Skip to content

Improve workflow for building NGINX from source #573

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jan 15, 2023
Merged

Improve workflow for building NGINX from source #573

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
fec33cd
Improve workflow for building NGINX from source
alessfg Jan 15, 2023
1117471
Update converge.yml
alessfg Jan 15, 2023
143dcdf
Update CHANGELOG.md
alessfg Jan 15, 2023
b954295
Update install-source.yml
alessfg Jan 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 19 additions & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,37 @@

## 0.23.3 (Unreleased)

BREAKING CHANGES:

* When building from source the various libraries required to build NGINX from source, you will no longer need to specify the name of the package, only the version:

```yaml
pcre_version: pcre2-10.42
```

is now:

```yaml
pcre_version: 10.42
```

* The `nginx_install_source_<package>: false` parameters have been reversed. Setting `nginx_install_source_pcre: true` will now build PCRE from source, instead of using the default package manager. The previous behavior was unintuitive at best.

FEATURES:

* Add AlmaLinux, Oracle Linux and Rocky Linux to the list of NGINX OSS and NGINX Plus tested and supported platforms.
* Add Alpine Linux 3.17 to the NGINX list of tested and supported platforms (and remove Alpine Linux 3.13 from the list of NGINX OSS supported platforms).

ENHANCEMENTS:

Bump the Ansible `community.general` collection to `6.2.0`, `community.crypto` collection to `2.10.0` and `community.docker` collection to `3.4.0`.
* Bump the Ansible `community.general` collection to `6.2.0`, `community.crypto` collection to `2.10.0` and `community.docker` collection to `3.4.0`.
* Use the official GitHub repositories as the source for the various packages required to compile NGINX OSS from source.

BUG FIXES:

* Fix an issue when installing the GeoIP2 module on an UBI 7 container where the the `libmaxminddb` package dependency might not be available via `yum` (if it's not available, `libmaxminddb` is installed from an external source).
* GitHub actions should now correctly skip \*plus\* scenarios only when the NGINX Plus license secrets are not present.
* Update the versions of the various packages required to build NGINX from source. The version of `zlib` listed in the role was no longer available.

TESTS:

Expand Down
4 changes: 2 additions & 2 deletions defaults/main/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,9 @@ nginx_install_from: nginx_repository
# Specify source install options for NGINX Open Source.
# Options represent whether to install from source also or to install from packages (default).
# These only apply if 'nginx_install_from' is set to 'source'.
# For the tools, true means we will install from a package and false means install from source.
# 'nginx_install_source_build_tools' will install compiler and build tools from packages.
# If false, you need to have these present.
# If set to false, you need to have these present.
# For the required libraries, true means we will install from source and false means we will install using the default package manager.
nginx_install_source_build_tools: true
nginx_install_source_pcre: false
nginx_install_source_openssl: true
Expand Down
6 changes: 3 additions & 3 deletions molecule/source/converge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@
nginx_branch: stable
nginx_static_modules: [http_ssl_module]
nginx_install_source_build_tools: true
nginx_install_source_pcre: true
nginx_install_source_openssl: true
nginx_install_source_zlib: true
nginx_install_source_pcre: false
nginx_install_source_openssl: false
nginx_install_source_zlib: false
82 changes: 51 additions & 31 deletions tasks/opensource/install-source.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,21 +92,21 @@
block:
- name: Check for PCRE install
ansible.builtin.stat:
path: /tmp/{{ pcre_version }}
path: /tmp/pcre-{{ pcre_version }}
register: pcre_result

- name: Check for ZLib install
ansible.builtin.stat:
path: /tmp/{{ zlib_version }}
path: /tmp/zlib-{{ zlib_version }}
register: zlib_result

- name: Check for OpenSSL install
ansible.builtin.stat:
path: /tmp/{{ openssl_version }}
path: /tmp/openssl-{{ openssl_version }}
register: openssl_result

