From 5ff10d4f0967bb0d687171e4c7eb01747171c47e Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Thu, 28 Feb 2019 10:00:08 +0100 Subject: [PATCH] add basic nginx checks; renovate ansible syntax --- defaults/main.yml | 9 ++------- molecule/gce-centos-7/INSTALL.rst | 16 ---------------- molecule/gce-centos-7/tests/test_default.py | 12 +++++++----- tasks/install.yml | 6 +++--- tasks/tls.yml | 17 ++--------------- 5 files changed, 14 insertions(+), 46 deletions(-) delete mode 100644 molecule/gce-centos-7/INSTALL.rst diff --git a/defaults/main.yml b/defaults/main.yml index 31dbce4..17f11ac 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -48,15 +48,10 @@ nginx_open_ports: - 443 nginx_tls_enabled: False -# You can deploy your certificates from a file or from content. -# If you enable nginx_tls_source_use_content you have to put the content of your cert files into -# nginx_tls_cert_file and nginx_tls_cert_file. -nginx_tls_source_use_content: False -# If you enable nginx_tls_source_use_files theses variables have to contain the path to your -# certificate files located on the ansible "master" host -nginx_tls_source_use_files: True +# Source has to be a file nginx_tls_cert_source: mycert.pem nginx_tls_key_source: mykey.pem +# Set the destination filename nginx_tls_cert_file: mycert.pem nginx_tls_key_file: mykey.pem # nginx_tls_dhparam_file: # defaults to not set diff --git a/molecule/gce-centos-7/INSTALL.rst b/molecule/gce-centos-7/INSTALL.rst deleted file mode 100644 index 5a135a5..0000000 --- a/molecule/gce-centos-7/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Google Cloud Engine driver installation guide -******* - -Requirements -============ - -* A GCE credentials rc file -* apache-libcloud - -Install -======= - -.. code-block:: bash - - $ sudo pip install apache-libcloud diff --git a/molecule/gce-centos-7/tests/test_default.py b/molecule/gce-centos-7/tests/test_default.py index 4ba906b..d64a9ef 100644 --- a/molecule/gce-centos-7/tests/test_default.py +++ b/molecule/gce-centos-7/tests/test_default.py @@ -6,9 +6,11 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') -def test_hosts_file(host): - f = host.file('/etc/hosts') +def test_nginx_is_installed(host): + nginx = host.package("nginx") + assert nginx.is_installed - assert f.exists - assert f.user == 'root' - assert f.group == 'xxx' +def test_nginx_running_and_enabled(host): + nginx = host.service("nginx") + assert nginx.is_running + assert nginx.is_enabled diff --git a/tasks/install.yml b/tasks/install.yml index 280344d..d385b8a 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -36,7 +36,7 @@ owner: "{{ nginx_user }}" group: "{{ nginx_group }}" mode: 0750 - with_items: + loop: - "{{ nginx_vhosts_dir }}" - "{{ nginx_vhosts_dir }}/default" @@ -47,7 +47,7 @@ owner: root group: root mode: 0640 - with_items: + loop: - /etc/nginx/sites-available - /etc/nginx/sites-enabled @@ -88,7 +88,7 @@ name: "{{ item.name }}" state: "{{ item.state }}" persistent: "{{ item.persistent }}" - with_items: "{{ nginx_set_sebooleans }}" + loop: "{{ nginx_set_sebooleans }}" when: nginx_set_sebooleans is defined - name: Fix selinux file context mappaing for pid file diff --git a/tasks/tls.yml b/tasks/tls.yml index 6b8ec18..7b20bee 100644 --- a/tasks/tls.yml +++ b/tasks/tls.yml @@ -1,24 +1,11 @@ --- - block: - - name: Copy certs and private key (content) - copy: - content: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: "{{ nginx_tls_key_source }}", dest: '/etc/pki/tls/private/{{ nginx_tls_key_file }}', mode: '0600' } - - { src: "{{ nginx_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ nginx_tls_cert_file }}', mode: '0750' } - loop_control: - label: "{{ item.dest }}" - notify: __nginx_reload - when: nginx_tls_source_use_content - - - name: Copy certs and private key (files) + - name: Copy certs and private key copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" - with_items: + loop: - { src: "{{ nginx_tls_key_source }}", dest: '/etc/pki/tls/private/{{ nginx_tls_key_file }}', mode: '0600' } - { src: "{{ nginx_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ nginx_tls_cert_file }}', mode: '0750' } loop_control: