Implement configure-webproxy for setting up basic nginx server

Fix init playbook
Add nginx config
Fix networkd install on fedora
This commit is contained in:
Ethan Paul 2020-12-07 20:24:57 -05:00
parent 1e1d4d75a0
commit ae0be16dd6
No known key found for this signature in database
GPG Key ID: C5F5542B54A4D9C6
6 changed files with 107 additions and 47 deletions

View File

@ -1,37 +1,28 @@
--- ---
# TBW - import_playbook: initialize.yml
# - name: Install Nginx
# hosts: jupiter - name: Install Nginx
# handlers: hosts: jupiter
# - name: restart_nginx handlers:
# become: true - name: restart-nginx
# systemd: import_tasks: tasks/nginx/services.yml
# name: nginx tasks:
# state: restarted - import_tasks: tasks/nginx/install.yml
# tasks:
# - name: Install nginx and certbot - name: Install configuration
# become: true become: true
# dnf: copy:
# name: src: nginx.conf
# - nginx dest: /etc/nginx/nginx.conf
# - certbot notify:
# - python3-certbot-nginx - restart-nginx
# state: present
# - name: Set required SELinux options
# - name: Enable and start nginx become: true
# become: true seboolean:
# systemd: name: httpd_can_network_connect
# name: nginx persistent: true
# state: started state: true
# enabled: true notify:
# - restart-nginx
# - name: Install configuration
# become: true
# copy:
# src: nginx.conf
# dest: /etc/nginx/nginx.conf
# notify:
# - restart_nginx
#
# # sudo setsebool -P httpd_can_network_connect on

View File

@ -1,7 +1,6 @@
--- ---
- name: Bootstrap remote ansible environment - name: Bootstrap remote ansible environment
hosts: all hosts: all
tags: tags:
- always - always
vars: vars:
@ -39,16 +38,6 @@
cmd: "{{ ansible_python_interpreter }} -m venv {{ omni_ansible_venv }} --system-site-packages" cmd: "{{ ansible_python_interpreter }} -m venv {{ omni_ansible_venv }} --system-site-packages"
creates: "{{ omni_ansible_venv }}/bin/python" creates: "{{ omni_ansible_venv }}/bin/python"
# - name: Assign ownership of the virtualenv to ansible
# become: true
# file:
# path: "{{ omni_ansible_venv }}"
# state: directory
# owner: "{{ ansible_user }}"
# group: "{{ ansible_user }}"
# mode: 0755
# follow: false
- name: Generate remote requirements file locally - name: Generate remote requirements file locally
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
command: command:

37
resources/nginx.conf Normal file
View File

@ -0,0 +1,37 @@
# Ansible managed file
# DO NOT MANUALLY EDIT
#
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$time_local $remote_addr[$status] - $remote_addr($remote_user) - $body_bytes_sent - "$request" "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
#
# EOF

View File

@ -17,7 +17,7 @@
- name: Install systemd-networkd on Fedora - name: Install systemd-networkd on Fedora
when: ansible_distribution == "Fedora" and ansible_distribution_major_version == "8" when: ansible_distribution == "Fedora"
become: true become: true
dnf: dnf:
state: "{{ _runtime_update_state }}" state: "{{ _runtime_update_state }}"

36
tasks/nginx/install.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: Install Nginx and CertBot on CentOS 8 and Fedora
when: >-
(ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
or
ansible_distribution == "Fedora"
become: true
dnf:
state: "{{ _runtime_update_state }}"
name:
- nginx
- certbot
- python3-certbot-nginx
notify:
- restart-nginx
- name: Install Nginx and CertBot on CentOS 7
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
become: true
yum:
state: "{{ _runtime_update_state }}"
name:
- nginx
- certbot
- python-certbot-nginx
notify:
- restart-nginx
#
# - name: Install configuration
# become: true
# copy:
# src: nginx.conf
# dest: /etc/nginx/nginx.conf
# notify:
# - restart_nginx

7
tasks/nginx/services.yml Normal file
View File

@ -0,0 +1,7 @@
---
- name: Restart nginx
become: true
systemd:
name: nginx
state: restarted
enabled: true