- name: Install PCRE dependecy from package
when: nginx_install_source_pcre | bool
when: not nginx_install_source_pcre | bool
block:
- name: (Alpine Linux) Install PCRE dependency from package
community.general.apk:
Expand Down Expand Up @@ -135,40 +135,47 @@
- name: Install PCRE dependence from source
when:
- not pcre_result.stat.exists | bool
- not nginx_install_source_pcre | bool
- nginx_install_source_pcre | bool
- not ansible_check_mode | bool
block:
- name: Download PCRE dependency
ansible.builtin.get_url:
url: "{{ (pcre_release == 2) | ternary('https://github.com/PCRE2Project/pcre2/releases/download/' ~ pcre_version ~ '/' ~ pcre_version ~ '.tar.gz', 'https://ftp.exim.org/pub/pcre/' ~ pcre_version ~ '.tar.gz') }}"
dest: /tmp/{{ pcre_version }}.tar.gz
url: "{{ (pcre_release == 2) | ternary('https://github.com/PCRE2Project/pcre2/releases/download/pcre2-' ~ pcre_version ~ '/pcre2-' ~ pcre_version ~ '.tar.gz', 'https://ftp.exim.org/pub/pcre/pcre-' ~ pcre_version ~ '.tar.gz') }}"
dest: /tmp
mode: 0600
register: pcre_source

- name: Ensure PCRE directory exists
ansible.builtin.file:
path: /tmp/pcre-{{ pcre_version }}
state: directory
mode: 0700

- name: Unpack PCRE dependency
ansible.builtin.unarchive:
copy: false
dest: /tmp/
src: "{{ pcre_source.dest }}"
dest: /tmp/pcre-{{ pcre_version }}/
mode: 0700
extra_opts: [--strip-components=1]

- name: Configure PCRE dependency
ansible.builtin.command: ./configure
args:
chdir: /tmp/{{ pcre_version }}
chdir: /tmp/pcre-{{ pcre_version }}
creates: /tmp/makefile

- name: Make PCRE dependency
community.general.make:
chdir: /tmp/{{ pcre_version }}
chdir: /tmp/pcre-{{ pcre_version }}

- name: Install PCRE dependency
community.general.make:
chdir: /tmp/{{ pcre_version }}
chdir: /tmp/pcre-{{ pcre_version }}
target: install

- name: Install ZLib dependency from package
when: nginx_install_source_zlib | bool
when: not nginx_install_source_zlib | bool
block:
- name: (Alpine Linux) Install ZLib dependency from package
community.general.apk:
Expand Down Expand Up @@ -197,41 +204,47 @@
- name: Install ZLib dependency from source
when:
- not zlib_result.stat.exists | bool
- not nginx_install_source_zlib | bool
- nginx_install_source_zlib | bool
- not ansible_check_mode | bool
block:
- name: Download ZLib dependency
ansible.builtin.get_url:
url: https://zlib.net/{{ zlib_version }}.tar.gz
dest: /tmp/{{ zlib_version }}.tar.gz
url: https://github.com/madler/zlib/releases/download/v{{ zlib_version }}/zlib-{{ zlib_version }}.tar.gz
dest: /tmp
mode: 0600
register: zlib_source

- name: Ensure ZLib directory exists
ansible.builtin.file:
path: /tmp/zlib-{{ zlib_version }}
state: directory
mode: 0700

- name: Unpack ZLib dependency
ansible.builtin.unarchive:
copy: false
dest: /tmp/
src: "{{ zlib_source.dest }}"
dest: /tmp/zlib-{{ zlib_version }}
mode: 0700
extra_opts: [--strip-components=1]

- name: Configure ZLib dependency
ansible.builtin.command: ./configure
args:
chdir: /tmp/{{ zlib_version }}
chdir: /tmp/zlib-{{ zlib_version }}
creates: /tmp/makefile

- name: Make ZLib dependency
community.general.make:
chdir: /tmp/{{ zlib_version }}
chdir: /tmp/zlib-{{ zlib_version }}

