Feature/template handling (#6)

* detect vhost templates on controler instance

* update vhost template handling

Author: bodsch

filter_plugins/nginx.py

@@ -6,7 +6,9 @@
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
-# import json
+import os
+import json
+import hashlib
 
 from ansible.utils.display import Display
 
@@ -23,10 +25,11 @@ def filters(self):
             'vhost_directory': self.vhost_directory,
             'vhost_listen': self.vhost_listen,
             'vhost_templates': self.vhost_templates,
+            'vhost_templates_checksum': self.vhost_templates_checksum,
+            'vhost_templates_validate': self.vhost_templates_validate,
             'http_vhosts': self.http_vhosts,
             'changed_vhosts': self.changed_vhosts,
             'certificate_existing': self.certificate_existing,
-            'validate_listener': self.validate_listener,
         }
 
     def vhost_directory(self, data, directory, state="present"):
@@ -58,7 +61,6 @@ def vhost_listen(self, data, port, default):
             used in jinja_macros.j2
         """
         # display.v(f"vhost_listen({port}, {default})")
-
         result = []
 
         if (isinstance(port, str) or isinstance(port, int)):
@@ -91,6 +93,43 @@ def vhost_templates(self, data, defaults):
         display.v(f" = result {result}")
         return result
 
+    def vhost_templates_checksum(self, data):
+        """
+        """
+        result = {}
+
+        for tpl in data:
+            if os.path.exists(tpl):
+                with open(tpl,"rb") as f:
+                    bytes = f.read()
+                    readable_hash = hashlib.sha256(bytes).hexdigest()
+                    result[tpl] = readable_hash
+
+        # display.v(f" = result {result}")
+        return result
+
+    def vhost_templates_validate(self, data, ansible_local):
+        """
+        """
+        result = {}
+        changed_templates = {}
+
+        for tpl, checksum in data.items():
+            local_checksum = ansible_local.get(tpl, "-")
+
+            if checksum != local_checksum:
+                changed_templates[tpl] = checksum
+
+        changed = len(changed_templates) > 0
+
+        result = {
+            "changed": changed,
+            "templates": changed_templates
+        }
+
+        # display.v(f" = result {result}")
+        return result
+
     def http_vhosts(self, data, tls=False):
         """
         """
@@ -142,23 +181,8 @@ def certificate_existing(self, data):
             returns a list of vhosts where the certificate exists.
         """
         # display.v(f"certificate_existing({data})")
-
         if isinstance(data, list):
             data = [x for x in data if x.get("ssl", {}).get("state") == "present"]
 
         # display.v(f" = result {data}")
         return data
-
-    def validate_listener(self, data, replace='(quic|reuseport)'):
-        """
-        """
-        result = []
-
-        if isinstance(data, str):
-            result.append(re.sub(find, replace, s).strip())
-        if isinstance(data, list):
-            for i in data:
-                result.append(re.sub(find, replace, i).strip())
-
-        display.v(f"  = {result}")
-        return result

library/nginx_vhosts.py

@@ -114,7 +114,7 @@ def create_vhost(self, data):
 
         # state = data.get("state", "present")
         enabled = data.get("enabled", True)
-        template = data.get("template", None)
+        template_file = data.get("template", None)
         tls = data.get("ssl", None)
         tls_enabled = False
 
@@ -133,16 +133,28 @@ def create_vhost(self, data):
                 else:
                     return True, False, "[ERROR] TLS certificate missing"
 
-        if not template:
+        if not template_file:
             if tls_enabled:
-                template = self.default_https_template
+                template_file = self.default_https_template
             else:
-                template = self.default_http_template
+                template_file = self.default_http_template
 
-        template = os.path.join(self.template_path, template)
+        template = os.path.join(self.template_path, template_file)
+
+        self.module.log(msg=f"- template {template}")
+
+        if not os.path.exists(template):
+            """
+            """
+            _error = True
+            _changed = False
+            _msg = f"The template {template_file} does not exist."
+            return _error, _changed, _msg
 
         file_available, file_enabled, file_temporary = self.__file_names(data)
 
