Merge pull request #3090 from edx/arbab/nginx-rewrite

YAML style parameter passing

playbooks/roles/nginx/handlers/main.yml

 ---
 - name: restart nginx
-  service: name=nginx state=restarted
+  service:
+    name: nginx
+    state: restarted
 
 - name: reload nginx
-  service: name=nginx state=reloaded
+  service:
+    name: nginx
+    state: reloaded

playbooks/roles/nginx/tasks/main.yml

 # requires:
 #   - common/tasks/main.yml
 ---
-
-- name: create nginx app dirs
-  file: >
-    path="{{ item }}"
-    state=directory
-    owner="{{ nginx_user }}"
-    group="{{ common_web_group }}"
-  with_items:
-    - "{{ nginx_app_dir }}"
-    - "{{ nginx_sites_available_dir }}"
-    - "{{ nginx_sites_enabled_dir }}"
-    - "{{ nginx_conf_dir }}"
-  notify: restart nginx
-  tags:
-    - install
-    - install:configuration
-
-- name: create nginx data dirs
-  file: >
-    path="{{ item }}"
-    state=directory
-    owner="{{ common_web_user }}"
-    group="{{ nginx_user }}"
+- name: Create nginx app and data dirs
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner }}"
+    group: "{{ item.group }}"
   with_items:
-    - "{{ nginx_data_dir }}"
-    - "{{ nginx_log_dir }}"
-    - "{{ nginx_server_static_dir }}"
+    - { path: '{{ nginx_app_dir }}', owner: '{{ nginx_user }}', group: '{{ common_web_group }}' }
+    - { path: '{{ nginx_sites_available_dir }}', owner: '{{ nginx_user }}', group: '{{ common_web_group }}' }
+    - { path: '{{ nginx_sites_enabled_dir }}', owner: '{{ nginx_user }}', group: '{{ common_web_group }}' }
+    - { path: '{{ nginx_conf_dir }}', owner: '{{ nginx_user }}', group: '{{ common_web_group }}' }
+    - { path: '{{ nginx_data_dir }}', owner: '{{ common_web_user }}', group: '{{ nginx_user }}' }
+    - { path: '{{ nginx_log_dir }}', owner: '{{ common_web_user }}', group: '{{ nginx_user }}' }
+    - { path: '{{ nginx_server_static_dir }}', owner: '{{ common_web_user }}', group: '{{ nginx_user }}' }
   notify: restart nginx
   tags:
     - install
     - install:configuration
 
 - name: Install needed packages
-  apt: pkg={{ item }} state=present
+  apt:
+    name: "{{ item }}"
+    state: present
   notify: restart nginx
-  with_items: nginx_debian_pkgs
+  with_items: "{{ nginx_debian_pkgs }}"
   tags:
     - install
     - install:system-requirements
 
 - name: Add apt key
   apt_key:
-    url: http://nginx.org/keys/nginx_signing.key
+    url: "http://nginx.org/keys/nginx_signing.key"
     state: present
   notify: restart nginx
   tags:
@@ -59,20 +48,6 @@
     - install
     - install:system-requirements
 
-# REMOVE THIS AFTER LATEST NGINX HAS BEEN DEPLOYED EVERYWHERE
-# New package does not identify conflicts properly.
-# "nginx-common" only appears as requirement for ubuntu-distributed package, thus
-# removing it will remove all nginx packages installed from Ubuntu's repo.
-# This is only required if nginx was previously installed from Ubuntu's repo
-# and you're switching to Nginx's PPA
-- name: Remove old nginx packages
-  apt:
-    name: nginx-common
-    state: absent
-  tags:
-    - install
-    - install:system-requirements
-
 - name: Install the nginx package
   apt:
     name: nginx
@@ -84,37 +59,36 @@
     - install:system-requirements
 
 - name: Remove the default site
-  file: >
-    path=/etc/nginx/sites-enabled/default
-    state=absent
+  file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
   notify: reload nginx
   tags:
     - install
     - install:configuration
 
