From 6645e0856ac708c179e31dc91228c1847be1ef9a Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 17 Nov 2020 16:40:53 +0100 Subject: [PATCH] Switch dictionaries to individual variables (#349) --- CHANGELOG.md | 6 +++++ tasks/keys/setup-keys.yml | 4 ++-- tasks/opensource/install-alpine.yml | 4 ++-- tasks/opensource/install-debian.yml | 2 +- tasks/opensource/install-oss.yml | 8 +------ tasks/opensource/install-redhat.yml | 4 ++-- tasks/opensource/install-suse.yml | 2 +- tasks/plus/install-suse.yml | 2 +- vars/main.yml | 36 ++++++++++++++--------------- 9 files changed, 33 insertions(+), 35 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d0040817e..33d47c5b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 0.18.1 (November 17, 2020) + +ENHANCEMENTS: + +Switch NGINX keysites and OSS default repository data from a dictionary to individual variables to prevent potential issues arisen from Jinja2 dictionary run-time evaluations. + ## 0.18.0 (November 13, 2020) BREAKING CHANGES: diff --git a/tasks/keys/setup-keys.yml b/tasks/keys/setup-keys.yml index fc0557d63..fb9dccc15 100644 --- a/tasks/keys/setup-keys.yml +++ b/tasks/keys/setup-keys.yml @@ -3,7 +3,7 @@ block: - name: (Alpine Linux) Set up NGINX signing key URL set_fact: - keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['rsa_pub']) }}" + keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_rsa_pub) }}" - name: (Alpine Linux) Download NGINX signing key get_url: @@ -14,7 +14,7 @@ - name: (Debian/Red Hat/SLES OSs) Set up NGINX signing key URL set_fact: - keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['pgp']) }}" + keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_pgp) }}" when: ansible_facts['os_family'] != "Alpine" - name: (Debian/Ubuntu) Add NGINX signing key diff --git a/tasks/opensource/install-alpine.yml b/tasks/opensource/install-alpine.yml index 24b7d9653..a884a9dc8 100644 --- a/tasks/opensource/install-alpine.yml +++ b/tasks/opensource/install-alpine.yml @@ -3,12 +3,12 @@ lineinfile: path: /etc/apk/repositories insertafter: EOF - line: "{{ repository }}" + line: "{{ nginx_repository | default(nginx_default_repository_alpine) }}" - name: (Alpine Linux) Install NGINX apk: name: "nginx{{ nginx_version | default('') }}" - repository: "{{ repository }}" + repository: "{{ nginx_repository | default(nginx_default_repository_alpine) }}" state: "{{ nginx_state }}" update_cache: yes ignore_errors: "{{ ansible_check_mode }}" diff --git a/tasks/opensource/install-debian.yml b/tasks/opensource/install-debian.yml index 7bde851a7..8f1253c4a 100644 --- a/tasks/opensource/install-debian.yml +++ b/tasks/opensource/install-debian.yml @@ -5,7 +5,7 @@ repo: "{{ item }}" update_cache: yes mode: 0644 - loop: "{{ repository }}" + loop: "{{ nginx_repository | default(nginx_default_repository_debian) }}" - name: (Debian/Ubuntu) Install NGINX apt: diff --git a/tasks/opensource/install-oss.yml b/tasks/opensource/install-oss.yml index 4f47fa193..1a573ad5e 100644 --- a/tasks/opensource/install-oss.yml +++ b/tasks/opensource/install-oss.yml @@ -2,13 +2,7 @@ - name: Install NGINX in Linux systems block: - name: Install NGINX from repository - block: - - name: Set NGINX repository - set_fact: - repository: "{{ nginx_repository | default(nginx_default_repository[ansible_facts['os_family'] | lower]) }}" - - - name: Install NGINX from repository - include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml" + include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml" when: nginx_install_from == "nginx_repository" - name: Install NGINX from source diff --git a/tasks/opensource/install-redhat.yml b/tasks/opensource/install-redhat.yml index e83c1b870..6fc16914f 100644 --- a/tasks/opensource/install-redhat.yml +++ b/tasks/opensource/install-redhat.yml @@ -2,7 +2,7 @@ - name: (CentOS/RHEL 6/7) Configure NGINX repository yum_repository: name: nginx - baseurl: "{{ repository }}" + baseurl: "{{ nginx_repository | default(nginx_default_repository_redhat) }}" description: NGINX Repository enabled: yes gpgcheck: yes @@ -15,7 +15,7 @@ create: yes block: | [nginx] - baseurl = {{ repository }} + baseurl = {{ nginx_repository | default(nginx_default_repository_redhat) }} enabled = 1 gpgcheck = 1 name = NGINX Repository diff --git a/tasks/opensource/install-suse.yml