Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ansible code bot recommendations #817

Closed
wants to merge 7 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ jobs:
AMPLIFY_PASSWORD: ${{ secrets.AMPLIFY_PASSWORD }}
NGINX_CRT: ${{ secrets.NGINX_CRT }}
NGINX_KEY: ${{ secrets.NGINX_KEY }}
NGINX_JWT: ${{ secrets.NGINX_JWT }}
ONE_API_TOKEN: ${{ secrets.ONE_API_TOKEN }}
ONE_TENANT: ${{ secrets.ONE_TENANT }}
strategy:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ossf-scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: Upload SARIF results to code scanning
uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
with:
sarif_file: results.sarif
4 changes: 2 additions & 2 deletions .github/workflows/requirements/requirements_ansible_lint.txt
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
ansible-core==2.16.13
jinja2==3.1.4
ansible-compat==24.9.1
ansible-compat==24.10.0
yamllint==1.35.1
ansible-lint==24.9.2
ansible-lint==24.10.0
4 changes: 2 additions & 2 deletions .github/workflows/requirements/requirements_collections.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ collections:
- name: ansible.posix
version: 1.6.2
- name: community.general
version: 9.5.1
version: 10.0.1
- name: community.crypto
version: 2.22.3
- name: community.docker
version: 4.0.1
version: 4.1.0
2 changes: 1 addition & 1 deletion .github/workflows/requirements/requirements_molecule.txt
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ansible-core==2.16.13
jinja2==3.1.4
ansible-compat==24.9.1
ansible-compat==24.10.0
molecule==24.9.0
molecule-plugins[docker]==23.5.3
docker==7.1.0
Expand Down
24 changes: 20 additions & 4 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,25 +1,41 @@
# Any private crt and keys #
############################
########################
# Any crt/keys/license #
########################
*.crt
*.key
*.jwt

##########################
# Backup/temporary files #
##########################
*~
\#*

# OS Specific #
###############
##################
# MacOS specific #
##################
Thumbs.db
.DS_Store
.vscode

########################
# Code editor specific #
########################
.idea
.vscode

####################
# Ansible specific #
####################
.cache
*.retry

###################
# Python specific #
###################
__pycache__

########
# Logs #
########
*.log
10 changes: 6 additions & 4 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,21 @@

BREAKING CHANGES:

- NGINX Plus requires a JWT license starting with R33. Make sure you include the path to the base64 encoded JWT license using the new `nginx_license['jwt']` parameter.
- Remove support for RHEL 7 based distributions (RHEL/CentOS/Oracle Linux 7). CentOS 7 has reached EoL, RHEL 7 has reached EoM, and Oracle Linux 7 will reach EoL shortly. These distributions will not be supported by new NGINX releases moving forward. If you are still using one of these distributions, please consider upgrading. If you still want to use this role for the time being, please use the previous release (0.24.3). Do note that you will only be able to use NGINX versions released as of the date of the aforementioned release (July 11, 2024).
- Remove support for installing NGINX Open Source on Alpine Linux 3.16.
- Remove support for installing NGINX Open Source and NGINX Plus on Alpine Linux 3.16.
- Remove support for installing NGINX Open Source on Ubuntu mantic.
- No longer omit `allow_downgrade` module parameter when running Ansible versions lower than `2.12`.

FEATURES:

- Add support for templating the entire NGINX Agent configuration file.
- Add support for installing and configuring the NGINX Plus HA keepalived package.
- Add validation tasks to check the Ansible version, the Jinja2 version, whether the required Ansible collections for this role are installed, and whether you are trying to install a valid NGINX module.
- Add support for installing NGINX Open Source on Alpine Linux 3.20.
- Add support for installing NGINX Open Source and NGINX Plus on Alpine Linux 3.20.
- Add support for installing NGINX Open Source on Ubuntu oracular.
- Add support for installing NGINX Agent on Ubuntu noble.
- Bump the minimum version of Ansible supported to `2.16`, whilst clarifying that Ansible `2.18` is not supported at this stage.
- Bump the Ansible `community.general` collection to `9.2.0`, `community.crypto` collection to `2.21.1` and `community.docker` collection to `3.11.0`.

