Cleaner roles/httpd & roles/nginx

2025-03-09 15:40:17 +00:00 · 2020-02-12 03:08:16 -05:00 · 2020-02-12 03:08:16 -05:00 · 1d4591478a
commit 1d4591478a
parent 5e48a5b742
63 changed files with 311 additions and 206 deletions
--- a/roles/nginx/tasks/enable-or-disable.yml
+++ b/roles/nginx/tasks/enable-or-disable.yml
@ -0,0 +1,40 @@
+- name: Ensure that Apache (({{ apache_service }})) is not running -- we may need port swap
+  systemd:
+    name: "{{ apache_service }}"
+    state: stopped
+
+- name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only
+  template:
+    src: ports.conf.j2
+    dest: "/etc/{{ apache_service }}/ports.conf"
+  when: nginx_enabled | bool
+
+- name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only
+  template:
+    src: stock-apache-ports.conf
+    dest: "/etc/{{ apache_service }}/ports.conf"
+  when: not nginx_enabled
+
+- name: Enable & Restart '{{ apache_service }}' if apache_enabled or not nginx_enabled, since we stopped it
+  systemd:
+    name: "{{ apache_service }}"
+    daemon_reload: yes
+    state: restarted
+    enabled: true
+  when: apache_enabled or not nginx_enabled
+
+
+- name: Enable & (Re)Start 'nginx' systemd service, if nginx_enabled
+  systemd:
+    name: nginx
+    daemon_reload: yes
+    enabled: yes
+    state: restarted
+  when: nginx_enabled | bool
+
+- name: Disable & Stop 'nginx' systemd service, if not nginx_enabled
+  systemd:
+    name: nginx
+    enabled: no
+    state: stopped
+  when: not nginx_enabled
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@ -1,4 +1,14 @@
- name: Install NGINX required and helper packages
+# This stanza can likely be removed later in 2020:
+- name: 'Remove legacy files if present: /etc/systemd/system/uwsgi.service, {{ nginx_conf_dir }}/usb-lib.conf, {{ nginx_conf_dir }}/modules.conf'
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  with_items:
+    - { path: "/etc/systemd/system/uwsgi.service" }
+    - { path: "{{ nginx_conf_dir }}/usb-lib.conf" }
+    - { path: "{{ nginx_conf_dir }}/modules.conf" }
+
+- name: Install required and helper packages for NGINX
  package:
    name: "{{ item }}"
    state: present
@ -9,7 +19,7 @@
    - php-fpm
    - libnginx-mod-http-subs-filter

- name: Add http server user to shadow group, so it can authenticate Admin Console
+- name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console
  user:
    name: "{{ apache_user }}"
    groups: shadow
@ -19,29 +29,30 @@
    path: /etc/nginx/sites-enabled/default
    state: absent

- name: 'Install 4 files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, /etc/systemd/system/uwsgi.service'
+- name: 'Install 3-or-4 files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf'
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
-    - { src: 'roles/nginx/templates/server.conf.j2', dest: '/etc/nginx/server.conf' }
-    - { src: 'roles/nginx/templates/nginx.conf.j2', dest: '/etc/nginx/nginx.conf' }
-    - { src: 'roles/nginx/templates/ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' }
+    - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' }
+    - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' }
+    #- { src: 'ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' }    # Moved to enable-or-disable.yml
+    - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" }

-# php stem extension is installed in role httpd
+# php-stem extension installed by roles/web_support/tasks/php-stem.yml
 # here it is linked to php-fpm
- name: Create softlink 20-stem.ini to /etc/php/{{ php_version }}/mods-available/stem.ini
+- name: Symlink /etc/php/{{ php_version }}/fpm/conf.d/20-stem.ini -> /etc/php/{{ php_version }}/mods-available/stem.ini
  file:
    src: "/etc/php/{{ php_version }}/mods-available/stem.ini"
    path: "/etc/php/{{ php_version }}/fpm/conf.d/20-stem.ini"
    state: link
-  when: nginx_enabled
+  #when: nginx_enabled | bool

