Update NGINX Ansible collection to v0.4.0

nginxinc · Oct 28, 2021 · 07cb5f0 · 07cb5f0
1 parent bdd5cf3
commit 07cb5f0
Show file tree

Hide file tree

Showing 21 changed files with 381 additions and 314 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -4,25 +4,30 @@ about: Create a report to help us improve
 title: ''
 labels: ''
 assignees: ''
-
 ---
+### Describe the bug
 
-**Describe the bug**
 A clear and concise description of what the bug is.
 
-**To reproduce**
+### To reproduce
+
 Steps to reproduce the behavior:
+
 1. Deploy NGINX collection using playbook.yml
 2. View output/logs/configuration on '...'
 3. See error
 
-**Expected behavior**
+### Expected behavior
+
 A clear and concise description of what you expected to happen.
 
-**Your environment:**
--   Version of the NGINX collection or specific commit
--   Version of Ansible
--   Target deployment platform
+### Your environment
+
+- Version of the NGINX collection or specific commit
+- Version of Ansible
+- Version of Jinja2 (if you are using any templating capability)
+- Target deployment platform
+
+### Additional context
 
-**Additional context**
 Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -4,17 +4,19 @@ about: Suggest an idea for this project
 title: ''
 labels: ''
 assignees: ''
-
 ---
+### Is your feature request related to a problem? Please describe
+
+A clear and concise description of what the problem is. Ex. I'm always frustrated when ...
 
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+### Describe the solution you'd like
 
-**Describe the solution you'd like**
 A clear and concise description of what you want to happen.
 
-**Describe alternatives you've considered**
+### Describe alternatives you've considered
+
 A clear and concise description of any alternative solutions or features you've considered.
 
-**Additional context**
+### Additional context
+
 Add any other context or screenshots about the feature request here.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -1,8 +1,10 @@
 ### Proposed changes
+
 Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) here in this description (not in the title of the PR).
 
 ### Checklist
+
 Before creating a PR, run through this checklist and mark each as complete.
 
--   [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-collection-nginx/blob/main/CONTRIBUTING.md) document
--   [ ] I have updated any relevant documentation (`README.md` and `CHANGELOG.md`)
+- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-collection-nginx/blob/main/CONTRIBUTING.md) document
+- [ ] I have updated any relevant documentation (`README.md` and `CHANGELOG.md`)
diff --git a/.gitignore b/.gitignore
@@ -13,12 +13,17 @@ Thumbs.db
 
 # Ansible specific #
 ####################
+.cache
 *.retry
 
-# Ansible collection build artifacts #
-######################################
-*.tar.gz
+# Ansible collection specific #
+###############################
+nginxinc-nginx_core-*.tar.gz
 
 # Python specific #
 ###################
 __pycache__
+
+# Logs #
+########
+*.log
diff --git a/.yamllint b/.yamllint
@@ -10,4 +10,3 @@ rules:
     level: error
   comments-indentation: disable
   line-length: disable
-  truthy: disable
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # CHANGELOG
 
+## 0.4.0 (October 28, 2021)
+
+Update `nginx` role to `0.21.3`, `nginx_config` role to `0.4.2`, and `nginx_app_protect` role to `0.7.0`. Check each role's respective CHANGELOG to see what's changed since the latest NGINX collection release:
+
+* Ansible NGINX role's [changelog](https://github.com/nginxinc/ansible-role-nginx/blob/0.21.3/CHANGELOG.md)
+* Ansible NGINX config role's [changelog](https://github.com/nginxinc/ansible-role-nginx-config/blob/0.4.2/CHANGELOG.md)
+* Ansible NGINX App Protect role's [changelog](https://github.com/nginxinc/ansible-role-nginx-app-protect/blob/0.7.0/CHANGELOG.md)
+
 ## 0.3.0 (January 11, 2021)
 
 Update `nginx` role to `0.19.1`, `nginx_config` role to `0.3.2`, and `nginx_app_protect` role to `0.4.2`. Check each role's respective CHANGELOG to see what's changed since the latest NGINX collection release.

diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -68,9 +68,9 @@ members of the project's leadership.
 ## Attribution
 
 This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+available at <https://www.contributor-covenant.org/version/1/4/code-of-conduct.html>
 
 [homepage]: https://www.contributor-covenant.org
 
 For answers to common questions about this code of conduct, see
-https://www.contributor-covenant.org/faq
+<https://www.contributor-covenant.org/faq>
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -11,8 +11,9 @@ The following is a set of guidelines for contributing to the NGINX Ansible colle
 [Contributing](#contributing)
 
