies }}"
update_cache: yes
when: ansible_facts['os_family'] == "Debian"
- name: (Amazon Linux/CentOS/RHEL) Install dependencies
yum:
name: "{{ nginx_unit_redhat_dependencies }}"
when: ansible_facts['os_family'] == "RedHat"
- name: (FreeBSD) Install dependencies
block:
- name: (FreeBSD) Install dependencies using package(s)
pkgng:
name: "{{ nginx_unit_freebsd_dependencies }}"
when: nginx_bsd_install_packages | bool
- name: (FreeBSD) Install dependencies using port(s)
portinstall:
name: "{{ item }}"
use_packages: "{{ nginx_unit_bsd_portinstall_use_packages | default(omit) }}"
loop: "{{ nginx_unit_freebsd_dependencies }}"
when: not nginx_bsd_install_packages | bool
when: ansible_facts['distribution'] == "FreeBSD"

19
roles/nginxinc.nginx_unit/tasks/prerequisites/prerequisites.yml Normal file
View File

@ -0,0 +1,19 @@
---
- name: Install dependencies
include_tasks: "{{ role_path }}/tasks/prerequisites/install-dependencies.yml"
- name: Set up SELinux
block:
- name: Check if SELinux is enabled
debug:
msg: You need to enable SELinux, if it was disabled you need to reboot
when: ansible_facts['selinux'] is undefined
- name: Configure SELinux
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
when: ansible_facts['selinux']['mode'] is defined
when:
- nginx_unit_selinux | bool
- "'selinux' in ansible_facts"
- ansible_facts['os_family'] in ['RedHat']
- ansible_facts['distribution'] not in ['Amazon']

57
roles/nginxinc.nginx_unit/tasks/prerequisites/setup-selinux.yml Normal file
View File

@ -0,0 +1,57 @@
---
- name: (CentOS/RHEL) Install dependencies
block:
- name: (CentOS/RHEL 6/7) Install dependencies
yum:
name:
- policycoreutils-python
- setools
when: ansible_facts['distribution_major_version'] is version('8', '!=')
- name: (CentOS/RHEL 8) Install dependencies
yum:
name:
- libselinux-utils
- policycoreutils
- selinux-policy-targeted
when: ansible_facts['distribution_major_version'] is version('8', '==')
when: ansible_facts['os_family'] == "RedHat"
- name: Set SELinux mode to permissive
selinux:
state: permissive
policy: targeted
- name: Allow SELinux HTTP network connections
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
- name: Allow SELinux HTTP network connections
seboolean:
name: httpd_can_network_relay
state: yes
persistent: yes
- name: Allow SELinux TCP connections on specific ports
seport:
ports: "{{ nginx_unit_selinux_tcp_ports }}"
proto: tcp
setype: http_port_t
state: present
when: nginx_unit_selinux_tcp_ports is defined
- name: Allow SELinux UDP connections on specific ports
seport:
ports: "{{ nginx_unit_selinux_udp_ports }}"
proto: udp
setype: http_port_t
state: present
when: nginx_unit_selinux_udp_ports is defined
- name: Set SELinux mode to enforcing
selinux:
state: enforcing
policy: targeted
when: nginx_unit_selinux_enforcing | bool

16
roles/nginxinc.nginx_unit/tasks/unit/install-modules.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: (Amazon Linux/CentOS/Debian/RedHat/Ubuntu) Install NGINX Unit modules
package:
name: "{{ item }}"
state: present
loop: "{{ nginx_unit_modules }}"
when: ansible_facts['os_family'] != "FreeBSD"
notify: (Handler - Amazon Linux/CentOS/Debian/RedHat/Ubuntu) Start NGINX Unit
- name: (FreeBSD) Install NGINX Unit modules
portinstall:
name: "{{ item }}"
state: present
loop: "{{ nginx_unit_modules }}"
when: ansible_facts['os_family'] == "FreeBSD"
notify: (Handler - FreeBSD) Start NGINX Unit