- name: Install ZLib dependency
community.general.make:
chdir: /tmp/{{ zlib_version }}
chdir: /tmp/zlib-{{ zlib_version }}
target: install


- name: Install OpenSSL dependency from package
when: nginx_install_source_openssl | bool
when: not nginx_install_source_openssl | bool
block:
- name: (Alpine Linux) Install OpenSSL dependency from package
community.general.apk:
Expand Down Expand Up @@ -260,36 +273,43 @@
- name: Install OpenSSL dependency from source
when:
- not openssl_result.stat.exists | bool
- not nginx_install_source_openssl | bool
- nginx_install_source_openssl | bool
- not ansible_check_mode | bool
block:
- name: Download OpenSSL dependency
ansible.builtin.get_url:
url: https://www.openssl.org/source/{{ openssl_version }}.tar.gz
url: https://github.com/openssl/openssl/archive/refs/tags/openssl-{{ openssl_version }}.tar.gz
dest: /tmp/{{ openssl_version }}.tar.gz
mode: 0600
register: openssl_source

- name: Ensure OpenSSL directory exists
ansible.builtin.file:
path: /tmp/openssl-{{ openssl_version }}
state: directory
mode: 0700

- name: Unpack OpenSSL dependency
ansible.builtin.unarchive:
copy: false
dest: /tmp/
src: "{{ openssl_source.dest }}"
dest: /tmp/openssl-{{ openssl_version }}
mode: 0700
extra_opts: [--strip-components=1]

- name: Configure OpenSSL dependency
ansible.builtin.command: ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
args:
chdir: /tmp/{{ openssl_version }}
chdir: /tmp/openssl-{{ openssl_version }}
creates: /tmp/makefile

- name: Make OpenSSL dependency
community.general.make:
chdir: /tmp/{{ openssl_version }}
chdir: /tmp/openssl-{{ openssl_version }}

- name: Install OpenSSL dependency
community.general.make:
chdir: /tmp/{{ openssl_version }}
chdir: /tmp/openssl-{{ openssl_version }}
target: install

- name: Get NGINX version
Expand Down Expand Up @@ -338,8 +358,8 @@
- name: Unpack NGINX
ansible.builtin.unarchive:
copy: false
dest: /tmp/
src: "{{ nginx_source.dest }}"
dest: /tmp
mode: 0755

- name: Set static modules
Expand All @@ -360,9 +380,9 @@
--user=nginx
--with-mail=dynamic
--with-stream
{{ nginx_install_source_pcre | ternary('', '--with-pcre=../' + pcre_version) }}
{{ nginx_install_source_zlib | ternary('', '--with-zlib=../' + zlib_version) }}
{{ nginx_install_source_openssl | ternary('', '--with-openssl=../' + openssl_version) }}
{{ nginx_install_source_pcre | ternary('--with-pcre=../pcre-' + pcre_version | string, '') }}
{{ nginx_install_source_zlib | ternary('--with-zlib=../zlib-' + zlib_version | string, '') }}
{{ nginx_install_source_openssl | ternary('--with-openssl=../openssl-' + openssl_version | string, '') }}
{{ nginx_install_source_static_modules | default('') }}
args:
chdir: /tmp/{{ nginx_version }}
Expand Down
6 changes: 3 additions & 3 deletions vars/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,9 +74,9 @@ nginx_freebsd_dependencies: [
# Default locations and versions when 'nginx_install_from' is set to 'source'.
# Set 'pcre_release' to 1 to install PCRE 1, modify the 'openssl_version' to move back to 1.1.1.
pcre_release: 2
pcre_version: pcre2-10.40
zlib_version: zlib-1.2.12
openssl_version: openssl-3.0.5
pcre_version: 10.42
zlib_version: 1.2.13
openssl_version: 3.0.7

# Supported NGINX Open Source dynamic modules
nginx_modules_list: [
Expand Down