Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update list of supported platforms #234

Merged
merged 12 commits into from
Jan 18, 2023
6 changes: 5 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,11 @@

FEATURES:

Refactor how this role checks if your distribution is supported NGINX App Protect. The role will no longer fail if the target distribution is not supported, instead, you will get a warning. This should help with the occasional lag between new releases of distributions and/or NGINX App Protect and this role being updated to support those releases.
* Refactor how this role checks if your distribution is supported NGINX App Protect. The role will no longer fail if the target distribution is not supported, instead, you will get a warning. This should help with the occasional lag between new releases of distributions and/or NGINX App Protect and this role being updated to support those releases.
* Add support for Debian bullseye for NGINX App Protect WAF.
* Add support for Oracle Linux 7.x & 8.x for NGINX App Protect WAF.
* Add support for RHEL 8.7.
* Remove support for Debian buster for NGINX App Protect WAF/DoS.

ENHANCEMENTS:

Expand Down
2 changes: 1 addition & 1 deletion meta/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ galaxy_info:
- "8"
- name: Debian
versions:
- buster
- bullseye
- name: Ubuntu
versions:
Expand All @@ -41,4 +40,5 @@ galaxy_info:

collections:
- ansible.posix
- community.crypto
- community.general
23 changes: 16 additions & 7 deletions molecule/default/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,33 +23,42 @@ platforms:
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: rhel-7
image: registry.access.redhat.com/ubi7/ubi:7.9
- name: debian-bullseye
image: debian:bullseye-slim
platform: amd64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /sbin/init
- name: oraclelinux-8
image: oraclelinux:8
platform: amd64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: rhel-8
image: registry.access.redhat.com/ubi8/ubi:8.5
- name: rhel-7
image: registry.access.redhat.com/ubi7:7.9
platform: amd64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: debian-buster
image: debian:buster-slim
- name: rhel-8
image: redhat/ubi8:8.7
platform: amd64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /sbin/init
command: /usr/sbin/init
- name: ubuntu-bionic
image: ubuntu:bionic
platform: amd64
Expand Down
25 changes: 8 additions & 17 deletions molecule/dos/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,42 +23,33 @@ platforms:
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: rhel-7
image: registry.access.redhat.com/ubi7/ubi:7.9
- name: debian-bullseye
image: debian:bullseye-slim
platform: amd64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: rhel-8
image: registry.access.redhat.com/ubi8/ubi:8.5
command: /sbin/init
- name: rhel-7
image: registry.access.redhat.com/ubi7:7.9
platform: amd64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: debian-buster
image: debian:buster-slim
platform: amd64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /sbin/init
- name: debian-bullseye
image: debian:bullseye-slim
- name: rhel-8
image: redhat/ubi8:8.7
platform: amd64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /sbin/init
command: /usr/sbin/init
- name: ubuntu-bionic
image: ubuntu:bionic
platform: amd64
Expand Down
8 changes: 4 additions & 4 deletions molecule/specific-version/converge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@
specify_app_protect_signatures_version: true
specify_app_protect_threat_campaigns_version: true
app_protect_signature_version_matrix:
debian: =2019.07.16-1
redhat: -2019.07.16
debian: =2022.12.29-1
redhat: -2022.12.29
app_protect_threat_campaigns_version_matrix:
debian: =2020.08.20-1
redhat: -2020.08.20
debian: =2023.01.11-1
redhat: -2023.01.11
tasks:
- name: Set NGINX App Protect WAF signature version fact
ansible.builtin.set_fact:
Expand Down
28 changes: 23 additions & 5 deletions molecule/specific-version/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,15 @@ lint: |
set -e
ansible-lint --force-color
platforms:
- name: amazonlinux-2
image: amazonlinux:2
platform: amd64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: centos-7
image: centos:7
platform: amd64
Expand All @@ -14,24 +23,33 @@ platforms:
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: rhel-7
image: registry.access.redhat.com/ubi7/ubi:7.9
- name: debian-bullseye
image: debian:bullseye-slim
platform: amd64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /sbin/init
- name: oraclelinux-8
image: oraclelinux:8
platform: amd64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: debian-buster
image: debian:buster-slim
- name: rhel-7
image: registry.access.redhat.com/ubi7:7.9
platform: amd64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /sbin/init
command: /usr/sbin/init
- name: ubuntu-bionic
image: ubuntu:bionic
platform: amd64
Expand Down
8 changes: 4 additions & 4 deletions molecule/specific-version/verify.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@
specify_app_protect_signatures_version: true
specify_app_protect_threat_campaigns_version: true
app_protect_signature_version_matrix:
debian: =2019.07.16-1
redhat: -2019.07.16
debian: =2022.12.29-1
redhat: -2022.12.29
app_protect_threat_campaigns_version_matrix:
debian: =2020.08.20-1
redhat: -2020.08.20
debian: =2023.01.11-1
redhat: -2023.01.11
tasks:
- name: Check if NGINX Plus is installed
ansible.builtin.package:
Expand Down
11 changes: 10 additions & 1 deletion molecule/uninstall/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ driver:
lint: |
set -e
ansible-lint --force-color
platforms: # Ubuntu bionic and Debian buster result in a segmentation fault error as of Ansible core 2.13
platforms: # Ubuntu bionic results in a segmentation fault error as of Ansible core 2.13
- name: centos-7
image: centos:7
platform: amd64
Expand All @@ -14,6 +14,15 @@ platforms: # Ubuntu bionic and Debian buster result in a segmentation fault erro
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: debian-bullseye
image: debian:bullseye-slim
platform: amd64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /sbin/init
- name: rhel-7
image: registry.access.redhat.com/ubi7/ubi:7.9
platform: amd64
Expand Down
9 changes: 9 additions & 0 deletions tasks/common/prerequisites/install-dependencies.yml
Original file line number Diff line number Diff line change
Expand Up @@ -84,3 +84,12 @@
when:
- ansible_distribution_major_version == "8"
- nginx_app_protect_use_rhel_subscription_repos | bool

- name: (Oracle Linux) Set up Oracle Linux specific repositories
community.general.ini_file:
path: /etc/yum.repos.d/oracle-linux-ol8.repo
section: ol8_codeready_builder
option: enabled
value: 1
mode: 0644
when: ansible_distribution == "OracleLinux"
11 changes: 7 additions & 4 deletions vars/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,13 @@ nginx_app_protect_waf_linux_families:
"7.4", "7.5", "7.6", "7.7", "7.8", "7.9",
]
debian: [
"10",
"11",
]
oraclelinux: [
"8.1", "8.2", "8.3", "8.4", "8.5", "8.6", "8.7",
]
redhat: [
"7.4", "7.5", "7.6", "7.7", "7.8", "7.9", "8.1", "8.2", "8.3", "8.4", "8.5", "8.6",
"7.4", "7.5", "7.6", "7.7", "7.8", "7.9", "8.1", "8.2", "8.3", "8.4", "8.5", "8.6", "8.7",
]
ubuntu: [
"18.04", "20.04",
Expand All @@ -26,10 +29,10 @@ nginx_app_protect_dos_linux_families:
"7.4", "7.5", "7.6", "7.7", "7.8", "7.9",
]
debian: [
"10", "11",
"11",
]
redhat: [
"7.4", "7.5", "7.6", "7.7", "7.8", "7.9", "8.0", "8.1", "8.2", "8.3", "8.4", "8.5", "8.6",
"7.4", "7.5", "7.6", "7.7", "7.8", "7.9", "8.0", "8.1", "8.2", "8.3", "8.4", "8.5", "8.6", "8.7",
]
ubuntu: [
"18.04", "20.04",
Expand Down