22
roles/nginxinc.nginx_unit/tasks/unit/install-unit.yml Normal file
View File

@ -0,0 +1,22 @@
---
- name: Configure NGINX Unit repository
include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_facts['os_family'] | lower }}.yml"
when: ansible_facts['os_family'] in ['Debian', 'FreeBSD', 'RedHat']
- name: (Amazon Linux/CentOS/Debian/RedHat/Ubuntu) Install NGINX Unit
package:
name: unit
state: present
when: ansible_facts['os_family'] != "FreeBSD"
notify: (Handler - Amazon Linux/CentOS/Debian/RedHat/Ubuntu) Start NGINX Unit
- name: (FreeBSD) Install NGINX Unit
portinstall:
name: unit
state: present
when: ansible_facts['os_family'] == "FreeBSD"
notify: (Handler - FreeBSD) Start NGINX Unit
- name: Install NGINX Unit modules
include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml"
when: nginx_unit_modules is defined

10
roles/nginxinc.nginx_unit/tasks/unit/setup-debian.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: "(Debian/Ubuntu) Add NGINX Unit repository"
apt_repository:
filename: nginx-unit
repo: "{{ item }}"
update_cache: yes
mode: 0644
loop:
- deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} unit
- deb-src https://packages.nginx.org/unit/{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} unit

10
roles/nginxinc.nginx_unit/tasks/unit/setup-freebsd.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: (FreeBSD) fetch ports
command: portsnap fetch --interactive
args:
creates: /var/db/portsnap/INDEX
- name: (FreeBSD) Extract ports
command: portsnap extract
args:
creates: /usr/ports

21
roles/nginxinc.nginx_unit/tasks/unit/setup-redhat.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: (CentOS/RHEL) Add NGINX Unit repository
yum_repository:
name: nginx-unit
baseurl: "https://packages.nginx.org/unit/{{ (ansible_facts['distribution'] == 'RedHat') | ternary('rhel/', 'centos/') }}$releasever/$basearch/"
description: NGINX Unit Repository
enabled: yes
gpgcheck: yes
mode: 0644
when: ansible_facts['distribution'] != "Amazon"
- name: (Amazon Linux) Add NGINX Unit repository
yum_repository:
name: nginx-unit
baseurl: "https://packages.nginx.org/unit/amzn\
{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch/"
description: NGINX Unit Repository
enabled: yes
gpgcheck: yes
mode: 0644
when: ansible_facts['distribution'] == "Amazon"

0
roles/nginxinc.nginx_unit/templates/.gitkeep Normal file
View File

18
roles/nginxinc.nginx_unit/vars/main.yml Normal file
View File

@ -0,0 +1,18 @@
---
# Default NGINX Unit signing key
nginx_unit_default_signing_key: https://nginx.org/keys/nginx_signing.key
# Debian dependencies
nginx_unit_debian_dependencies: [
'apt-transport-https', 'ca-certificates', 'dirmngr',
]
# Red Hat dependencies
nginx_unit_redhat_dependencies: [
'ca-certificates', 'openssl',
]
# FreeBSD dependencies
nginx_unit_freebsd_dependencies: [
'security/ca_root_nss',
]

12
roles/python3/tasks/main.yaml Normal file
View File

@ -0,0 +1,12 @@
- name: Setup repository
ansible.builtin.apt_repository:
repo: ppa:deadsnakes/ppa
state: present
filename: python
- name: Setup python versions
apt:
pkg: "{{ item }}"
state: present
update_cache: true
loop: "{{ python_versions }}"

9
roles/software/tasks/main.yaml Normal file
View File

@ -0,0 +1,9 @@
- name: Install usual software
apt:
pkg:
- htop
- mc
- vim
- net-tools
state: present
update_cache: true

20
setup.yaml Normal file
View File

@ -0,0 +1,20 @@
- name: Setup the server
hosts: all
become: true
vars:
- postgresql_hba_entries:
- { type: local, database: all, user: postgres, auth_method: trust }
- { type: local, database: all, user: all, auth_method: trust }
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
- python_versions:
- python3.11
- nginx_unit_enable: true
- nginx_unit_modules:
- unit-python3.10
roles:
- { role: software }
- { role: nginx }
- { role: geerlingguy.postgresql }
- { role: python3 }
- { role: nginxinc.nginx_unit }