From 5458405db9c20d6195141dd07a341b71442f4b73 Mon Sep 17 00:00:00 2001
From: John Burwell <meaux@cockamamy.net>
Date: Wed, 28 Dec 2016 23:55:26 -0500
Subject: [PATCH] Install nginx from nginx official or distribution package
 repos

The distribution package repositories tend to significantly lag
ngnix releases delaying the availability of critical fixes and
new features.  The ngninx project provides package repositories
from which the latest stable and mainline releases can be installed.
This patch adds support for installing from the nginx package
repositories while maintaining the default functionality of installing
from distribution repositories.

The nginx project provides repositories for the following distributions:

  * centos
  * debian
  * rhel
  * ubuntu

To support usage of the correct package repository based on the
distribution, the role was refactored to use distribution specific
variable files and the installation tasks were split out based on
``ansible_os_family``.  The installation of the EPEL repository was also
refactored to use the installation RPMs provided by the Fedora project.
Finally, all bare variables warnings were resolved and
``tasks/main.yml`` was converted to be correct YAML.

**N.B.** ``tasks\ubuntu.yml`` yields a warning regarding the use of
``curl``.  Unfortunately, the version of Python shipped by default with
Ubuntu 14.04 and 16.04 is too old to download the signing key via HTTPS.
Therefore, the ``get_url`` and ``uri`` modules fail with SSL errors.
``curl`` is used as a workaround for this incompatibility.
---
 README.md         |  7 +++++
 defaults/main.yml |  2 ++
 files/epel.repo   | 26 -----------------
 tasks/debian.yml  | 34 ++++++++++++++++++++++
 tasks/main.yml    | 73 +++++++++++++++++++++++++----------------------
 tasks/redhat.yml  | 36 +++++++++++++++++++++++
 vars/centos.yml   |  6 ++++
 vars/debian.yml   |  7 +++++
 vars/main.yml     | 10 +------
 vars/rhel.yml     |  6 ++++
 vars/ubuntu.yml   |  7 +++++
 11 files changed, 145 insertions(+), 69 deletions(-)
 delete mode 100644 files/epel.repo
 create mode 100644 tasks/debian.yml
 create mode 100644 tasks/redhat.yml
 create mode 100644 vars/centos.yml
 create mode 100644 vars/debian.yml
 create mode 100644 vars/rhel.yml
 create mode 100644 vars/ubuntu.yml

diff --git a/README.md b/README.md
index 9d9f339..494f911 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,13 @@ Role Variables
 The variables that can be passed to this role and a brief description about
 them are as follows.
 
+    # Install nginx from nginx repos or distribution repos
+    nginx_install_from_nginx_repos: false
+
+    # When installating from nginix repos, install the mainline (true) or 
+    # stable (false) release
+    nginx_install_mainline_nginx_release: false
+
     # The max clients allowed
     nginx_max_clients: 512                                
 
diff --git a/defaults/main.yml b/defaults/main.yml
index 5ce892c..37e5b77 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,6 @@
 ---
+nginx_install_from_nginx_repos: false
+nginx_install_mainline_nginx_release: false
 
