nginxinc / ansible-role-nginx

Ansible role for installing NGINX
https://galaxy.ansible.com/nginxinc/nginx
Apache License 2.0
644 stars 348 forks source link
ansible ansible-code-bot-scan ansible-role nginx nginx-plus

Ansible Galaxy Molecule CI/CD License Project Status: Active – The project has reached a stable, usable state and is being actively developed. Community Support Contributor Covenant

👾 Help make the NGINX Ansible role better by participating in our survey! 👾

Ansible NGINX Role

This role installs NGINX (NGINX Open Source), NGINX Plus, NGINX Agent and/or the NGINX Amplify agent on your target host(s).

[!IMPORTANT] This role is still in active development. There may be unidentified issues and the role variables may change as development continues.

Role Requirements

NGINX

Depending on your target NGINX use case, you might need to obtain a license or API key/token before being able to use the role:

Product Requirements
NGINX None
NGINX Plus NGINX Plus license (both a license key and crt files)
NGINX Agent A compatible control plane and (optionally) an NGINX One SaaS console data plane token
NGINX Amplify API key found within the NGINX Amplify SaaS console

Ansible

If you want to use this role, you will need to use a supported version of Ansible core and Jinja2 as well as a few Ansible collections.

For ease of use, you can install and/or upgrade Ansible core, Jinja2, and the aforementioned Ansible collections by running the following four commands on your Ansible host:

pip install --upgrade -r https://raw.githubusercontent.com/nginxinc/ansible-role-nginx/main/.github/workflows/requirements/requirements_ansible.txt
curl -O https://raw.githubusercontent.com/nginxinc/ansible-role-nginx/main/.github/workflows/requirements/requirements_collections.yml
ansible-galaxy install --force -r requirements_collections.yml
rm -f requirements_collections.yml

This will also ensure you are deploying/running this role with a fully tested version of the aforementioned packages/collections.

Ansible core

[!TIP] You can alternatively install the Ansible community distribution (what is still known Ansible -- instead of Ansible core) if you don't want to manage individual collections.

Jinja2

Testing suite (Optional)

If you want to contribute to this role, you will also need to install Ansible Lint and Molecule.

Ansible Lint (Optional)

Molecule (Optional)

Role Installation

This role can be installed via either Ansible Galaxy (the Ansible community marketplace) or by cloning this repo. Once installed, you will need to include the role in your Ansible playbook using the roles keyword, the import_role module, or the include_role module.

Ansible Galaxy

To install the latest stable release of the role on your system, use:

ansible-galaxy install nginxinc.nginx

Alternatively, if you have already installed the role, you can update the role to the latest release by using:

ansible-galaxy install -f nginxinc.nginx

To use the role, include the following task in your playbook:

- name: Install NGINX
  ansible.builtin.include_role:
    name: nginxinc.nginx

Git

To pull the latest edge commit of the role from GitHub, use:

git clone https://github.com/nginxinc/ansible-role-nginx.git

To use the role, include the following task in your playbook:

- name: Install NGINX
  ansible.builtin.include_role:
    name: <path/to/repo> # e.g. <roles/ansible-role-nginx> if you clone the repo inside your project's roles directory

Platforms

The NGINX Ansible role supports almost all platforms supported by NGINX Open Source, NGINX Plus, NGINX Agent, and the NGINX Amplify agent:

NGINX Open Source

AlmaLinux:
  - 8
  - 9
Alpine:
  - 3.17
  - 3.18
  - 3.19
  - 3.20
Amazon Linux:
  - 2
  - 2023
Debian:
  - bullseye (11)
  - bookworm (12)
Oracle Linux:
  - 8
  - 9
Red Hat:
  - 8
  - 9
Rocky Linux:
  - 8
  - 9
SUSE/SLES:
  - 12
  - 15
Ubuntu:
  - focal (20.04)
  - jammy (22.04)
  - mantic (23.10)
  - noble (24.04)

