Implement configure-webproxy for setting up basic nginx server

Fix init playbook Add nginx config Fix networkd install on fedora
2020-12-07 20:24:57 -05:00 · 2020-12-07 20:24:57 -05:00 · ae0be16dd6
parent 1e1d4d75a0
commit ae0be16dd6
6 changed files with 107 additions and 47 deletions
--- a/playbooks/configure-webproxy.yml
+++ b/playbooks/configure-webproxy.yml
@ -1,37 +1,28 @@
 ---
-# TBW
+- import_playbook: initialize.yml

-# - name: Install Nginx
-#   hosts: jupiter
-#   handlers:
-#     - name: restart_nginx
-#       become: true
-#       systemd:
-#         name: nginx
-#         state: restarted
-#   tasks:
-#     - name: Install nginx and certbot
-#       become: true
-#       dnf:
-#         name:
-#           - nginx
-#           - certbot
-#           - python3-certbot-nginx
-#         state: present
-#
-#     - name: Enable and start nginx
-#       become: true
-#       systemd:
-#         name: nginx
-#         state: started
-#         enabled: true
-#
-#     - name: Install configuration
-#       become: true
-#       copy:
-#         src: nginx.conf
-#         dest: /etc/nginx/nginx.conf
-#       notify:
-#         - restart_nginx
-#
-# # sudo setsebool -P httpd_can_network_connect on
+
+- name: Install Nginx
+  hosts: jupiter
+  handlers:
+    - name: restart-nginx
+      import_tasks: tasks/nginx/services.yml
+  tasks:
+    - import_tasks: tasks/nginx/install.yml
+
+    - name: Install configuration
+      become: true
+      copy:
+        src: nginx.conf
+        dest: /etc/nginx/nginx.conf
+      notify:
+        - restart-nginx
+
+    - name: Set required SELinux options
+      become: true
+      seboolean:
+        name: httpd_can_network_connect
+        persistent: true
+        state: true
+      notify:
+        - restart-nginx
--- a/playbooks/initialize.yml
+++ b/playbooks/initialize.yml
@ -1,7 +1,6 @@
 ---
 - name: Bootstrap remote ansible environment
  hosts: all
-
  tags:
    - always
  vars:
@ -39,16 +38,6 @@
        cmd: "{{ ansible_python_interpreter }} -m venv {{ omni_ansible_venv }} --system-site-packages"
        creates: "{{ omni_ansible_venv }}/bin/python"

-    # - name: Assign ownership of the virtualenv to ansible
-    #   become: true
-    #   file:
-    #     path: "{{ omni_ansible_venv }}"
-    #     state: directory
-    #     owner: "{{ ansible_user }}"
-    #     group: "{{ ansible_user }}"
-    #     mode: 0755
-    #     follow: false
-
    - name: Generate remote requirements file locally
      delegate_to: 127.0.0.1
      command:
--- a/resources/nginx.conf
+++ b/resources/nginx.conf
@ -0,0 +1,37 @@
+# Ansible managed file
+# DO NOT MANUALLY EDIT
+#
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$time_local $remote_addr[$status] - $remote_addr($remote_user) - $body_bytes_sent - "$request" "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+}
+#
+# EOF
--- a/tasks/networkd/install.yml
+++ b/tasks/networkd/install.yml
@ -17,7 +17,7 @@


 - name: Install systemd-networkd on Fedora
-  when: ansible_distribution == "Fedora" and ansible_distribution_major_version == "8"
+  when: ansible_distribution == "Fedora"
  become: true
  dnf:
    state: "{{ _runtime_update_state }}"
--- a/tasks/nginx/install.yml
+++ b/tasks/nginx/install.yml
@ -0,0 +1,36 @@
+---
+- name: Install Nginx and CertBot on CentOS 8 and Fedora
+  when: >-
+    (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
+    or
+    ansible_distribution == "Fedora"
+  become: true
+  dnf:
+    state: "{{ _runtime_update_state }}"
+    name:
+      - nginx
+      - certbot
+      - python3-certbot-nginx
+  notify:
+    - restart-nginx
+
+- name: Install Nginx and CertBot on CentOS 7
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+  become: true
+  yum:
+    state: "{{ _runtime_update_state }}"
+    name:
+      - nginx
+      - certbot
+      - python-certbot-nginx
+  notify:
+    - restart-nginx
+
+#
+#     - name: Install configuration
+#       become: true
+#       copy:
+#         src: nginx.conf
+#         dest: /etc/nginx/nginx.conf
+#       notify:
+#         - restart_nginx
--- a/tasks/nginx/services.yml
+++ b/tasks/nginx/services.yml
@ -0,0 +1,7 @@
+---
+- name: Restart nginx
+  become: true
+  systemd:
+    name: nginx
+    state: restarted
+    enabled: true