Merge pull request #1368 from edx/jarv/nginx-redirects

configurable redirects for the nginx role

Merge pull request #1368 from edx/jarv/nginx-redirects
configurable redirects for the nginx role
4b17de53 · John Jarvis · 92b1a410 · 2cd7d919 · 4b17de53 · 4b17de53
Commit 4b17de53 authored Aug 06, 2014 by John Jarvis
6 changed files
--- a/.travis.yml
+++ b/.travis.yml
@@ -24,9 +24,17 @@ script:
      fi
    done
  - |
-    plays="aws bastion certs commoncluster common demo devpi discern edx_ansible edxapp elasticsearch forum ora rabbitmq worker xqueue xserver"
    set -e
    cd playbooks/edx-east
-    for play in $plays; do
+    ROLE_DIRS=$(/bin/ls -d roles/*)
-      ansible-playbook -i localhost, --syntax-check ${play}.yml
+    cat <<EOF >travis-test.yml
+    - name: Play to test all roles
+      hosts: all
+      roles:
+    EOF
+    for role_dir in $ROLE_DIRS; do
+        echo "    - $(basename $role_dir)" >> travis-test.yml
    done
+    ansible-playbook -i localhost, --syntax-check travis-test.yml
--- a/playbooks/edx-east/edxapp.yml
+++ b/playbooks/edx-east/edxapp.yml
@@ -2,6 +2,8 @@
  hosts: all
  sudo: True
  gather_facts: True
+  vars:
+    NGINX_EDXAPP_CUSTOM_REDIRECTS: {}
  roles:
    - aws
    - role: nginx
@@ -10,6 +12,9 @@
      - cms
      nginx_default_sites:
      - lms
+      nginx_redirects: "{{ NGINX_EDXAPP_CUSTOM_REDIRECTS }}"
+    - role: nginxtra
+      when: COMMON_ENABLE_NGINXTRA
    - edxapp
    - role: datadog
      when: COMMON_ENABLE_DATADOG

--- a/playbooks/edx-east/nginx_redirect.yml
+++ b/playbooks/edx-east/nginx_redirect.yml
-# Example ansible-playbook -i redirect.example.com -e@/path/to/secure/var/file.yml
-#
-# the secure var file will need to have the following vars defined:
-#
-# NGINX_ENABLE_SSL
-# NGINX_SSL_CERTIFICATE
-# NGINX_SSL_KEY
-# # for the redirects use $scheme://example.com to match the protocol
-#
-# secure vars example:
-#  # Vars for setting up the nginx redirect instance
-#  NGINX_ENABLE_SSL: True
-#  NGINX_SSL_CERTIFICATE: '../../../example-secure/ssl/example.com.crt'
-#  NGINX_SSL_KEY: '../../../example-secure/ssl/example.com.key'
-#  nginx_redirects:
-#  - server_name: nginx-redirect.example.edx.org
-#    redirect: "http://www.example.com"
-#  - server_name: example.com
-#    redirect: "http://www.example.com"
-#    default: true
-#
-#
-#
-# - ...
- name: utility play to setup an nginx redirect
-  hosts: all
-  sudo: True
-  gather_facts: True
-  roles:
-    - role: nginx
-      nginx_sites:
-      - nginx_redirect
--- a/playbooks/roles/common/defaults/main.yml
+++ b/playbooks/roles/common/defaults/main.yml
@@ -53,6 +53,7 @@ COMMON_MYSQL_MIGRATE_PASS: 'password'
 COMMON_MONGO_READ_ONLY_USER: 'read_only'
 COMMON_MONGO_READ_ONLY_PASS: !!null
 COMMON_ENABLE_DATADOG: False
+COMMON_ENABLE_NGINXTRA: False
 COMMON_ENABLE_SPLUNKFORWARDER: False
 COMMON_ENABLE_NEWRELIC: False
 COMMON_TAG_EC2_INSTANCE: False

--- a/playbooks/roles/nginx/tasks/main.yml
+++ b/playbooks/roles/nginx/tasks/main.yml
@@ -12,6 +12,7 @@
    - "{{ nginx_app_dir }}"
    - "{{ nginx_sites_available_dir }}"
    - "{{ nginx_sites_enabled_dir }}"
+    - "{{ nginx_conf_dir }}"
  notify: restart nginx
 - name: create nginx data dirs
@@ -72,6 +73,24 @@
  notify: reload nginx
  with_items: nginx_sites
+- name: Copying nginx redirect configs for {{ nginx_redirects }}
+  template: >
+    src={{ nginx_template_dir }}/nginx_redirect.j2
+    dest={{ nginx_sites_available_dir }}/{{ item.key }}
+    owner=root group={{ common_web_user }} mode=0640
+  notify: reload nginx
+  with_dict: nginx_redirects
+  when: nginx_redirects is defined
+- name: Creating nginx redirect links for {{ nginx_redirects }}
+  file: >
+    src={{ nginx_sites_available_dir }}/{{ item.key  }}
+    dest={{ nginx_sites_enabled_dir }}/{{ item.key }}
+    state=link owner=root group=root
+  notify: reload nginx
+  with_dict: nginx_redirects
+  when: nginx_redirects is defined
 - name: Write out htpasswd file
  htpasswd: >
    name={{ COMMON_HTPASSWD_USER }}

--- a/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/nginx_redirect.j2
+++ b/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/nginx_redirect.j2
-{% for item in nginx_redirects -%}
+{%- if "default" in item.value -%}
-{%- if "default" in item -%}
  {%- set default_site = "default" -%}
 {%- else -%}
  {%- set default_site = "" -%}
@@ -8,13 +6,17 @@
 server {
  listen 80 {{ default_site }};
-  listen 443 {{ default_site }} ssl;
+  {% if "ssl" in item.value and item.value['ssl'] == true -%}
+  listen 443 {{ default_site }} ssl;
  ssl_certificate /etc/ssl/certs/{{ NGINX_SSL_CERTIFICATE|basename }};
  ssl_certificate_key /etc/ssl/private/{{ NGINX_SSL_KEY|basename }};
+  {% endif -%}
-  server_name {{ item['server_name'] }};
+  server_name {% for server in item.value['server_names'] %}
-  return 301 {{ item['redirect'] }}$request_uri;
-}
-{% endfor %}
+                {{ server }}{% endfor -%};
+  return 301 {{ item.value['redirect_destination'] }}$request_uri;
+}