450 lines
13 KiB
YAML
450 lines
13 KiB
YAML
---
|
|
- name: Check for build tools
|
|
block:
|
|
- name: (CentOS/RHEL 8) Setup Python 3
|
|
block:
|
|
- name: (CentOS/RHEL 8) Install Python 3
|
|
yum:
|
|
name:
|
|
- python3
|
|
- python3-pip
|
|
- python3-devel
|
|
update_cache: yes
|
|
|
|
- name: (Centos/RHEL 8) Set Python 3 as default
|
|
alternatives:
|
|
name: python
|
|
path: /usr/bin/python3
|
|
link: /usr/bin/python
|
|
when:
|
|
- ansible_facts['os_family'] == "RedHat"
|
|
- ansible_facts['distribution_major_version'] is version('8', '==')
|
|
|
|
- name: (Centos/RHEL) Install build tools
|
|
yum:
|
|
name:
|
|
- "@Development tools"
|
|
- ca-certificates
|
|
- gcc
|
|
- gd
|
|
- gd-devel
|
|
- glibc
|
|
- glibc-common
|
|
- perl-core
|
|
- wget
|
|
- zlib-devel
|
|
update_cache: yes
|
|
when: ansible_facts['os_family'] == "RedHat"
|
|
|
|
- name: (Debian) Install backports repo for 'buster'
|
|
apt_repository:
|
|
filename: buster-backports
|
|
repo: deb http://ftp.us.debian.org/debian buster-backports main
|
|
update_cache: yes
|
|
mode: 0644
|
|
when: ansible_facts['distribution_release'] == "buster"
|
|
|
|
- name: (Debian/Ubuntu) Install build tools
|
|
apt:
|
|
name:
|
|
- build-essential
|
|
- checkinstall
|
|
- libtemplate-perl
|
|
- python3-minimal
|
|
- perl
|
|
- tar
|
|
- zlib1g-dev
|
|
update_cache: yes
|
|
when: ansible_facts['os_family'] == "Debian"
|
|
|
|
- name: (Alpine Linux) Install build tools
|
|
apk:
|
|
name:
|
|
- alpine-sdk
|
|
- build-base
|
|
- git
|
|
- openrc
|
|
- perl
|
|
- python3
|
|
- linux-headers
|
|
- tar
|
|
- wget
|
|
update_cache: yes
|
|
when: ansible_facts['os_family'] == "Alpine"
|
|
|
|
- name: (Alpine Linux) Enable OpenRC
|
|
copy:
|
|
content: ""
|
|
dest: /run/openrc/softlevel
|
|
force: no
|
|
owner: root
|
|
mode: 0644
|
|
when: ansible_facts['os_family'] == "Alpine"
|
|
when: nginx_install_source_build_tools | bool
|
|
|
|
- name: Check for source installs
|
|
block:
|
|
- name: Check for PCRE install
|
|
stat:
|
|
path: /tmp/{{ pcre_version }}
|
|
register: pcre_result
|
|
|
|
- name: Check for ZLib install
|
|
stat:
|
|
path: /tmp/{{ zlib_version }}
|
|
register: zlib_result
|
|
|
|
- name: Check for OpenSSL install
|
|
stat:
|
|
path: /tmp/{{ openssl_version }}
|
|
register: openssl_result
|
|
|
|
- name: (CentOS/RHEL) Install PCRE dependency from package
|
|
yum:
|
|
name: pcre-devel
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_pcre | bool
|
|
- ansible_facts['os_family'] == "RedHat"
|
|
|
|
- name: (Debian/Ubuntu) Install PCRE dependency from package
|
|
apt:
|
|
name: libpcre3-dev
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_pcre | bool
|
|
- ansible_facts['os_family'] == "Debian"
|
|
|
|
- name: (Alpine Linux) Install PCRE dependency from package
|
|
apk:
|
|
name: pcre-dev
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_pcre | bool
|
|
- ansible_facts['os_family'] == "Alpine"
|
|
|
|
- name: Install PCRE dependence from source
|
|
block:
|
|
- name: Download PCRE dependency
|
|
get_url:
|
|
url: "https://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz"
|
|
dest: "/tmp/{{ pcre_version }}.tar.gz"
|
|
mode: 0600
|
|
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
|
| ternary('no', 'yes') }}"
|
|
register: pcre_source
|
|
|
|
- name: Unpack PCRE dependency
|
|
unarchive:
|
|
copy: no
|
|
dest: /tmp/
|
|
src: "{{ pcre_source.dest }}"
|
|
mode: 0700
|
|
|
|
- name: Configure PCRE dependency
|
|
command: ./configure
|
|
args:
|
|
chdir: "/tmp/{{ pcre_version }}"
|
|
|
|
- name: Make PCRE dependency
|
|
make:
|
|
chdir: "/tmp/{{ pcre_version }}"
|
|
|
|
- name: Install PCRE dependency
|
|
make:
|
|
chdir: "/tmp/{{ pcre_version }}"
|
|
target: install
|
|
when:
|
|
- not pcre_result.stat.exists | bool
|
|
- not nginx_install_source_pcre | bool
|
|
- not ansible_check_mode | bool
|
|
|
|
- name: (Centos/RHEL) Install ZLib dependency from package
|
|
yum:
|
|
name: zlib-devel
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_zlib | bool
|
|
- ansible_facts['os_family'] == "RedHat"
|
|
|
|
- name: (Debian/Ubuntu) Install ZLib dependency from package
|
|
apt:
|
|
name: zlib1g-dev
|
|
update_cache: true
|
|
when:
|
|
- nginx_install_source_zlib | bool
|
|
- ansible_facts['os_family'] == "Debian"
|
|
|
|
- name: (Alpine Linux) Install ZLib dependency from package
|
|
apk:
|
|
name: zlib-dev
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_zlib | bool
|
|
- ansible_facts['os_family'] == "Alpine"
|
|
|
|
- name: Install ZLib dependency from source
|
|
block:
|
|
- name: Download ZLib dependency
|
|
get_url:
|
|
url: "https://zlib.net/{{ zlib_version }}.tar.gz"
|
|
dest: "/tmp/{{ zlib_version }}.tar.gz"
|
|
mode: 0600
|
|
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
|
| ternary('no', 'yes') }}"
|
|
register: zlib_source
|
|
|
|
- name: Unpack ZLib dependency
|
|
unarchive:
|
|
copy: no
|
|
dest: /tmp/
|
|
src: "{{ zlib_source.dest }}"
|
|
mode: 0700
|
|
|
|
- name: Configure ZLib dependency
|
|
command: ./configure
|
|
args:
|
|
chdir: "/tmp/{{ zlib_version }}"
|
|
|
|
- name: Make ZLib dependency
|
|
make:
|
|
chdir: "/tmp/{{ zlib_version }}"
|
|
|
|
- name: Install ZLib dependency
|
|
make:
|
|
chdir: "/tmp/{{ zlib_version }}"
|
|
target: install
|
|
when:
|
|
- not zlib_result.stat.exists | bool
|
|
- not nginx_install_source_zlib | bool
|
|
- not ansible_check_mode | bool
|
|
|
|
- name: (CentOS/RHEL) Install OpenSSL dependency from package
|
|
yum:
|
|
name: openssl-devel
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_openssl | bool
|
|
- ansible_facts['os_family'] == "RedHat"
|
|
|
|
- name: (Debian/Ubuntu) Install OpenSSL dependency from package
|
|
apt:
|
|
name: libssl-dev
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_openssl | bool
|
|
- ansible_facts['os_family'] == "Debian"
|
|
|
|
- name: (Alpine Linux) Install OpenSSL dependency from package
|
|
apk:
|
|
name: openssl-dev
|
|
update_cache: yes
|
|
when:
|
|
- nginx_install_source_openssl | bool
|
|
- ansible_facts['os_family'] == "Alpine"
|
|
|
|
- name: Install OpenSSL dependency from source
|
|
block:
|
|
- name: Download OpenSSL dependency
|
|
get_url:
|
|
url: "https://www.openssl.org/source/{{ openssl_version }}.tar.gz"
|
|
dest: "/tmp/{{ openssl_version }}.tar.gz"
|
|
mode: 0600
|
|
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
|
| ternary('no', 'yes') }}"
|
|
register: openssl_source
|
|
|
|
- name: Unpack OpenSSL dependency
|
|
unarchive:
|
|
copy: no
|
|
dest: /tmp/
|
|
src: "{{ openssl_source.dest }}"
|
|
mode: 0700
|
|
|
|
- name: Configure OpenSSL dependency
|
|
command: ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
|
|
args:
|
|
chdir: "/tmp/{{ openssl_version }}"
|
|
|
|
- name: Make OpenSSL dependency
|
|
make:
|
|
chdir: "/tmp/{{ openssl_version }}"
|
|
|
|
- name: Install OpenSSL dependency
|
|
make:
|
|
chdir: "/tmp/{{ openssl_version }}"
|
|
target: install
|
|
when:
|
|
- not openssl_result.stat.exists | bool
|
|
- not nginx_install_source_openssl | bool
|
|
- not ansible_check_mode | bool
|
|
|
|
- name: Get NGINX version
|
|
block:
|
|
- name: Fetch NGINX version
|
|
uri:
|
|
url: https://trac.nginx.org/nginx/browser
|
|
return_content: yes
|
|
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
|
| ternary('no', 'yes') }}"
|
|
check_mode: no
|
|
register: nginx_versions
|
|
|
|
- name: Set NGINX mainline version
|
|
set_fact:
|
|
nginx_version: "{{ nginx_versions.content | regex_search('release[^<]*') | regex_replace('release', 'nginx') }}"
|
|
when: nginx_branch == "mainline"
|
|
|
|
- name: Set NGINX stable version 1/2
|
|
set_fact:
|
|
nginx_version: "{{ nginx_versions.content | regex_search('stable[^<]*') | regex_replace('stable', 'release') }}"
|
|
when: nginx_branch == "stable"
|
|
|
|
- name: Set NGINX stable version 2/2
|
|
set_fact:
|
|
nginx_version: "{{ nginx_versions.content | regex_search(nginx_version + '[^<]*') | regex_replace('release', 'nginx') }}"
|
|
when: nginx_branch == "stable"
|
|
|
|
- name: Set NGINX download filename
|
|
set_fact:
|
|
nginx_download_name: "{{ nginx_version }}"
|
|
|
|
- name: Check for NGINX install
|
|
stat:
|
|
path: /usr/sbin/nginx
|
|
follow: yes
|
|
register: nginx_result
|
|
|
|
- name: Add NGINX user
|
|
user:
|
|
name: nginx
|
|
|
|
- name: Install NGINX
|
|
block:
|
|
- name: Download NGINX
|
|
get_url:
|
|
url: "https://nginx.org/download/{{ nginx_download_name }}.tar.gz"
|
|
dest: "/tmp/{{ nginx_download_name }}.tar.gz"
|
|
mode: 0600
|
|
validate_certs: "{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '=='))
|
|
| ternary('no', 'yes') }}"
|
|
register: nginx_source
|
|
|
|
- name: Unpack NGINX
|
|
unarchive:
|
|
copy: no
|
|
dest: /tmp/
|
|
src: "{{ nginx_source.dest }}"
|
|
mode: 0755
|
|
|
|
- name: Configure NGINX
|
|
command: >-
|
|
./configure
|
|
--conf-path=/etc/nginx/nginx.conf
|
|
--error-log-path=/var/log/nginx/error.log
|
|
--http-log-path=/var/log/nginx/access.log
|
|
--lock-path=/var/lock/nginx.lock
|
|
--modules-path=/usr/lib/nginx/modules
|
|
--prefix=/usr
|
|
--pid-path=/var/run/nginx.pid
|
|
--with-http_ssl_module
|
|
--with-mail=dynamic
|
|
--with-stream
|
|
{{ nginx_install_source_pcre | ternary('', '--with-pcre=../' + pcre_version) }}
|
|
{{ nginx_install_source_zlib | ternary('', '--with-zlib=../' + zlib_version) }}
|
|
{{ nginx_install_source_openssl | ternary('', '--with-openssl=../' + openssl_version) }}
|
|
args:
|
|
chdir: "/tmp/{{ nginx_version }}"
|
|
register: nginx_configure
|
|
|
|
- name: Make NGINX
|
|
make:
|
|
chdir: "/tmp/{{ nginx_version }}"
|
|
|
|
- name: Install NGINX
|
|
make:
|
|
chdir: "/tmp/{{ nginx_version }}"
|
|
target: install
|
|
|
|
- name: Upload systemd NGINX service file
|
|
copy:
|
|
src: services/nginx.systemd
|
|
dest: /lib/systemd/system/nginx.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: ansible_facts['service_mgr'] == "systemd"
|
|
|
|
- name: Enable systemd NGINX service file
|
|
systemd:
|
|
daemon_reload: yes
|
|
name: nginx
|
|
state: restarted
|
|
enabled: yes
|
|
when: ansible_facts['service_mgr'] == "systemd"
|
|
notify: "(Handler) Run NGINX"
|
|
|
|
- name: Upload upstart NGINX service file
|
|
copy:
|
|
src: services/nginx.upstart
|
|
dest: /etc/init.d/nginx
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
when: ansible_facts['service_mgr'] == "upstart"
|
|
|
|
- name: Upload Upstart NGINX service conf file
|
|
copy:
|
|
src: services/nginx.conf.upstart
|
|
dest: /etc/init/nginx.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: ansible_facts['service_mgr'] == "upstart"
|
|
|
|
- name: Enable Upstart NGINX service reload
|
|
command: initctl reload-configuration
|
|
when: ansible_facts['service_mgr'] == "upstart"
|
|
|
|
- name: Start Upstart NGINX service reload
|
|
command: nginx
|
|
when: ansible_facts['service_mgr'] == "upstart"
|
|
notify: "(Handler) Run NGINX"
|
|
|
|
- name: Upload SysVinit NGINX service file
|
|
copy:
|
|
src: services/nginx.sysvinit
|
|
dest: /etc/init.d/nginx
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
when: ansible_facts['service_mgr'] == "sysvinit"
|
|
notify: "(Handler) Run NGINX"
|
|
|
|
- name: Upload OpenRC NGINX service file
|
|
copy:
|
|
src: services/nginx.openrc
|
|
dest: /etc/init.d/nginx
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
when: ansible_facts['service_mgr'] == "openrc"
|
|
|
|
- name: Enable OpenRC NGINX service
|
|
command: rc-update add nginx default
|
|
when: ansible_facts['service_mgr'] == "openrc"
|
|
notify: (Handler) Run NGINX
|
|
when:
|
|
- not nginx_result.stat.exists | bool
|
|
- not ansible_check_mode | bool
|
|
|
|
- name: Cleanup downloads
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- "{{ pcre_source.dest }}"
|
|
- "{{ zlib_source.dest }}"
|
|
- "{{ openssl_source.dest }}"
|
|
- "{{ nginx_source.dest }}"
|
|
when: item is defined
|