-- name: Server configuration file
-  template: >
-    src=etc/nginx/nginx.conf.j2 dest=/etc/nginx/nginx.conf
-    owner=root group={{ common_web_user }} mode=0644
+- name: Define server configuration file and common nginx configuration
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: "{{ item.group }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: 'etc/nginx/nginx.conf.j2', dest: '/etc/nginx/nginx.conf', group: '{{ common_web_user }}', mode: "0644" }
+    - { src: 'edx/app/nginx/sites-available/edx-release.j2', dest: '{{ nginx_sites_available_dir }}/edx-release', group: 'root', mode: "0600" }
   notify: restart nginx
   tags:
     - install
     - install:configuration
 
-- name: Creating common nginx configuration
-  template: >
-    src=edx/app/nginx/sites-available/edx-release.j2
-    dest={{ nginx_sites_available_dir }}/edx-release
-    owner=root group=root mode=0600
-  notify: reload nginx
-  tags:
-    - install
-    - install:configuration
-
 - name: Create robot rules
-  template: >
-    src=edx/app/nginx/robots.txt.j2 dest={{ nginx_app_dir }}/robots.txt
-    owner=root group={{ common_web_user }} mode=0644
+  template:
+    src: "edx/app/nginx/robots.txt.j2"
+    dest: "{{ nginx_app_dir }}/robots.txt"
+    owner: root
+    group: "{{ common_web_user }}"
+    mode: 0644
   notify: reload nginx
   when: NGINX_ROBOT_RULES|length > 0
   tags:
@@ -122,88 +96,104 @@
     - install:configuration
 
 - name: Creating link for common nginx configuration
-  file: >
-    src={{ nginx_sites_available_dir }}/edx-release
-    dest={{ nginx_sites_enabled_dir }}/edx-release
-    state=link owner=root group=root
+  file:
+    src: "{{ nginx_sites_available_dir }}/edx-release"
+    dest: "{{ nginx_sites_enabled_dir }}/edx-release"
+    state: link
+    owner: root
+    group: root
   notify: reload nginx
   tags:
     - install
     - install:configuration
 
 - name: Copying nginx configs for {{ nginx_sites }}
-  template: >
-    src={{ nginx_template_dir }}/{{ item }}.j2
-    dest={{ nginx_sites_available_dir }}/{{ item }}
-    owner=root group={{ common_web_user }} mode=0640
+  template:
+    src: "{{ nginx_template_dir }}/{{ item }}.j2"
+    dest: "{{ nginx_sites_available_dir }}/{{ item }}"
+    owner: root
+    group: "{{ common_web_user }}"
+    mode: 0640
+  with_items: "{{ nginx_sites }}"
   notify: reload nginx
-  with_items: nginx_sites
   tags:
     - install
     - install:configuration
 
 - name: Creating nginx config links for {{ nginx_sites }}
-  file: >
-    src={{ nginx_sites_available_dir }}/{{ item  }}
-    dest={{ nginx_sites_enabled_dir }}/{{ item }}
-    state=link owner=root group=root
+  file:
+    src: "{{ nginx_sites_available_dir }}/{{ item  }}"
+    dest: "{{ nginx_sites_enabled_dir }}/{{ item }}"
+    state: link
+    owner: root
+    group: root
+  with_items: "{{ nginx_sites }}"
   notify: reload nginx
-  with_items: nginx_sites
   tags:
     - install
     - install:configuration
 
 - name: Copying nginx extra configs
-  template: >
-    src={{ item }}
-    dest={{ nginx_sites_available_dir }}/{{ item|basename|replace(".j2", "") }}
-    owner=root group={{ common_web_user }} mode=0640
+  template:
+    src: "{{ item }}"
+    dest: "{{ nginx_sites_available_dir }}/{{ (item | basename).rstrip('.j2') }}"
+    owner: root
+    group: "{{ common_web_user }}"
+    mode: 0640
+  with_items: "{{ nginx_extra_sites }}"
   notify: reload nginx
-  with_items: nginx_extra_sites
   tags:
     - install
     - install:configuration
 
