This role installs NGINX (NGINX Open Source), NGINX Plus, NGINX Agent and/or the NGINX Amplify agent on your target host(s).
[!IMPORTANT] This role is still in active development. There may be unidentified issues and the role variables may change as development continues.
Depending on your target NGINX use case, you might need to obtain a license or API key/token before being able to use the role:
Product | Requirements |
---|---|
NGINX | None |
NGINX Plus | NGINX Plus license (both a license key and crt files) |
NGINX Agent | A compatible control plane and (optionally) an NGINX One SaaS console data plane token |
NGINX Amplify | API key found within the NGINX Amplify SaaS console |
If you want to use this role, you will need to use a supported version of Ansible core and Jinja2 as well as a few Ansible collections.
For ease of use, you can install and/or upgrade Ansible core, Jinja2, and the aforementioned Ansible collections by running the following four commands on your Ansible host:
pip install --upgrade -r https://raw.githubusercontent.com/nginxinc/ansible-role-nginx/main/.github/workflows/requirements/requirements_ansible.txt
curl -O https://raw.githubusercontent.com/nginxinc/ansible-role-nginx/main/.github/workflows/requirements/requirements_collections.yml
ansible-galaxy install --force -r requirements_collections.yml
rm -f requirements_collections.yml
This will also ensure you are deploying/running this role with a fully tested version of the aforementioned packages/collections.
This role is developed and tested with maintained versions of Ansible core and Python.
Note: Ansible 2.18
does no longer support the yum
module and as such, is not supported by this role until Amazon Linux 2 reaches EoL.
When using Ansible core, you will also need to install the following Ansible collections:
---
collections:
- name: ansible.posix
version: 1.5.4
- name: community.general
version: 9.2.0
- name: community.crypto # Only required if you plan to install NGINX Plus
version: 2.21.1
- name: community.docker # Only required if you plan to use Molecule (see below)
version: 3.11.0
You will need to run this role as a root user using Ansible's become
parameter. Make sure you have set up the appropriate permissions on your target hosts.
Instructions on how to install Ansible core can be found in the Ansible docs.
Instructions on how to install Ansible collections can be found in the Ansible collections guide.
[!TIP] You can alternatively install the Ansible community distribution (what is still known Ansible -- instead of Ansible core) if you don't want to manage individual collections.
3.1
.If you want to contribute to this role, you will also need to install Ansible Lint and Molecule.
Ansible Lint is used to lint the role for both Ansible best practices and potential Ansible/YAML issues.
Instructions on how to install Ansible Lint can be found in the Ansible Lint website.
Once installed, using Ansible Lint is as easy as running:
ansible-lint
For ease of use, you can install and/or upgrade Ansible Lint by running the following command on your Ansible host:
pip install -r https://raw.githubusercontent.com/nginxinc/ansible-role-nginx/main/.github/workflows/requirements/requirements_ansible_lint.txt
Molecule is used to test the various functionalities of the role.
Instructions on how to install Molecule can be found in the Molecule website. You will also need to install the Molecule plugins package and the Docker Python SDK.
To run any of the NGINX Plus Molecule tests, you must first copy your NGINX Plus license to the role's files/license
directory.
You can alternatively add your NGINX Plus repository certificate and key to the local environment. Run the following commands to export these files as base64-encoded variables and execute the Molecule tests:
export NGINX_CRT=$( cat <path to your certificate file> | base64 )
export NGINX_KEY=$( cat <path to your key file> | base64 )
molecule test -s plus
For ease of use, you can install and/or upgrade Molecule, the Molecule plugins package, and the Docker Python SDK by running the following command on your Ansible host:
pip install --upgrade -r https://raw.githubusercontent.com/nginxinc/ansible-role-nginx/main/.github/workflows/requirements/requirements_molecule.txt
This role can be installed via either Ansible Galaxy (the Ansible community marketplace) or by cloning this repo. Once installed, you will need to include the role in your Ansible playbook using the roles
keyword, the import_role
module, or the include_role
module.