 [Code Guidelines](#code-guidelines)
-*   [Git Guidelines](#git-guidelines)
-*   [Ansible Guidelines](#ansible-guidelines)
+
+* [Git Guidelines](#git-guidelines)
+* [Ansible Guidelines](#ansible-guidelines)
 
 [Code of Conduct](ttps://github.com/nginxinc/ansible-collection-nginx/blob/main/CODE_OF_CONDUCT.md)
 
@@ -26,10 +27,10 @@ Follow our [Installation Guide](https://github.com/nginxinc/ansible-collection-n
 
 ### Project Structure
 
-*   The NGINX Ansible collection is written in `yaml` and supports NGINX Open Source, NGINX Plus and NGINX App Protect.
-*   The project follows the standard [Ansible collection directory structure](https://docs.ansible.com/ansible/latest/dev_guide/developing_collections.html):
-    *   The main code is found at `roles/` (do note that all roles are Git submodules).
-    *   Sample playbooks and instructions can be found at `docs/`.
+* The NGINX Ansible collection is written in `yaml` and supports NGINX Open Source, NGINX Plus and NGINX App Protect.
+* The project follows the standard [Ansible collection directory structure](https://docs.ansible.com/ansible/latest/dev_guide/developing_collections.html):
+  * The main code is found at `roles/` (do note that all roles are Git submodules).
+  * Sample playbooks and instructions can be found at `docs/`.
 
 ## Contributing
 
@@ -43,27 +44,27 @@ To suggest an enhancement, please create an issue on GitHub with the label `enha
 
 ### Open a Pull Request
 
-*   Fork the repo, create a branch, submit a PR when your changes are **tested** and ready for review.
-*   Fill in [our pull request template](https://github.com/nginxinc/ansible-collection-nginx/blob/main/.github/PULL_REQUEST_TEMPLATE.md).
+* Fork the repo, create a branch, submit a PR when your changes are **tested** and ready for review.
+* Fill in [our pull request template](https://github.com/nginxinc/ansible-collection-nginx/blob/main/.github/PULL_REQUEST_TEMPLATE.md).
 
-Note: if you’d like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature.
+Note: if you'd like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature.
 
 ## Code Guidelines
 
 ### Ansible Guidelines
 
-*   Run `molecule lint` over your code to automatically resolve a lot of `yaml` and Ansible style issues.
-*   Run `molecule test --all` on your code to catch any other issues.
-*   Follow these guides on some good practices for Ansible:
-    *   <https://www.ansible.com/blog/ansible-best-practices-essentials>
-    *   <https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html>
+* Run `molecule lint` over your code to automatically resolve a lot of `yaml` and Ansible style issues.
+* Run `molecule test --all` on your code to catch any other issues.
+* Follow these guides on some good practices for Ansible:
+  * <https://www.ansible.com/blog/ansible-best-practices-essentials>
+  * <https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html>
 
 ### Git Guidelines
 
-*   Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR
-*   Follow the guidelines of writing a good commit message as described here <https://chris.beams.io/posts/git-commit/> and summarized in the next few points:
-    *   In the subject line, use the present tense ("Add feature" not "Added feature").
-    *   In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...").
-    *   Limit the subject line to 72 characters or less.
-    *   Reference issues and pull requests liberally after the subject line.
-    *   Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`).
+* Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR
+* Follow the guidelines of writing a good commit message as described here <https://chris.beams.io/posts/git-commit/> and summarized in the next few points:
+  * In the subject line, use the present tense ("Add feature" not "Added feature").
+  * In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...").
+  * Limit the subject line to 72 characters or less.
+  * Reference issues and pull requests liberally after the subject line.
+  * Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`).
diff --git a/README.md b/README.md
@@ -11,17 +11,17 @@ The Ansible NGINX collection includes a variety of NGINX Ansible roles to help a
 
 ## Included Content
 
-The current stable release (`0.3.0`) of the Ansible NGINX collection includes the following roles:
+The current stable release (`0.4.0`) of the Ansible NGINX collection includes the following roles:
 
 |Name|Description|Version|
 |----|-----------|-------|
-|[nginxinc.nginx](https://github.com/nginxinc/ansible-role-nginx)|Install NGINX|0.19.1|
-|[nginxinc.nginx_config](https://github.com/nginxinc/ansible-role-nginx-config)|Configure NGINX|0.3.2|
-|[nginxinc.nginx_app_protect](https://github.com/nginxinc/ansible-role-nginx-app-protect)|Install and configure NGINX App Protect|0.4.2|
+|[nginxinc.nginx](https://github.com/nginxinc/ansible-role-nginx)|Install NGINX|0.21.3|
+|[nginxinc.nginx_config](https://github.com/nginxinc/ansible-role-nginx-config)|Configure NGINX|0.4.2|
+|[nginxinc.nginx_app_protect](https://github.com/nginxinc/ansible-role-nginx-app-protect)|Install and configure NGINX App Protect|0.7.0|
 
 ## Requirements
 
-This collection has been developed and tested with [maintained](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#release-status) versions of Ansible bigger than `2.9.10`. Backwards compatibility is not guaranteed.
+This collection has been developed and tested with [maintained](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#release-status) versions of Ansible bigger than `2.11`. Backwards compatibility is not guaranteed.
 
