nginx/ansible-role-nginxPublic

NotificationsYou must be signed in to change notification settings
Fork354
Star680

Ansible role for installing NGINX

License

Apache-2.0 license

680 stars 354 forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 806 Commits
.github		.github
defaults/main		defaults/main
files		files
handlers		handlers
meta		meta
molecule		molecule
tasks		tasks
templates		templates
vars		vars
.ansible-lint		.ansible-lint
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
README.md		README.md
SECURITY.md		SECURITY.md
SUPPORT.md		SUPPORT.md

Repository files navigation

👾Help make the NGINX Ansible role better by participating in oursurvey! 👾

Ansible NGINX Role

This role installs NGINX (NGINX Open Source), NGINX Plus, NGINX Agent and/or the NGINX Amplify agent on your target host(s).

Important

This role is still in active development. There may be unidentified issues and the role variables may change as development continues.

Role Requirements

NGINX

Depending on your target NGINX use case, you might need to obtain a license or API key/token before being able to use the role:

Product	Requirements
NGINX	None
NGINX Plus	NGINX Plus license (both a license key and crt files)
NGINX Agent	A compatible control plane and (optionally) an NGINX One SaaS console data plane token
NGINX Amplify	API key found within the NGINX Amplify SaaS console

Ansible

If you want to use this role, you will need to use a supported version of Ansible core and Jinja2 as well as a few Ansible collections.

For ease of use, you can install and/or upgrade Ansible core, Jinja2, and the aforementioned Ansible collections by running the following four commands on your Ansible host:

pip install --upgrade -r https://raw.githubusercontent.com/nginx/ansible-role-nginx/main/.github/workflows/requirements/requirements_ansible.txtcurl -O https://raw.githubusercontent.com/nginx/ansible-role-nginx/main/.github/workflows/requirements/requirements_collections.ymlansible-galaxy install --force -r requirements_collections.ymlrm -f requirements_collections.yml

This will also ensure you are deploying/running this role with a fully tested version of the aforementioned packages/collections.

Ansible core

This role is developed and tested withmaintained versions of Ansible core and Python.
Note: Ansible2.18 does no longer support theyum module and as such, is not supported by this role until Amazon Linux 2 reaches EoL.
Instructions on how to install Ansible core can be found in theAnsible docs.

When using Ansible core, you will also need to install the following Ansible collections:

---collections:  -name:ansible.posixversion:2.0.0  -name:community.generalversion:10.7.0  -name:community.crypto# Only required if you plan to install NGINX Plusversion:2.26.2  -name:community.docker# Only required if you plan to use Molecule (see below)version:4.6.0

Instructions on how to install Ansible collections can be found in theAnsible collections guide.
You will need to run this role as a root user using Ansible'sbecome parameter. Make sure you have set up the appropriate permissions on your target hosts.

Tip

You can alternatively install theAnsible community distribution (what is still known Ansible -- instead of Ansible core) if you don't want to manage individual collections.

Jinja2

This role uses Jinja2 templates. Ansible core installs Jinja2 by default, but depending on your install and/or upgrade path, you might be running an outdated version of Jinja2. The minimum version of Jinja2 required for the role to properly function is3.1.
Instructions on how to install Jinja2 can be found in theJinja2 website.

Testing suite (Optional)

If you want to contribute to this role, you will also need to install Ansible Lint and Molecule.

Ansible Lint (Optional)

Ansible Lint is used to lint the role for both Ansible best practices and potential Ansible/YAML issues.
Instructions on how to install Ansible Lint can be found in theAnsible Lint website.
Once installed, using Ansible Lint is as easy as running:
```
ansible-lint
```

For ease of use, you can install and/or upgrade Ansible Lint by running the following command on your Ansible host:

pip install -r https://raw.githubusercontent.com/nginx/ansible-role-nginx/main/.github/workflows/requirements/requirements_ansible_lint.txt

Molecule (Optional)

Molecule is used to test the various functionalities of the role.
Instructions on how to install Molecule can be found in theMolecule website.You will also need to install the Molecule plugins package and the Docker Python SDK.
To run any of the NGINX Plus Molecule tests, you must first copy your NGINX Plus license to the role'sfiles/license directory.
You can alternatively add your NGINX Plus repository certificate and key to the local environment. Run the following commands to export these files as base64-encoded variables and execute the Molecule tests:
```
export NGINX_CRT=$( cat<path to your certificate file>| base64)export NGINX_KEY=$( cat<path to your key file>| base64)moleculetest -s plus
```
For ease of use, you can install and/or upgrade Molecule, the Molecule plugins package, and the Docker Python SDK by running the following command on your Ansible host:
```
pip install --upgrade -r https://raw.githubusercontent.com/nginx/ansible-role-nginx/main/.github/workflows/requirements/requirements_molecule.txt
```

Role Installation

This role can be installed via either Ansible Galaxy (the Ansible community marketplace) or by cloning this repo. Once installed, you will need to include the role in your Ansible playbook usingtheroles keyword, theimport_role module, or theinclude_role module.