 - name: Creating links for nginx extra configs
-  file: >
-    src={{ nginx_sites_available_dir }}/{{ item|basename|replace(".j2", "")  }}
-    dest={{ nginx_sites_enabled_dir }}/{{ item|basename|replace(".j2", "") }}
-    state=link owner=root group=root
+  file:
+    src: "{{ nginx_sites_available_dir }}/{{ (item | basename).rstrip('.j2') }}"
+    dest: "{{ nginx_sites_enabled_dir }}/{{ (item | basename).rstrip('.j2') }}"
+    state: link
+    owner: root
+    group: root
+  with_items: "{{ nginx_extra_sites }}"
   notify: reload nginx
-  with_items: nginx_extra_sites
   tags:
     - install
     - install:configuration
 
 - name: Copying custom nginx config
-  template: >
-    src={{ item }}
-    dest={{ nginx_conf_dir }}/{{ item|basename|replace(".j2", "") }}
-    owner=root group={{ common_web_user }} mode=0640
+  template:
+    src: "{{ item }}"
+    dest: "{{ nginx_conf_dir }}/{{ (item | basename).rstrip('.j2') }}"
+    owner: root
+    group: "{{ common_web_user }}"
+    mode: 0640
+  with_items: "{{ nginx_extra_configs }}"
   notify: reload nginx
-  with_items: nginx_extra_configs
   tags:
     - install
     - install:configuration
 
 - name: Copying nginx redirect configs for {{ nginx_redirects }}
-  template: >
-    src={{ nginx_template_dir }}/nginx_redirect.j2
-    dest={{ nginx_sites_available_dir }}/{{ item.key }}
-    owner=root group={{ common_web_user }} mode=0640
+  template:
+    src: "{{ nginx_template_dir }}/nginx_redirect.j2"
+    dest: "{{ nginx_sites_available_dir }}/{{ item.key }}"
+    owner: root
+    group: "{{ common_web_user }}"
+    mode: 0640
+  with_dict: "{{ nginx_redirects }}"
   notify: reload nginx
-  with_dict: nginx_redirects
   tags:
     - install
     - install:configuration
 
 - name: Creating nginx redirect links for {{ nginx_redirects }}
-  file: >
-    src={{ nginx_sites_available_dir }}/{{ item.key  }}
-    dest={{ nginx_sites_enabled_dir }}/{{ item.key }}
-    state=link owner=root group=root
+  file:
+    src: "{{ nginx_sites_available_dir }}/{{ item.key  }}"
+    dest: "{{ nginx_sites_enabled_dir }}/{{ item.key }}"
+    state: link
+    owner: root
+    group: root
+  with_dict: "{{ nginx_redirects }}"
   notify: reload nginx
-  with_dict: nginx_redirects
   tags:
     - install
     - install:configuration
@@ -212,31 +202,35 @@
   # for nginx rate limiting, 500 errors, etc.
 
 - name: Create NGINX server templates
-  template: >
-    src=edx/var/nginx/server-static/server-template.j2
-    dest={{ nginx_server_static_dir }}/{{ item.file }}
-    owner=root group={{ common_web_user }} mode=0640
-  with_items: NGINX_SERVER_HTML_FILES
+  template:
+    src: "edx/var/nginx/server-static/server-template.j2"
+    dest: "{{ nginx_server_static_dir }}/{{ item.file }}"
+    owner: root
+    group: "{{ common_web_user }}"
+    mode: 0640
+  with_items: "{{ NGINX_SERVER_HTML_FILES }}"
   tags:
     - install
     - install:configuration
 
 - name: Write out htpasswd file
-  htpasswd: >
-    name={{ item.name }}
-    password={{ item.password }}
-    state={{ item.state  }}
-    path={{ nginx_htpasswd_file }}
+  htpasswd:
+    name: "{{ item.name }}"
+    password: "{{ item.password }}"
+    state: "{{ item.state  }}"
+    path: "{{ nginx_htpasswd_file }}"
+  with_items: "{{ NGINX_USERS }}"
   when: NGINX_CREATE_HTPASSWD_FILE
   tags:
     - install
     - install:configuration
-  with_items: NGINX_USERS
 
