Avoid re-copying the NGINX Amplify config file every role re-run (#679)

And add Molecule tests for NGINX Amplify. Fixes #667.

Author: alessfg

.github/workflows/molecule.yml

@@ -37,13 +37,18 @@ jobs:
   molecule:
     name: Molecule
     runs-on: ubuntu-22.04
+    needs: ansible-lint
     env:
+      AMPLIFY_API_KEY: ${{ secrets.AMPLIFY_API_KEY }}
+      AMPLIFY_EMAIL: ${{ secrets.AMPLIFY_EMAIL }}
+      AMPLIFY_PASSWORD: ${{ secrets.AMPLIFY_PASSWORD }}
       NGINX_CRT: ${{ secrets.NGINX_CRT }}
       NGINX_KEY: ${{ secrets.NGINX_KEY }}
     strategy:
       fail-fast: false
       matrix:
         scenario:
+          - amplify
           - default
           - distribution
           - downgrade
@@ -57,7 +62,6 @@ jobs:
           - upgrade
           - upgrade-plus
           - version
-    needs: ansible-lint
     steps:
       - name: Check out the codebase
         if: ${{ !(contains(matrix.scenario, 'plus')) || (env.NGINX_CRT != 0 && env.NGINX_KEY != 0) }}

CHANGELOG.md

@@ -6,6 +6,14 @@ ENHANCEMENTS:
 
 - Allow strings in addition to a list when configuring `logrotate`.
 
+BUG FIXES:
+
+- Avoid re-copying the NGINX Amplify config file every time the role is run.
+
+CI/CD:
+
+- Add Molecule tests for NGINX Amplify.
+
 ## 0.24.2 (October 3rd, 2023)
 
 FEATURES:

README.md

@@ -209,6 +209,7 @@ Working functional playbook examples can be found in the **[`molecule/`](https:/
 
 | Name | Description |
 | ---- | ----------- |
+| **[`amplify/converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/amplify/converge.yml)** | Install and configure the NGINX Amplify agent |
 | **[`default/converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/default/converge.yml)** | Install a specific version of NGINX, install various NGINX supported modules, tweak systemd and set up logrotate |
 | **[`distribution/converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/distribution/converge.yml)** | Install NGINX from the distribution's package repository instead of NGINX's package repository |
 | **[`downgrade/converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/downgrade/converge.yml)** | Downgrade to a specific version of NGINX |

molecule/amplify/cleanup.yml

@@ -0,0 +1,58 @@
+---
+- name: Cleanup
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Cleanup NGINX Amplify instances
+      block:
+        - name: Wait for containers to be up
+          ansible.builtin.wait_for_connection:
+            delay: 1
+            timeout: 2
+          ignore_errors: true
+          register: container
+
+        - name: Containers are not up, quit from here
+          ansible.builtin.fail:
+          when: container['failed']
+
+        - name: Gather facts
+          ansible.builtin.setup:
+            gather_subset:
+              - "!all"
+              - "!any"
+              - distribution
+
+        - name: Login to NGINX Amplify
+          ansible.builtin.uri:
+            url: "https://amplify.nginx.com/sapi/auth/login/"
+            method: POST
+            headers:
+              Content-Type: application/json
+            body_format: json
+            body:
+              email: "{{ lookup('env', 'AMPLIFY_EMAIL') }}"
+              password: "{{ lookup('env', 'AMPLIFY_PASSWORD') }}"
+          register: login
+
+        - name: Get list of IDs
+          ansible.builtin.uri:
+            url: "https://amplify.nginx.com/sapi/inventory/objects/?all=true&filter=false/"
+            method: GET
+            headers:
+              Cookie: "{{ login.cookies_string }}"
+              Connection: keep-alive
+            follow_redirects: all
+          register: get_ids
+
+        - name: Remove dangling instances from NGINX Amplify
+          ansible.builtin.uri:
+            url: "https://amplify.nginx.com/sapi/inventory/objects/{{ item }}/"
+            method: DELETE
+            status_code: 204
+            headers:
+              Cookie: "{{ login.cookies_string }}"
+          loop: "{{ get_ids.json | rejectattr('parent_id', 'match', '^[0-9]+$') | map(attribute='id') | list }}"
+      rescue:
+        - name: It's ok we're at startup
+          ansible.builtin.meta: noop

molecule/amplify/converge.yml

@@ -0,0 +1,10 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: Install NGINX Amplify
+      ansible.builtin.include_role:
+        name: ansible-role-nginx
+      vars:
+        nginx_amplify_enable: true
+        nginx_amplify_api_key: "{{ lookup('env', 'AMPLIFY_API_KEY') }}"

molecule/amplify/molecule.yml

@@ -0,0 +1,54 @@
+---
+driver:
+  name: docker
+platforms:
+  - name: amazonlinux-2
+    image: amazonlinux:2
+    platform: x86_64
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: debian-bullseye
+    image: debian:bullseye-slim
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /sbin/init
+  - name: oraclelinux-8
+    image: oraclelinux:8
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: rhel-9
+    image: redhat/ubi9:9.1.0
+    # platform: aarch64
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: ubuntu-jammy
+    image: ubuntu:jammy
+    # platform: aarch64
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /sbin/init
+provisioner:
+  name: ansible
+  log: true
+  playbooks:
+    cleanup: cleanup.yml
+    converge: converge.yml
+    verify: verify.yml

molecule/amplify/verify.yml

@@ -0,0 +1,33 @@
+---
+- name: Verify
+  hosts: all
+  tasks:
+    - name: Check if NGINX is installed
+      ansible.builtin.package:
+        name: nginx
+        state: present
+      check_mode: true
+      register: install
+      failed_when: (install is changed) or (install is failed)
+
+    - name: Check if NGINX service is running
+      ansible.builtin.service:
+        name: nginx
+        state: started
+        enabled: true
+      check_mode: true
+      register: service
+      failed_when: (service is changed) or (service is failed)
+
+    - name: Verify NGINX is up and running
+      ansible.builtin.uri:
+        url: http://localhost
+        status_code: 200
+
+    - name: Check if NGINX Amplify agent is installed
+      ansible.builtin.package:
+        name: nginx-amplify-agent
+        state: present
+      check_mode: true
+      register: install
+      failed_when: (install is changed) or (install is failed)

tasks/amplify/install-amplify.yml

@@ -8,16 +8,25 @@
     name: nginx-amplify-agent
     state: present
 
-- name: Copy NGINX Amplify configurator agent configuration template
+- name: Check if NGINX Amplify agent configuration file is present
+  ansible.builtin.stat:
+    path: /etc/amplify-agent/agent.conf
+  register: nginx_amplify_agent_config
+
+- name: Copy NGINX Amplify agent configuration template
   ansible.builtin.copy:
     remote_src: true
     src: /etc/amplify-agent/agent.conf.default
     dest: /etc/amplify-agent/agent.conf
     mode: "0644"
+  when: not nginx_amplify_agent_config['stat']['exists']
 
 - name: Configure NGINX Amplify agent API key
   ansible.builtin.lineinfile:
     dest: /etc/amplify-agent/agent.conf
     regexp: api_key =.*
     line: api_key = {{ nginx_amplify_api_key }}
+  when:
+    - nginx_amplify_api_key is defined
+    - nginx_amplify_api_key | length > 0
   notify: (Handler) Start NGINX Amplify agent

tasks/amplify/setup-debian.yml

@@ -2,6 +2,6 @@
 - name: (Debian/Ubuntu) Add NGINX Amplify agent repository
   ansible.builtin.apt_repository:
     filename: nginx-amplify
-    repo: deb [arch=amd64 signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.amplify.nginx.com/py3/{{ ansible_facts['distribution'] | lower }}/{{ ansible_facts['distribution_release'] | lower }} amplify-agent
+    repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.amplify.nginx.com/py3/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} amplify-agent
     update_cache: true
     mode: "0644"

tasks/main.yml

@@ -76,8 +76,5 @@
 
 - name: Install NGINX Amplify
   ansible.builtin.include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml"
-  when:
-    - nginx_amplify_enable | bool
-    - nginx_amplify_api_key is defined
-    - nginx_amplify_api_key | length > 0
+  when: nginx_amplify_enable | bool
   tags: nginx_install_amplify