jdauphant · fpeterschmitt · May 27, 2015 · May 27, 2015 · May 27, 2015 · May 27, 2015
diff --git a/README.md b/README.md
@@ -11,6 +11,8 @@ Requirements
 This role requires Ansible 1.4 or higher and platform requirements are listed
 in the metadata file.
 
+You need EPEL to be setup before running this role.
+
 Role Variables
 --------------
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,26 +1,13 @@
 ---
-nginx_redhat_pkg:
-  - nginx
-
-nginx_ubuntu_pkg:
-  - python-selinux
-  - nginx
-
-yum_epel_repo: epel
-yum_base_repo: base
-
 nginx_official_repo: False
 
-keep_only_specified: False
+nginx_keep_only_specified: False
 
 nginx_installation_type: "packages"
 nginx_binary_name: "nginx"
-nginx_service_name: "{{nginx_binary_name}}"
+nginx_service_name: "{{ nginx_binary_name }}"
 nginx_conf_dir: "/etc/nginx"
 
-nginx_user: "{% if ansible_os_family == 'RedHat' %}nginx{% elif ansible_os_family == 'Debian' %}www-data{% endif %}"
-nginx_group: "{{nginx_user}}"
-
 nginx_pid_file: '/var/run/{{nginx_service_name}}.pid'
 
 nginx_worker_processes: "{{ ansible_processor_vcpus }}"

diff --git a/handlers/main.yml b/handlers/main.yml
@@ -1,8 +1,12 @@
 ---
 - name: restart nginx
-  service: name={{ nginx_service_name }} state=restarted
+  service:
+    name: "{{ nginx_service_name }}"
+    state: restarted
   when: nginx_installation_type in nginx_installation_types_using_service and nginx_daemon_mode == "on"
 
 - name: reload nginx
-  service: name={{ nginx_service_name }} state=reloaded
+  service:
+    name: "{{ nginx_service_name }}"
+    state: reloaded
   when: nginx_installation_type in nginx_installation_types_using_service and nginx_daemon_mode == "on"
diff --git a/tasks/configuration.yml b/tasks/configuration.yml
@@ -1,53 +1,93 @@
 ---
-- name: Create the directories for site specific configurations
-  file: path={{nginx_conf_dir}}/{{ item }} state=directory owner=root group={{nginx_group}} mode=0755
+- name: "Create the directories for site specific configurations"
+  file:
+    group: "{{ nginx_group }}"
+    mode: 493
+    owner: root
+    path: "{{nginx_conf_dir}}/{{ item }}"
+    state: directory
+  tags:
+    - configuration
+    - nginx
   with_items:
-    - "sites-available"
-    - "sites-enabled"
-    - "auth_basic"
-    - "conf.d"
-  tags: [configuration,nginx]
+    - sites-available
+    - sites-enabled
+    - auth_basic
+    - conf.d
 
-- name: Ensure log directory exist
-  file: path={{ nginx_log_dir }} state=directory owner={{nginx_user}} group={{nginx_group}} mode=0755
-  tags: [configuration,nginx]
+- name: "Ensure log directory exist"
+  file:
+    group: "{{ nginx_group }}"
+    mode: 493
+    owner: "{{ nginx_user }}"
+    path: "{{ nginx_log_dir }}"
+    state: directory
+  tags:
+    - configuration
+    - nginx
 
-- name: Copy the nginx configuration file
-  template: src=nginx.conf.j2 dest={{nginx_conf_dir}}/nginx.conf
+- name: "Copy the nginx configuration file"
+  template:
+    dest: "{{ nginx_conf_dir }}/nginx.conf"
+    src: nginx.conf.j2
   notify:
-   - restart nginx
-  tags: [configuration,nginx]
+    - "restart nginx"
+  tags:
+    - configuration
+    - nginx
 
-- name: Ensure auth_basic files created
-  template: src=auth_basic.j2 dest={{nginx_conf_dir}}/auth_basic/{{ item }} owner=root group={{nginx_group}} mode=0750
+- name: "Ensure auth_basic files created"
+  template:
+    src: auth_basic.j2
+    dest: "{{nginx_conf_dir}}/auth_basic/{{ item }}"
+    owner: root
+    group: "{{nginx_group}}"
+    mode: 0750
   with_items: nginx_auth_basic_files.keys()
-  tags: [configuration,nginx]
+  tags:
+    - configuration
+    - nginx
 