+        self.module.log(msg=f"- file_available {file_available} - {file_enabled} - {file_temporary}")
+
         vhost_data = self.render_template(template, data)
 
         changed, msg = self.save_vhost(file_available, file_temporary, vhost_data)
@@ -337,9 +349,9 @@ def __file_names(self, data):
         available = os.path.join(self.site_available, file_name)
         temporary = os.path.join(self.tmp_directory, file_name)
 
-        # self.module.log(msg=f"   enabled {enabled}")
-        # self.module.log(msg=f"   available {available}")
-        # self.module.log(msg=f"   temporary {temporary}")
+        self.module.log(msg=f"   enabled {enabled}")
+        self.module.log(msg=f"   available {available}")
+        self.module.log(msg=f"   temporary {temporary}")
 
         return available, enabled, temporary
 

molecule/configured/group_vars/all/nginx_vhosts.yml

@@ -10,6 +10,7 @@ nginx_vhosts:
 
   - name: nginx-status
     filename: 00-status.conf
+    template: vhost_status.j2
     state: present  # default: present
     enabled: true   # default: true
     # domain(s)

molecule/configured/molecule.yml

@@ -28,8 +28,8 @@ platforms:
       - /run
       - /tmp
     published_ports:
-      - 80:80
-      - 443:443
+      - 8080:80
+      - 8443:443
 
 provisioner:
   name: ansible

molecule/configured/templates/vhosts/vhost_status.j2

@@ -0,0 +1,31 @@
+#jinja2: trim_blocks: True, lstrip_blocks: True
+# {{ ansible_managed }}
+
+{% import 'jinja_macros.j2' as tpl with context %}
+{% set data = item %}
+{% set _server_name = data.domains | default('_') %}
+{% set _upstreams = data.upstreams | default({}) %}
+{% set _logfiles = data.logfiles | default({}) %}
+{% set _locations = data.locations | default([]) %}
+{% set _listen = data.listen | default('80') %}
+
+server {
+{{ tpl.vhost_server_name(_server_name) }}
+{{ tpl.vhost_listen(_listen) | indent(0, first=False) }}
+{{ tpl.vhost_logfile(_logfiles, item.name) | indent(0, first=False) }}
+  {% if data.includes is defined %}
+    {% for inc in data.includes %}
+  include             {{ inc }};
+    {% endfor %}
+  {%- endif -%}
+  {% if data.root is defined %}
+  root                {{ data.root }};
+  {% endif %}
+
+  {% if data.index is defined %}
+  index
+    {{ data.index | join('\n') | indent(4, first=False) }};
+  {% endif %}
+
+{{ tpl.vhost_locations(_locations) | indent(0, first=False) -}}
+}

tasks/vhosts/prepare.yml

@@ -13,23 +13,23 @@
     nginx_vhosts_https: "{{ nginx_vhosts | http_vhosts(tls=True) }}"
     nginx_templates: "{{ nginx_vhosts | vhost_templates(defaults=nginx_vhost_templates) }}"
 
-- name: find templates archive on ansible controller
-  become: false
-  delegate_to: localhost
-  ansible.builtin.stat:
-    path: "{{ nginx_local_tmp_directory }}/templates/{{ ansible_fqdn }}_templates.tgz"
-    get_md5: false
-    get_mime: false
-    get_attributes: false
-  register: nginx_template_ansible_controller
+- name: detect vhost templates
+  ansible.builtin.set_fact:
+    _nginx_templates: "{{ query('bodsch.core.file_glob', '.j2') }}"
+  vars:
+    search_path:
+      - ".."
+      - "../.."
+    search_regex: "(vhost|jinja_macros).*"
+
+- name: define vhosts templates checksum
+  ansible.builtin.set_fact:
+    nginx_templates_checksums: "{{ _nginx_templates | default([]) | vhost_templates_checksum }}"
+    # nginx_templates_checksum: "{{ _nginx_templates | default('-') | hash('sha256') }}"
 
-- name: find templates archive on destination system
-  ansible.builtin.stat:
-    path: "{{ nginx_remote_tmp_directory }}/{{ ansible_fqdn }}/templates.tgz"
-    get_md5: false
-    get_mime: false
-    get_attributes: false
-  register: nginx_template_remote_archive
+- name: validate vhost template checksums
+  ansible.builtin.set_fact:
+    nginx_templates_changed: "{{ nginx_templates_checksums | vhost_templates_validate(ansible_local.nginx.templates_checksums | default({})) }}"
 
 - name: find templates directory on destination system
   ansible.builtin.stat:
@@ -39,26 +39,10 @@
     get_attributes: false
   register: nginx_template_remote_directory
 
-# - name: templates
-#   ansible.builtin.debug:
-#     msg:
-#       - "{{ nginx_template_ansible_controller.stat.checksum | default('-') }}"
-#       - "{{ nginx_template_remote_archive.stat.checksum | default('+') }}"
-#       - "{{ nginx_template_remote_directory.stat }}"
-
 - name: templates for remote system
   when:
-    - not nginx_template_remote_archive.stat.exists or
-      nginx_template_remote_archive.stat.checksum | default('+') != nginx_template_ansible_controller.stat.checksum | default('-')
+    - nginx_templates_changed.changed
   block:
-    - name: detect vhost templates
-      ansible.builtin.set_fact:
-        _nginx_templates: "{{ query('bodsch.core.file_glob', '.j2') }}"
-      vars:
-        search_path:
-          - ".."
-          - "../.."
-        search_regex: "(vhost|jinja_macros).*"
 
     - name: transfer vhost templates to destination instance
       tags:
@@ -121,16 +105,31 @@
         state: absent
         path: "{{ nginx_remote_tmp_directory }}/{{ ansible_fqdn }}"
 
+- name: find templates archive on destination system
+  ansible.builtin.stat:
+    path: "{{ nginx_remote_tmp_directory }}/{{ ansible_fqdn }}/templates.tgz"
+    get_md5: false
+    get_mime: false
+    get_attributes: false
+  register: nginx_template_remote_archive
+
 - name: extract {{ ansible_fqdn }}/templates.tgz
   ansible.builtin.unarchive:
     src: "{{ nginx_remote_tmp_directory }}/{{ ansible_fqdn }}/templates.tgz"
     dest: "{{ nginx_remote_tmp_directory }}/"
     remote_src: true
   when:
     - not nginx_template_remote_archive.stat.exists or
-      nginx_template_remote_archive.stat.checksum | default('+') != nginx_template_ansible_controller.stat.checksum | default('-') or
+      nginx_templates_changed.changed or
       not nginx_template_remote_directory.stat.isdir
 
+- name: create custom fact file
+  bodsch.core.facts:
+    name: nginx
+    facts:
+      templates: "{{ _nginx_templates }}"
+      templates_checksums: "{{ nginx_templates_checksums }}"
+
 - name: ensure vhosts root path exists
   ansible.builtin.file:
     path: "{{ item }}"

templates/vhosts/vhost_http.conf.j2

@@ -1,4 +1,4 @@
-#jinja2: trim_blocks: True, rstrip_blocks: True, lstrip_blocks: True
+#jinja2: trim_blocks: True, lstrip_blocks: True
 # {{ ansible_managed }}
 
 {% import 'jinja_macros.j2' as tpl with context %}

templates/vhosts/vhost_https.conf.j2

@@ -1,4 +1,4 @@
-#jinja2: trim_blocks: True, rstrip_blocks: True, lstrip_blocks: True
+#jinja2: trim_blocks: True, lstrip_blocks: True
 # {{ ansible_managed }}
 
 {% import 'jinja_macros.j2' as tpl with context %}