Skip to content

Check NGINX Plus license is valid #538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Aug 12, 2022
Merged

Check NGINX Plus license is valid #538

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
b9ff244
Check NGINX Plus license is valid
alessfg Aug 11, 2022
ef360d2
Move things around
alessfg Aug 11, 2022
3531125
Merge branch 'main' into license-check
alessfg Aug 11, 2022
9369535
Add community.crypto collection
alessfg Aug 11, 2022
5245bbc
Update setup-license.yml
alessfg Aug 11, 2022
b0b67a2
Add readme text
alessfg Aug 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/requirements/requirements_ansible.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,7 @@ collections:
version: 5.4.0
- name: ansible.posix
version: 1.4.0
- name: community.crypto
version: 2.5.0
- name: community.docker
version: 2.7.0
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

FEATURES:

* Check NGINX Plus license is valid before trying to install NGINX Plus (this means the role now requires the `community.crypto` collection).
* Add Ubuntu jammy (22.04) to the NGINX list of tested and supported platforms.
* Add RHEL 9 to the NGINX list of tested and supported platforms.
* Add Alpine Linux 3.16 to the NGINX list of tested and supported platforms (and remove Alpine Linux 3.12).
Expand Down
4 changes: 3 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,9 @@ If you wish to install NGINX Plus using this role, you will need to obtain an NG
version: 5.4.0
- name: ansible.posix
version: 1.4.0
- name: community.docker # Only required if you plan to use Molecule (see below)
- name: community.crypto # Only required if you plan to install NGINX Plus
version: 2.5.0
- name: community.docker # Only required if you plan to use Molecule (see below)
version: 2.7.0
```

Expand Down
1 change: 1 addition & 0 deletions meta/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,4 +51,5 @@ galaxy_info:

collections:
- ansible.posix
- community.crypto
- community.general
56 changes: 50 additions & 6 deletions tasks/plus/setup-license.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,28 @@
- "{{ nginx_license['certificate'] }}"
- "{{ nginx_license['key'] }}"

- name: (Debian/Red Hat/SLES OSs) Install cryptography package
ansible.builtin.package:
name: "{{ (ansible_python['version']['major'] == 3) | ternary('python3-cryptography', 'python2-cryptography') }}"

- name: (Debian/Red Hat/SLES OSs) Check that NGINX Plus certificate is valid
community.crypto.x509_certificate_info:
path: /etc/ssl/nginx/nginx-repo.crt
register: cert

- name: (Debian/Red Hat/SLES OSs) Check that NGINX Plus key is valid
community.crypto.openssl_privatekey_info:
path: /etc/ssl/nginx/nginx-repo.key
register: key

- name: (Debian/Red Hat/SLES OSs) Check that NGINX Plus license is valid
ansible.builtin.assert:
that:
- cert.expired == false
- cert.public_key == key.public_key
success_msg: Your NGINX Plus license is valid!
fail_msg: Something went wrong! Make sure your NGINX Plus license is valid!

- name: (SLES) Create NGINX Plus license bundle
block:
- name: (SLES) Check combined NGINX Plus license bundle exists
Expand All @@ -35,23 +57,45 @@

- name: (Alpine Linux) Set up NGINX Plus license
block:
- name: Install cryptography package
ansible.builtin.package:
name: py3-cryptography

- name: (Alpine Linux) Create APK directory
ansible.builtin.file:
path: /etc/apk
state: directory
mode: 0755

- name: (Alpine Linux) Copy NGINX Plus key
- name: (Alpine Linux) Copy NGINX Plus certificate
ansible.builtin.copy:
src: "{{ nginx_license['key'] }}"
dest: /etc/apk/cert.key
src: "{{ nginx_license['certificate'] }}"
dest: /etc/apk/cert.pem
decrypt: true
mode: 0444

- name: (Alpine Linux) Copy NGINX Plus certificate
- name: (Alpine Linux) Copy NGINX Plus key
ansible.builtin.copy:
src: "{{ nginx_license['certificate'] }}"
dest: /etc/apk/cert.pem
src: "{{ nginx_license['key'] }}"
dest: /etc/apk/cert.key
decrypt: true
mode: 0444

- name: (Alpine Linux) Check that NGINX Plus certificate is valid
community.crypto.x509_certificate_info:
path: /etc/apk/cert.pem
register: cert

- name: (Alpine Linux) Check that NGINX Plus key is valid
community.crypto.openssl_privatekey_info:
path: /etc/apk/cert.key
register: key

- name: (Alpine Linux) Check that NGINX Plus license is valid
ansible.builtin.assert:
that:
- cert.expired == false
- cert.public_key == key.public_key
success_msg: Your NGINX Plus license is valid!
fail_msg: Something went wrong! Make sure your NGINX Plus license is valid!
when: ansible_facts['os_family'] == "Alpine"