To install the latest stable release of the role on your system, use:
ansible-galaxy install nginxinc.nginx
Alternatively, if you have already installed the role, you can update the role to the latest release by using:
ansible-galaxy install -f nginxinc.nginx
To use the role, include the following task in your playbook:
- name: Install NGINX
ansible.builtin.include_role:
name: nginxinc.nginx
To pull the latest edge commit of the role from GitHub, use:
git clone https://github.com/nginxinc/ansible-role-nginx.git
To use the role, include the following task in your playbook:
- name: Install NGINX
ansible.builtin.include_role:
name: <path/to/repo> # e.g. <roles/ansible-role-nginx> if you clone the repo inside your project's roles directory
The NGINX Ansible role supports almost all platforms supported by NGINX Open Source, NGINX Plus, NGINX Agent, and the NGINX Amplify agent:
AlmaLinux:
- 8
- 9
Alpine:
- 3.17
- 3.18
- 3.19
- 3.20
Amazon Linux:
- 2
- 2023
Debian:
- bullseye (11)
- bookworm (12)
Oracle Linux:
- 8
- 9
Red Hat:
- 8
- 9
Rocky Linux:
- 8
- 9
SUSE/SLES:
- 12
- 15
Ubuntu:
- focal (20.04)
- jammy (22.04)
- mantic (23.10)
- noble (24.04)
AlmaLinux:
- 8
- 9
Alpine:
- 3.16
- 3.17
- 3.18
- 3.19
Amazon Linux:
- 2
- 2023
Debian:
- bullseye (11)
- bookworm (12)
FreeBSD:
- 13
- 14
Oracle Linux:
- 8.1+
- 9
Red Hat:
- 8.1+
- 9
Rocky Linux:
- 8
- 9
SUSE/SLES:
- 12
- 15
Ubuntu:
- focal (20.04)
- jammy (22.04)
- noble (24.04)
AlmaLinux:
- 8
- 9
Alpine:
- 3.17
- 3.18
- 3.19
- 3.20
Amazon Linux:
- 2
- 2023
Debian:
- bullseye (11)
- bookwork (12)
FreeBSD:
- 13
- 14
Oracle Linux:
- 8
- 9
Red Hat:
- 8
- 9
Rocky Linux:
- 8
- 9
SUSE/SLES:
- 12
- 15
Ubuntu:
- focal (20.04)
- jammy (22.04)
- noble (24.04)
Amazon Linux:
- 2
Debian:
- buster (10)
- bullseye (11)
Red Hat:
- 8
- 9
Ubuntu:
- bionic (18.04)
- focal (20.04)
- jammy (22.04)
[!WARNING] At your own risk, you can also use this role to compile NGINX Open Source from source, install NGINX Open Source on "compatible" yet unsupported platforms, install NGINX from your respective distribution package manager, or install NGINX Open Source on BSD systems.
This role has multiple variables. The descriptions and defaults for all these variables can be found in the defaults/main/
directory in the following files:
Name | Description |
---|---|
main.yml |
NGINX installation variables |
agent.yml |
NGINX Agent installation variables |
amplify.yml |
NGINX Amplify agent installation variables |
bsd.yml |
BSD installation variables |
logrotate.yml |
Logrotate configuration variables |
selinux.yml |
SELinux configuration variables |
systemd.yml |
Systemd configuration variables |
Similarly, descriptions and defaults for preset variables can be found in the vars/
directory in the following files:
Name | Description |
---|---|
main.yml |
List of supported NGINX platforms, modules, and Linux installation variables |
Working functional playbook examples can be found in the molecule/
folder in the following files:
Name | Description |
---|---|
agent/converge.yml |
Install and configure NGINX Agent to connect to the NGINX One SaaS control plane on F5 Distributed Cloud |
amplify/converge.yml |
Install and configure the NGINX Amplify agent |
default/converge.yml |
Install a specific version of NGINX, install various NGINX supported modules, tweak systemd and set up logrotate |
distribution/converge.yml |
Install NGINX from the distribution's package repository instead of NGINX's package repository |
downgrade/converge.yml |
Downgrade to a specific version of NGINX |
downgrade-plus/converge.yml |
Downgrade to a specific version of NGINX Plus |
plus/converge.yml |
Install NGINX Plus and various NGINX Plus supported modules |
source/converge.yml |
Install NGINX from source |
stable/converge.yml |
Install NGINX using the latest stable release |
uninstall/converge.yml |
Uninstall NGINX |
uninstall-plus/converge.yml |
Uninstall NGINX Plus |
upgrade/converge.yml |
Upgrade NGINX |
upgrade-plus/converge.yml |
Upgrade NGINX Plus |
version/converge.yml |
Install a specific version of NGINX and various NGINX modules |
[!NOTE] If you install this repository via Ansible Galaxy, you will need to replace the
include_role
variable in the example playbooks fromansible-role-nginx
tonginxinc.nginx
.
You can find the Ansible NGINX Core collection of roles to install and configure NGINX Open Source, NGINX Plus, and NGINX App Protect here.
You can find the Ansible NGINX configuration role to configure NGINX here.
You can find the Ansible NGINX App Protect role to install and configure NGINX App Protect WAF and NGINX App Protect DoS here.
You can find the Ansible NGINX Unit role to install NGINX Unit here.
© F5, Inc. 2018 - 2024