haproxy-wi/app/scripts/ansible/roles/nginx_common/tasks/main.yml

---
- name: Set SSH port
  set_fact:
    ansible_port: "{{SSH_PORT}}"


- name: check if Nginx is installed
  package_facts:
    manager: "auto"

- name: populate service facts
  service_facts:


- name: Creates directory
  file:
    path: /etc/nginx
    state: directory
  when: "'nginx' not in ansible_facts.packages"


- name: Creates directory
  file:
    path: /etc/nginx/conf.d
    state: directory
  when: "'nginx' not in ansible_facts.packages"


- name: Set passlib version
  set_fact:
    passlib_ver: "python3-passlib"
  when: (ansible_facts['distribution_major_version'] == '8' and (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS')) or (ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu')
  ignore_errors: True


- name: Set passlib version
  set_fact:
    passlib_ver: "python-passlib"
  when: ansible_facts['distribution_major_version'] == '7'
  ignore_errors: True


- name: Install passlib
  package:
    name: "{{passlib_ver}}"
    state: present
  when: "'nginx' not in ansible_facts.packages"
  environment:
    http_proxy: "{{PROXY}}"
    https_proxy: "{{PROXY}}"


- name: Copy Nginx configuration in place
  template:
    src: default.conf.j2
    dest: "{{nginx_dir}}/conf.d/default.conf"
    mode: 0644
    force: no
  when: "'nginx' not in ansible_facts.packages"
  ignore_errors: yes

- name: Copying over nginx.conf
  template:
    src: nginx.conf.j2
    dest: "{{ nginx_dir }}/nginx.conf"
    mode: "0666"
    force: no
    remote_src: true
  become: true
  ignore_errors: yes

- name: Copying over mime.types
  template:
    src: mime.types.j2
    dest: "{{ nginx_dir }}/mime.types"
    mode: "0666"
    force: no
    remote_src: true
  become: true
  ignore_errors: yes

- name: Open stat port for firewalld
  firewalld:
    port: "{{ STAT_PORT }}/tcp"
    state: enabled
    permanent: yes
    immediate: yes
    ignore_errors: yes
    no_log: True
    debugger: never
  when:
    - '"firewalld" in ansible_facts.packages'
    - ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
    - ansible_facts.services["firewalld.service"]['state'] == "running"


- name: Open stat port for iptables
  iptables:
    chain: INPUT
    destination_port: "{{ STAT_PORT }}"
    jump: ACCEPT
    protocol: tcp
  ignore_errors: yes


- htpasswd:
    path: /etc/nginx/status_page_passwdfile
    name: "{{STATS_USER}}"
    password: "{{STATS_PASS}}"
  when: "'nginx' not in ansible_facts.packages"


- name: test to see if selinux is running
  command: getenforce
  register: sestatus
  changed_when: false
  when: ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'


- name: Disble SELINUX in config
  template:
    src: /var/www/haproxy-wi/app/scripts/ansible/roles/haproxy/templates/selinux.j2
    dest: /etc/selinux/config
  ignore_errors: yes
  when:
    - sestatus.stdout is defined
    - '"Enforcing" in sestatus.stdout'


- name: Disble SELINUX in env
  shell: setenforce 0
  ignore_errors: yes
  debugger: never
  when:
    - sestatus.stdout is defined
    - '"Enforcing" in sestatus.stdout'
v5.4.0.0 Changelog: https://haproxy-wi.org/changelog.py#5_4_0 2022-01-17 21:13:35 +00:00			`---`
			`- name: Set SSH port`
			`set_fact:`
			`ansible_port: "{{SSH_PORT}}"`


			`- name: check if Nginx is installed`
			`package_facts:`
			`manager: "auto"`

			`- name: populate service facts`
			`service_facts:`


			`- name: Creates directory`
			`file:`
			`path: /etc/nginx`
			`state: directory`
			`when: "'nginx' not in ansible_facts.packages"`


			`- name: Creates directory`
			`file:`
			`path: /etc/nginx/conf.d`
			`state: directory`
			`when: "'nginx' not in ansible_facts.packages"`


