From 575450f27310074ff3c648090a88d0932e78ce68 Mon Sep 17 00:00:00 2001 From: Ethan Paul <24588726+enpaul@users.noreply.github.com> Date: Mon, 7 Dec 2020 20:24:57 -0500 Subject: [PATCH] Implement configure-webproxy for setting up basic nginx server Fix init playbook Add nginx config Fix networkd install on fedora Reorg en1 inventory vars --- playbooks/configure-webproxy.yml | 61 ++++++++++++++------------------ playbooks/initialize.yml | 11 ------ resources/nginx.conf | 37 +++++++++++++++++++ tasks/networkd/install.yml | 2 +- 4 files changed, 64 insertions(+), 47 deletions(-) create mode 100644 resources/nginx.conf diff --git a/playbooks/configure-webproxy.yml b/playbooks/configure-webproxy.yml index 7f53043..0385821 100644 --- a/playbooks/configure-webproxy.yml +++ b/playbooks/configure-webproxy.yml @@ -1,37 +1,28 @@ --- -# TBW +- import_playbook: initialize.yml -# - name: Install Nginx -# hosts: jupiter -# handlers: -# - name: restart_nginx -# become: true -# systemd: -# name: nginx -# state: restarted -# tasks: -# - name: Install nginx and certbot -# become: true -# dnf: -# name: -# - nginx -# - certbot -# - python3-certbot-nginx -# state: present -# -# - name: Enable and start nginx -# become: true -# systemd: -# name: nginx -# state: started -# enabled: true -# -# - name: Install configuration -# become: true -# copy: -# src: nginx.conf -# dest: /etc/nginx/nginx.conf -# notify: -# - restart_nginx -# -# # sudo setsebool -P httpd_can_network_connect on + +- name: Install Nginx + hosts: jupiter + handlers: + - name: restart-nginx + import_tasks: tasks/nginx/services.yml + tasks: + - import_tasks: tasks/nginx/install.yml + + - name: Install configuration + become: true + copy: + src: nginx.conf + dest: /etc/nginx/nginx.conf + notify: + - restart-nginx + + - name: Set required SELinux options + become: true + seboolean: + name: httpd_can_network_connect + persistent: true + state: true + notify: + - restart-nginx diff --git a/playbooks/initialize.yml b/playbooks/initialize.yml index 041456d..3ee67b4 100644 --- a/playbooks/initialize.yml +++ b/playbooks/initialize.yml @@ -1,7 +1,6 @@ --- - name: Bootstrap remote ansible environment hosts: all - tags: - always vars: @@ -39,16 +38,6 @@ cmd: "{{ ansible_python_interpreter }} -m venv {{ omni_ansible_venv }} --system-site-packages" creates: "{{ omni_ansible_venv }}/bin/python" - # - name: Assign ownership of the virtualenv to ansible - # become: true - # file: - # path: "{{ omni_ansible_venv }}" - # state: directory - # owner: "{{ ansible_user }}" - # group: "{{ ansible_user }}" - # mode: 0755 - # follow: false - - name: Generate remote requirements file locally delegate_to: 127.0.0.1 command: diff --git a/resources/nginx.conf b/resources/nginx.conf new file mode 100644 index 0000000..0da4137 --- /dev/null +++ b/resources/nginx.conf @@ -0,0 +1,37 @@ +# Ansible managed file +# DO NOT MANUALLY EDIT +# +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$time_local $remote_addr[$status] - $remote_addr($remote_user) - $body_bytes_sent - "$request" "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + +} +# +# EOF diff --git a/tasks/networkd/install.yml b/tasks/networkd/install.yml index cfadff0..ac60205 100644 --- a/tasks/networkd/install.yml +++ b/tasks/networkd/install.yml @@ -17,7 +17,7 @@ - name: Install systemd-networkd on Fedora - when: ansible_distribution == "Fedora" and ansible_distribution_major_version == "8" + when: ansible_distribution == "Fedora" become: true dnf: state: "{{ _runtime_update_state }}"