nginx · alessfg · Jan 29, 2023 · Jan 28, 2023 · Jan 28, 2023 · Jan 28, 2023
diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
@@ -24,6 +24,7 @@ jobs:
       matrix:
         scenario:
           - default
+          - distribution
           - downgrade
           - downgrade-plus
           - plus

@@ -32,6 +32,7 @@ ENHANCEMENTS:
 BUG FIXES:
 
 * Specifying a module version would result in an invalid package name on Alpine Linux.
+* Fix the NGINX installation process when installing NGINX from a distribution's package repository in CentOS/RHEL 7 based distributions.
 * Fix an issue when installing the GeoIP2 module on an UBI 7 container where the the `libmaxminddb` package dependency might not be available via `yum` (if it's not available, `libmaxminddb` is installed from an external source).
 * GitHub actions should now correctly skip \*plus\* scenarios only when the NGINX Plus license secrets are not present.
 * Update the versions of the various packages required to build NGINX from source. The version of `zlib` listed in the role was no longer available.
@@ -45,6 +46,7 @@ TESTS:
 * Explicitly test some distributions using `aarch64` and `s390x` as the Molecule platform. This should ensure the role works as intended across the various architectures that are officially supported.
 * Combine the `module` Molecule scenario with the `default` scenario.
 * Add `stable` and `version` Molecule scenario.
+* Add `distribution` Molecule scenario.
 * Replace underscores with dashes in Molecule scenario names to improve naming consistency across the role.
 
 ## 0.23.2 (September 28, 2022)

@@ -191,6 +191,7 @@ Working functional playbook examples can be found in the **[`molecule/`](https:/
 | Name | Description |
 | ---- | ----------- |
 | **[`default/converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/default/converge.yml)** | Install a specific version of NGINX, install various NGINX supported modules, tweak systemd and set up logrotate |
+| **[`distribution/converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/distribution/converge.yml)** | Install NGINX from the distribution's package repository instead of NGINX's package repository |
 | **[`downgrade/converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/downgrade/converge.yml)** | Downgrade to a specific version of NGINX |
 | **[`downgrade-plus/converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/downgrade-plus/converge.yml)** | Downgrade to a specific version of NGINX Plus |
 | **[`plus/converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/plus/converge.yml)** | Install NGINX Plus and various NGINX Plus supported modules |

@@ -38,8 +38,9 @@ nginx_setup: install
 nginx_manage_repo: true
 
 # Specify repository origin for NGINX Open Source.
-# Options are 'nginx_repository', 'source' or 'os_repository'.
 # Only works if 'nginx_type' is set to 'opensource'.
+# Options are 'nginx_repository', 'source' or 'os_repository'.
+# When using 'os_repository' on CentOS/RHEL 7 based systems, you will also need to install the EPEL repository (see the 'nginx_install_epel_release' variable below).
 # Default is nginx_repository.
 nginx_install_from: nginx_repository
 
@@ -90,7 +91,7 @@ nginx_setup_license: true
 # Default is true.
 nginx_remove_license: true
 
-# Specify whether or not you want this role to install the EPEL package when installing certain NGINX Plus modules.
+# Specify whether or not you want this role to install the EPEL package when installing NGINX OSS in some distributions and some NGINX OSS/Plus modules.
 # Using 'true' will install EPEL.
 # Using 'false' will not install EPEL.
 # Default is true.