			`- name: Set passlib version`
			`set_fact:`
			`passlib_ver: "python3-passlib"`
			`when: (ansible_facts['distribution_major_version'] == '8' and (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS')) or (ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu')`
			`ignore_errors: True`


			`- name: Set passlib version`
			`set_fact:`
			`passlib_ver: "python-passlib"`
			`when: ansible_facts['distribution_major_version'] == '7'`
			`ignore_errors: True`


			`- name: Install passlib`
			`package:`
			`name: "{{passlib_ver}}"`
			`state: present`
			`when: "'nginx' not in ansible_facts.packages"`
			`environment:`
			`http_proxy: "{{PROXY}}"`
			`https_proxy: "{{PROXY}}"`


v5.4.0.0 Changelog: https://haproxy-wi.org/changelog.py#5_4_0 2022-01-18 07:22:11 +00:00			`- name: Copy Nginx configuration in place`
v5.4.0.0 Changelog: https://haproxy-wi.org/changelog.py#5_4_0 2022-01-17 21:13:35 +00:00			`template:`
v5.4.0.0 Changelog: https://haproxy-wi.org/changelog.py#5_4_0 2022-01-18 07:22:11 +00:00			`src: default.conf.j2`
v5.4.0.0 Changelog: https://haproxy-wi.org/changelog.py#5_4_0 2022-01-19 18:47:58 +00:00			`dest: "{{nginx_dir}}/conf.d/default.conf"`
v5.4.0.0 Changelog: https://haproxy-wi.org/changelog.py#5_4_0 2022-01-17 21:13:35 +00:00			`mode: 0644`
			`force: no`
			`when: "'nginx' not in ansible_facts.packages"`
			`ignore_errors: yes`

v5.4.0.0 Changelog: https://haproxy-wi.org/changelog.py#5_4_0 2022-01-19 18:47:58 +00:00			`- name: Copying over nginx.conf`
			`template:`
			`src: nginx.conf.j2`
			`dest: "{{ nginx_dir }}/nginx.conf"`
			`mode: "0666"`
			`force: no`
			`remote_src: true`
			`become: true`
			`ignore_errors: yes`

			`- name: Copying over mime.types`
			`template:`
			`src: mime.types.j2`
			`dest: "{{ nginx_dir }}/mime.types"`
			`mode: "0666"`
			`force: no`
			`remote_src: true`
			`become: true`
			`ignore_errors: yes`
v5.4.0.0 Changelog: https://haproxy-wi.org/changelog.py#5_4_0 2022-01-17 21:13:35 +00:00
			`- name: Open stat port for firewalld`
			`firewalld:`
			`port: "{{ STAT_PORT }}/tcp"`
			`state: enabled`
			`permanent: yes`
			`immediate: yes`
			`ignore_errors: yes`
			`no_log: True`
			`debugger: never`
			`when:`
			`- '"firewalld" in ansible_facts.packages'`
			`- ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'`
			`- ansible_facts.services["firewalld.service"]['state'] == "running"`


			`- name: Open stat port for iptables`
			`iptables:`
			`chain: INPUT`
			`destination_port: "{{ STAT_PORT }}"`
			`jump: ACCEPT`
			`protocol: tcp`
			`ignore_errors: yes`


			`- htpasswd:`
			`path: /etc/nginx/status_page_passwdfile`
			`name: "{{STATS_USER}}"`
			`password: "{{STATS_PASS}}"`
			`when: "'nginx' not in ansible_facts.packages"`


			`- name: test to see if selinux is running`
			`command: getenforce`
			`register: sestatus`
			`changed_when: false`
			`when: ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'`


			`- name: Disble SELINUX in config`
			`template:`
			`src: /var/www/haproxy-wi/app/scripts/ansible/roles/haproxy/templates/selinux.j2`
			`dest: /etc/selinux/config`
			`ignore_errors: yes`
			`when:`
			`- sestatus.stdout is defined`
			`- '"Enforcing" in sestatus.stdout'`


			`- name: Disble SELINUX in env`
			`shell: setenforce 0`
			`ignore_errors: yes`
			`debugger: never`
			`when:`
			`- sestatus.stdout is defined`
			`- '"Enforcing" in sestatus.stdout'`