nginx · alessfg · Sep 20, 2020 · Sep 20, 2020 · Sep 20, 2020 · Sep 20, 2020
@@ -24,6 +24,15 @@ jobs:
     - name: (CentOS) Cleanup config and try to install modules
       env:
         scenario: module_centos
+    - name: (Debian/Ubuntu) Install NGINX Plus
+      env:
+        scenario: plus
+    - name: (Alpine Linux) Install NGINX Plus
+      env:
+        scenario: plus_alpine
+    - name: (CentOS) Install NGINX Plus
+      env:
+        scenario: plus_centos
     - name: (Debian/Ubuntu) Install stable branch and push a config
       env:
         scenario: stable_push
@@ -73,6 +82,5 @@ install:
   - pip install docker==4.3.1
 script:
   - travis_wait 50 molecule test -s $scenario
-
 notifications:
   webhooks: https://galaxy.ansible.com/api/v1/notifications/
@@ -1,6 +1,6 @@
 # Changelog
 
-## 0.17.0 (September 19, 2020)
+## 0.17.0 (September 20, 2020)
 
 BREAKING CHANGES:
 
@@ -16,10 +16,12 @@ FEATURES:
 *   Three new tags have been introduced -- `nginx_setup_license`, `nginx_install` and `nginx_check_support`.
 *   Add Alpine 3.12 to the list of supported platforms.
 *   Remove Alpine 3.8 from the list of supported platforms.
+*   Add NGINX Plus tests to TravisCI
 
 ENHANCEMENTS:
 
 *   Added handlers to check for NGINX syntax validity and fail if any errors are detected.
+*   Switch to using `ansible_facts` wherever possible.
 *   Major backend refactoring to reduce the number of files and tasks.
 *   You can now specify an `nginx_repository` for NGINX Plus too.
 *   Moved "constant" variables to `vars/main.yml`.

@@ -26,8 +26,8 @@ nginx_debug_output: false
 # Default is 'opensource'.
 nginx_type: opensource
 
-# Specify which version of NGINX you want to install.
-# Default is empty.
+# (Optional) Specify which version of NGINX you want to install.
+# Default is to install the latest release.
 # nginx_version: "=19-1~bionic"
 # For NGINX Plus and modules you'll need a wilcard like below (which installs plus-20 and modules)
 # nginx_version: "-20*"
@@ -57,11 +57,11 @@ nginx_install_source_pcre: false
 nginx_install_source_openssl: true
 nginx_install_source_zlib: false
 
-# Choose where to fetch the NGINX signing key from.
+# (Optional) Choose where to fetch the NGINX signing key from.
 # Default is the official NGINX signing key host.
 # nginx_signing_key: http://nginx.org/keys/nginx_signing.key
 
-# Specify repository for NGINX Open Source or NGINX Plus.
+# (Optional) Specify repository for NGINX Open Source or NGINX Plus.
 # Only works if 'install_from' is set to 'nginx_repository' when installing NGINX Open Source.
 # Defaults are the official NGINX repositories.
 # nginx_repository: deb [arch=amd64] https://nginx.org/packages/mainline/debian/ buster nginx
@@ -83,8 +83,8 @@ nginx_license:
 nginx_setup_license: true
 
 # Remove NGINX Plus license and repository after installation for security purposes.
-# Default is false.
-nginx_remove_license: false
+# Default is true.
+nginx_remove_license: true
 
 # Install NGINX Modules.
 # You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked).

@@ -24,7 +24,7 @@
   when:
     - nginx_start | bool
     - not ansible_check_mode | bool
-  listen: "(Handler) Run NGINX"
+  listen: (Handler) Run NGINX
 
 - name: (Handler) Start NGINX Amplify agent
   service:

@@ -8,8 +8,9 @@
       vars:
         nginx_type: plus
         nginx_license:
-          certificate: ../../ansible-role-nginx/files/license/nginx-repo.crt
-          key: ../../ansible-role-nginx/files/license/nginx-repo.key
+          certificate: license/nginx-repo.crt
+          key: license/nginx-repo.key
+        nginx_remove_license: false
         nginx_modules:
           - auth-spnego
           - brotli

@@ -0,0 +1,18 @@
+---
+- name: Prepare
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Create ephemeral license certificate file from b64 decoded env var
+      copy:
+        content: "{{ lookup('env','NGINX_CRT') | b64decode }}"
+        dest: ../../../files/license/nginx-repo.crt
+        force: no
+        mode: 0444
+
+    - name: Create ephemeral license key file from b64 decoded env var
+      copy:
+        content: "{{ lookup('env','NGINX_KEY') | b64decode }}"
+        dest: ../../../files/license/nginx-repo.key
+        force: no
+        mode: 0444
@@ -44,5 +44,6 @@ platforms:
 provisioner:
   name: ansible
   playbooks:
+    prepare: ../common/playbooks/plus_prepare.yml
     converge: ../common/playbooks/plus_converge.yml
     verify: ../common/playbooks/plus_verify.yml
@@ -30,5 +30,6 @@ platforms:
 provisioner:
   name: ansible
   playbooks:
+    prepare: ../common/playbooks/plus_prepare.yml
     converge: ../common/playbooks/plus_converge.yml
     verify: ../common/playbooks/plus_verify.yml
@@ -30,5 +30,6 @@ platforms:
 provisioner:
   name: ansible
   playbooks:
+    prepare: ../common/playbooks/plus_prepare.yml
     converge: ../common/playbooks/plus_converge.yml
     verify: ../common/playbooks/plus_verify.yml
@@ -1,3 +1,4 @@
+{# DEPRECATED #}
 {{ ansible_managed | comment }}
 
 server {

@@ -1,3 +1,4 @@
+{# DEPRECATED #}
 {{ ansible_managed | comment }}
 
 {% if item.value.upstreams is defined and item.value.upstreams %}

@@ -1,3 +1,4 @@
+{# DEPRECATED #}
 {{ ansible_managed | comment }}
 
 server {

@@ -1,3 +1,4 @@
+{# DEPRECATED #}
 {{ ansible_managed | comment }}
 
 user  {{ nginx_main_template.user }};

@@ -1,3 +1,4 @@
+{# DEPRECATED #}
 {{ ansible_managed | comment }}
 
 {% if item.value.upstreams is defined %}

@@ -1,3 +1,4 @@
+<!-- DEPRECATED -->
 <!-- {{ ansible_managed }} -->
 
 <!DOCTYPE html>

@@ -34,21 +34,15 @@ nginx_default_repository:
 
 # Default NGINX Plus repositories
 nginx_plus_default_repository:
-  alpine: >-
-    https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main
-  amazon: >-
-    https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '=='))
-    | ternary('2', '') }}/$releasever/$basearch
-  debian: >-
-    deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus
-  freebsd: >-
-    https://plus-pkgs.nginx.com/freebsd/${ABI}/latest
-  redhat: >-
-    https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == "CentOS")
-    | ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
-    and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/
-  suse: >-
-    https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host
+  alpine: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
+  amazon: "https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '==')) | ternary('2', '') }}/$releasever/$basearch"
+  debian: "deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus"
+  freebsd: "https://plus-pkgs.nginx.com/freebsd/${ABI}/latest"
+  redhat: "https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == 'CentOS')
+          | ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
+          and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/"
+  suse: "https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}\
+        ?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host"
 
 # Alpine dependencies
 nginx_alpine_dependencies: [
@@ -72,7 +66,7 @@ nginx_sles_dependencies: [
 
 # FreeBSD dependencies
 nginx_freebsd_dependencies: [
-  'security/ca_root_nss'
+  'security/ca_root_nss',
 ]
 
 # Default locations and versions when 'nginx_install_from' is set to 'source'