I'm trying to create my custom role to install nginx by Ansible.
I defined this defaults\main.yml
---
defaults:
user: nginx
group: nginx
version: "1.19.2-1"
download_path: "/tmp/nginx-1.19.2-1"
rpm: "/tmp/nginx-1.19.2-1.el7.ngx.x86_64.rpm"
directories:
log: /var/log/nginx
config: /etc/nginx
custom_config: /etc/nginx/conf.d
pid: /var/run
config:
- name: main
content: |
upstream backend {
ip_hash;
server localhost:9090;
server 127.0.0.1:9090;
}
server {
listen 9443 ssl;
ssl_certificate /etc/ssl/certs/cert.crt;
ssl_certificate_key /etc/ssl/private/cert.key;
location / {
proxy_pass http://backend;
}
}
server:
port:
listen:
- 9443
And this is my tasks/main.yml
---
- set_fact:
default_vars: "{{ defaults }}"
host_vars: "{{ hostvars[ansible_host]['nginx'] | default({}) }}"
install_nginx: true
- set_fact:
combined_vars: "{{ default_vars | combine(host_vars, recursive=True) }}"
- name: Gather package facts
package_facts:
manager: auto
- set_fact:
install_nginx: false
when: "'nginx' in ansible_facts.packages"
- name: Install NginX
yum:
name: "{{ combined_vars.rpm }}"
state: present
disable_gpg_check: true
become: true
when:
- install_nginx
- name: Make sure Ports Open
community.general.seport:
ports: "{{ port.listen }}"
proto: tcp
setype: http_port_t
state: present
loop_control:
loop_var: "port"
when: 'port.listen is defined'
with_items: "{{ combined_vars.config.server }}"
become: true
ignore_errors: true
Now I receive the error:
nginx: [emerg] bind() to 0.0.0.0:9443 failed (13: Permission denied)
when I try to start nginx, this because my playbook skip the section Make sure Ports Open where I set to open 9443 port (read from config), and nginx don't start on not default port if you don't add this port (this is the command to run on OS to allow 9443 port: semanage port -a -t http_port_t -p tcp 9443)
This is part of my log:
ok: [10.x.x.8] => {
"ansible_facts": {
"combined_vars": {
"config": [
{
"content": "upstream backend {\n ip_hash;\n server 10.x.x.:9090;\n server 10.x.x.10:9090;\n}\n\nserver {\n listen 9443 ssl;\n ssl_certificate /etc/ssl/certs/cert.crt;\n ssl_certificate_key /etc/ssl/private/cert.key;\n location / {\n proxy_pass http://backend;\n }\n}\n",
"name": "main"
}
],
"directories": {
"config": "/etc/nginx",
"custom_config": "/etc/nginx/conf.d",
"log": "/var/log/nginx",
"pid": "/var/run"
},
"download_path": "/tmp/nginx-1.19.2-1",
"group": "nginx",
"rpm": "/tmp/nginx-1.19.2-1.el7.ngx.x86_64.rpm",
"server": {
"port": {
"listen": [
9443
]
}
},
"user": "nginx",
"version": "1.19.2-1"
}
},
"changed": false
}
...
fatal: [10.x.x.8]: FAILED! => {
"msg": "The task includes an option with an undefined variable. The error was: 'port' is undefined\n\nThe error appears to be in '/opt/Developments/GitLab/harrisburg-infrastructure/roles/nginx/tasks/main.yml': line 95, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Make sure Ports Open Mod\n ^ here\n"
}
CodePudding user response:
I solved in this way:
tasks/main.yml
- name: Make sure Ports Open Mod
community.general.seport:
ports: "{{ combined_vars.server.port.listen }}"
proto: tcp
setype: http_port_t
state: present
loop_control:
loop_var: "listen"
when: 'combined_vars.server.port.listen is defined'
with_items: "{{ combined_vars.server }}"
become: true
ignore_errors: true