 - name: Create nginx log file location (just in case)
-  file: >
-    path={{ nginx_log_dir}} state=directory
-    owner={{ common_web_user }} group={{ common_web_user }}
+  file:
+    path: "{{ nginx_log_dir}}"
+    state: directory
+    owner: "{{ common_web_user }}"
+    group: "{{ common_web_user }}"
   tags:
     - install
     - install:configuration
@@ -263,20 +257,24 @@
     - install:configuration
 
 - name: copy ssl cert
-  copy: >
-    src={{ NGINX_SSL_CERTIFICATE }}
-    dest=/etc/ssl/certs/
-    owner=root group=root mode=0644
+  copy:
+    src: "{{ NGINX_SSL_CERTIFICATE }}"
+    dest: "/etc/ssl/certs/"
+    owner: root
+    group: root
+    mode: 0644
   when: ssl_cert.stat.exists and NGINX_ENABLE_SSL and NGINX_SSL_CERTIFICATE != 'ssl-cert-snakeoil.pem'
   tags:
     - install
     - install:configuration
 
 - name: copy ssl key
-  copy: >
-    src={{ NGINX_SSL_KEY }}
-    dest=/etc/ssl/private/
-    owner=root group=root mode=0640
+  copy:
+    src: "{{ NGINX_SSL_KEY }}"
+    dest: "/etc/ssl/private/"
+    owner: root
+    group: root
+    mode: 0640
   when: ssl_key.stat.exists and NGINX_ENABLE_SSL and NGINX_SSL_KEY != 'ssl-cert-snakeoil.key'
   tags:
     - install
@@ -284,7 +282,9 @@
 
 # removing default link
 - name: Removing default nginx config and restart (enabled)
-  file: path={{ nginx_sites_enabled_dir }}/default state=absent
+  file:
+    path: "{{ nginx_sites_enabled_dir }}/default"
+    state: absent
   notify: reload nginx
   tags:
     - install
@@ -293,19 +293,23 @@
 # Note that nginx logs to /var/log until it reads its configuration, so /etc/logrotate.d/nginx is still good
 
 - name: Set up nginx access log rotation
-  template: >
-    src=etc/logrotate.d/edx_logrotate_nginx_access.j2
-    dest=/etc/logrotate.d/nginx-access
-    owner=root group=root mode=644
+  template:
+    src: "etc/logrotate.d/edx_logrotate_nginx_access.j2"
+    dest: "/etc/logrotate.d/nginx-access"
+    owner: root
+    group: root
+    mode: 0644
   tags:
     - install
     - install:configuration
 
 - name: Set up nginx access log rotation
-  template: >
-    src=etc/logrotate.d/edx_logrotate_nginx_error.j2
-    dest=/etc/logrotate.d/nginx-error
-    owner=root group=root mode=644
+  template:
+    src: "etc/logrotate.d/edx_logrotate_nginx_error.j2"
+    dest: "/etc/logrotate.d/nginx-error"
+    owner: root
+    group: root
+    mode: 0644
   tags:
     - install
     - install:configuration
@@ -313,7 +317,7 @@
 # nginx is started during package installation, before any of the configuration files are in place.
 # The handler that reloads the configuration would be run only at the very end of the playbook, so
 # none of the local services would be available in the meantime, e.g. causing certs to error out
-# since it can't reach xqueue on the its nginx port.  For this reason, we flush the handlers here
+# since it can't reach xqueue on its nginx port.  For this reason, we flush the handlers here
 # to ensure the nginx configuration is reloaded when necessary.
 - name: Restart or reload nginx if necessary
   meta: flush_handlers
@@ -325,7 +329,9 @@
 # their corresponding notifications don't get run.  If nginx has been stopped for
 # any reason, this will ensure that it is started up again.
 - name: make sure nginx has started
-  service: name=nginx state=started
+  service:
+    name: nginx
+    state: started
   tags:
     - manage
     - manage:start