NGINX Plus

AlmaLinux:
  - 8
  - 9
Alpine:
  - 3.16
  - 3.17
  - 3.18
  - 3.19
Amazon Linux:
  - 2
  - 2023
Debian:
  - bullseye (11)
  - bookworm (12)
FreeBSD:
  - 13
  - 14
Oracle Linux:
  - 8.1+
  - 9
Red Hat:
  - 8.1+
  - 9
Rocky Linux:
  - 8
  - 9
SUSE/SLES:
  - 12
  - 15
Ubuntu:
  - focal (20.04)
  - jammy (22.04)
  - noble (24.04)

NGINX Agent

AlmaLinux:
  - 8
  - 9
Alpine:
  - 3.17
  - 3.18
  - 3.19
  - 3.20
Amazon Linux:
  - 2
  - 2023
Debian:
  - bullseye (11)
  - bookwork (12)
FreeBSD:
  - 13
  - 14
Oracle Linux:
  - 8
  - 9
Red Hat:
  - 8
  - 9
Rocky Linux:
  - 8
  - 9
SUSE/SLES:
  - 12
  - 15
Ubuntu:
  - focal (20.04)
  - jammy (22.04)
  - noble (24.04)

NGINX Amplify Agent

Amazon Linux:
  - 2
Debian:
  - buster (10)
  - bullseye (11)
Red Hat:
  - 8
  - 9
Ubuntu:
  - bionic (18.04)
  - focal (20.04)
  - jammy (22.04)

[!WARNING] At your own risk, you can also use this role to compile NGINX Open Source from source, install NGINX Open Source on "compatible" yet unsupported platforms, install NGINX from your respective distribution package manager, or install NGINX Open Source on BSD systems.

Role Variables

This role has multiple variables. The descriptions and defaults for all these variables can be found in the defaults/main/ directory in the following files:

Name Description
main.yml NGINX installation variables
agent.yml NGINX Agent installation variables
amplify.yml NGINX Amplify agent installation variables
bsd.yml BSD installation variables
logrotate.yml Logrotate configuration variables
selinux.yml SELinux configuration variables
systemd.yml Systemd configuration variables

Similarly, descriptions and defaults for preset variables can be found in the vars/ directory in the following files:

Name Description
main.yml List of supported NGINX platforms, modules, and Linux installation variables

Example Playbooks

Working functional playbook examples can be found in the molecule/ folder in the following files:

Name Description
agent/converge.yml Install and configure NGINX Agent to connect to the NGINX One SaaS control plane on F5 Distributed Cloud
amplify/converge.yml Install and configure the NGINX Amplify agent
default/converge.yml Install a specific version of NGINX, install various NGINX supported modules, tweak systemd and set up logrotate
distribution/converge.yml Install NGINX from the distribution's package repository instead of NGINX's package repository
downgrade/converge.yml Downgrade to a specific version of NGINX
downgrade-plus/converge.yml Downgrade to a specific version of NGINX Plus
plus/converge.yml Install NGINX Plus and various NGINX Plus supported modules
source/converge.yml Install NGINX from source
stable/converge.yml Install NGINX using the latest stable release
uninstall/converge.yml Uninstall NGINX
uninstall-plus/converge.yml Uninstall NGINX Plus
upgrade/converge.yml Upgrade NGINX
upgrade-plus/converge.yml Upgrade NGINX Plus
version/converge.yml Install a specific version of NGINX and various NGINX modules

[!NOTE] If you install this repository via Ansible Galaxy, you will need to replace the include_role variable in the example playbooks from ansible-role-nginx to nginxinc.nginx.

Other NGINX Ansible Collections and Roles

You can find the Ansible NGINX Core collection of roles to install and configure NGINX Open Source, NGINX Plus, and NGINX App Protect here.

You can find the Ansible NGINX configuration role to configure NGINX here.

You can find the Ansible NGINX App Protect role to install and configure NGINX App Protect WAF and NGINX App Protect DoS here.

You can find the Ansible NGINX Unit role to install NGINX Unit here.

License

Apache License, Version 2.0

Author Information

Alessandro Fael Garcia

Grzegorz Dzien

Tom Gamull

© F5, Inc. 2018 - 2024