From ef4ade826791d6260c6e3479eaffe85ff968b7d8 Mon Sep 17 00:00:00 2001 From: h3po Date: Thu, 13 Aug 2020 12:51:09 +0200 Subject: [PATCH 1/5] allow using the mainline repo on redhat --- defaults/main.yml | 1 + templates/nginx.repo.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 0509dbe..ff5cb90 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,6 +4,7 @@ nginx_default_release: "" # Used only for Redhat installation, enables source Nginx repo. nginx_yum_repo_enabled: true +nginx_yum_repo_mainline: false # Use the official Nginx PPA for Ubuntu, and the version to use if so. nginx_ppa_use: false diff --git a/templates/nginx.repo.j2 b/templates/nginx.repo.j2 index 9a853b7..46df323 100644 --- a/templates/nginx.repo.j2 +++ b/templates/nginx.repo.j2 @@ -1,5 +1,5 @@ [nginx] name=nginx repo -baseurl=http://nginx.org/packages/centos/{{ ansible_distribution_major_version }}/$basearch/ +baseurl=http://nginx.org/packages{{ '/mainline' if nginx_yum_repo_mainline }}/centos/{{ ansible_distribution_major_version }}/$basearch/ gpgcheck=0 enabled=1 From 3041e5924466950f92f41268c34bd298809c6d30 Mon Sep 17 00:00:00 2001 From: h3po Date: Thu, 13 Aug 2020 12:52:47 +0200 Subject: [PATCH 2/5] handle package updates after changing the repo from stable to mainline on redhat --- tasks/setup-RedHat.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml index 2507397..487be48 100644 --- a/tasks/setup-RedHat.yml +++ b/tasks/setup-RedHat.yml @@ -7,8 +7,17 @@ group: "{{ root_group }}" mode: 0644 when: nginx_yum_repo_enabled | bool + register: repo + +- name: Clean the nginx repo + command: > + yum clean all --disablerepo="*" --enablerepo=nginx + args: + warn: false + when: repo.changed - name: Ensure nginx is installed. package: name: "{{ nginx_package_name }}" - state: present + state: "{{ 'latest' if repo.changed else 'present' }}" + notify: restart nginx \ No newline at end of file From 653b225dffdf7a0412b86e256144c7049f636596 Mon Sep 17 00:00:00 2001 From: h3po Date: Thu, 13 Aug 2020 12:54:31 +0200 Subject: [PATCH 3/5] enable yum gpgcheck and module_hotfixes as recommended --- templates/nginx.repo.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/nginx.repo.j2 b/templates/nginx.repo.j2 index 46df323..b33067f 100644 --- a/templates/nginx.repo.j2 +++ b/templates/nginx.repo.j2 @@ -1,5 +1,7 @@ [nginx] name=nginx repo baseurl=http://nginx.org/packages{{ '/mainline' if nginx_yum_repo_mainline }}/centos/{{ ansible_distribution_major_version }}/$basearch/ -gpgcheck=0 enabled=1 +gpgcheck=1 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true \ No newline at end of file From c9275d89ef48d84e48a66af78417fb36b9615bf2 Mon Sep 17 00:00:00 2001 From: h3po Date: Thu, 13 Aug 2020 13:01:25 +0200 Subject: [PATCH 4/5] fix linter error in tasks/setup-RedHat.yml --- tasks/setup-RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml index 487be48..3e71a98 100644 --- a/tasks/setup-RedHat.yml +++ b/tasks/setup-RedHat.yml @@ -20,4 +20,4 @@ package: name: "{{ nginx_package_name }}" state: "{{ 'latest' if repo.changed else 'present' }}" - notify: restart nginx \ No newline at end of file + notify: restart nginx From 18a9383db5ec717536892246622c42fef8414d69 Mon Sep 17 00:00:00 2001 From: h3po Date: Thu, 13 Aug 2020 13:07:44 +0200 Subject: [PATCH 5/5] ignore linter error 503 in tasks/setup-RedHat.yml --- tasks/setup-RedHat.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml index 3e71a98..a7614cf 100644 --- a/tasks/setup-RedHat.yml +++ b/tasks/setup-RedHat.yml @@ -15,6 +15,7 @@ args: warn: false when: repo.changed + tags: ['skip_ansible_lint'] - name: Ensure nginx is installed. package: