-
Notifications
You must be signed in to change notification settings - Fork 346
/
main.yml
156 lines (137 loc) · 7.13 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
---
# Set the minimum version required for Ansible and Jinja2
nginx_ansible_version: 2.16
nginx_jinja2_version: 3.1
# Set the values allowed for various variables
nginx_setup_vars: [install, uninstall, upgrade]
nginx_install_from_vars: [nginx_repository, source, os_repository]
nginx_branch_vars: [mainline, stable]
# Determine the current value of 'nginx_state'
nginx_state_vals:
install: present
uninstall: absent
upgrade: latest
nginx_default_setup: install
nginx_state: "{{ nginx_state_vals[nginx_setup] | default(nginx_state_vals[nginx_default_setup]) }}"
# Set the nginx_platforms check to opensource or plus
nginx_distributions: "{{ (nginx_type == 'opensource') | ternary(nginx_supported_distributions, nginx_plus_supported_distributions) }}"
# Supported NGINX Open Source distributions
# https://nginx.org/en/docs/install.html
nginx_supported_distributions:
almalinux:
name: AlmaLinux
versions: [8, 9]
architectures: [x86_64, aarch64, s390x]
alpine:
name: Alpine Linux
versions: [3.17, 3.18, 3.19, 3.20]
architectures: [x86_64, aarch64]
amazon:
name: Amazon Linux
versions: [2, 2023]
architectures: [x86_64, aarch64]
debian:
name: Debian
versions: [11, 12]
architectures: [x86_64, aarch64]
oraclelinux:
name: Oracle Linux
versions: [8, 9]
architectures: "{{ ['x86_64', 'aarch64', 's390x'] if (ansible_facts['distribution_major_version'] is version('8', '>=')) else ['x86_64', 'aarch64'] }}"
redhat:
name: Red Hat Enterprise Linux
versions: [8, 9]
architectures: "{{ ['x86_64', 'aarch64', 's390x'] if (ansible_facts['distribution_major_version'] is version('8', '>=')) else ['x86_64', 'aarch64'] }}"
rocky:
name: Rocky Linux
versions: [8, 9]
architectures: [x86_64, aarch64, s390x]
sles:
name: SUSE Linux Enterprise Server
versions: [12, 15]
architectures: [x86_64]
ubuntu:
name: Ubuntu
versions: [20.04, 22.04, 23.10, 24.04]
architectures: "{{ ['x86_64', 'aarch64', 's390x'] if ((ansible_facts['distribution_version'] is version('20.04', '==')) or (ansible_facts['distribution_version'] is version('22.04', '=='))) else ['x86_64', 'aarch64'] }}"
# Supported NGINX Plus distributions
# https://docs.nginx.com/nginx/technical-specs/
nginx_plus_supported_distributions:
almalinux:
name: AlmaLinux
versions: [8, 9]
architectures: [x86_64, aarch64]
alpine:
name: Alpine Linux
versions: [3.16, 3.17, 3.18, 3.19]
architectures: [x86_64, aarch64]
amazon:
name: Amazon Linux
versions: [2, 2023]
architectures: [x86_64, aarch64]
debian:
name: Debian
versions: [11, 12]
architectures: [x86_64, aarch64]
freebsd:
name: FreeBSD
versions: [12, 13, 14]
architectures: [x86_64]
oraclelinux:
name: Oracle Linux
versions: [8, 9]
architectures: "{{ ['x86_64', 'aarch64'] if (ansible_facts['distribution_major_version'] is version('8', '==')) else ['x86_64'] }}"
redhat:
name: Red Hat Enterprise Linux
versions: [8, 9]
architectures: "{{ ['x86_64', 'aarch64', 's390x'] if (ansible_facts['distribution_major_version'] is version('8', '>=')) else ['x86_64', 'aarch64'] }}"
rocky:
name: Rocky Linux
versions: [8, 9]
architectures: [x86_64, aarch64]
sles:
name: SUSE Linux Enterprise Server
versions: [12, 15]
architectures: [x86_64]
ubuntu:
name: Ubuntu
versions: [20.04, 22.04, 24.04]
architectures: "{{ ['x86_64', 'aarch64', 's390x'] if ((ansible_facts['distribution_version'] is version('20.04', '==')) or (ansible_facts['distribution_version'] is version('22.04', '=='))) else ['x86_64', 'aarch64'] }}"
# Default NGINX signing key
nginx_default_signing_key_pgp: https://nginx.org/keys/nginx_signing.key
nginx_default_signing_key_rsa_pub: https://nginx.org/keys/nginx_signing.rsa.pub
# Default NGINX Open Source repositories
nginx_default_repository_alpine: "@nginx https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') }}/main"
nginx_default_repository_amazon: https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}/amzn{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2/$releasever', '/2023') }}/$basearch
nginx_default_repository_debian:
- deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx
- deb-src [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx
nginx_default_repository_redhat: https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}rhel/{{ ansible_facts['distribution_major_version'] }}/$basearch
nginx_default_repository_suse: https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}sles/{{ ansible_facts['distribution_major_version'] }}
# Default NGINX Plus repositories
nginx_plus_default_repository_alpine: https://pkgs.nginx.com/plus/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main
nginx_plus_default_repository_amazon: https://pkgs.nginx.com/plus/amzn{{ (ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('2/$releasever', '/2023') }}/$basearch
nginx_plus_default_repository_debian: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus
nginx_plus_default_repository_freebsd: https://pkgs.nginx.com/plus/freebsd/${ABI}/latest
nginx_plus_default_repository_redhat: https://pkgs.nginx.com/plus/rhel/{{ ansible_facts['distribution_major_version'] }}/$basearch
nginx_plus_default_repository_suse: https://pkgs.nginx.com/plus/sles/{{ ansible_facts['distribution_major_version'] }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=peer
# Alpine dependencies
nginx_alpine_dependencies: [ca-certificates, coreutils, openssl, pcre2]
# Debian dependencies
nginx_debian_dependencies: [apt-transport-https, ca-certificates, gnupg, gpg-agent]
# FreeBSD dependencies
nginx_freebsd_dependencies: [security/ca_root_nss]
# Red Hat dependencies
nginx_redhat_dependencies: [ca-certificates]
# SLES dependencies
nginx_sles_dependencies: [ca-certificates]
# Default locations and versions when 'nginx_install_from' is set to 'source'.
# Set 'pcre_release' to 1 to install PCRE 1, modify the 'openssl_version' to move back to 1.1.1.
pcre_release: 2
pcre_version: 10.42
zlib_version: 1.2.13
openssl_version: 3.0.7
# Supported NGINX Open Source dynamic modules
nginx_modules_list: [geoip, image-filter, njs, perl, xslt]
# Supported NGINX Plus dynamic modules
nginx_plus_modules_list: [auth-spnego, brotli, encrypted-session, geoip, geoip2, ha-keepalived, headers-more, image-filter, lua, ndk, njs, opentracing, passenger, perl, prometheus, rtmp, set-misc, subs-filter, xslt]