From f536a67fcd7710e4cf8395fa208cf1a1389adb57 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 16 Jan 2023 23:13:48 +0100 Subject: [PATCH 01/11] Refactor how supported distributions are checked --- CHANGELOG.md | 4 ++ .../prerequisites/validate-supported-os.yml | 69 +++++++------------ tasks/main.yml | 13 +++- 3 files changed, 39 insertions(+), 47 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 852f3e90..615bf010 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ ## 0.8.2 (Unreleased) +FEATURES: + +Refactor how this role checks if your distribution is supported NGINX App Protect. The role will no longer fail if the distros are not supported, you will instead get a warning. This should help with the ocassional lag between new releases of distributions and/or NGINX App Protect and this role being updated to support those releases. + ENHANCEMENTS: Bump the Ansible `community.general` collection to `6.2.0`, `community.crypto` collection to `2.10.0` and `community.docker` collection to `3.4.0`. diff --git a/tasks/common/prerequisites/validate-supported-os.yml b/tasks/common/prerequisites/validate-supported-os.yml index 71900c2c..cf46f834 100644 --- a/tasks/common/prerequisites/validate-supported-os.yml +++ b/tasks/common/prerequisites/validate-supported-os.yml @@ -1,51 +1,32 @@ --- -- name: (WAF) Set supported_os_waf when platform and major/minor version are in the WAF supported platforms dictionary - when: nginx_app_protect_waf_enable | bool and nginx_app_protect_waf_state != "absent" - block: - - name: (WAF) Set fact to true if item present in dictionary - ansible.builtin.set_fact: - supported_os_waf: true - when: - - ansible_distribution | lower in item.key - - ansible_distribution_version | regex_search('\\d+\\.?\\d*') in item.value - loop: "{{ query('dict', nginx_app_protect_waf_linux_families) }}" - - - name: (WAF) Set supported_os_waf to false if fact not defined - ansible.builtin.set_fact: - supported_os_waf: false - when: supported_os_waf is not defined - - - name: (WAF) Abort if the OS / version combination is not supported - ansible.builtin.fail: - msg: NGINX App Protect WAF is not supported on OS family {{ ansible_distribution }} version {{ ansible_distribution_version }} - when: not supported_os_waf - -- name: (DoS) Set supported_os_dos when platform and major/minor version are in the DoS supported platforms dictionary - when: nginx_app_protect_dos_enable | bool and nginx_app_protect_dos_state != "absent" - block: - - name: (DoS) Set fact to true if item present in dictionary - ansible.builtin.set_fact: - supported_os_dos: true - when: - - ansible_distribution | lower in item.key - - ansible_distribution_version | regex_search('\\d+\\.?\\d+') in item.value - loop: "{{ query('dict', nginx_app_protect_dos_linux_families) }}" - - - name: (DoS) Set supported_os_dos to false if fact not defined - ansible.builtin.set_fact: - supported_os_dos: false - when: supported_os_dos is not defined +- name: (WAF) Check whether you are using a supported NGINX App Protect WAF distribution + ansible.builtin.assert: + that: + - ansible_distribution | lower in nginx_app_protect_waf_linux_families.keys() | list + - ansible_distribution_version | regex_search('\\d+\\.?\\d*') in nginx_app_protect_waf_linux_families[ansible_distribution | lower] + success_msg: Your distribution, {{ ansible_distribution }} {{ ansible_distribution_version }}, is supported by NGINX App Protect WAF + fail_msg: Your distribution, {{ ansible_distribution }} {{ ansible_distribution_version }}, is not supported by NGINX App Protect WAF + when: + - nginx_app_protect_waf_enable | bool + - nginx_app_protect_waf_state != "absent" + ignore_errors: true # noqa ignore-errors - - name: (DoS) Abort if the OS / version combination is not supported - ansible.builtin.fail: - msg: NGINX App Protect DoS is not supported on OS family {{ ansible_distribution }} version {{ ansible_distribution_version }} - when: not supported_os_dos +- name: (DoS) Check whether you are using a supported NGINX App Protect DoS distribution + ansible.builtin.assert: + that: + - ansible_distribution | lower in nginx_app_protect_dos_linux_families.keys() | list + - ansible_distribution_version | regex_search('\\d+\\.?