- name: Restart php{{ php_version }}-fpm service
-  service:
+- name: Restart php{{ php_version }}-fpm systemd service
+  systemd:
    name: "php{{ php_version }}-fpm"
    state: restarted
-  when: nginx_enabled
+  #when: nginx_enabled | bool


 # RECORD NGINX AS INSTALLED
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -1,70 +1,51 @@
- name: Remove stale files (usb-lib.conf, modules.conf) from {{ nginx_conf_dir }}
-  file:
-    path: "{{ item.path }}"
-    state: absent
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
+
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "nginx_install is sameas true" (boolean not string etc)
+  assert:
+    that: nginx_install is sameas true
+    fail_msg: "PLEASE SET 'nginx_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "nginx_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: nginx_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'nginx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- debug:
+    var: nginx_install
+- debug:
+    var: nginx_enabled
+- debug:
+    var: nginx_installed
+
+
+- name: Install NGINX if 'nginx_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: nginx_installed is undefined
+
+
+- include_tasks: enable-or-disable.yml
+
+
+- name: Add 'nginx' variable values to {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
+    section: wordpress
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
  with_items:
-    - { path: "/etc/systemd/system/uwsgi.service" }
-    - { path: "{{ nginx_conf_dir }}/usb-lib.conf" }
-    - { path: "{{ nginx_conf_dir }}/modules.conf" }
-
- name: Ensure that Apache (({{ apache_service }})) is not running -- we may need port swap
-  systemd:
-    name: "{{ apache_service }}"
-    state: stopped
-
- name: "Install from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, {{ nginx_conf_dir }}/iiab.conf"
-  template:
-    src: "{{ item.src}}"
-    dest: "{{ item.dest }}"
-  with_items:
-    - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' }
-    - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' }
-    - { src: 'ports.conf.j2', dest: "/etc/{{ apache_service }}/ports.conf" }
-    - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" }
-  when: nginx_enabled | bool
-
-# the below slides in nginx's proxypass config files for apache on localhost
-# via the ports.conf file installed above
-#- name: Install proxpass to Apache running on localhost port {{ apache_port }}
-#  include_tasks: uses_apache.yml
-#  when: apache_enabled | bool
-
-# the below task contains the same logic contained in the playbooks to enable
-# 'runrole nginx' to do the right thing but with the 'src' path set to role's
-# templates path ie roles/<rolename>/template/
-#- name: Install proxpass to other services 'dual mode' roles
-#  include_tasks: only_nginx.yml
-#  when: nginx_enabled | bool
-
- name: Stop & Disable 'nginx' systemd service, when not nginx_enabled
-  systemd:
-    name: nginx
-    state: stopped
-    enabled: false
-  when: not nginx_enabled
-
- name: Disable Apache port {{ apache_port }} localhost only, when not nginx_enabled
-  template:
-    dest: /etc/{{ apache_service }}/ports.conf
-    src: stock-apache-ports.conf
-  when: not nginx_enabled
-
-# should have the logic to handle both modes in the playbook
-#- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is disabled
-#  include_tasks: disable.yml
-#  when: not nginx_enabled
-
- name: Enable & Restart Apache, since we stopped it ({{ apache_service }})
-  systemd:
-    name: "{{ apache_service }}"
-    daemon_reload: yes
-    state: restarted
-    enabled: true
-  when: apache_enabled or not nginx_enabled
-
- name: Enable & Restart NGINX, to pick up the config files installed
-  systemd:
-    name: nginx
-    state: restarted
-    enabled: true
-  when: nginx_enabled | bool
+    - option: name
+      value: NGINX
+    - option: description
+      value: '"NGINX is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache."'
+    - option: nginx_install
+      value: "{{ nginx_install }}"
+    - option: nginx_enabled
+      value: "{{ nginx_enabled }}"