DOCUMENTATION:

Expand All @@ -34,7 +36,7 @@ MAINTENANCE:

CI/CD:

- Update GitHub Actions to Ubuntu 24.04.
- Update GitHub Actions to Ubuntu 24.04 (noble).
- Switch GitHub Actions from using tags to release hashes.
- Remove commented out Molecule platforms and GitHub Actions QEMU step for the time being. These changes will be reverted if multi-arch testing can be reinstated in GitHub Actions.
- Bump the minimum version of Ansible supported on Ansible Galaxy to `2.16`.
Expand Down
2 changes: 0 additions & 2 deletions defaults/main/agent.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
# Requires access to either the NGINX stub_status or the NGINX Plus REST API.
nginx_agent_enable: false


########################################################################################################################
# The following parameters let you configure the static configuration file of NGINX Agent. #
# By default, the config produced is as close a match to the default config provided by NGINX Agent upon installation. #
Expand Down Expand Up @@ -86,7 +85,6 @@ nginx_agent_metrics:
# report_interval: 15s
# precompiled_publication: true


#############################################################################################
# The following parameters let you configure the dynamic configuration file of NGINX Agent. #
# By default, nothing is configured. #
Expand Down
2 changes: 1 addition & 1 deletion defaults/main/amplify.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@
# Use your NGINX Amplify API key.
# Default is null.
nginx_amplify_enable: false
nginx_amplify_api_key: null
nginx_amplify_api_key:
2 changes: 1 addition & 1 deletion defaults/main/logrotate.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
nginx_logrotate_conf_enable: false
nginx_logrotate_conf:
paths: /var/log/nginx/*.log # String or list of strings
# - /var/log/nginx/*.log
# - /var/log/nginx/*.log
options: # daily # String or a list of strings
- daily
- missingok
Expand Down
7 changes: 6 additions & 1 deletion defaults/main/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -79,11 +79,16 @@ nginx_static_modules: [http_ssl_module]
# Default is mainline.
nginx_branch: mainline

# Location of your NGINX Plus license in your local machine.
# Location of your NGINX Plus license (certificate, key, and JWT) in your local machine. The license JWT is only required starting with NGINX Plus R33 and later.
# For the license JWT, you can optionally specify a custom destination path for the JWT by using the 'src' and 'dest' parameters.
# Default is the files folder within the NGINX Ansible role.
nginx_license:
certificate: license/nginx-repo.crt
key: license/nginx-repo.key
jwt: license/license.jwt
# jwt:
# src: license/license.jwt
# dest: /etc/nginx/license.jwt

# Set up NGINX Plus license before installation.
# Default is true.
Expand Down
2 changes: 1 addition & 1 deletion meta/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ galaxy_info:

license: Apache License, Version 2.0

min_ansible_version: '2.16'
min_ansible_version: "2.16"

galaxy_tags:
- nginx
Expand Down
3 changes: 2 additions & 1 deletion molecule/agent/cleanup.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@

- name: Get list of NGINX One dangling instance IDs
ansible.builtin.uri:
url: https://{{ lookup('env', 'ONE_TENANT') }}.console.ves.volterra.io/api/nginx/one/namespaces/default/instances?paginated=false&filter_fields=hostname&filter_ops=IN&filter_values=almalinux-8|almalinux-9|alpine-3.17|alpine-3.18|alpine-3.19|alpine-3.20|amazonlinux-2|amazonlinux-2023|debian-bullseye|debian-bookworm|oraclelinux-8|oraclelinux-9|rhel-8|rhel-9|rockylinux-8|rockylinux-9|sles-15|ubuntu-focal|ubuntu-jammy|ubuntu-noble
url: https://{{ lookup('env', 'ONE_TENANT')

Check failure on line 28 in molecule/agent/cleanup.yml

View workflow job for this annotation

GitHub Actions / Ansible Lint

yaml[trailing-spaces]

