Add example playbooks

Author: alessfg

CHANGELOG.md

@@ -1,5 +1,9 @@
 # CHANGELOG
 
+## 0.2.0 (September 23, 2020)
+
+Add example playbooks covering a wide range of use cases.
+
 ## 0.1.0 (September 23, 2020)
 
 Initial release of the Ansible NGINX collection.

README.md

@@ -12,9 +12,9 @@ The Ansible NGINX collection includes the following roles:
 
 |Name|Description|Version|
 |----|-----------|-------|
-[nginxinc.nginx](https://github.com/nginxinc/ansible-role-nginx)|Install NGINX|0.17.1
-[nginxinc.nginx_config](https://github.com/nginxinc/ansible-role-nginx-config)|Configure NGINX|0.2.0
-[nginxinc.nginx_app_protect](https://github.com/nginxinc/ansible-role-nginx-app-protect)|Install and configure NGINX App Protect|0.3.1
+|[nginxinc.nginx](https://github.com/nginxinc/ansible-role-nginx)|Install NGINX|0.17.1|
+|[nginxinc.nginx_config](https://github.com/nginxinc/ansible-role-nginx-config)|Configure NGINX|0.2.0|
+|[nginxinc.nginx_app_protect](https://github.com/nginxinc/ansible-role-nginx-app-protect)|Install and configure NGINX App Protect|0.3.1|
 