@@ -0,0 +1,9 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: Install NGINX
+      ansible.builtin.include_role:
+        name: ansible-role-nginx
+      vars:
+        nginx_install_from: os_repository
@@ -0,0 +1,177 @@
+---
+driver:
+  name: docker
+lint: |
+  set -e
+  ansible-lint --force-color
+platforms: # The RHEL UBI 7 image fails to install some NGINX dependencies when installing NGINX from EPEL. The role works as expected when targeting a RHEL 7 VM instead.
+  - name: almalinux-8
+    image: almalinux:8
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: almalinux-9
+    image: almalinux:9
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: alpine-3.14
+    image: alpine:3.14
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /sbin/init
+  - name: alpine-3.15
+    image: alpine:3.15
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /sbin/init
+  - name: alpine-3.16
+    image: alpine:3.16
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /sbin/init
+  - name: alpine-3.17
+    image: alpine:3.17
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /sbin/init
+  - name: amazonlinux-2
+    image: amazonlinux:2
+    platform: amd64
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: centos-7
+    image: centos:7
+    platform: amd64
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: debian-bullseye
+    image: debian:bullseye-slim
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /sbin/init
+  - name: oraclelinux-7
+    image: oraclelinux:7
+    platform: amd64
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: oraclelinux-8
+    image: oraclelinux:8
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: oraclelinux-9
+    image: oraclelinux:9
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: rhel-8
+    image: redhat/ubi8:8.7
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: rhel-9
+    image: redhat/ubi9:9.1.0
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: rockylinux-8
+    image: rockylinux:8
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: rockylinux-9
+    image: rockylinux:9.0.20220720
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: sles15
+    image: registry.suse.com/bci/bci-base:15.4
+    platform: amd64
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /usr/sbin/init
+  - name: ubuntu-bionic
+    image: ubuntu:bionic
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /sbin/init
+  - name: ubuntu-focal
+    image: ubuntu:focal
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /sbin/init
+  - name: ubuntu-jammy
+    image: ubuntu:jammy
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    command: /sbin/init
+provisioner:
+  name: ansible
+  log: true
+  playbooks:
+    converge: converge.yml
+    verify: verify.yml
@@ -0,0 +1,38 @@
+---
+- name: Verify
+  hosts: all
+  tasks:
+    - name: Check if NGINX is installed
+      ansible.builtin.package:
+        name: nginx
+        state: present
+      check_mode: true
+      register: install
+      failed_when: (install is changed) or (install is failed)
+
+    - name: Check if NGINX service is running
+      ansible.builtin.service:
+        name: nginx
+        state: started
+        enabled: true
+      check_mode: true
+      register: service
+      failed_when: (service is changed) or (service is failed)
+
+    - name: Verify NGINX is up and running
+      ansible.builtin.uri:
+        url: http://localhost
+        status_code: 200
+      when: ansible_facts['distribution'] not in ["Alpine", "SLES"]
+
+    - name: Verify NGINX is up and running
+      ansible.builtin.uri:
+        url: http://localhost
+        status_code: 404
+      when: ansible_facts['distribution'] == 'Alpine'
+
+    - name: Verify NGINX is up and running
+      ansible.builtin.uri:
+        url: http://localhost
+        status_code: 403
+      when: ansible_facts['distribution'] == 'SLES'
@@ -0,0 +1,44 @@
+---
+- name: (CentOS/RHEL 7) Set up the EPEL repository
+  when:
+    - ansible_facts['distribution'] in ["CentOS", "RedHat"]
+    - ansible_facts['distribution_major_version'] is version('7', '==')
+    - nginx_install_epel_release | bool
+  block:
+    - name: (CentOS/RHEL 7) Import the EPEL repository GPG key
+      ansible.builtin.rpm_key:
+        state: present
+        key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ((ansible_facts['distribution'] == 'Amazon') | ternary('7', ansible_facts['distribution_major_version'])) }}
+
+    - name: (CentOS/RHEL 7) Install the EPEL repository
+      ansible.builtin.yum:
+        name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ((ansible_facts['distribution'] == 'Amazon') | ternary('7', ansible_facts['distribution_major_version'])) }}.noarch.rpm
+
+- name: (Oracle Linux 7) Install the EPEL repository
+  ansible.builtin.yum:
+    name: oracle-epel-release-el7
+  when:
+    - ansible_facts['distribution'] == "OracleLinux"
+    - ansible_facts['distribution_major_version'] is version('7', '==')
+    - nginx_install_epel_release | bool
+
+- name: (CentOS) Remove the nodocs flag from yum.conf
+  ansible.builtin.lineinfile:
+    path: /etc/yum.conf
+    state: absent
+    line: tsflags=nodocs
+  when:
+    - ansible_facts['distribution'] == "CentOS"
+    - ansible_facts['distribution_major_version'] is version('7', '==')
+
+- name: (Amazon Linux) Enable the NGINX Amazon extras package repository
+  ansible.builtin.command: amazon-linux-extras enable nginx1
+  args:
+    creates: /usr/sbin/nginx
+  when: ansible_facts['distribution'] == "Amazon"
+
+- name: "{{ nginx_setup | capitalize }} NGINX from the distribution's package repository"
+  ansible.builtin.package:
+    name: nginx{{ nginx_version | default('') }}
+    state: "{{ nginx_state }}"
+  notify: (Handler) Run NGINX
@@ -2,21 +2,18 @@
 - name: "{{ nginx_setup | capitalize }} NGINX in Linux systems"
   when: ansible_facts['system'] | lower is not search('bsd')
   block:
-    - name: "{{ nginx_setup | capitalize }} NGINX from repository"
+    - name: "{{ nginx_setup | capitalize }} NGINX from the official package repository"
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml"
       when: nginx_install_from == "nginx_repository"
 
+    - name: "{{ nginx_setup | capitalize }} NGINX from the distribution's package repository"
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-distribution.yml"
+      when: nginx_install_from == "os_repository"
+
     - name: "{{ nginx_setup | capitalize }} NGINX from source"
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-source.yml"
       when: nginx_install_from == "source"
 
-    - name: "{{ nginx_setup | capitalize }} NGINX from package"
-      ansible.builtin.package:
-        name: nginx{{ nginx_version | default('') }}
-        state: "{{ nginx_state }}"
-      when: nginx_install_from == "os_repository"
-      notify: (Handler) Run NGINX
-
 - name: "{{ nginx_setup | capitalize }} NGINX in Unix systems"
   ansible.builtin.include_tasks: "{{ role_path }}/tasks/opensource/install-bsd.yml"
   when: ansible_facts['system'] | lower is search('bsd')