Trailing spaces
}}.console.ves.volterra.io/api/nginx/one/namespaces/default/instances?paginated=false&filter_fields=hostname&filter_ops=IN&filter_values=almalinux-8|almalinux-9|alpine-3.17|alpine-3.18|alpine-3.19|alpine-3.20|amazonlinux-2|amazonlinux-2023|debian-bullseye|debian-bookworm|oraclelinux-8|oraclelinux-9|rhel-8|rhel-9|rockylinux-8|rockylinux-9|sles-15|ubuntu-focal|ubuntu-jammy|ubuntu-noble
method: GET
headers:
Authorization: APIToken {{ lookup('env', 'ONE_API_TOKEN') }}
Expand Down
4 changes: 2 additions & 2 deletions molecule/agent/converge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,10 @@
treat_warnings_as_errors: false
nginx_agent_config_dirs: '"/etc/nginx:/usr/local/etc/nginx:/usr/share/nginx/modules"'
nginx_agent_queue_size: 100
nginx_agent_extensions: ['metrics']
nginx_agent_extensions: [metrics]
nginx_agent_api:
host: 127.0.0.1
port: 8081
nginx_agent_configure_dynamic: true
nginx_agent_instance_group: ansible_instance_group
nginx_agent_tags: ['ansible', 'dev']
nginx_agent_tags: [ansible, dev]
3 changes: 2 additions & 1 deletion molecule/agent/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ platforms:
command: /usr/sbin/init
- name: oraclelinux-9
image: oraclelinux:9
platform: x86_64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
Expand All @@ -108,7 +109,7 @@ platforms:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: rhel-9
image: redhat/ubi9:9.4
image: redhat/ubi9:9.5
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
Expand Down
2 changes: 1 addition & 1 deletion molecule/amplify/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ platforms:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: rhel-9
image: redhat/ubi9:9.4
image: redhat/ubi9:9.5
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
Expand Down
11 changes: 6 additions & 5 deletions molecule/default/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ platforms:
command: /usr/sbin/init
- name: oraclelinux-9
image: oraclelinux:9
platform: x86_64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
Expand All @@ -108,7 +109,7 @@ platforms:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: rhel-9
image: redhat/ubi9:9.4
image: redhat/ubi9:9.5
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
Expand Down Expand Up @@ -156,16 +157,16 @@ platforms:
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /sbin/init
- name: ubuntu-mantic
image: ubuntu:mantic
- name: ubuntu-noble
image: ubuntu:noble
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /sbin/init
- name: ubuntu-noble
image: ubuntu:noble
- name: ubuntu-oracular
image: ubuntu:oracular
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
Expand Down
11 changes: 6 additions & 5 deletions molecule/distribution/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ platforms:
command: /usr/sbin/init
- name: oraclelinux-9
image: oraclelinux:9
platform: x86_64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
Expand All @@ -108,7 +109,7 @@ platforms:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: rhel-9
image: redhat/ubi9:9.4
image: redhat/ubi9:9.5
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
Expand Down Expand Up @@ -156,16 +157,16 @@ platforms:
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /sbin/init
- name: ubuntu-mantic
image: ubuntu:mantic
- name: ubuntu-noble
image: ubuntu:noble
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /sbin/init
- name: ubuntu-noble
image: ubuntu:noble
- name: ubuntu-oracular
image: ubuntu:oracular
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
Expand Down
9 changes: 5 additions & 4 deletions molecule/downgrade-plus/converge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,23 @@
pre_tasks:
- name: Set repo if Alpine
ansible.builtin.set_fact:
version: =31-r1
version: =32-r1
cacheable: true
when: ansible_facts['os_family'] == "Alpine"
- name: Set repo if Debian
ansible.builtin.set_fact:
version: =31-1~{{ ansible_facts['distribution_release'] }}
version: =32-1~{{ ansible_facts['distribution_release'] }}
cacheable: true
when: ansible_facts['os_family'] == "Debian"
- name: Set repo if Red Hat
ansible.builtin.set_fact:
version: -31-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx
version: -32-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version']
| string)) }}.ngx
cacheable: true
when: ansible_facts['os_family'] == "RedHat"
- name: Set repo if SLES
ansible.builtin.set_fact:
version: =31-1.sles{{ ansible_facts['distribution_major_version'] }}.ngx
version: =32-1.sles{{ ansible_facts['distribution_major_version'] }}.ngx
cacheable: true
when: ansible_facts['os_family'] == "Suse"
tasks:
Expand Down
Loading
Loading