\\d*') in nginx_app_protect_dos_linux_families[ansible_distribution | lower] + success_msg: Your distribution, {{ ansible_distribution }} {{ ansible_distribution_version }}, is supported by NGINX App Protect DoS + fail_msg: Your distribution, {{ ansible_distribution }} {{ ansible_distribution_version }}, is not supported by NGINX App Protect DoS + when: + - nginx_app_protect_dos_enable | bool + - nginx_app_protect_dos_state != "absent" + ignore_errors: true # noqa ignore-errors -- name: Abort if installing on RHEL > 7 without subscription details +- name: Abort if installing NGINX App Protect on RHEL >7 without subscription details ansible.builtin.fail: - msg: NGINX App Protect cannot be installed on OS family {{ ansible_distribution }} version {{ ansible_distribution_version }} without setting the 'nginx_app_protect_use_rhel_subscription_repos' - variable + msg: NGINX App Protect cannot be installed on {{ ansible_distribution }} {{ ansible_distribution_version }} without setting the 'nginx_app_protect_use_rhel_subscription_repos' variable when: - ansible_distribution == "RedHat" - - ansible_distribution_version | int > 7 + - ansible_distribution_version is version('7', '>') - not nginx_app_protect_use_rhel_subscription_repos | bool diff --git a/tasks/main.yml b/tasks/main.yml index 2d0aa74d..98804667 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,28 +1,35 @@ --- -- name: Check if OS is supported for NGINX App Protect WAF or DoS install +- name: Check whether you are using a supported NGINX App Protect distribution ansible.builtin.include_tasks: "{{ role_path }}/tasks/common/prerequisites/validate-supported-os.yml" when: nginx_app_protect_waf_state != "absent" or nginx_app_protect_dos_state != "absent" + tags: nginx_app_protect_check_support -- name: Fail if variables for 'nginx_app_protect_security_policy_file_enable' are not defined +- name: Check if the variables for 'nginx_app_protect_security_policy_file_enable' are defined ansible.builtin.assert: that: - "{{ item }} is defined" - "{{ item }} | length > 0" + fail_msg: If you want to publish a security policy file, don't forget to define at least one 'src' and 'dest' variables loop: - nginx_app_protect_security_policy_file.0.src - nginx_app_protect_security_policy_file.0.dest when: nginx_app_protect_security_policy_file_enable | bool + ignore_errors: true # noqa ignore-errors + tags: nginx_app_protect_check_policy_file -- name: Fail if variables for 'nginx_app_protect_log_policy_file_enable' are not defined +- name: Check if the variables for 'nginx_app_protect_log_policy_file_enable' are defined ansible.builtin.assert: that: - "{{ item }} is defined" - "{{ item }} | length > 0" + fail_msg: If you want to publish a log policy file, don't forget to define at least one 'src' and 'dest' variables loop: - nginx_app_protect_log_policy_file.0.src - nginx_app_protect_log_policy_file.0.dest when: nginx_app_protect_log_policy_file_enable | bool + ignore_errors: true # noqa ignore-errors + tags: nginx_app_protect_check_policy_file - name: Install prerequisites ansible.builtin.include_tasks: "{{ role_path }}/tasks/common/prerequisites/prerequisites.yml" From 2d4ec0e33a6d3a7de0d9e49c3a5697dddcea4cec Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 16 Jan 2023 23:16:37 +0100 Subject: [PATCH 02/11] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 615bf010..c1f91741 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ FEATURES: -Refactor how this role checks if your distribution is supported NGINX App Protect. The role will no longer fail if the distros are not supported, you will instead get a warning. This should help with the ocassional lag between new releases of distributions