-- name: Create the configurations for sites
-  template: src=site.conf.j2 dest={{nginx_conf_dir}}/sites-available/{{ item }}.conf
+- name: "Create the configurations for sites"
+  template:
+    src: site.conf.j2
+    dest: "{{nginx_conf_dir}}/sites-available/{{ item }}.conf"
   with_items: nginx_sites.keys()
-  notify: 
-   - restart nginx
-  tags: [configuration,nginx]
+  notify:
+    - "restart nginx"
+  tags:
+    - configuration
+    - nginx
 
-- name: Create links for sites-enabled
-  file: state=link src={{nginx_conf_dir}}/sites-available/{{ item }}.conf dest={{nginx_conf_dir}}/sites-enabled/{{ item }}.conf
+- name: "Create links for sites-enabled"
+  file:
+    state: link
+    src: "{{ nginx_conf_dir }}/sites-available/{{ item }}.conf"
+    dest: "{{ nginx_conf_dir }}/sites-enabled/{{ item }}.conf"
   with_items: nginx_sites.keys()
   notify:
-   - reload nginx
-  tags: [configuration,nginx]
+    - "reload nginx"
+  tags:
+    - configuration
+    - nginx
 
-- name: Create the configurations for independent config file
-  template: src=config.conf.j2 dest={{nginx_conf_dir}}/conf.d/{{ item }}.conf
+- name: "Create the configurations for independent config file"
+  template:
+    src: config.conf.j2
+    dest: "{{nginx_conf_dir}}/conf.d/{{ item }}.conf"
   with_items: nginx_configs.keys()
   notify:
-   - reload nginx
-  tags: [configuration,nginx]
+    - "reload nginx"
+  tags:
+    - configuration
+    - nginx
 
-- name: Check nginx syntax of configuration files
-  shell: "{{ nginx_binary_name }} -t"
-  register: result
+- name: "Check nginx syntax of configuration files"
+  always_run: true
   changed_when: "result.rc != 0"
-  always_run: yes
+  register: result
+  shell: "{{ nginx_binary_name }} -t"
+  tags:
+    - configuration
+    - nginx
   when: nginx_installation_type in nginx_installation_types_using_service
-  tags: [configuration,nginx]
diff --git a/tasks/installation.packages.yml b/tasks/installation.packages.yml
@@ -1,29 +1,4 @@
 ---
-- name: Install the selinux python module
-  yum: name=libselinux-python state=present
-  when: ansible_os_family == "RedHat"
-  tags: [packages,nginx]
-
-- name: Install the epel packages
-  yum: name=epel-release state=present
-  when: nginx_is_el|bool
-  tags: [packages,nginx]
-
-- name: Install the nginx packages
-  yum: name={{ item }} state=present disablerepo='*' enablerepo={{ "nginx," if nginx_official_repo else "" }}{{ yum_epel_repo }},{{ yum_base_repo }}
-  with_items: nginx_redhat_pkg
-  when:  nginx_is_el|bool
-  tags: [packages,nginx]
-
-- name: Install the nginx packages
-  yum: name={{ item }} state=present
-  with_items: nginx_redhat_pkg
-  when: ansible_os_family == "RedHat" and not nginx_is_el|bool
-  tags: [packages,nginx]
-
-- name: Install the nginx packages
-  apt: name={{ item }} state=present
-  with_items: nginx_ubuntu_pkg
-  environment: env
-  when: ansible_os_family == "Debian"
-  tags: [packages,nginx]
+- name: Install nginx packages
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: nginx_packages
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,16 +1,27 @@
 ---
+- include_vars: "{{ ansible_os_family }}.yml"
+
 - include: nginx-official-repo.yml
-  when: nginx_official_repo == True
+
 - include: installation.packages.yml
   when: nginx_installation_type == "packages"
+
 - include: remove-defaults.yml
-  when: not keep_only_specified
+  when: not nginx_keep_only_specified
+
 - include: remove-extras.yml
-  when: keep_only_specified
+  when: nginx_keep_only_specified
+
 - include: remove-unwanted.yml
+
 - include: configuration.yml
 
 - name: Start the nginx service
-  service: name={{ nginx_service_name }} state=started enabled=yes
+  service:
+    name: "{{ nginx_service_name }}"
+    state: started
+    enabled: yes
   when: nginx_installation_type in nginx_installation_types_using_service and nginx_daemon_mode == "on"
-  tags: [service,nginx]
+  tags:
+    - service
+    - nginx
diff --git a/tasks/nginx-official-repo.yml b/tasks/nginx-official-repo.yml
@@ -1,18 +1,34 @@
 ---
 - name: Ensure APT official nginx key
-  apt_key: url=http://nginx.org/keys/nginx_signing.key
-  tags: [packages,nginx]
+  apt_key:
+    url: http://nginx.org/keys/nginx_signing.key
   when: ansible_os_family == 'Debian'
+  tags:
+    - packages
+    - nginx
 