Ansible Galaxy

To install the latest stable release of the role on your system, use:

ansible-galaxy install nginxinc.nginx

Alternatively, if you have already installed the role, you can update the role to the latest release by using:

ansible-galaxy install -f nginxinc.nginx

To use the role, include the following task in your playbook:

-name:Install NGINXansible.builtin.include_role:name:nginxinc.nginx

Git

To pull the latest edge commit of the role from GitHub, use:

git clone https://github.com/nginx/ansible-role-nginx.git

To use the role, include the following task in your playbook:

-name:Install NGINXansible.builtin.include_role:name:<path/to/repo># e.g. <roles/ansible-role-nginx> if you clone the repo inside your project's roles directory

Platforms

The NGINX Ansible role aims to work on all platforms supported by the latest mainline/stable release ofNGINX Open Source,NGINX Plus,NGINX Agent, and theNGINX Amplify agent.

Older releases might work, but keep in mind that NGINX Open Source only actively develops against thelatest release of the mainline and stable branches, and NGINX Plus onlyofficially supports releases for two years.

Note

Due to the release pipeline of the various projects supported by this role, there is usually a short delay between new releases and support for the release in this role.

NGINX Open Source

AlmaLinux:  -8  -9Alpine:  -3.18  -3.19  -3.20  -3.21Amazon Linux:  -2  -2023Debian:  -bullseye (11)  -bookworm (12)Oracle Linux:  -8  -9Red Hat:  -8  -9Rocky Linux:  -8  -9SUSE/SLES:  -15 SP6+Ubuntu:  -focal (20.04)  -jammy (22.04)  -noble (24.04)  -oracular (24.10)

NGINX Plus

AlmaLinux:  -8  -9Alpine:  -3.18  -3.19  -3.20  -3.21Amazon Linux:  -2  -2023Debian:  -bullseye (11)  -bookworm (12)FreeBSD:  -13  -14Oracle Linux:  -8.1+  -9Red Hat:  -8.1+  -9Rocky Linux:  -8  -9SUSE/SLES:  -15 SP2+Ubuntu:  -focal (20.04)  -jammy (22.04)  -noble (24.04)

NGINX Agent

AlmaLinux:  -8  -9Alpine:  -3.17  -3.18  -3.19  -3.20Amazon Linux:  -2  -2023Debian:  -bullseye (11)  -bookwork (12)FreeBSD:  -13  -14Oracle Linux:  -8  -9Red Hat:  -8  -9Rocky Linux:  -8  -9SUSE/SLES:  -12  -15Ubuntu:  -focal (20.04)  -jammy (22.04)  -noble (24.04)

NGINX Amplify Agent

Amazon Linux:  -2Debian:  -buster (10)  -bullseye (11)Red Hat:  -8  -9Ubuntu:  -bionic (18.04)  -focal (20.04)  -jammy (22.04)

Warning

At your own risk, you can also use this role to compile NGINX Open Source from source, install NGINX Open Source on "compatible" yet unsupported platforms, install NGINX from your respective distribution package manager, or install NGINX Open Source on BSD systems.

Role Variables

This role has multiple variables. The descriptions and defaults for all these variables can be found in thedefaults/main/ directory in the following files:

Name	Description
`main.yml`	NGINX installation variables
`agent.yml`	NGINX Agent installation variables
`amplify.yml`	NGINX Amplify agent installation variables
`bsd.yml`	BSD installation variables
`logrotate.yml`	Logrotate configuration variables
`selinux.yml`	SELinux configuration variables
`systemd.yml`	Systemd configuration variables

Similarly, descriptions and defaults for preset variables can be found in thevars/ directory in the following files:

Name	Description
`main.yml`	List of supported NGINX platforms, modules, and Linux installation variables

Example Playbooks

Working functional playbook examples can be found in themolecule/ folder in the following files:

Name	Description
`agent/converge.yml`	Install and configure NGINX Agent to connect to the NGINX One SaaS control plane on F5 Distributed Cloud
`amplify/converge.yml`	Install and configure the NGINX Amplify agent
`default/converge.yml`	Install a specific version of NGINX, install various NGINX supported modules, tweak systemd and set up logrotate
`distribution/converge.yml`	Install NGINX from the distribution's package repository instead of NGINX's package repository
`downgrade/converge.yml`	Downgrade to a specific version of NGINX
`downgrade-plus/converge.yml`	Downgrade to a specific version of NGINX Plus
`plus/converge.yml`	Install NGINX Plus and various NGINX Plus supported modules
`source/converge.yml`	Install NGINX from source
`stable/converge.yml`	Install NGINX using the latest stable release
`uninstall/converge.yml`	Uninstall NGINX
`uninstall-plus/converge.yml`	Uninstall NGINX Plus
`upgrade/converge.yml`	Upgrade NGINX
`upgrade-plus/converge.yml`	Upgrade NGINX Plus
`version/converge.yml`	Install a specific version of NGINX and various NGINX modules

Note

If you install this repository via Ansible Galaxy, you will need to replace theinclude_role variable in the example playbooks fromansible-role-nginx tonginxinc.nginx.