and/or NGINX App Protect and this role being updated to support those releases. +Refactor how this role checks if your distribution is supported NGINX App Protect. The role will no longer fail if the target distribution is not supported, instead, you will get a warning. This should help with the occasional lag between new releases of distributions and/or NGINX App Protect and this role being updated to support those releases. ENHANCEMENTS: From 496159748a50b15db1ef64c51e8fc46a499b559c Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 17 Jan 2023 13:20:25 +0100 Subject: [PATCH 03/11] Update validate-supported-os.yml --- tasks/common/prerequisites/validate-supported-os.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/common/prerequisites/validate-supported-os.yml b/tasks/common/prerequisites/validate-supported-os.yml index cf46f834..b8bf1314 100644 --- a/tasks/common/prerequisites/validate-supported-os.yml +++ b/tasks/common/prerequisites/validate-supported-os.yml @@ -28,5 +28,5 @@ msg: NGINX App Protect cannot be installed on {{ ansible_distribution }} {{ ansible_distribution_version }} without setting the 'nginx_app_protect_use_rhel_subscription_repos' variable when: - ansible_distribution == "RedHat" - - ansible_distribution_version is version('7', '>') + - ansible_distribution_major_version is version('7', '>') - not nginx_app_protect_use_rhel_subscription_repos | bool From 95ac0a72d2f98d05c1a012d7faedbf8f03fa95f3 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 17 Jan 2023 00:00:41 +0100 Subject: [PATCH 04/11] Update list of supported platforms --- CHANGELOG.md | 6 ++++- meta/main.yml | 2 +- molecule/default/molecule.yml | 23 +++++++++++------ molecule/dos/molecule.yml | 25 ++++++------------ molecule/specific-version/molecule.yml | 35 +++++++++++++++++++++++--- molecule/uninstall/molecule.yml | 18 +++++++++++++ vars/main.yml | 11 +++++--- 7 files changed, 86 insertions(+), 34 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c1f91741..e8e0d512 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,11 @@ FEATURES: -Refactor how this role checks if your distribution is supported NGINX App Protect. The role will no longer fail if the target distribution is not supported, instead, you will get a warning. This should help with the occasional lag between new releases of distributions and/or NGINX App Protect and this role being updated to support those releases. +* Refactor how this role checks if your distribution is supported NGINX App Protect. The role will no longer fail if the target distribution is not supported, instead, you will get a warning. This should help with the occasional lag between new releases of distributions and/or NGINX App Protect and this role being updated to support those releases. +* Add support for Debian bullseye for NGINX App Protect WAF. +* Add support for Oracle Linux 7.x & 8.x for NGINX App Protect WAF. +* Add support for RHEL 8.7. +* Remove support for Debian buster for NGINX App Protect WAF/DoS. ENHANCEMENTS: diff --git a/meta/main.yml b/meta/main.yml index 687cfdf5..cc0e2135 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -22,7 +22,6 @@ galaxy_info: - "8" - name: Debian versions: - - buster - bullseye - name: Ubuntu versions: @@ -41,4 +40,5 @@ galaxy_info: collections: - ansible.posix + - community.crypto - community.general diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index db1abd6b..9b8fbdff 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -23,8 +23,17 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw command: /usr/sbin/init - - name: rhel-7 - image: registry.access.redhat.com/ubi7/ubi:7.9 + - name: debian-bullseye + image: debian:bullseye-slim + platform: amd64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init + - name: oraclelinux-8 + image: oraclelinux:8 platform: amd64 dockerfile: ../common/Dockerfile.j2 privileged: true @@ -32,8 +41,8 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw command: /usr/sbin/init - - name: rhel-8 - image: registry.access.redhat.com/ubi8/ubi:8.5 + - name: rhel-7 + image: registry.access.redhat.com/ubi7:7.9 platform: amd64 dockerfile: ../common/Dockerfile.j2 privileged: true @@ -41,15 +50,15 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw command: /usr/sbin/init - - name: debian-buster - image: debian:buster-slim + - name: rhel-8 + image: redhat/ubi8:8.7 platform: amd64 dockerfile: ../common/Dockerfile.j2 privileged: true cgroupns_mode: host volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw - command: /sbin/init + command: /usr/sbin/init - name: ubuntu-bionic image: ubuntu:bionic platform: amd64 diff --git a/molecule/dos/molecule.yml b/molecule/dos/molecule.yml index 7d9c929a..43009f4b 100644 --- a/molecule/dos/molecule.yml +++ b/molecule/dos/molecule.yml @@ -23,17 +23,17 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw command: /usr/sbin/init - - name: rhel-7 - image: registry.access.redhat.com/ubi7/ubi:7.9 + - name: debian-bullseye + image: debian:bullseye-slim platform: amd64 dockerfile: ../common/Dockerfile.j2 privileged: true cgroupns_mode: host volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw - command: /usr/sbin/init - - name: rhel-8 - image: registry.access.redhat.com/ubi8/ubi:8.5 + command: /sbin/init + - name: rhel-7 + image: registry.access.redhat.com/ubi7:7.9 platform: amd64 dockerfile: ../common/Dockerfile.j2 privileged: true @@ -41,24 +41,15 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw command: /usr/sbin/init - - name: debian-buster - image: debian:buster-slim - platform: amd64 - dockerfile: ../common/Dockerfile.j2 - privileged: true - cgroupns_mode: host - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - command: /sbin/init - - name: debian-bullseye - image: debian:bullseye-slim + - name: rhel-8 + image: redhat/ubi8:8.7 platform: amd64 dockerfile: ../common/Dockerfile.j2 privileged: true cgroupns_mode: host volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw - command: /sbin/init + command: /usr/sbin/init - name: ubuntu-bionic image: ubuntu:bionic platform: amd64 diff --git a/molecule/specific-version/molecule.yml b/molecule/specific-version/molecule.yml index 542e1ed2..40f87c63 100644 --- a/molecule/specific-version/molecule.yml +++ b/molecule/specific-version/molecule.yml @@ -5,6 +5,15 @@ lint: | set -e ansible-lint --force-color platforms: + - name: amazonlinux-2 + image: amazonlinux:2 + platform: amd64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init - name: centos-7 image: centos:7 platform: amd64 @@ -14,8 +23,26 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw command: /usr/sbin/init + - name: debian-bullseye + image: debian:bullseye-slim + platform: amd64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init + - name: oraclelinux-8 + image: oraclelinux:8 + platform: amd64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init - name: rhel-7 - image: registry.access.redhat.com/ubi7/ubi:7.9 + image: registry.access.redhat.com/ubi7:7.9 platform: amd64 dockerfile: ../common/Dockerfile.j2 privileged: true @@ -23,15 +50,15 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw command: /usr/sbin/init - - name: debian-buster - image: debian:buster-slim + - name: rhel-8 + image: redhat/ubi8:8.7 platform: amd64 dockerfile: ../common/Dockerfile.j2 privileged: true cgroupns_mode: host volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw - command: /sbin/init + command: /usr/sbin/init - name: ubuntu-bionic image: ubuntu:bionic platform: amd64 diff --git a/molecule/uninstall/molecule.yml b/molecule/uninstall/molecule.yml index 2f3ae30d..22a384b4 100644 --- a/molecule/uninstall/molecule.yml +++ b/molecule/uninstall/molecule.yml @@ -14,6 +14,15 @@ platforms: # Ubuntu bionic and Debian buster result in a segmentation fault erro volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw command: /usr/sbin/init + - name: debian-bullseye + image: debian:bullseye-slim + platform: amd64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init - name: rhel-7 image: registry.access.redhat.com/ubi7/ubi:7.9 platform: amd64 @@ -32,6 +41,15 @@ platforms: # Ubuntu bionic and Debian buster result in a segmentation fault erro volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw command: /usr/sbin/init + - name: ubuntu-bionic + image: ubuntu:bionic + platform: amd64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init - name: ubuntu-focal image: ubuntu:focal platform: amd64 diff --git a/vars/main.yml b/vars/main.yml index 4f2a184e..784ef210 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -8,10 +8,13 @@ nginx_app_protect_waf_linux_families: "7.4", "7.5", "7.6", "7.7", "7.8", "7.9", ] debian: [ - "10", + "11", + ] + oraclelinux: [ + "8.1", "8.2", "8.3", "8.4", "8.5", "8.6", "8.7", ] redhat: [ - "7.4", "7.5", "7.6", "7.7", "7.8", "7.9", "8.1", "8.2", "8.3", "8.4", "8.5", "8.6", + "7.4", "7.5", "7.6", "7.7", "7.8", "7.9", "8.1", "8.2", "8.3", "8.4", "8.5", "8.6", "8.7", ] ubuntu: [ "18.04", "20.04", @@ -26,10 +29,10 @@ nginx_app_protect_dos_linux_families: "7.4", "7.5", "7.6", "7.7", "7.8", "7.9", ] debian: [ - "10", "11", + "11", ] redhat: [ - "7.4", "7.5", "7.6", "7.7", "7.8", "7.9", "8.0", "8.1", "8.2", "8.3", "8.4", "8.5", "8.6", + "7.4", "7.5", "7.6", "7.7", "7.8", "7.9", "8.0", "8.1", "8.2", "8.3", "8.4", "8.5", "8.6", "8.7", ] ubuntu: [ "18.04", "20.04", From 4edb2360076f14ca7d8d7fa6297c45718d7f256b Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 17 Jan 2023 15:40:43 +0100 Subject: [PATCH 05/11] Update install-dependencies.yml --- tasks/common/prerequisites/install-dependencies.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tasks/common/prerequisites/install-dependencies.yml b/tasks/common/prerequisites/install-dependencies.yml index 7b7f174e..0aa39b3d 100644 --- a/tasks/common/prerequisites/install-dependencies.yml +++ b/tasks/common/prerequisites/install-dependencies.yml @@ -84,3 +84,11 @@ when: - ansible_distribution_major_version == "8" - nginx_app_protect_use_rhel_subscription_repos | bool + + - name: (Oracle Linux) Enable codeready + community.general.ini_file: + path: /etc/yum.repos.d/oracle-linux-ol8.repo + section: ol8_codeready_builder + option: enabled + value: 1 + mode: 0644 From b3c23cd7113f6b8a8daba7caf852ae5462d7254b Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 17 Jan 2023 15:48:05 +0100 Subject: [PATCH 06/11] Update install-dependencies.yml --- tasks/common/prerequisites/install-dependencies.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/common/prerequisites/install-dependencies.yml b/tasks/common/prerequisites/install-dependencies.yml index 0aa39b3d..eaa47f64 100644 --- a/tasks/common/prerequisites/install-dependencies.yml +++ b/tasks/common/prerequisites/install-dependencies.yml @@ -92,3 +92,4 @@ option: enabled value: 1 mode: 0644 + when: ansible_distribution == "OracleLinux" From 94dea3d57e67c284e1addd2ad221c04209938aa0 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 17 Jan 2023 16:29:01 +0100 Subject: [PATCH 07/11] Update install-dependencies.yml --- .../prerequisites/install-dependencies.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tasks/common/prerequisites/install-dependencies.yml b/tasks/common/prerequisites/install-dependencies.yml index eaa47f64..810a6e35 100644 --- a/tasks/common/prerequisites/install-dependencies.yml +++ b/tasks/common/prerequisites/install-dependencies.yml @@ -85,11 +85,11 @@ - ansible_distribution_major_version == "8" - nginx_app_protect_use_rhel_subscription_repos | bool - - name: (Oracle Linux) Enable codeready - community.general.ini_file: - path: /etc/yum.repos.d/oracle-linux-ol8.repo - section: ol8_codeready_builder - option: enabled - value: 1 - mode: 0644 - when: ansible_distribution == "OracleLinux" +- name: (Oracle Linux) Set up Oracle Linux specific repositories + community.general.ini_file: + path: /etc/yum.repos.d/oracle-linux-ol8.repo + section: ol8_codeready_builder + option: enabled + value: 1 + mode: 0644 + when: ansible_distribution == "OracleLinux" From 31125b27376a2fe493e5355a1eb6aecb3ecc8746 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 17 Jan 2023 17:05:10 +0100 Subject: [PATCH 08/11] Update molecule.yml --- molecule/specific-version/molecule.