diff --git a/.ansible-lint b/.ansible-lint deleted file mode 100644 index ff1696e..0000000 --- a/.ansible-lint +++ /dev/null @@ -1,2 +0,0 @@ ---- -offline: true diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 4372d22..379cc65 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -6,22 +6,27 @@ labels: '' assignees: '' --- ### Describe the bug + A clear and concise description of what the bug is. ### To reproduce + Steps to reproduce the behavior: + 1. Deploy NGINX Controller Agent role using playbook.yml 2. View output/logs/configuration on '...' 3. See error ### Expected behavior + A clear and concise description of what you expected to happen. -### Your environment: -- Version of the NGINX Controller Agent role or specific commit -- Version of Ansible -- Version of Jinja2 (if you are using any templating capability) -- Target deployment platform +### Your environment + +- Version of the NGINX Controller Agent role or specific commit +- Version of Ansible +- Target deployment platform ### Additional context + Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index 3ecf9b2..d27aba8 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -6,13 +6,17 @@ labels: '' assignees: '' --- ### Is your feature request related to a problem? Please describe + A clear and concise description of what the problem is. Ex. I'm always frustrated when ... ### Describe the solution you'd like + A clear and concise description of what you want to happen. ### Describe alternatives you've considered + A clear and concise description of any alternative solutions or features you've considered. ### Additional context + Add any other context or screenshots about the feature request here. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 9a82314..7d89aea 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,10 +1,12 @@ ### Proposed changes + Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) here in this description (not in the title of the PR). ### Checklist + Before creating a PR, run through this checklist and mark each as complete. -- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx-controller-agent/blob/main/CONTRIBUTING.md) document -- [ ] I have added Molecule tests that prove my fix is effective or that my feature works -- [ ] I have checked that any relevant Molecule tests pass after adding my changes -- [ ] I have updated any relevant documentation (`defaults/main/*.yml`, `README.md` and `CHANGELOG.md`) +- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible_role_nginx_controller_agent/blob/main/CONTRIBUTING.md) document +- [ ] I have added Molecule tests that prove my fix is effective or that my feature works +- [ ] I have checked that any relevant Molecule tests pass after adding my changes +- [ ] I have updated any relevant documentation (`defaults/main/*.yml`, `README.md` and `CHANGELOG.md`) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index f096f76..aeb5fc8 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -88,12 +88,12 @@ template: | ## Install & Upgrade - * To install the Ansible NGINX Controller Agent role on a fresh environment, run `ansible-galaxy install nginxinc.nginx_controller_agent`. - * To upgrade the Ansible NGINX Controller Agent role to the latest release, run `ansible-galaxy install -f nginxinc.nginx_controller_agent`. - * To install or upgrade to this specific Ansible NGINX Controller Agent role release ($RESOLVED_VERSION), run `ansible-galaxy install -f nginxinc.nginx_controller_agent,v$RESOLVED_VERSION`. + * To install the Ansible NGINX Controller Agent role on a fresh environment, run `ansible-galaxy install nginxinc.nginx_controller_agent`. + * To upgrade the Ansible NGINX Controller Agent role to the latest release, run `ansible-galaxy install -f nginxinc.nginx_controller_agent`. + * To install or upgrade to this specific Ansible NGINX Controller Agent role release ($RESOLVED_VERSION), run `ansible-galaxy install -f nginxinc.nginx_controller_agent,v$RESOLVED_VERSION`. ## Resources - * Functional configuration examples (check `converge.yml` under each `molecule` scenario) -- [github.com/nginxinc/ansible-role-nginx-controller-agent/tree/$RESOLVED_VERSION/molecule](https://github.com/nginxinc/ansible-role-nginx-controller-agent/tree/$RESOLVED_VERSION/molecule). - * Ansible Galaxy repository -- [galaxy.ansible.com/nginxinc/nginx_controller_agent](https://galaxy.ansible.com/nginxinc/nginx_controller_agent). - * NGINX: Better with Ansible demo -- [github.com/alessfg/nginx-ansible-demo](https://github.com/alessfg/nginx-ansible-demo). + * Functional configuration examples (check `converge.yml` under each `molecule` scenario) -- [github.com/nginxinc/ansible_role_nginx_controller_agent/tree/$RESOLVED_VERSION/molecule](https://github.com/nginxinc/ansible_role_nginx_controller_agent/tree/$RESOLVED_VERSION/molecule). + * Ansible Galaxy repository -- [galaxy.ansible.com/nginxinc/nginx_controller_agent](https://galaxy.ansible.com/nginxinc/nginx_controller_agent). + * NGINX: Better with Ansible demo -- [github.com/alessfg/nginx-ansible-demo](https://github.com/alessfg/nginx-ansible-demo). diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index aad6dd2..85facf7 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -38,5 +38,5 @@ jobs: - name: Run Molecule tests run: molecule test -s ${{ matrix.scenario }} env: - PY_COLORS: "1" - ANSIBLE_FORCE_COLOR: "1" + PY_COLORS: 1 + ANSIBLE_FORCE_COLOR: 1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b6e5e9..366f7c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,11 +2,12 @@ ## 0.1.0 (Unreleased) -BUG FIXES: +ENHANCEMENTS: -Updated Controller agent script download URL for Controller 3.20 and beyond. +* Refactor role to bring it up to par with other NGINX Ansible roles. +* Implement GitHub Actions CI/CD workflow for repo. +* Add Molecule tests for role. -ENHANCEMENTS: +BUG FIXES: -* Implement GitHub Actions CI/CD workflow for repo. -* Add Molecule tests for role. +Updated Controller agent script download URL for Controller 3.20 and beyond. diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 5f08ef3..f3da309 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -68,9 +68,9 @@ members of the project's leadership. ## Attribution This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, -available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html +available at [homepage]: https://www.contributor-covenant.org For answers to common questions about this code of conduct, see -https://www.contributor-covenant.org/faq + diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5cbdacb..802448b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,7 +14,7 @@ The following is a set of guidelines for contributing to the NGINX Controller Ag * [Git Guidelines](#git-guidelines) * [Ansible Guidelines](#ansible-guidelines) -[Code of Conduct](https://github.com/nginxinc/ansible-role-nginx-controller-agent/blob/main/CODE_OF_CONDUCT.md) +[Code of Conduct](https://github.com/nginxinc/ansible_role_nginx_controller_agent/blob/main/CODE_OF_CONDUCT.md) ## Ask a Question @@ -22,18 +22,18 @@ Don't know how something works? Curious if the role can achieve your desired fun ## Getting Started -Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx-controller-agent/blob/main/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Controller Agent Ansible role. +Follow our [Installation Guide](https://github.com/nginxinc/ansible_role_nginx_controller_agent/blob/main/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Controller Agent Ansible role. ### Project Structure * The NGINX Controller Agent Ansible role is written in `yaml` and supports NGINX Controller. * The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html) - * The main code is found in [`tasks/`](https://github.com/nginxinc/ansible-role-nginx-controller-agent/blob/main/tasks/). - * Variables can be found in [`defaults/main/`](https://github.com/nginxinc/ansible-role-nginx-controller-agent/blob/main/defaults/main/). - * "Constant" variables can be found in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx-controller-agent/blob/main/vars/main.yml). - * Configuration templates for NGINX can be found in [`templates/`](https://github.com/nginxinc/ansible-role-nginx-controller-agent/blob/main/templates/). - * [Molecule](https://molecule.readthedocs.io/) tests can be found in [`molecule/`](https://github.com/nginxinc/ansible-role-nginx-controller-agent/blob/main/molecule/). - * CI/CD is done via GitHub actions using the workflow files found in [`.github/workflows/`](https://github.com/nginxinc/ansible-role-nginx-controller-agent/blob/main/.github/workflows/). + * The main code is found in [`tasks/`](https://github.com/nginxinc/ansible_role_nginx_controller_agent/blob/main/tasks/). + * Variables can be found in [`defaults/main/`](https://github.com/nginxinc/ansible_role_nginx_controller_agent/blob/main/defaults/main/). + * "Constant" variables can be found in [`vars/main.yml`](https://github.com/nginxinc/ansible_role_nginx_controller_agent/blob/main/vars/main.yml). + * Configuration templates for NGINX can be found in [`templates/`](https://github.com/nginxinc/ansible_role_nginx_controller_agent/blob/main/templates/). + * [Molecule](https://molecule.readthedocs.io/) tests can be found in [`molecule/`](https://github.com/nginxinc/ansible_role_nginx_controller_agent/blob/main/molecule/). + * CI/CD is done via GitHub actions using the workflow files found in [`.github/workflows/`](https://github.com/nginxinc/ansible_role_nginx_controller_agent/blob/main/.github/workflows/). ## Contributing @@ -48,7 +48,7 @@ To suggest an enhancement, please create an issue on GitHub with the label `enha ### Open a Pull Request * Fork the repo, create a branch, implement your changes, add any relevant Molecule tests, submit a PR when your changes are **tested** (using Molecule) and ready for review. -* Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx-controller-agent/blob/main/.github/pull_request_template.md). +* Fill in [our pull request template](https://github.com/nginxinc/ansible_role_nginx_controller_agent/blob/main/.github/pull_request_template.md). Note: if you’d like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature. diff --git a/README.md b/README.md index 25978f8..352fda2 100644 --- a/README.md +++ b/README.md @@ -1,111 +1,144 @@ -NGINX Controller Agent -====================== +# Ansible NGINX Controller Agent Role -This Role installs, configures, and upgrades the NGINX Controller agent alongside an NGINX Plus instance in a machine. +This role installs, configures, and upgrades the NGINX Controller agent alongside an NGINX Plus instance in a machine. -Requirements ------------- +## Requirements -* [NGINX Plus](https://www.nginx.com/products/nginx/) -* [NGINX Controller](https://www.nginx.com/products/nginx-controller/) +### NGINX Controller and NGINX Plus -Role Variables --------------- +* [NGINX Plus](https://www.nginx.com/products/nginx/) +* [NGINX Controller](https://www.nginx.com/products/nginx-controller/) -### Required Variables +### Ansible -`nginx_controller_fqdn` - FQDN of the NGINX Controller instance +* This role is developed and tested with [maintained](https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html) versions of Ansible core (above `2.11`). +* You will need to run this role as a root user using Ansible's `become` parameter. Make sure you have set up the appropriate permissions on your target hosts. +* Instructions on how to install Ansible can be found in the [Ansible website](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#upgrading-ansible-from-version-2-9-and-older-to-version-2-10-or-later). -`nginx_controller_api_key` - The API key used to authenticate to NGINX Controller. +### Molecule (Optional) -### Optional Variables +* Molecule is used to test the various functionalities of the role. The recommended version of Molecule to test this role is `3.3`. +* Instructions on how to install Molecule can be found in the [Molecule website](https://molecule.readthedocs.io/en/latest/installation.html). _You will also need to install the Molecule Docker driver._ -`nginx_controller_hostname` - The name of the NGINX instance as reflected in NGINX Controller. Must be unique per instance. (currently redundant with nginx_controller_instance_name) +## Installation -`nginx_controller_location` - The location in NGINX Controller this instance will be automatically added to. Otherwise the location will be 'unspecified' in NGINX Controller. +### Ansible Galaxy -`nginx_controller_instance_name` - The name of the instance as reflected in Controller. Must be unique per instance. +Use `ansible-galaxy install nginxinc.nginx_controller_agent` to install the latest stable release of the role on your system. Alternatively, if you have already installed the role, use `ansible-galaxy install -f nginxinc.nginx_controller_agent` to update the role to the latest release. -Dependencies ------------- +### Git -Example Playbook ----------------- +Use `git clone https://github.com/nginxinc/ansible_role_nginx_controller_agent.git` to pull the latest edge commit of the role from GitHub. + +## Platforms + +The NGINX Controller agent Ansible role supports all platforms supported by the [NGINX Controller agent](https://docs.nginx.com/nginx-controller/admin-guides/install/nginx-controller-tech-specs/): + +```yaml +Amazon: + - 2017.09 +Amazon Linux 2: + - any +CentOS: + - 7.4+ +Debian: + - stretch (9) + - buster (10) +RHEL: + - 7.4+ +Ubuntu: + - bionic (18.04) + - focal (20.04) +``` + +## Role Variables + +| Variable | Default | Description | Required | +| -------- | ------- | ----------- | -------- | +| `nginx_controller_fqdn` | `""` | FQDN of the NGINX Controller instance | Yes | +| `nginx_controller_api_key` | `""` | The API key used to authenticate to NGINX Controller | Yes | +| `nginx_controller_location` | `"unspecified"` | The location in NGINX Controller this instance will be automatically added to | No | +| `nginx_controller_hostname` | `""` | The unique name of the NGINX instance as reflected in NGINX Controller -- currently redundant with `nginx_controller_instance_name` | No | +| `nginx_controller_instance_name` | `""` | The unique name of the NGINX instance as reflected in NGINX Controller -- currently redundant with `nginx_controller_hostname` | No | + +## Example Playbook To use this role you can create a playbook such as the following: ```yaml --- -- hosts: localhost - gather_facts: false +- name: Fetch NGINX Controller API Key + hosts: localhost connection: local - + gather_facts: false vars: nginx_controller_user_email: "user@example.com" nginx_controller_user_password: "mySecurePassword" nginx_controller_fqdn: "controller.mydomain.com" nginx_controller_validate_certs: false - tasks: - - include_role: - name: nginxinc.nginx_controller.nginx_controller_generate_token - - - name: Get controller api key for agent registration - uri: - url: "https://{{ nginx_controller_fqdn }}/api/v1/platform/global" - method: "GET" - return_content: yes - status_code: 200 - validate_certs: false - headers: - Cookie: "{{nginx_controller_auth_token}}" - register: ctrl_globals - - - name: Copy api_key to a variable - set_fact: - api_key: "{{ctrl_globals.json.currentStatus.agentSettings.apiKey}}" - -- hosts: tag_new_gateway + - name: Fetch NGINX Controller auth token + include_role: + name: nginxinc.nginx_controller_generate_token + + - name: Fetch NGINX Controller API Key for the NGINX Controller agent registration + uri: + url: "https://{{ nginx_controller_fqdn }}/api/v1/platform/global" + method: GET + return_content: yes + status_code: 200 + validate_certs: false + headers: + Cookie: "{{ nginx_controller_auth_token }}" + register: ctrl_globals + + - name: Filter API Key to a variable + set_fact: + api_key: "{{ ctrl_globals.json.currentStatus.agentSettings.apiKey }}" + +- name: Install NGINX Controller agent + hosts: tag_new_gateway remote_user: ubuntu become: true become_method: sudo - gather_facts: yes - tasks: - - name: install minimal support for python2 for Agent install script - apt: - name: "{{ packages }}" - state: present - vars: - packages: - - python-minimal - - libxerces-c3.2 - - - name: install the agent - include_role: - name: nginxinc.nginx_controller.nginx_controller_agent - vars: - nginx_controller_api_key: "{{ hostvars['localhost']['api_key'] }}" + # - name: Install minimal support for python2 for Agent install script + # apt: + # name: + # - python-minimal + # - libxerces-c3.2 + + - name: Install the NGINX Controller agent + include_role: + name: nginxinc.nginx_controller_agent + vars: + nginx_controller_api_key: "{{ hostvars['localhost']['api_key'] }}" ``` -You can then run `ansible-playbook nginx_controller_agent.yaml` to execute the playbook. +## Other NGINX Ansible Collections and Roles -Alternatively, you can also pass/override any variables at run time using the `--extra-vars` or `-e` flag like so `ansible-playbook nginx_controller_agent.yaml -e "nginx_controller_user_email=user@company.com nginx_controller_user_password=notsecure nginx_controller_fqdn=controller.example.local nginx_controller_validate_certs=false"` +You can find the Ansible NGINX Core collection of roles to install and configure NGINX Open Source, NGINX Plus, and NGINX App Protect [here](https://github.com/nginxinc/ansible-collection-nginx). -You can also pass/override any variables by passing a `yaml` file containing any number of variables like so `ansible-playbook nginx_controller_agent.yaml -e "@nginx_controller_agent_vars.yaml"` +You can find the Ansible NGINX role to install NGINX OSS and NGINX Plus [here](https://github.com/nginxinc/ansible-role-nginx). -License -------- +You can find the Ansible NGINX configuration role to configure NGINX [here](https://github.com/nginxinc/ansible-role-nginx-config). -[Apache License, Version 2.0](./LICENSE) +You can find the Ansible NGINX App Protect role