Merge pull request #3090 from edx/arbab/nginx-rewrite

YAML style parameter passing

Merge pull request #3090 from edx/arbab/nginx-rewrite
YAML style parameter passing
869b26b7 · Arbab Nazar · GitHub · 714bc429 · 2238cc90 · 869b26b7
Commit 869b26b7 authored Jun 14, 2016 by Arbab Nazar Committed by GitHub Jun 14, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 147 additions and 137 deletions

playbooks/roles/nginx/handlers/main.yml
+6 -2

playbooks/roles/nginx/tasks/main.yml
+141 -135

No files found.
--- a/playbooks/roles/nginx/handlers/main.yml
+++ b/playbooks/roles/nginx/handlers/main.yml
 ---
 - name: restart nginx
-  service: name=nginx state=restarted
+  service:
+    name: nginx
+    state: restarted
 - name: reload nginx
-  service: name=nginx state=reloaded
+  service:
+    name: nginx
+    state: reloaded
--- a/playbooks/roles/nginx/tasks/main.yml
+++ b/playbooks/roles/nginx/tasks/main.yml
 # requires:
 #   - common/tasks/main.yml
 ---
+- name: Create nginx app and data dirs
- name: create nginx app dirs
+  file:
-  file: >
+    path: "{{ item.path }}"
-    path="{{ item }}"
+    state: directory
-    state=directory
+    owner: "{{ item.owner }}"
-    owner="{{ nginx_user }}"
+    group: "{{ item.group }}"
-    group="{{ common_web_group }}"
-  with_items:
-    - "{{ nginx_app_dir }}"
-    - "{{ nginx_sites_available_dir }}"
-    - "{{ nginx_sites_enabled_dir }}"
-    - "{{ nginx_conf_dir }}"
-  notify: restart nginx
-  tags:
-    - install
-    - install:configuration
- name: create nginx data dirs
-  file: >
-    path="{{ item }}"
-    state=directory
-    owner="{{ common_web_user }}"
-    group="{{ nginx_user }}"
  with_items:
-    - "{{ nginx_data_dir }}"
+    - { path: '{{ nginx_app_dir }}', owner: '{{ nginx_user }}', group: '{{ common_web_group }}' }
-    - "{{ nginx_log_dir }}"
+    - { path: '{{ nginx_sites_available_dir }}', owner: '{{ nginx_user }}', group: '{{ common_web_group }}' }
-    - "{{ nginx_server_static_dir }}"
+    - { path: '{{ nginx_sites_enabled_dir }}', owner: '{{ nginx_user }}', group: '{{ common_web_group }}' }
+    - { path: '{{ nginx_conf_dir }}', owner: '{{ nginx_user }}', group: '{{ common_web_group }}' }
+    - { path: '{{ nginx_data_dir }}', owner: '{{ common_web_user }}', group: '{{ nginx_user }}' }
+    - { path: '{{ nginx_log_dir }}', owner: '{{ common_web_user }}', group: '{{ nginx_user }}' }
+    - { path: '{{ nginx_server_static_dir }}', owner: '{{ common_web_user }}', group: '{{ nginx_user }}' }
  notify: restart nginx
  tags:
    - install
    - install:configuration
 - name: Install needed packages
-  apt: pkg={{ item }} state=present
+  apt:
+    name: "{{ item }}"
+    state: present
  notify: restart nginx
-  with_items: nginx_debian_pkgs
+  with_items: "{{ nginx_debian_pkgs }}"
  tags:
    - install
    - install:system-requirements
 - name: Add apt key
  apt_key:
-    url: http://nginx.org/keys/nginx_signing.key
+    url: "http://nginx.org/keys/nginx_signing.key"
    state: present
  notify: restart nginx
  tags:
@@ -59,20 +48,6 @@
    - install
    - install:system-requirements
-# REMOVE THIS AFTER LATEST NGINX HAS BEEN DEPLOYED EVERYWHERE
-# New package does not identify conflicts properly.
-# "nginx-common" only appears as requirement for ubuntu-distributed package, thus
-# removing it will remove all nginx packages installed from Ubuntu's repo.