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/molecule/specific-version/molecule.yml b/molecule/specific-version/molecule.yml index 40f87c63..0cbd86ec 100644 --- a/molecule/specific-version/molecule.yml +++ b/molecule/specific-version/molecule.yml @@ -50,15 +50,6 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw command: /usr/sbin/init - - name: rhel-8 - image: redhat/ubi8:8.7 - platform: amd64 - dockerfile: ../common/Dockerfile.j2 - privileged: true - cgroupns_mode: host - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - command: /usr/sbin/init - name: ubuntu-bionic image: ubuntu:bionic platform: amd64 From 183dcc386777764a983314e134403ea77438845e Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 17 Jan 2023 22:17:59 +0100 Subject: [PATCH 09/11] Update molecule.yml --- molecule/uninstall/molecule.yml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/molecule/uninstall/molecule.yml b/molecule/uninstall/molecule.yml index 22a384b4..dc7d61c3 100644 --- a/molecule/uninstall/molecule.yml +++ b/molecule/uninstall/molecule.yml @@ -4,7 +4,7 @@ driver: lint: | set -e ansible-lint --force-color -platforms: # Ubuntu bionic and Debian buster result in a segmentation fault error as of Ansible core 2.13 +platforms: # Ubuntu bionic results in a segmentation fault error as of Ansible core 2.13 - name: centos-7 image: centos:7 platform: amd64 @@ -41,15 +41,6 @@ platforms: # Ubuntu bionic and Debian buster result in a segmentation fault erro volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw command: /usr/sbin/init - - name: ubuntu-bionic - image: ubuntu:bionic - platform: amd64 - dockerfile: ../common/Dockerfile.j2 - privileged: true - cgroupns_mode: host - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - command: /sbin/init - name: ubuntu-focal image: ubuntu:focal platform: amd64 From 3ebddcf0284d422e6565c3fc3ecd2508e0104088 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 17 Jan 2023 23:11:41 +0100 Subject: [PATCH 10/11] Update converge.yml --- molecule/specific-version/converge.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/molecule/specific-version/converge.yml b/molecule/specific-version/converge.yml index 503a4e84..781e71bc 100644 --- a/molecule/specific-version/converge.yml +++ b/molecule/specific-version/converge.yml @@ -5,11 +5,11 @@ specify_app_protect_signatures_version: true specify_app_protect_threat_campaigns_version: true app_protect_signature_version_matrix: - debian: =2019.07.16-1 - redhat: -2019.07.16 + debian: =2022.12.29-1 + redhat: -2022.12.29 app_protect_threat_campaigns_version_matrix: - debian: =2020.08.20-1 - redhat: -2020.08.20 + debian: =2023.01.11-1 + redhat: -2023.01.11 tasks: - name: Set NGINX App Protect WAF signature version fact ansible.builtin.set_fact: From e7c1b4ad2ebc309e2b702fbd77ff664dcbac7668 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 17 Jan 2023 23:48:40 +0100 Subject: [PATCH 11/11] Update verify.yml --- molecule/specific-version/verify.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/molecule/specific-version/verify.yml b/molecule/specific-version/verify.yml index dd64ae3d..9bef9ada 100644 --- a/molecule/specific-version/verify.yml +++ b/molecule/specific-version/verify.yml @@ -5,11 +5,11 @@ specify_app_protect_signatures_version: true specify_app_protect_threat_campaigns_version: true app_protect_signature_version_matrix: - debian: =2019.07.16-1 - redhat: -2019.07.16 + debian: =2022.12.29-1 + redhat: -2022.12.29 app_protect_threat_campaigns_version_matrix: - debian: =2020.08.20-1 - redhat: -2020.08.20 + debian: =2023.01.11-1 + redhat: -2023.01.11 tasks: - name: Check if NGINX Plus is installed ansible.builtin.package: