nginxinc · ansible-code-bot · Oct 3, 2024
@@ -3,7 +3,6 @@
 # Requires access to either the NGINX stub_status or the NGINX Plus REST API.
 nginx_agent_enable: false
 
-
 ########################################################################################################################
 # The following parameters let you configure the static configuration file of NGINX Agent.                             #
 # By default, the config produced is as close a match to the default config provided by NGINX Agent upon installation. #
@@ -86,7 +85,6 @@ nginx_agent_metrics:
 #   report_interval: 15s
 #   precompiled_publication: true
 
-
 #############################################################################################
 # The following parameters let you configure the dynamic configuration file of NGINX Agent. #
 # By default, nothing is configured.                                                        #

@@ -4,4 +4,4 @@
 # Use your NGINX Amplify API key.
 # Default is null.
 nginx_amplify_enable: false
-nginx_amplify_api_key: null
+nginx_amplify_api_key:
@@ -3,7 +3,7 @@
 nginx_logrotate_conf_enable: false
 nginx_logrotate_conf:
   paths: /var/log/nginx/*.log # String or list of strings
-    # - /var/log/nginx/*.log
+  # - /var/log/nginx/*.log
   options: # daily # String or a list of strings
     - daily
     - missingok

@@ -7,7 +7,7 @@ galaxy_info:
 
   license: Apache License, Version 2.0
 
-  min_ansible_version: '2.16'
+  min_ansible_version: "2.16"
 
   galaxy_tags:
     - nginx

@@ -25,7 +25,8 @@
 
         - name: Get list of NGINX One dangling instance IDs
           ansible.builtin.uri:
-            url: https://{{ lookup('env', 'ONE_TENANT') }}.console.ves.volterra.io/api/nginx/one/namespaces/default/instances?paginated=false&filter_fields=hostname&filter_ops=IN&filter_values=almalinux-8|almalinux-9|alpine-3.17|alpine-3.18|alpine-3.19|alpine-3.20|amazonlinux-2|amazonlinux-2023|debian-bullseye|debian-bookworm|oraclelinux-8|oraclelinux-9|rhel-8|rhel-9|rockylinux-8|rockylinux-9|sles-15|ubuntu-focal|ubuntu-jammy|ubuntu-noble
+            url: https://{{ lookup('env', 'ONE_TENANT') 
+              }}.console.ves.volterra.io/api/nginx/one/namespaces/default/instances?paginated=false&filter_fields=hostname&filter_ops=IN&filter_values=almalinux-8|almalinux-9|alpine-3.17|alpine-3.18|alpine-3.19|alpine-3.20|amazonlinux-2|amazonlinux-2023|debian-bullseye|debian-bookworm|oraclelinux-8|oraclelinux-9|rhel-8|rhel-9|rockylinux-8|rockylinux-9|sles-15|ubuntu-focal|ubuntu-jammy|ubuntu-noble
             method: GET
             headers:
               Authorization: APIToken {{ lookup('env', 'ONE_API_TOKEN') }}

@@ -21,10 +21,10 @@
           treat_warnings_as_errors: false
         nginx_agent_config_dirs: '"/etc/nginx:/usr/local/etc/nginx:/usr/share/nginx/modules"'
         nginx_agent_queue_size: 100
-        nginx_agent_extensions: ['metrics']
+        nginx_agent_extensions: [metrics]
         nginx_agent_api:
           host: 127.0.0.1
           port: 8081
         nginx_agent_configure_dynamic: true
         nginx_agent_instance_group: ansible_instance_group
-        nginx_agent_tags: ['ansible', 'dev']
+        nginx_agent_tags: [ansible, dev]
@@ -14,7 +14,8 @@
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       ansible.builtin.set_fact:
-        version: -31-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx
+        version: -31-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version']
+          | string)) }}.ngx
         cacheable: true
       when: ansible_facts['os_family'] == "RedHat"
     - name: Set repo if SLES

@@ -157,14 +157,14 @@ platforms: # Ubuntu noble only has one version of NGINX Plus available (at the m
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:rw
     command: /sbin/init
-  # - name: ubuntu-noble
-  #   image: ubuntu:noble
-  #   dockerfile: ../common/Dockerfile.j2
-  #   privileged: true
-  #   cgroupns_mode: host
-  #   volumes:
-  #     - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  #   command: /sbin/init
+# - name: ubuntu-noble
+#   image: ubuntu:noble
+#   dockerfile: ../common/Dockerfile.j2
+#   privileged: true
+#   cgroupns_mode: host
+#   volumes:
+#     - /sys/fs/cgroup:/sys/fs/cgroup:rw
+#   command: /sbin/init
 provisioner:
   name: ansible
   playbooks:

@@ -14,7 +14,8 @@
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       ansible.builtin.set_fact:
-        version: -1.25.5-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx
+        version: -1.25.5-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version']
+          | string)) }}.ngx
         cacheable: true
       when: ansible_facts['os_family'] == "RedHat"
     - name: Set repo if SLES