-# This is only required if nginx was previously installed from Ubuntu's repo
-# and you're switching to Nginx's PPA
- name: Remove old nginx packages
-  apt:
-    name: nginx-common
-    state: absent
-  tags:
-    - install
-    - install:system-requirements
 - name: Install the nginx package
  apt:
    name: nginx
@@ -84,37 +59,36 @@
    - install:system-requirements
 - name: Remove the default site
-  file: >
+  file:
-    path=/etc/nginx/sites-enabled/default
+    path: /etc/nginx/sites-enabled/default
-    state=absent
+    state: absent
  notify: reload nginx
  tags:
    - install
    - install:configuration
- name: Server configuration file
+- name: Define server configuration file and common nginx configuration
-  template: >
+  template:
-    src=etc/nginx/nginx.conf.j2 dest=/etc/nginx/nginx.conf
+    src: "{{ item.src }}"
-    owner=root group={{ common_web_user }} mode=0644
+    dest: "{{ item.dest }}"
+    owner: root
+    group: "{{ item.group }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: 'etc/nginx/nginx.conf.j2', dest: '/etc/nginx/nginx.conf', group: '{{ common_web_user }}', mode: "0644" }
+    - { src: 'edx/app/nginx/sites-available/edx-release.j2', dest: '{{ nginx_sites_available_dir }}/edx-release', group: 'root', mode: "0600" }
  notify: restart nginx
  tags:
    - install
    - install:configuration
- name: Creating common nginx configuration
-  template: >
-    src=edx/app/nginx/sites-available/edx-release.j2
-    dest={{ nginx_sites_available_dir }}/edx-release
-    owner=root group=root mode=0600
-  notify: reload nginx
-  tags:
-    - install
-    - install:configuration
 - name: Create robot rules
-  template: >
+  template:
-    src=edx/app/nginx/robots.txt.j2 dest={{ nginx_app_dir }}/robots.txt
+    src: "edx/app/nginx/robots.txt.j2"
-    owner=root group={{ common_web_user }} mode=0644
+    dest: "{{ nginx_app_dir }}/robots.txt"
+    owner: root
+    group: "{{ common_web_user }}"
+    mode: 0644
  notify: reload nginx
  when: NGINX_ROBOT_RULES|length > 0
  tags:
@@ -122,88 +96,104 @@
    - install:configuration
 - name: Creating link for common nginx configuration
-  file: >
+  file:
-    src={{ nginx_sites_available_dir }}/edx-release
+    src: "{{ nginx_sites_available_dir }}/edx-release"
-    dest={{ nginx_sites_enabled_dir }}/edx-release
+    dest: "{{ nginx_sites_enabled_dir }}/edx-release"
-    state=link owner=root group=root
+    state: link
+    owner: root
+    group: root
  notify: reload nginx
  tags:
    - install
    - install:configuration
 - name: Copying nginx configs for {{ nginx_sites }}
-  template: >
+  template:
-    src={{ nginx_template_dir }}/{{ item }}.j2
+    src: "{{ nginx_template_dir }}/{{ item }}.j2"
-    dest={{ nginx_sites_available_dir }}/{{ item }}
+    dest: "{{ nginx_sites_available_dir }}/{{ item }}"
-    owner=root group={{ common_web_user }} mode=0640
+    owner: root
+    group: "{{ common_web_user }}"
+    mode: 0640
+  with_items: "{{ nginx_sites }}"
  notify: reload nginx
-  with_items: nginx_sites
  tags:
    - install
    - install:configuration
 - name: Creating nginx config links for {{ nginx_sites }}
-  file: >
+  file:
