remove old loop syntax

2019-08-28 10:36:26 +02:00 · 2019-08-28 10:36:26 +02:00 · ad7400c02b
commit ad7400c02b
parent 4775c122be
7 changed files with 8 additions and 134 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -6,26 +6,16 @@ pve_tls_cert_source: mycert.pem
 pve_tls_key_source: mykey.pem

 pve_pamd_motd_enabled: True
-# pve_disk_mount: # defaults to not set
+
+pve_disk_mount: []
+## Example:
+# pve_disk_mount:
 #   - path: /mnt/backup
 #     src: /dev/sdX
 #     fstype: ext4
 #     opts:
 #     state: present

-pve_nginx_vhost_enabled: False
-pve_server_name: pve.example.com
-pve_server_ip: 127.0.0.1
-pve_server_port: 8006
-pve_nginx_server: myinventoryname
-pve_nginx_vhost_dir: /etc/nginx/sites-available
-pve_nginx_vhost_symlink: /etc/nginx/sites-enabled
-pve_nginx_iptables_enabled: False
-
-pve_nginx_tls_enabled: True
-pve_nginx_tls_cert_file: mycert.pem
-pve_nginx_tls_key_file: mykey.pem
-
 # Configure pam auth
 pve_auth_pam_is_default: True
 pve_auth_pam_description: Linux PAM standard authentication
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -6,12 +6,3 @@
  listen: __pveproxy_restart
  become: True
  become_user: root
-
- name: Reload nginx
-  systemd:
-    state: reloaded
-    name: nginx
-  listen: __nginx_reload
-  delegate_to: "{{ pve_nginx_server }}"
-  become: True
-  become_user: root
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -5,5 +5,3 @@
 - import_tasks: tls.yml
  when: pve_tls_enabled | bool
  tags: tls_renewal
- import_tasks: nginx.yml
-  when: pve_nginx_vhost_enabled | bool
--- a/tasks/nginx.yml
+++ b/tasks/nginx.yml
@ -1,48 +0,0 @@
---
- block:
-    - name: Copy certs and private key to nginx proxy
-      copy:
-        src: "{{ item.src }}"
-        dest: "{{ item.dest }}"
-        mode: "{{ item.mode }}"
-      with_items:
-        - { src: "{{ pve_tls_key_source }}", dest: '/etc/pki/tls/private/{{ pve_nginx_tls_key_file }}', mode: '0600' }
-        - { src: "{{ pve_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ pve_nginx_tls_cert_file }}', mode: '0750' }
-      loop_control:
-        label: "{{ item.dest }}"
-      notify: __nginx_reload
-  delegate_to: "{{ pve_nginx_server }}"
-  when: pve_nginx_tls_enabled | bool
-  become: True
-  become_user: root
-  tags: tls_renewal
-
- block:
-    - name: Add vhost configuration file
-      template:
-        src: nginx/vhost.j2
-        dest: "{{ pve_nginx_vhost_dir }}/pve"
-        owner: root
-        group: root
-        mode: 0640
-      notify: __nginx_reload
-
-    - name: Enable pve vhost
-      file:
-        src: "{{ pve_nginx_vhost_dir }}/pve"
-        dest: "{{ pve_nginx_vhost_symlink }}/pve"
-        owner: root
-        group: root
-        state: link
-      notify: __nginx_reload
-      when: pve_nginx_vhost_symlink is defined
-
-    - name: Open ports in iptables
-      iptables_raw:
-        name: allow_pve_nginx_proxy
-        state: present
-        rules: '-A OUTPUT -m state --state NEW -p tcp -d {{ pve_server_ip }} --dport {{ pve_server_port }} -j ACCEPT'
-      when: pve_nginx_iptables_enabled | bool
-  delegate_to: "{{ pve_nginx_server }}"
-  become: True
-  become_user: root
--- a/tasks/pve.yml
+++ b/tasks/pve.yml
@ -5,7 +5,7 @@
        path: "{{ item.path }}"
        recurse: yes
        state: directory
-      loop: "{{ pve_disk_mount | default([]) }}"
+      loop: "{{ pve_disk_mount }}"
      loop_control:
        label: "{{ item.path }}"

@ -16,7 +16,7 @@
        fstype: "{{ item.fstype }}"
        opts: "{{ item.opts | default(omit) }}"
        state: "{{ item.state | default('mounted') }}"
-      loop: "{{ pve_disk_mount | default([]) }}"
+      loop: "{{ pve_disk_mount }}"
      loop_control:
        label: "{{ item.src }}   {{ item.path }}"
  become: True
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@ -5,7 +5,7 @@
        path: "{{ item }}"
        state: directory
        recurse: True
-      with_items:
+      loop:
        - /etc/pki/tls/certs
        - /etc/pki/tls/private

@ -24,9 +24,7 @@
    - name: Copy cert/key to pve filesystem
      command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
      changed_when: item[0].changed
-      with_nested:
-        - "{{ __pve_tls_copy.results }}"
-        - "{{ pve_nodes }}"
+      loop: "{{ __pve_tls_copy.results | product(pve_nodes) | list }}"
      loop_control:
        label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
      notify: __pveproxy_restart
--- a/templates/nginx/vhost.j2
+++ b/templates/nginx/vhost.j2
@ -1,55 +0,0 @@
-#jinja2: lstrip_blocks: True
-# {{ ansible_managed }}
-upstream backend_pve {
-    server {{ pve_server_ip }}:{{ pve_server_port }};
-}
-
-server {
-    listen 80;
-    server_name {{ pve_server_name }};
-
-    {% if pve_nginx_tls_enabled %}
-    return 301 https://$server_name$request_uri;
-    {% else %}
-    proxy_redirect off;
-    location / {
-        proxy_pass https://backend_pve;
-
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_buffering off;
-        client_max_body_size 0;
-        proxy_connect_timeout  3600s;
-        proxy_read_timeout  3600s;
-        proxy_send_timeout  3600s;
-        send_timeout  3600s;
-    }
-    {% endif %}
-}
-
-{% if pve_nginx_tls_enabled %}
-server {
-    listen              443 ssl;
-    server_name         {{ pve_server_name }};
-
-    proxy_redirect off;
-
-    location / {
-        proxy_pass https://backend_pve;
-
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_buffering off;
-        client_max_body_size 0;
-        proxy_connect_timeout  3600s;
-        proxy_read_timeout  3600s;
-        proxy_send_timeout  3600s;
-        send_timeout  3600s;
-    }
-
-    ssl_certificate /etc/pki/tls/certs/{{ pve_nginx_tls_cert_file }};
-    ssl_certificate_key /etc/pki/tls/private/{{ pve_nginx_tls_key_file }};
-}
-{% endif %}