b/tasks/opensource/install-suse.yml index ed405ccf3..37e0e217a 100644 --- a/tasks/opensource/install-suse.yml +++ b/tasks/opensource/install-suse.yml @@ -2,7 +2,7 @@ - name: (SLES) Configure NGINX repository zypper_repository: name: "nginx-{{ nginx_branch }}" - repo: "{{ repository }}" + repo: "{{ nginx_repository | default(nginx_default_repository_suse) }}" - name: (SLES) Install NGINX zypper: diff --git a/tasks/plus/install-suse.yml b/tasks/plus/install-suse.yml index fb1047dcb..4dc360549 100644 --- a/tasks/plus/install-suse.yml +++ b/tasks/plus/install-suse.yml @@ -9,7 +9,7 @@ - name: (SLES) {{ nginx_license_status is defined | ternary('Remove', 'Configure') }} NGINX Plus repository zypper_repository: name: nginx-plus - repo: "{{ nginx_repository | default(nginx_plus_default_repository_sles) }}" + repo: "{{ nginx_repository | default(nginx_plus_default_repository_suse) }}" state: "{{ nginx_license_status | default ('present') }}" - name: (SLES) Install NGINX Plus diff --git a/vars/main.yml b/vars/main.yml index 2c4ccf612..9f5727323 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -13,34 +13,32 @@ nginx_plus_distributions: [ ] # Default NGINX signing key -nginx_default_signing_key: - rsa_pub: https://nginx.org/keys/nginx_signing.rsa.pub - pgp: https://nginx.org/keys/nginx_signing.key +nginx_default_signing_key_rsa_pub: https://nginx.org/keys/nginx_signing.rsa.pub +nginx_default_signing_key_pgp: https://nginx.org/keys/nginx_signing.key # Default NGINX Open Source repositories -nginx_default_repository: - alpine: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') - | ternary('mainline/', '') }}alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main" - debian: - - "deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline') - | ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx" - - "deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline') - | ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx" - redhat: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') - | ternary('mainline/', '') }}{{ (ansible_facts['distribution'] == 'CentOS') - | ternary('centos', 'rhel') }}/{{ ansible_facts['distribution_major_version'] }}/$basearch/" - suse: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') - | ternary('mainline/', '') }}sles/{{ ansible_facts['distribution_major_version'] }}" +nginx_default_repository_alpine: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\ + alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main" +nginx_default_repository_debian: + - "deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\ + {{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx" + - "deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\ + {{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx" +nginx_default_repository_redhat: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\ + {{ (ansible_facts['distribution'] == 'CentOS') | ternary('centos', 'rhel') }}/\ + {{ ansible_facts['distribution_major_version'] }}/$basearch/" +nginx_default_repository_suse: "https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}\ + sles/{{ ansible_facts['distribution_major_version'] }}" # Default NGINX Plus repositories nginx_plus_default_repository_alpine: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main" nginx_plus_default_repository_amazon: "https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch" nginx_plus_default_repository_debian: "deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus" nginx_plus_default_repository_freebsd: "https://plus-pkgs.nginx.com/freebsd/${ABI}/latest" -nginx_plus_default_repository_redhat: "https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == 'CentOS') - | ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=') +nginx_plus_default_repository_redhat: "https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == 'CentOS') | ternary('centos', 'rhel') }}/\ + {{ (ansible_facts['distribution_version'] is version('7.4', '>=') and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/" -nginx_plus_default_repository_sles: "https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}\ +nginx_plus_default_repository_suse: "https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}\ ?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=peer" # Alpine dependencies