 Instructions on how to install Ansible can be found in the [Ansible website](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html).
 
@@ -37,7 +37,7 @@ You can also include the collection in a `requirements.yml` file and install it
 ---
 collections:
   - name: nginxinc.nginx_core
-    version: 0.3.0
+    version: 0.4.0
 ```
 
 ### Git
@@ -52,11 +52,11 @@ Sample playbooks for each use case covered by this collection can be found in th
 |----|-----------|
 |**[`deploy-nginx.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx.yml)**|Install NGINX|
 |**[`deploy-nginx-plus.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-plus.yml)**|Install NGINX Plus|
-|**[`deploy-nginx-app-protect.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-app-protect.yml)**|Install NGINX App Protect|
-|**[`deploy-nginx-plus-app-protect.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-plus-app-protect.yml)**|Install NGINX Plus and NGINX App Protect|
+|**[`deploy-nginx-app-protect.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-app-protect.yml)**|Install NGINX App Protect WAF/DoS|
+|**[`deploy-nginx-plus-app-protect.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-plus-app-protect.yml)**|Install NGINX Plus and NGINX App Protect WAF|
 |**[`deploy-nginx-web-server.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-web-server.yml)**|Install NGINX and configure a simple web server|
 |**[`deploy-nginx-web-server-proxy.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-web-server-proxy.yml)**|Install NGINX and configure a simple reverse proxy in front of two web servers|
-|**[`deploy-nginx-plus-app-protect-web-server-proxy.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-plus-app-protect-web-server-proxy.yml)**|Install NGINX Plus and NGINX App Protect and configure a simple reverse proxy in front of two web servers protected by NGINX App Protect|
+|**[`deploy-nginx-plus-app-protect-web-server-proxy.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-plus-app-protect-web-server-proxy.yml)**|Install NGINX Plus and NGINX App Protect and configure a simple reverse proxy in front of two web servers protected by NGINX App Protect WAF/DoS|
 
 ## Development
 

diff --git a/galaxy.yml b/galaxy.yml
@@ -2,12 +2,12 @@
 namespace: nginxinc
 name: nginx_core
 description: Install and configure NGINX and NGINX App Protect using Ansible
-version: 0.3.0
+version: 0.4.0
 readme: README.md
 license_file: LICENSE
 authors:
   - Alessandro Fael Garcia <[email protected]>
-dependencies: {}
+  - Daniel Edgar <[email protected]>
 
 tags:
   - nginx
@@ -19,11 +19,17 @@ tags:
   - plus
   - web
   - server
-  - development
-  - install
-  - configuration
+  - load_balancer
+  - reverse_proxy
+  - api_gateway
   - waf
+  - dos
   - security
+  - installation
+  - configuration
+  - infrastructure
+  - cloud
+  - monitoring
 
 repository: https://github.com/nginxinc/ansible-collection-nginx
 homepage: https://github.com/nginxinc/ansible-collection-nginx

diff --git a/meta/runtime.yml b/meta/runtime.yml
@@ -0,0 +1,2 @@
+---
+requires_ansible: '>=2.11'
diff --git a/playbooks/deploy-nginx-app-protect.yml b/playbooks/deploy-nginx-app-protect.yml
@@ -2,18 +2,16 @@
 - hosts: all
   collections:
     - nginxinc.nginx_core
-  roles:
-    - role: nginx_app_protect
+  tasks:
+    - name: Install NGINX App Protect
+      include_role:
+        name: nginx_app_protect
       vars:
         nginx_app_protect_license:
           certificate: <path/to/certificate>
           key: <path/to/key>
+        nginx_app_protect_waf_enable: true
+        nginx_app_protect_dos_enable: true
         nginx_app_protect_remove_license: false
         nginx_app_protect_install_signatures: true
         nginx_app_protect_install_threat_campaigns: true
-        nginx_app_protect_configure: true
-        nginx_app_protect_security_policy_template_enable: true
-        nginx_app_protect_security_policy_enforcement_mode: blocking
-        nginx_app_protect_log_policy_template_enable: true
-        nginx_app_protect_log_policy_filter_request_type: all
-        nginx_app_protect_conf_template_enable: false