to install and configure NGINX App Protect WAF and NGINX App Protect DoS [here](https://github.com/nginxinc/ansible-role-nginx-app-protect). -Author Information ------------------- +You can find the Ansible NGINX Controller collection of roles to install and configure NGINX Controller [here](https://github.com/nginxinc/ansible-collection-nginx_controller). -[Brian Ehlert](https://github.com/brianehlert) +You can find the Ansible NGINX Unit role to install NGINX Unit [here](https://github.com/nginxinc/ansible-role-nginx-unit). + +## License + +[Apache License, Version 2.0](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/LICENSE) + +## Author Information [Alessandro Fael Garcia](https://github.com/alessfg) +[Brian Ehlert](https://github.com/brianehlert) + [Daniel Edgar](https://github.com/aknot242) -© [NGINX, Inc.](https://www.nginx.com/) 2021 +© [F5 Networks, Inc.](https://www.f5.com/) 2020 - 2021 diff --git a/defaults/main.yml b/defaults/main.yml index 56fb2d3..2151e57 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,7 +1,11 @@ --- - - -# These need to be defined to allow the ternary test to evaluate. -nginx_controller_hostname: "" -nginx_controller_location: "" -nginx_controller_instance_name: "" +# Required -- FQDN of the NGINX Controller instance. +# nginx_controller_fqdn: "" +# Required -- The API key used to authenticate to NGINX Controller. +# nginx_controller_api_key: "" +# The location in NGINX Controller this instance will be automatically added to. +# nginx_controller_location: "unspecified" +# The unique name of the NGINX instance as reflected in NGINX Controller -- currently redundant with `nginx_controller_instance_name`. +# nginx_controller_hostname: "" +# The unique name of the NGINX instance as reflected in NGINX Controller -- currently redundant with `nginx_controller_hostname`. +# nginx_controller_instance_name: "" # The name of the instance as reflected in Controller. Must be unique (redundant with controller_hostname). diff --git a/files/nginx-plus-api.conf b/files/nginx-plus-api.conf index 5b06fa1..321d6e4 100644 --- a/files/nginx-plus-api.conf +++ b/files/nginx-plus-api.conf @@ -1,38 +1,16 @@ -# This sample NGINX Plus configuration enables the NGINX Plus API, for live -# activity monitoring and the built-in dashboard, dynamic configuration of -# upstream groups, and key-value stores. Keep in mind that any features -# added to the API in future NGINX Plus releases will be enabled +# This sample NGINX Plus configuration enables the NGINX Plus API, for live +# activity monitoring and the built-in dashboard, dynamic configuration of +# upstream groups, and key-value stores. Keep in mind that any features +# added to the API in future NGINX Plus releases will be enabled # automatically by this file. # Created in May 2018 by NGINX, Inc. for NGINX Plus R14 and later. -# Documentation: +# Documentation: # https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/ # https://www.nginx.com/blog/live-activity-monitoring-nginx-plus-3-simple-steps -# To conform with the conventional configuration scheme, place this file in -# the /etc/nginx/conf.d directory and add an 'include' directive that -# references it in the main configuration file, /etc/nginx/nginx.conf, -# either by name or with a wildcard expression. Then validate and reload -# the configuration, for example with this command: -# -# nginx -t && nginx -s reload - -# Note that additional directives are required in other parts of the -# configuration: -# -# For metrics to be gathered for an HTTP or TCP/UDP virtual server, you must -# include the 'status_zone' directive in its 'server' block. See: -# http://nginx.org/r/status_zone -# -# Similarly, for metrics to be gathered for an upstream server group, you -# must include the 'zone' directive in the 'upstream' block. See: -# http://nginx.org/r/zone -# -# For more information and instructions, see: -# https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring#status_data - -# We strongly recommend that you restrict access to the NGINX Plus API so -# that only authorized users can view metrics and configuration, change +# We strongly recommend that you restrict access to the NGINX Plus API so +# that only authorized users can view metrics and configuration, change # configuration, or both. Here are a few options: # # (1) Configure your firewall to limit access to port 8080. @@ -40,22 +18,22 @@ # (2) Use SSL/TLS client certificates. See: # https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/ # -# (3) Enable HTTP Basic authentication (RFC 7617) by uncommenting the -# 'auth_basic*' directives in the 'server' block below. You can add users -# with an htpasswd generator, which is readily available, or reuse an -# existing htpasswd file (from an Apache HTTP Server, for example). See: +# (3) Enable HTTP Basic authentication (RFC 7617) by uncommenting the +# 'auth_basic*' directives in the 'server' block below. You can add users +# with an htpasswd generator, which is readily available, or reuse an +# existing htpasswd file (from an Apache HTTP Server, for example). See: # http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html # -# (4) Enable access from a defined network and disable it from all others, +# (4) Enable access from a defined network and disable it from all others, # by uncommenting the 'allow' and 'deny' directives in the 'server' block -# below and specifying the appropriate network ranges. See: +# below and specifying the appropriate network ranges. See: # http://nginx.org/en/docs/http/ngx_http_access_module.html # # You can create further restrictions on write operations, to distinguish # between users with read permission and those who can change configuration. -# Uncomment the sample 'limit_except' directive in the 'location api' -# block below. In addition to the HTTP Basic authentication shown, other -# authentication schemes are supported. See: +# Uncomment the sample 'limit_except' directive in the 'location api' +# block below. In addition to the HTTP Basic authentication shown, other +# authentication schemes are supported. See: # http://nginx.org/r/limit_except server { @@ -70,7 +48,7 @@ server { #allow 10.0.0.0/8; #deny all; - # Conventional location for accessing the NGINX Plus API + # Conventional location for accessing the NGINX Plus API location /api/ { # Enable in read-write mode api write=on; @@ -97,5 +75,3 @@ server { return 301 /dashboard.html; } } - -# vim: syntax=nginx \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml index 45a73bc..04aab2c 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,14 +1,14 @@ --- galaxy_info: - author: Brian Ehlert + author: Daniel Edgar description: A role to install, configure, and upgrade the NGINX Controller agent alongside an NGINX Plus instance in a machine. - company: F5 Networks, Inc. role_name: nginx_controller_agent - namespace: nginxinc + namespace: nginxinc # Ansible Lint requirement + company: F5 Networks, Inc. license: Apache License, Version 2.0 - min_ansible_version: 2.7 + min_ansible_version: 2.11 platforms: - name: Amazon @@ -19,22 +19,24 @@ galaxy_info: - any - name: Debian versions: - - jessie - stretch + - buster - name: EL versions: - - 6 - 7 - name: Ubuntu versions: - - xenial - bionic - focal galaxy_tags: - nginx - - plus - controller + - plus - agent - -dependencies: [] + - cloud + - infrastructure + - linux + - monitoring + - security + - tools diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index f815648..d5a90a7 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -17,31 +17,27 @@ ENV {{ var }} {{ value }} RUN \ if [ $(command -v apt-get) ]; then \ apt-get update \ - && apt-get install -y python sudo bash ca-certificates iproute2 curl \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y aptitude bash ca-certificates curl iproute2 python-apt python3 python3-apt procps sudo systemd systemd-sysv vim \ && apt-get clean; \ - elif [ $(command -v dnf) ] && [ $(rpm -E %{rhel}) -eq 8 ]; then \ - dnf makecache \ - && dnf --assumeyes install python3 python3-devel python3-dnf python3-pip bash iproute \ - && dnf clean all; \ elif [ $(command -v dnf) ]; then \ dnf makecache \ - && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute \ + && dnf --assumeyes install bash iproute /usr/bin/dnf-3 /usr/bin/python3 /usr/bin/python3-config vim \ && dnf clean all; \ elif [ $(command -v yum) ]; then \ yum makecache fast \ - && yum install -y python sudo yum-plugin-ovl bash iproute \ + && yum install -y bash iproute /usr/bin/python /usr/bin/python2-config sudo vim yum-plugin-ovl \ && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \ && yum clean all; \ elif [ $(command -v zypper) ]; then \ zypper refresh \ - && zypper install -y python sudo bash python-xml iproute2 \ + && zypper install -y bash iproute2 python3 sudo vim \ && zypper clean -a; \ elif [ $(command -v apk) ]; then \ apk update \ - && apk add --no-cache python sudo bash ca-certificates curl openrc; \ + && apk add --no-cache bash ca-certificates curl openrc python3 sudo vim; \ echo 'rc_provide="loopback net"' >> /etc/rc.conf; \ elif [ $(command -v xbps-install) ]; then \ xbps-install -Syu \ - && xbps-install -y python sudo bash ca-certificates iproute2 \ + && xbps-install -y bash ca-certificates iproute2 python3 sudo vim \ && xbps-remove -O; \ fi diff --git a/molecule/MockServerDockerfile b/molecule/default/MockServerDockerfile similarity index 100% rename from molecule/MockServerDockerfile rename to molecule/default/MockServerDockerfile diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 179fe50..8fe5a51 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -2,10 +2,10 @@ - name: Converge hosts: instances tasks: - - name: Call Agent Role + - name: Install NGINX Controller agent include_role: - name: ansible-role-nginx-controller-agent + name: ansible_role_nginx_controller_agent vars: nginx_controller_fqdn: mock-server.molecule-test:1080 nginx_controller_validate_certs: false - nginx_controller_api_key: "ABC123" + nginx_controller_api_key: ABC123 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 5320c58..f910832 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -10,7 +10,7 @@ platforms: groups: - mock_server image: alpine:3.12 - dockerfile: ../MockServerDockerfile + dockerfile: MockServerDockerfile networks: - name: molecule-test ports: @@ -19,7 +19,7 @@ platforms: groups: - instances image: ubuntu:bionic - dockerfile: ../Dockerfile.j2 + dockerfile: Dockerfile.j2 networks: - name: molecule-test provisioner: @@ -28,4 +28,3 @@ provisioner: prepare: prepare.yml converge: converge.yml verify: verify.yml - log: false diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 3ef7f56..4698fc0 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -1,15 +1,15 @@ --- -- name: Prepare Test Node +- name: Prepare test node hosts: instances gather_facts: false tasks: - name: Create the conf.d directory - ansible.builtin.file: + file: path: /etc/nginx/conf.d/ state: directory - mode: "0644" + mode: 0644 -- name: Prepare Mock Server +- name: Prepare mock server hosts: mock_server become: true tasks: @@ -17,34 +17,33 @@ raw: "nohup java -Dfile.encoding=UTF-8 -cp /mockserver-netty-jar-with-dependencies.jar:/libs/* -Dmockserver.propertyFile=/mockserver.properties org.mockserver.cli.Main -serverPort 1080 /dev/null 2>&1 & sleep 1" changed_when: false -- name: Set Expectations +- name: Set expectations hosts: mock_server connection: local gather_facts: false tasks: - name: Reset mock server expectations uri: - url: "https://{{ inventory_hostname }}:1080/mockserver/reset" + url: https://{{ inventory_hostname }}:1080/mockserver/reset method: PUT - status_code: 200 headers: Content-Type: application/json + status_code: 200 validate_certs: false - - name: Create agent script expectation + - name: Create NGINX Controller agent script expectation uri: - url: "https://{{ inventory_hostname }}:1080/mockserver/expectation" + url: https://{{ inventory_hostname }}:1080/mockserver/expectation method: PUT + headers: + Content-Type: application/json + body_format: json body: httpRequest: - method: "GET" - path: "/install/controller-agent" + method: GET + path: /install/controller-agent httpResponse: statusCode: 200 - body: "mkdir /var/log/nginx-controller && touch /var/log/nginx-controller/agent.log" - + body: mkdir /var/log/nginx-controller && touch /var/log/nginx-controller/agent.log status_code: 201 - body_format: json - headers: - Content-Type: application/json validate_certs: false diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 422cfc8..7b55a77 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -1,41 +1,41 @@ --- -- name: Verify Mock +- name: Verify mock server hosts: mock_server connection: local tasks: - - name: Check that the agent script request was sent to the mock controller exactly twice per docker instance (includes the idempotence test) + - name: Check that the NGINX Controller agent script request was sent to the mock controller exactly twice per Docker instance (includes the idempotence test) uri: - url: "https://{{ inventory_hostname }}:1080/mockserver/verify" + url: https://{{ inventory_hostname }}:1080/mockserver/verify method: PUT + headers: + Content-Type: application/json + body_format: json body: httpRequest: - path: "/install/controller-agent" + path: /install/controller-agent times: atLeast: 2 atMost: 2 status_code: 202 - body_format: json - headers: - Content-Type: application/json validate_certs: false -- name: Verify File +- name: Verify file hosts: instances tasks: - - name: Store the statistics of /etc/nginx/conf.d/nginx-plus-api.conf in the 'conf_file' variable + - name: Store the statistics of '/etc/nginx/conf.d/nginx-plus-api.conf' in the 'conf_file' variable stat: path: /etc/nginx/conf.d/nginx-plus-api.conf register: conf_file - - name: Ensure /etc/nginx/conf.d/nginx-plus-api.conf exists + - name: Check /etc/nginx/conf.d/nginx-plus-api.conf exists assert: - that: conf_file.stat.exists == true + that: conf_file.stat.exists - - name: Store the statistics of /var/log/nginx-controller/agent.log in the 'agent_log_file' variable + - name: Store the statistics of '/var/log/nginx-controller/agent.log' in the 'agent_log_file' variable stat: path: /var/log/nginx-controller/agent.log register: agent_log_file - - name: Ensure /var/log/nginx-controller/agent.log exists + - name: Check '/var/log/nginx-controller/agent.log' exists assert: - that: agent_log_file.stat.exists == true + that: agent_log_file.stat.exists diff --git a/tasks/main.yml b/tasks/main.yml index 01d6d77..c8cd571 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -6,42 +6,32 @@ - nginx_controller_fqdn - nginx_controller_api_key -- name: Copy files/nginx-plus-api.conf to /etc/nginx/conf.d/ necessary for process monitoring +- name: Copy NGINX Plus API config to target host copy: src: "files/nginx-plus-api.conf" dest: "/etc/nginx/conf.d/nginx-plus-api.conf" - mode: preserve - force: true + mode: 0644 -- name: Download the installer script from NGINX Controller +- name: Download the NGINX Controller agent installation script from NGINX Controller get_url: - url: "https://{{ nginx_controller_fqdn }}/install/controller-agent" + url: https://{{ nginx_controller_fqdn }}/install/controller-agent dest: "{{ ansible_env.HOME }}/install.sh" validate_certs: "{{ nginx_controller_validate_certs | default(false) }}" force: true - changed_when: false - register: nginx_controller_return -- name: Run the NGINX Controller agent installer +- name: Run the NGINX Controller agent installation script shell: | API_KEY='{{ nginx_controller_api_key }}' \ - {{ (nginx_controller_hostname | length > 0) | ternary('CONTROLLER_HOSTNAME=' + nginx_controller_hostname,'') }} \ - {{ ((nginx_controller_hostname | length > 0) or (nginx_controller_instance_name | length > 0)) | ternary('STORE_UUID=True','') }} \ + {{ (nginx_controller_hostname | length > 0) | ternary('CONTROLLER_HOSTNAME=' + nginx_controller_hostname, '') }} \ + {{ ((nginx_controller_hostname | length > 0) or (nginx_controller_instance_name | length > 0)) | ternary('STORE_UUID=True', '') }} \ sh ./install.sh -y \ - {{ (nginx_controller_location | length > 0) | ternary('-l ' + nginx_controller_location,'') }} \ - {{ (nginx_controller_instance_name | length > 0) | ternary('-i ' + nginx_controller_instance_name,'') }} + {{ (nginx_controller_location | length > 0) | ternary('-l ' + nginx_controller_location, '') }} \ + {{ (nginx_controller_instance_name | length > 0) | ternary('-i ' + nginx_controller_instance_name, '') }} args: chdir: "{{ ansible_env.HOME }}" creates: /var/log/nginx-controller/agent.log - changed_when: false register: nginx_controller_agent_install -- name: Output agent install results +- name: Display NGINX Controller agent installation results debug: var: nginx_controller_agent_install.stdout_lines - -- name: Remove the install script - file: - path: "{{ ansible_env.HOME }}/install.sh" - state: absent - changed_when: false diff --git a/vars/main.yml b/vars/main.yml index dcc12f1..a547898 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,11 +1,5 @@ --- -## All the below variables are REQUIRED - -# nginx_controller_fqdn: # FQDN of the NGINX Controller instance -# nginx_controller_api_key: "" # The API key used to authenticate to NGINX Controller - -## All the below variables are OPTIONAL - -# nginx_controller_hostname: "" # The name of the instance as reflected in NGINX Controller. Must be unique. -# nginx_controller_location: # The location in NGINX Controller this instance will be automatically added to. Otherwise the location will be 'unspecified'. -# nginx_controller_instance_name: # The name of the instance as reflected in Controller. Must be unique (redundant with controller_hostname). +# Empty strings are defined to allow ternary evaluation when these optional parameters are not provided. +nginx_controller_hostname: "" +nginx_controller_location: "" +nginx_controller_instance_name: ""