| # Licensed to the Apache Software Foundation (ASF) under one or more contributor |
| # license agreements; and to You under the Apache License, Version 2.0. |
| --- |
| # This role starts a nginx component |
| |
| - name: ensure nginx config directory exists |
| file: |
| path: "{{ nginx.confdir }}" |
| state: directory |
| become: "{{ nginx.dir.become }}" |
| |
| - name: copy template from local to remote in nginx config directory |
| template: |
| src: nginx.conf.j2 |
| dest: "{{ nginx.confdir }}/nginx.conf" |
| |
| - name: copy cert files from local to remote in nginx config directory |
| copy: |
| src: "files/{{ item }}" |
| dest: "{{ nginx.confdir }}" |
| with_items: |
| - "{{ nginx.ssl.cert }}" |
| - "{{ nginx.ssl.key }}" |
| - "{{ nginx.ssl.client_ca_cert }}" |
| |
| - name: copy password files for cert from local to remote in nginx config directory |
| copy: |
| src: "files/{{ nginx.ssl.password_file }}" |
| dest: "{{ nginx.confdir }}" |
| when: nginx.ssl.password_enabled == true |
| |
| - name: copy controller cert for authentication |
| copy: |
| src: "{{ openwhisk_home }}/ansible/roles/controller/files/{{ item }}" |
| dest: "{{ nginx.confdir }}" |
| with_items: |
| - "{{ controller.ssl.cert }}" |
| - "{{ controller.ssl.key }}" |
| when: "{{ controller.protocol == 'https' }}" |
| |
| - name: ensure nginx log directory is created with permissions |
| file: |
| path: "{{ whisk_logs_dir }}/nginx" |
| state: directory |
| mode: 0777 |
| become: "{{ logs.dir.become }}" |
| |
| - name: "pull the nginx:{{ nginx.version }} image" |
| shell: "docker pull nginx:{{ nginx.version }}" |
| register: result |
| until: (result.rc == 0) |
| retries: "{{ docker.pull.retries }}" |
| delay: "{{ docker.pull.delay }}" |
| |
| - name: (re)start nginx |
| docker_container: |
| name: nginx |
| image: nginx:{{ nginx.version }} |
| state: started |
| recreate: true |
| restart_policy: "{{ docker.restart.policy }}" |
| hostname: "nginx" |
| volumes: |
| - "{{ whisk_logs_dir }}/nginx:/logs" |
| - "{{ nginx.confdir }}:/etc/nginx" |
| expose: |
| - 8443 |
| ports: |
| - "{{ nginx.port.http }}:80" |
| - "{{ nginx.port.api }}:443" |
| - "{{ nginx.port.adminportal }}:8443" |