 - name: Ensure APT official nginx repository
-  apt_repository: repo="deb http://nginx.org/packages/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx"
-  tags: [packages,nginx]
+  apt_repository:
+    repo: "deb http://nginx.org/packages/{{ ansible_distribution|lower }}/{{ ansible_distribution_release }} nginx"
+    state: "{% if nginx_official_repo %}present{% else %}absent{% endif %}"
+  tags:
+    - packages
+    - nginx
   when: ansible_os_family == 'Debian'
 
 - name: Ensure RPM official nginx key
-  rpm_key: key=http://nginx.org/keys/nginx_signing.key
-  when: ansible_os_family == 'RedHat'
+  rpm_key:
+    key: http://nginx.org/keys/nginx_signing.key
+  when: ansible_os_family == 'RedHat' and nginx_official_repo
 
 - name: Ensure YUM official nginx repository
-  template: src=nginx.repo.j2 dest=/etc/yum.repos.d/nginx.repo
-  when: ansible_os_family == 'RedHat'
+  template:
+    src: nginx.repo.j2
+    dest: /etc/yum.repos.d/nginx.repo
+  when: ansible_os_family == 'RedHat' and nginx_official_repo
+
+- name: Ensure YUM official nginx repository is absent
+  file:
+    path: /etc/yum.repos.d/nginx.repo
+    state: absent
+  when: not nginx_official_repo
diff --git a/tasks/remove-defaults.yml b/tasks/remove-defaults.yml
@@ -1,15 +1,22 @@
 ---
 - name: Disable the default site
-  file: path={{nginx_conf_dir}}/sites-enabled/default state=absent
+  file:
+    path: "{{nginx_conf_dir}}/sites-enabled/default"
+    state: absent
   notify:
-  - reload nginx
-  tags: [configuration,nginx]
+    - reload nginx
+  tags:
+    - configuration
+    - nginx
 
 - name: Remove the default configuration
-  file: path={{nginx_conf_dir}}/conf.d/default.conf state=absent
-  when: >
-    'default' not in nginx_configs.keys()
+  file:
+    path: "{{nginx_conf_dir}}/conf.d/default.conf"
+    state: absent
+  when: '"default" not in nginx_configs.keys()'
   notify:
-  - reload nginx
-  tags: [configuration,nginx]
+    - reload nginx
+  tags:
+    - configuration
+    - nginx
 
diff --git a/tasks/remove-extras.yml b/tasks/remove-extras.yml
@@ -1,31 +1,43 @@
 ---
 - name: Find enabled sites
-  shell: ls -1 {{nginx_conf_dir}}/sites-enabled
+  shell: "ls -1 {{ nginx_conf_dir }}/sites-enabled"
   register: enabled_sites
   changed_when: False
-  tags: [configuration,nginx]
+  tags:
+    - configuration
+    - nginx
 
 - name: Disable unmanaged sites
-  file: path={{nginx_conf_dir}}/sites-enabled/{{ item }} state=absent
+  file:
+    path: "{{nginx_conf_dir}}/sites-enabled/{{ item }}"
+    state: absent
   with_items: enabled_sites.stdout_lines
   # 'item.conf' => 'item'
   when: item[:-5] not in nginx_sites.keys()
   notify:
-   - reload nginx
-  tags: [configuration,nginx]
+    - reload nginx
+  tags:
+    - configuration
+    - nginx
 
 - name: Find config files
   shell: ls -1 {{nginx_conf_dir}}/conf.d
   register: config_files
   changed_when: False
-  tags: [configuration,nginx]
+  tags:
+    - configuration
+    - nginx
 
 - name: Remove unmanaged config files
-  file: name={{nginx_conf_dir}}/conf.d/{{ item }} state=absent
+  file:
+    name: "{{nginx_conf_dir}}/conf.d/{{ item }}"
+    state: absent
   with_items: config_files.stdout_lines
   # 'item.conf' => 'item'
   when: item[:-5] not in nginx_configs.keys()
   notify:
-   - reload nginx
-  tags: [configuration,nginx]
+    - reload nginx
+  tags:
+    - configuration
+    - nginx