 nginx_max_clients: 512
 
diff --git a/files/epel.repo b/files/epel.repo
deleted file mode 100644
index 344a93e..0000000
--- a/files/epel.repo
+++ /dev/null
@@ -1,26 +0,0 @@
-[epel]
-name=Extra Packages for Enterprise Linux 6 - $basearch
-baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
-#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
-failovermethod=priority
-enabled=1
-gpgcheck=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
-
-[epel-debuginfo]
-name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
-#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
-mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
-failovermethod=priority
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
-gpgcheck=1
-
-[epel-source]
-name=Extra Packages for Enterprise Linux 6 - $basearch - Source
-#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
-mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
-failovermethod=priority
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
-gpgcheck=1
diff --git a/tasks/debian.yml b/tasks/debian.yml
new file mode 100644
index 0000000..e6f15d0
--- /dev/null
+++ b/tasks/debian.yml
@@ -0,0 +1,34 @@
+---
+- name: Include Ubuntu-specific variables
+  include_vars: ubuntu.yml
+  when: ansible_distribution == 'Ubuntu'
+
+- name: Include Debian-specific variables
+  include_vars: debian.yml
+  when: ansible_distribution == 'Debian'
+
+- name: Download nginx signing key
+  shell: "curl {{ nginx_signing_key_url }} -o /tmp/nginx_signing.key"
+  when: nginx_install_from_nginx_repos
+
+- name: Import nginx signing key
+  apt_key:
+    file: /tmp/nginx_signing.key
+    state: present
+  when: nginx_install_from_nginx_repos
+
+- name: Add the nginx project apt repo
+  apt_repository:
+    filename: "nginx"
+    repo: "deb {{ nginx_repo_location }} {{ ansible_distribution_release }} nginx"
+    state: present
+  when: nginx_install_from_nginx_repos
+
+- name: Install the nginx packages and dependencies
+  apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: true
+  with_items: "{{ nginx_packages }}"
+  environment: "{{ env }}"
+
diff --git a/tasks/main.yml b/tasks/main.yml
index fa8997e..f0420e5 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,56 +1,61 @@
 ---
-
-- name: Install the selinux python module
-  yum: name=libselinux-python state=present
-  when: ansible_os_family == "RedHat"
-
-- name: Copy the epel packages 
-  copy: src=epel.repo dest=/etc/yum.repos.d/epel_ansible.repo
-  when: ansible_os_family == "RedHat"
-
-- name: Install the nginx packages 
-  yum: name={{ item }} state=present
-  with_items: redhat_pkg
-  when: ansible_os_family == "RedHat"
-
-- name: Install the nginx packages 
-  apt: name={{ item }} state=present update_cache=yes
-  with_items: ubuntu_pkg
-  environment: env
-  when: ansible_os_family == "Debian"
+- name: Install repos and packages
+  include: "{{ ansible_os_family|lower }}.yml"
 
 - name: Create the directories for site specific configurations
-  file: path=/etc/nginx/{{ item }} state=directory owner=root group=root mode=0755
+  file:
+    path: "/etc/nginx/{{ item }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
   with_items:
     - "sites-available"
     - "sites-enabled"
 
-- name: Copy the nginx configuration file 
-  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
-  notify: 
+- name: Copy the nginx configuration file
+  template:
+    src: nginx.conf.j2
+    dest: /etc/nginx/nginx.conf
+  notify:
    - restart nginx
 
-- name: Copy the nginx default configuration file 
-  template: src=default.conf.j2 dest=/etc/nginx/conf.d/default.conf
+- name: Copy the nginx default configuration file
+  template:
+    src: default.conf.j2
+    dest: /etc/nginx/conf.d/default.conf
 
-- name: Copy the nginx default site configuration file 
-  template: src=default.j2 dest=/etc/nginx/sites-available/default
+- name: Copy the nginx default site configuration file
+  template:
+    src: default.j2
+    dest: /etc/nginx/sites-available/default
 
 - name: Create the link for site enabled specific configurations
-  file: path=/etc/nginx/sites-enabled/default state=link src=/etc/nginx/sites-available/default 
+  file:
+    path: /etc/nginx/sites-enabled/default
+    state: link
+    src: /etc/nginx/sites-available/default
 
 - name: Create the configurations for sites
-  template: src=site.j2 dest=/etc/nginx/sites-available/{{ item['server']['file_name'] }}
-  with_items: nginx_sites
+  template:
+    src: site.j2
+    dest: "/etc/nginx/sites-available/{{ item['server']['file_name'] }}"
+  with_items: "{{ nginx_sites }}"
   when: nginx_sites|lower != 'none'
 