@@ -157,14 +157,14 @@ platforms: # Ubuntu noble only has one version of NGINX Plus available (at the m
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:rw
     command: /sbin/init
-  # - name: ubuntu-noble
-  #   image: ubuntu:noble
-  #   dockerfile: ../common/Dockerfile.j2
-  #   privileged: true
-  #   cgroupns_mode: host
-  #   volumes:
-  #     - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  #   command: /sbin/init
+# - name: ubuntu-noble
+#   image: ubuntu:noble
+#   dockerfile: ../common/Dockerfile.j2
+#   privileged: true
+#   cgroupns_mode: host
+#   volumes:
+#     - /sys/fs/cgroup:/sys/fs/cgroup:rw
+#   command: /sbin/init
 provisioner:
   name: ansible
   playbooks:

@@ -30,7 +30,8 @@
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       ansible.builtin.set_fact:
-        version: -31-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx
+        version: -31-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version']
+          | string)) }}.ngx
       when: ansible_facts['os_family'] == "RedHat"
     - name: Set repo if SLES
       ansible.builtin.set_fact:

@@ -12,7 +12,8 @@
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       ansible.builtin.set_fact:
-        version: -1.25.5-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx
+        version: -1.25.5-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version']
+          | string)) }}.ngx
       when: ansible_facts['os_family'] == "RedHat"
     - name: Set repo if SLES
       ansible.builtin.set_fact:

@@ -16,8 +16,10 @@
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       ansible.builtin.set_fact:
-        ngx_version: -1.27.0-2.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx
-        njs_version: -1.27.0+0.8.5-2.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx
+        ngx_version: -1.27.0-2.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version']
+          | string)) }}.ngx
+        njs_version: -1.27.0+0.8.5-2.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el'
+          + ansible_facts['distribution_major_version'] | string)) }}.ngx
         cacheable: true
       when: ansible_facts['os_family'] == "RedHat"
     - name: Set repo if SLES

@@ -37,7 +37,7 @@
 - name: Check if the NGINX Agent dynamic configuration file has been modified
   ansible.builtin.lineinfile:
     path: /var/lib/nginx-agent/agent-dynamic.conf
-    line: '# agent-dynamic.conf'
+    line: "# agent-dynamic.conf"
     state: present
   check_mode: true
   changed_when: false
@@ -49,7 +49,8 @@
 - name: Dynamically generate NGINX Agent dynamic configuration file if it has not been externally modified
   ansible.builtin.template:
     src: nginx-agent/agent-dynamic.conf.j2
-    dest: "{{ (ansible_facts['system'] | lower is not search('bsd')) | ternary('/var/lib/nginx-agent/agent-dynamic.conf', '/var/db/nginx-agent/agent-dynamic.conf') }}"
+    dest: "{{ (ansible_facts['system'] | lower is not search('bsd')) | ternary('/var/lib/nginx-agent/agent-dynamic.conf', '/var/db/nginx-agent/agent-dynamic.conf')
+      }}"
     mode: "0644"
     backup: true
   when:

@@ -2,6 +2,7 @@
 - name: (Debian/Ubuntu) Configure NGINX Agent repository
   ansible.builtin.apt_repository:
     filename: nginx-agent
-    repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.nginx.org/nginx-agent/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} agent
+    repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.nginx.org/nginx-agent/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release']
+      | lower }} agent
     update_cache: true
     mode: "0644"
@@ -3,7 +3,8 @@
   ansible.builtin.yum_repository:
     name: nginx-agent
     file: nginx-agent
-    baseurl: https://packages.nginx.org/nginx-agent/{{ (ansible_facts['distribution'] == 'Amazon') | ternary((ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('amzn2', 'amzn'), 'centos') }}/{{ ansible_facts['distribution_major_version'] }}/$basearch
+    baseurl: https://packages.nginx.org/nginx-agent/{{ (ansible_facts['distribution'] == 'Amazon') | ternary((ansible_facts['distribution_major_version'] is version('2',
+      '==')) | ternary('amzn2', 'amzn'), 'centos') }}/{{ ansible_facts['distribution_major_version'] }}/$basearch
     description: NGINX Agent
     enabled: true
     gpgcheck: true

@@ -2,6 +2,7 @@
 - name: (Debian/Ubuntu) Add NGINX Amplify agent repository
   ansible.builtin.apt_repository:
     filename: nginx-amplify
-    repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.amplify.nginx.com/py3/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} amplify-agent
+    repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.amplify.nginx.com/py3/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release']
+      | lower }} amplify-agent
     update_cache: true
     mode: "0644"
@@ -10,8 +10,7 @@
 
 - name: Set up signing keys
   ansible.builtin.include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml"
-  when: (nginx_enable | bool and nginx_install_from == 'nginx_repository')
-        or nginx_amplify_enable | bool
+  when: (nginx_enable | bool and nginx_install_from == 'nginx_repository') or nginx_amplify_enable | bool
   tags: nginx_key
 
 - name: "{{ nginx_setup | capitalize }} NGINX"

@@ -27,23 +27,20 @@
 
 - name: Install NGINX modules
   ansible.builtin.package:
-    name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item['name'] | default(item) }}\
-          {{ (nginx_repository is not defined and ansible_facts['os_family'] == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}{{ item['version'] | default('') }}"
+    name: nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item['name'] | default(item) }}{{ (nginx_repository is not defined and ansible_facts['os_family']
+      == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}{{ item['version'] | default('') }}
     state: "{{ item['state'] | default('present') }}"
   loop: "{{ nginx_modules }}"
   when:
-    - (item['name'] | default(item) in nginx_modules_list and nginx_type == 'opensource')
-      or (item['name'] | default(item) in nginx_plus_modules_list and nginx_type == 'plus')
-    - not (item['name'] | default(item) == 'brotli')
-      or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12', '=='))
-    - not (item['name'] | default(item) == "geoip")
-      or not ((ansible_facts['os_family'] == 'FreeBSD')
-      or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution'] != 'Amazon' and ansible_facts['distribution_major_version'] is version('8', '>='))
-      or (ansible_facts['distribution'] == 'Amazon' and ansible_facts['distribution_major_version'] is version('2023', '==')))
-    - not (item['name'] | default(item) == 'geoip2')
-      or not ((ansible_facts['os_family'] == 'Suse')
-      or (ansible_facts['distribution'] == 'Amazon' and ansible_facts['distribution_major_version'] is version('2', '==')))
-    - not (item['name'] | default(item) == 'lua')
-      or not (ansible_facts['architecture'] == 's390x')
-    - not (item['name'] | default(item) == 'opentracing')
-      or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12', '=='))
+    - (item['name'] | default(item) in nginx_modules_list and nginx_type == 'opensource') or (item['name'] | default(item) in nginx_plus_modules_list and nginx_type
+      == 'plus')
+    - not (item['name'] | default(item) == 'brotli') or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12',
+      '=='))
+    - not (item['name'] | default(item) == "geoip") or not ((ansible_facts['os_family'] == 'FreeBSD') or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution']
+      != 'Amazon' and ansible_facts['distribution_major_version'] is version('8', '>=')) or (ansible_facts['distribution'] == 'Amazon' and ansible_facts['distribution_major_version']
+      is version('2023', '==')))
+    - not (item['name'] | default(item) == 'geoip2') or not ((ansible_facts['os_family'] == 'Suse') or (ansible_facts['distribution'] == 'Amazon' and ansible_facts['distribution_major_version']
+      is version('2', '==')))
+    - not (item['name'] | default(item) == 'lua') or not (ansible_facts['architecture'] == 's390x')
+    - not (item['name'] | default(item) == 'opentracing') or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12',
+      '=='))
@@ -2,7 +2,8 @@
 - name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository
   ansible.builtin.yum_repository:
     name: nginx
-    baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) }}"
+    baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat'))))
+      }}"
     description: NGINX Repository
     enabled: true
     gpgcheck: true

@@ -131,7 +131,8 @@
   block:
     - name: Download PCRE dependency
       ansible.builtin.get_url:
-        url: "{{ (pcre_release == 2) | ternary('https://github.com/PCRE2Project/pcre2/releases/download/pcre2-' ~ pcre_version ~ '/pcre2-' ~ pcre_version ~ '.tar.gz', 'https://ftp.exim.org/pub/pcre/pcre-' ~ pcre_version ~ '.tar.gz') }}"
+        url: "{{ (pcre_release == 2) | ternary('https://github.com/PCRE2Project/pcre2/releases/download/pcre2-' ~ pcre_version ~ '/pcre2-' ~ pcre_version ~ '.tar.gz',
+          'https://ftp.exim.org/pub/pcre/pcre-' ~ pcre_version ~ '.tar.gz') }}"
         dest: /tmp
         mode: "0600"
       register: pcre_source

@@ -1,8 +1,10 @@
 ---
-- name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) {{ (nginx_license_status is defined or nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX Plus repository
+- name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) {{ (nginx_license_status is defined or nginx_setup == 'uninstall') | ternary('Remove', 'Configure')
+    }} NGINX Plus repository
   ansible.builtin.yum_repository:
     name: nginx-plus
-    baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_plus_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) }}"
+    baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_plus_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat'))))
+      }}"
     description: NGINX Plus Repository
     sslclientcert: /etc/ssl/nginx/nginx-repo.crt
     sslclientkey: /etc/ssl/nginx/nginx-repo.key

@@ -70,7 +70,7 @@
 
     - name: (OracleLinux 8) Install cryptography package
       ansible.builtin.package:
-        name: "python3.11-cryptography"
+        name: python3.11-cryptography
       when:
         - ansible_facts['distribution'] == "OracleLinux"
         - ansible_facts['distribution_major_version'] == "8"