-    src={{ nginx_sites_available_dir }}/{{ item  }}
+    src: "{{ nginx_sites_available_dir }}/{{ item  }}"
-    dest={{ nginx_sites_enabled_dir }}/{{ item }}
+    dest: "{{ nginx_sites_enabled_dir }}/{{ item }}"
-    state=link owner=root group=root
+    state: link
+    owner: root
+    group: root
+  with_items: "{{ nginx_sites }}"
  notify: reload nginx
-  with_items: nginx_sites
  tags:
    - install
    - install:configuration
 - name: Copying nginx extra configs
-  template: >
+  template:
-    src={{ item }}
+    src: "{{ item }}"
-    dest={{ nginx_sites_available_dir }}/{{ item|basename|replace(".j2", "") }}
+    dest: "{{ nginx_sites_available_dir }}/{{ (item | basename).rstrip('.j2') }}"
-    owner=root group={{ common_web_user }} mode=0640
+    owner: root
+    group: "{{ common_web_user }}"
+    mode: 0640
+  with_items: "{{ nginx_extra_sites }}"
  notify: reload nginx
-  with_items: nginx_extra_sites
  tags:
    - install
    - install:configuration
 - name: Creating links for nginx extra configs
-  file: >
+  file:
-    src={{ nginx_sites_available_dir }}/{{ item|basename|replace(".j2", "")  }}
+    src: "{{ nginx_sites_available_dir }}/{{ (item | basename).rstrip('.j2') }}"
-    dest={{ nginx_sites_enabled_dir }}/{{ item|basename|replace(".j2", "") }}
+    dest: "{{ nginx_sites_enabled_dir }}/{{ (item | basename).rstrip('.j2') }}"
-    state=link owner=root group=root
+    state: link
+    owner: root
+    group: root
+  with_items: "{{ nginx_extra_sites }}"
  notify: reload nginx
-  with_items: nginx_extra_sites
  tags:
    - install
    - install:configuration
 - name: Copying custom nginx config
-  template: >
+  template:
-    src={{ item }}
+    src: "{{ item }}"
-    dest={{ nginx_conf_dir }}/{{ item|basename|replace(".j2", "") }}
+    dest: "{{ nginx_conf_dir }}/{{ (item | basename).rstrip('.j2') }}"
-    owner=root group={{ common_web_user }} mode=0640
+    owner: root
+    group: "{{ common_web_user }}"
+    mode: 0640
+  with_items: "{{ nginx_extra_configs }}"
  notify: reload nginx
-  with_items: nginx_extra_configs
  tags:
    - install
    - install:configuration
 - name: Copying nginx redirect configs for {{ nginx_redirects }}
-  template: >
+  template:
-    src={{ nginx_template_dir }}/nginx_redirect.j2
+    src: "{{ nginx_template_dir }}/nginx_redirect.j2"
-    dest={{ nginx_sites_available_dir }}/{{ item.key }}
+    dest: "{{ nginx_sites_available_dir }}/{{ item.key }}"
-    owner=root group={{ common_web_user }} mode=0640
+    owner: root
+    group: "{{ common_web_user }}"
+    mode: 0640
+  with_dict: "{{ nginx_redirects }}"
  notify: reload nginx
-  with_dict: nginx_redirects
  tags:
    - install
    - install:configuration
 - name: Creating nginx redirect links for {{ nginx_redirects }}
-  file: >
+  file:
-    src={{ nginx_sites_available_dir }}/{{ item.key  }}
+    src: "{{ nginx_sites_available_dir }}/{{ item.key  }}"
-    dest={{ nginx_sites_enabled_dir }}/{{ item.key }}
+    dest: "{{ nginx_sites_enabled_dir }}/{{ item.key }}"
-    state=link owner=root group=root
+    state: link
+    owner: root
+    group: root
+  with_dict: "{{ nginx_redirects }}"
  notify: reload nginx
-  with_dict: nginx_redirects
  tags:
