haproxy-wi/app/scripts/ansible/roles/nginx_common/tasks/main.yml

---
- name: Set SSH port
  set_fact:
    ansible_port: "{{SSH_PORT}}"


- name: check if Nginx is installed
  package_facts:
    manager: "auto"

- name: populate service facts
  service_facts:


- name: Creates directory
  file:
    path: "{{nginx_dir}}"
    state: directory
  when: "'nginx' not in ansible_facts.packages"


- name: Creates directory
  file:
    path: "{{nginx_dir}}/conf.d"
    state: directory
  when: "'nginx' not in ansible_facts.packages"


- name: Set passlib version
  set_fact:
    passlib_ver: "python3-passlib"
  when: ansible_facts['distribution_major_version'] == '8' or (ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu')
  ignore_errors: True


- name: Set passlib version
  set_fact:
    passlib_ver: "python-passlib"
  when: ansible_facts['distribution_major_version'] == '7'
  ignore_errors: True


- name: Install passlib
  package:
    name: "{{passlib_ver}}"
    state: present
  when:
   - "'nginx' not in ansible_facts.packages"
   - ansible_facts['distribution_major_version'] != '9'
  environment:
    http_proxy: "{{PROXY}}"
    https_proxy: "{{PROXY}}"


- name: Install passlib for el9
  pip:
    name: passlib
  when: ansible_facts['distribution_major_version'] == '9'
  environment:
    http_proxy: "{{PROXY}}"
    https_proxy: "{{PROXY}}"


- name: Copy Nginx configuration in place
  template:
    src: default.conf.j2
    dest: "{{nginx_dir}}/conf.d/default.conf"
    mode: 0644
    force: no
  when: "'nginx' not in ansible_facts.packages"
  ignore_errors: yes

- name: Copying over nginx.conf
  template:
    src: nginx.conf.j2
    dest: "{{nginx_dir}}/nginx.conf"
    mode: "0666"
    force: no
    remote_src: true
  become: true
  ignore_errors: yes

- name: Copying over mime.types
  template:
    src: mime.types.j2
    dest: "{{nginx_dir}}/mime.types"
    mode: "0666"
    force: no
    remote_src: true
  become: true
  ignore_errors: yes

- name: Open stat port for firewalld
  firewalld:
    port: "{{ STAT_PORT }}/tcp"
    state: enabled
    permanent: yes
    immediate: yes
  ignore_errors: yes
  no_log: True
  debugger: never
  when:
    - '"firewalld" in ansible_facts.packages'
    - ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
    - ansible_facts.services["firewalld.service"]['state'] == "running"


- name: Open stat port for iptables
  iptables:
    chain: INPUT
    destination_port: "{{ STAT_PORT }}"
    jump: ACCEPT
    protocol: tcp
  ignore_errors: yes


- htpasswd:
    path: "{{nginx_dir}}/status_page_passwdfile"
    name: "{{STATS_USER}}"
    password: "{{STATS_PASS}}"
  when: "'nginx' not in ansible_facts.packages"


- name: test to see if selinux is running
  command: getenforce
  register: sestatus
  changed_when: false
  when: ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'


- name: Disble SELINUX in config
  template:
    src: /var/www/haproxy-wi/app/scripts/ansible/roles/haproxy/templates/selinux.j2
    dest: /etc/selinux/config
  ignore_errors: yes
  when:
    - sestatus.stdout is defined
    - '"Enforcing" in sestatus.stdout'


- name: Disble SELINUX in env
  shell: setenforce 0
  ignore_errors: yes
  debugger: never
  when:
    - sestatus.stdout is defined
    - '"Enforcing" in sestatus.stdout'