 - name: Create the links to enable site configurations
-  file: path=/etc/nginx/sites-enabled/{{ item['server']['file_name'] }} state=link src=/etc/nginx/sites-available/{{ item['server']['file_name'] }}
-  with_items: nginx_sites
+  file:
+    path: "/etc/nginx/sites-enabled/{{ item['server']['file_name'] }}"
+    state: link
+    src: "/etc/nginx/sites-available/{{ item['server']['file_name'] }}"
+  with_items: "{{ nginx_sites }}"
   when: nginx_sites|lower != 'none'
-  notify: 
+  notify:
    - reload nginx
 
 - name: start the nginx service
-  service: name=nginx state=started enabled=yes
+  service:
+    name: nginx
+    state: started
+    enabled: true
 
diff --git a/tasks/redhat.yml b/tasks/redhat.yml
new file mode 100644
index 0000000..c9d40e1
--- /dev/null
+++ b/tasks/redhat.yml
@@ -0,0 +1,36 @@
+---
+- name: Include CentOS-specific variables
+  include_vars: centos.yml
+  when: ansible_distribution == 'CentOS'
+
+- name: Include RHEL-specific variables
+  include_vars: rhel.yml
+  when: ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Add the nginx Yum repository
+  yum_repository:
+    name: nginx
+    description: nginx release repository
+    baseurl: "{{ nginx_repo_location }}"
+    gpgkey: "{{ nginx_signing_key_url }}"
+    gpgcheck: true
+    state: present
+  when: nginx_install_from_nginx_repos
+
+- name: Add CentOS/RHEL 6 EPEL Yum repository
+  yum:
+    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
+    state: present
+  when: nginx_install_from_nginx_repos == false and ansible_distribution_major_version == '6'
+
+- name: Add CentOS/RHEL 7 EPEL Yum repository
+  yum:
+    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+    state: present
+  when: nginx_install_from_nginx_repos == false and ansible_distribution_major_version == '7'
+
+- name: Install nginx packages and dependencies
+  yum:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ nginx_packages }}"
diff --git a/vars/centos.yml b/vars/centos.yml
new file mode 100644
index 0000000..4c8106e
--- /dev/null
+++ b/vars/centos.yml
@@ -0,0 +1,6 @@
+---
+nginx_packages:
+  - nginx
+  - libselinux-python
+
+nginx_repo_location: "http://nginx.org/packages/{% if nginx_install_mainline_nginx_release %}mainline/{% endif %}centos/{{ ansible_distribution_major_version }}/x86_64/"
diff --git a/vars/debian.yml b/vars/debian.yml
new file mode 100644
index 0000000..ab3f43e
--- /dev/null
+++ b/vars/debian.yml
@@ -0,0 +1,7 @@
+---
+nginx_packages:
+  - python-selinux
+  - nginx
+
+nginx_repo_location: "http://nginx.org/packages/{% if nginx_install_mainline_nginx_release %}mainline/{% endif %}debian/"
+
diff --git a/vars/main.yml b/vars/main.yml
index 5840adc..8cc2a79 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,13 +1,5 @@
 ---
-
 env:
  RUNLEVEL: 1
 
-redhat_pkg:
-  - nginx
-
-ubuntu_pkg:
-  - python-selinux
-  - nginx
-
-  
+nginx_signing_key_url: "https://nginx.org/keys/nginx_signing.key"
diff --git a/vars/rhel.yml b/vars/rhel.yml
new file mode 100644
index 0000000..81833e4
--- /dev/null
+++ b/vars/rhel.yml
@@ -0,0 +1,6 @@
+---
+nginx_packages:
+  - nginx
+  - libselinux-python
+
+nginx_repo_location: "http://nginx.org/packages/{% if nginx_install_mainline_nginx_release %}mainline/{% endif %}rhel/{{ ansible_distribution_major_version }}/x86_64/"
diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml
new file mode 100644
index 0000000..065eb6c
--- /dev/null
+++ b/vars/ubuntu.yml
@@ -0,0 +1,7 @@
+---
+nginx_packages:
+  - python-selinux
+  - nginx
+
+nginx_repo_location: "http://nginx.org/packages/{% if nginx_install_mainline_nginx_release %}mainline/{% endif %}ubuntu/"
+