    - install
    - install:configuration
@@ -212,31 +202,35 @@
  # for nginx rate limiting, 500 errors, etc.
 - name: Create NGINX server templates
-  template: >
+  template:
-    src=edx/var/nginx/server-static/server-template.j2
+    src: "edx/var/nginx/server-static/server-template.j2"
-    dest={{ nginx_server_static_dir }}/{{ item.file }}
+    dest: "{{ nginx_server_static_dir }}/{{ item.file }}"
-    owner=root group={{ common_web_user }} mode=0640
+    owner: root
-  with_items: NGINX_SERVER_HTML_FILES
+    group: "{{ common_web_user }}"
+    mode: 0640
+  with_items: "{{ NGINX_SERVER_HTML_FILES }}"
  tags:
    - install
    - install:configuration
 - name: Write out htpasswd file
-  htpasswd: >
+  htpasswd:
-    name={{ item.name }}
+    name: "{{ item.name }}"
-    password={{ item.password }}
+    password: "{{ item.password }}"
-    state={{ item.state  }}
+    state: "{{ item.state  }}"
-    path={{ nginx_htpasswd_file }}
+    path: "{{ nginx_htpasswd_file }}"
+  with_items: "{{ NGINX_USERS }}"
  when: NGINX_CREATE_HTPASSWD_FILE
  tags:
    - install
    - install:configuration
-  with_items: NGINX_USERS
 - name: Create nginx log file location (just in case)
-  file: >
+  file:
-    path={{ nginx_log_dir}} state=directory
+    path: "{{ nginx_log_dir}}"
-    owner={{ common_web_user }} group={{ common_web_user }}
+    state: directory
+    owner: "{{ common_web_user }}"
+    group: "{{ common_web_user }}"
  tags:
    - install
    - install:configuration
@@ -263,20 +257,24 @@
    - install:configuration
 - name: copy ssl cert
-  copy: >
+  copy:
-    src={{ NGINX_SSL_CERTIFICATE }}
+    src: "{{ NGINX_SSL_CERTIFICATE }}"
-    dest=/etc/ssl/certs/
+    dest: "/etc/ssl/certs/"
-    owner=root group=root mode=0644
+    owner: root
+    group: root
+    mode: 0644
  when: ssl_cert.stat.exists and NGINX_ENABLE_SSL and NGINX_SSL_CERTIFICATE != 'ssl-cert-snakeoil.pem'
  tags:
    - install
    - install:configuration
 - name: copy ssl key
-  copy: >
+  copy:
-    src={{ NGINX_SSL_KEY }}
+    src: "{{ NGINX_SSL_KEY }}"
-    dest=/etc/ssl/private/
+    dest: "/etc/ssl/private/"
-    owner=root group=root mode=0640
+    owner: root
+    group: root
+    mode: 0640
  when: ssl_key.stat.exists and NGINX_ENABLE_SSL and NGINX_SSL_KEY != 'ssl-cert-snakeoil.key'
  tags:
    - install
@@ -284,7 +282,9 @@
 # removing default link
 - name: Removing default nginx config and restart (enabled)
-  file: path={{ nginx_sites_enabled_dir }}/default state=absent
+  file:
+    path: "{{ nginx_sites_enabled_dir }}/default"
+    state: absent
  notify: reload nginx
  tags:
    - install
@@ -293,19 +293,23 @@
 # Note that nginx logs to /var/log until it reads its configuration, so /etc/logrotate.d/nginx is still good
 - name: Set up nginx access log rotation
-  template: >
+  template:
-    src=etc/logrotate.d/edx_logrotate_nginx_access.j2
+    src: "etc/logrotate.d/edx_logrotate_nginx_access.j2"
-    dest=/etc/logrotate.d/nginx-access
+    dest: "/etc/logrotate.d/nginx-access"
-    owner=root group=root mode=644
+    owner: root
+    group: root
+    mode: 0644
  tags:
    - install
    - install:configuration
 - name: Set up nginx access log rotation
-  template: >
+  template:
-    src=etc/logrotate.d/edx_logrotate_nginx_error.j2
+    src: "etc/logrotate.d/edx_logrotate_nginx_error.j2"
-    dest=/etc/logrotate.d/nginx-error
+    dest: "/etc/logrotate.d/nginx-error"
-    owner=root group=root mode=644
+    owner: root
+    group: root
+    mode: 0644
  tags:
    - install
    - install:configuration
@@ -313,7 +317,7 @@
 # nginx is started during package installation, before any of the configuration files are in place.
 # The handler that reloads the configuration would be run only at the very end of the playbook, so
 # none of the local services would be available in the meantime, e.g. causing certs to error out
-# since it can't reach xqueue on the its nginx port.  For this reason, we flush the handlers here
+# since it can't reach xqueue on its nginx port.  For this reason, we flush the handlers here
 # to ensure the nginx configuration is reloaded when necessary.
 - name: Restart or reload nginx if necessary
  meta: flush_handlers
@@ -325,7 +329,9 @@
 # their corresponding notifications don't get run.  If nginx has been stopped for
 # any reason, this will ensure that it is started up again.
 - name: make sure nginx has started
-  service: name=nginx state=started
+  service:
+    name: nginx
+    state: started
  tags:
    - manage
    - manage:start