 Requirements
 ------------
@@ -36,22 +36,32 @@ You can also include the collection in a `requirements.yml` file and install it
 ---
 collections:
   - name: nginxinc.nginx_core
-    version: 0.1.0
+    version: 0.1.1
 ```
 
 **Git**
 
 Use `git clone https://github.com/nginxinc/ansible-collection-nginx.git` to pull the latest edge commit of the collection from GitHub.
 
-Usage **(WIP)**
----------------
+Usage
+-----
 
-Sample playbooks for each use case covered by this collection will be found in the `playbooks/` folder.
+Sample playbooks for each use case covered by this collection can be found in the `playbooks/` folder:
+
+|Name|Description|
+|----|-----------|
+|[`deploy-nginx.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx.yml)|Install NGINX|
+|[`deploy-nginx-plus.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-plus.yml)|Install NGINX Plus|
+|[`deploy-nginx-app-protect.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-app-protect.yml)|Install NGINX App Protect|
+|[`deploy-nginx-plus-app-protect.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-plus-app-protect.yml)|Install NGINX Plus and NGINX App Protect|
+|[`deploy-nginx-web-server.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-web-server.yml)|Install NGINX and configure a simple web server|
+|[`deploy-nginx-web-server-proxy.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-web-server-proxy.yml)|Install NGINX and configure a simple reverse proxy in front of two web servers|
+|[`deploy-nginx-plus-app-protect-web-server-proxy.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-plus-app-protect-web-server-proxy.yml)|Install NGINX Plus and NGINX App Protect and configure a simple reverse proxy in front of two web servers protected by NGINX App Protect|
 
 Development
 -----------
 
-Currently, all the NGINX roles (inside `roles/`) are Git submodules, and work on the roles themselves should take place in the upstream Role repository. At some point, the roles might move into this repository for their canonical home.
+Currently, all the NGINX roles (inside `roles/`) are Git submodules, and work on the roles themselves should take place in the upstream role repository.
 
 To update the roles included in this collection to their latest version, run:
 

galaxy.yml

@@ -2,7 +2,7 @@
 namespace: nginxinc
 name: nginx_core
 description: Install and configure NGINX and NGINX App Protect using Ansible
-version: 0.1.0
+version: 0.1.1
 readme: README.md
 license_file: LICENSE
 authors:

playbooks/.gitkeep

@@ -0,0 +1,19 @@
+---
+- hosts: all
+  collections:
+    - nginxinc.nginx_core
+  roles:
+    - role: nginx_app_protect
+      vars:
+        nginx_app_protect_license:
+          certificate: <path/to/certificate>
+          key: <path/to/key>
+        nginx_app_protect_remove_license: false
+        nginx_app_protect_install_signatures: true
+        nginx_app_protect_install_threat_campaigns: true
+        nginx_app_protect_configure: true
+        nginx_app_protect_security_policy_template_enable: true
+        nginx_app_protect_security_policy_enforcement_mode: blocking
+        nginx_app_protect_log_policy_template_enable: true
+        nginx_app_protect_log_policy_filter_request_type: all
+        nginx_app_protect_conf_template_enable: false

playbooks/deploy-nginx-app-protect.yml

@@ -0,0 +1,137 @@
+---
+- hosts: all
+  collections:
+    - nginxinc.nginx_core
+  roles:
+    - role: nginx
+      vars:
+        nginx_type: plus
+        nginx_license:
+          certificate: <path/to/certificate>
+          key: <path/to/key>
+        nginx_remove_license: false
+    - role: nginx_app_protect
+      vars:
+        nginx_app_protect_setup_license: false
+        nginx_app_protect_remove_license: false
+        nginx_app_protect_install_signatures: true
+        nginx_app_protect_install_threat_campaigns: true
+        nginx_app_protect_configure: true
+        nginx_app_protect_security_policy_template_enable: true
+        nginx_app_protect_security_policy_enforcement_mode: blocking
+        nginx_app_protect_log_policy_template_enable: true
+        nginx_app_protect_log_policy_filter_request_type: all
+        nginx_app_protect_conf_template_enable: false
+    - role: nginx_config
+      vars:
+        nginx_config_modules:
+          - modules/ngx_http_app_protect_module.so
+        nginx_config_http_template_enable: true
+        nginx_config_http_template:
+          app:
+            template_file: http/default.conf.j2
+            conf_file_name: default.conf
+            conf_file_location: /etc/nginx/conf.d/
+            servers:
+              main:
+                app_protect:
+                  enable: true
+                  policy_file: /etc/nginx/app-protect-security-policy.json
+                  security_log_enable: true
+                  security_log:
+                    path: /etc/nginx/app-protect-log-policy.json
+                    dest: /var/log/app_protect/security.log
+                listen:
+                  listen_localhost:
+                    port: 80
+                server_name: localhost
+                access_log:
+                  - name: main
+                    location: /var/log/nginx/access.log
+                reverse_proxy:
+                  locations:
+                    main:
+                      location: /
+                      proxy_pass: http://upstr/
+                      proxy_set_header:
+                        header_host:
+                          name: Host
+                          value: $host
+              server_one:
+                listen:
+                  listen_server_one:
+                    port: 8081
+                server_name: localhost
+                access_log:
+                  - name: main
+                    location: /var/log/nginx/access.log
+                web_server:
+                  locations:
+                    server_one:
+                      location: /
+                      html_file_location: /usr/share/nginx/html
+                      html_file_name: server_one.html
+                sub_filter:
+                  once: false
+                  sub_filters:
+                    - "'server_hostname' '$hostname'"
+                    - "'server_address' '$server_addr:$server_port'"
+                    - "'server_url' '$request_uri'"
+                    - "'remote_addr' '$remote_addr:$remote_port'"
+                    - "'server_date' '$time_local'"
+                    - "'client_browser' '$http_user_agent'"
+                    - "'request_id' '$request_id'"
+                    - "'nginx_version' '$nginx_version'"
+                    - "'document_root' '$document_root'"
+                    - "'proxied_for_ip' '$http_x_forwarded_for'"
+              server_two:
+                listen:
+                  listen_server_two:
+                    port: 8082
+                server_name: localhost
+                access_log:
+                  - name: main
+                    location: /var/log/nginx/access.log
+                web_server:
+                  locations:
+                    server_two:
+                      location: /
+                      html_file_location: /usr/share/nginx/html
+                      html_file_name: server_two.html
+                sub_filter:
+                  once: false
+                  sub_filters:
+                    - "'server_hostname' '$hostname'"
+                    - "'server_address' '$server_addr:$server_port'"
+                    - "'server_url' '$request_uri'"
+                    - "'remote_addr' '$remote_addr:$remote_port'"
+                    - "'server_date' '$time_local'"
+                    - "'client_browser' '$http_user_agent'"
+                    - "'request_id' '$request_id'"
+                    - "'nginx_version' '$nginx_version'"
+                    - "'document_root' '$document_root'"
+                    - "'proxied_for_ip' '$http_x_forwarded_for'"
+            upstreams:
+              main:
+                name: upstr
+                lb_method: least_conn
+                servers:
+                  server_one:
+                    address: 0.0.0.0
+                    port: 8081
+                  server_two:
+                    address: 0.0.0.0
+                    port: 8082
+
+        nginx_config_html_demo_template_enable: true
+        nginx_config_html_demo_template:
+          server_one:
+            template_file: www/index.html.j2
+            html_file_name: server_one.html
+            html_file_location: /usr/share/nginx/html
+            web_server_name: Ansible NGINX collection - Server one
+          server_two:
+            template_file: www/index.html.j2
+            html_file_name: server_two.html
+            html_file_location: /usr/share/nginx/html
+            web_server_name: Ansible NGINX collection - Server two

playbooks/deploy-nginx-plus-app-protect-web-server-proxy.yml

@@ -0,0 +1,24 @@
+---
+- hosts: all
+  collections:
+    - nginxinc.nginx_core
+  roles:
+    - role: nginx
+      vars:
+        nginx_type: plus
+        nginx_license:
+          certificate: <path/to/certificate>
+          key: <path/to/key>
+        nginx_remove_license: false
+    - role: nginx_app_protect
+      vars:
+        nginx_app_protect_setup_license: false
+        nginx_app_protect_remove_license: true
+        nginx_app_protect_install_signatures: true
+        nginx_app_protect_install_threat_campaigns: true
+        nginx_app_protect_configure: true
+        nginx_app_protect_security_policy_template_enable: true
+        nginx_app_protect_security_policy_enforcement_mode: blocking
+        nginx_app_protect_log_policy_template_enable: true
+        nginx_app_protect_log_policy_filter_request_type: all
+        nginx_app_protect_conf_template_enable: false

playbooks/deploy-nginx-plus-app-protect.yml

@@ -0,0 +1,11 @@
+---
+- hosts: all
+  collections:
+    - nginxinc.nginx_core
+  roles:
+    - role: nginx
+      vars:
+        nginx_type: plus
+        nginx_license:
+          certificate: <path/to/certificate>
+          key: <path/to/key>

playbooks/deploy-nginx-plus.yml

@@ -0,0 +1,110 @@
+---
+- hosts: all
+  collections:
+    - nginxinc.nginx_core
+  roles:
+    - role: nginx
+    - role: nginx_config
+      vars:
+        nginx_config_http_template_enable: true
+        nginx_config_http_template:
+          app:
+            template_file: http/default.conf.j2
+            conf_file_name: default.conf
+            conf_file_location: /etc/nginx/conf.d/
+            servers:
+              main:
+                listen:
+                  listen_localhost:
+                    port: 80
+                server_name: localhost
+                access_log:
+                  - name: main
+                    location: /var/log/nginx/access.log
+                reverse_proxy:
+                  locations:
+                    main:
+                      location: /
+                      proxy_pass: http://upstr/
+                      proxy_set_header:
+                        header_host:
+                          name: Host
+                          value: $host
+              server_one:
+                listen:
+                  listen_server_one:
+                    port: 8081
+                server_name: localhost
+                access_log:
+                  - name: main
+                    location: /var/log/nginx/access.log
+                web_server:
+                  locations:
+                    server_one:
+                      location: /
+                      html_file_location: /usr/share/nginx/html
+                      html_file_name: server_one.html
+                sub_filter:
+                  once: false
+                  sub_filters:
+                    - "'server_hostname' '$hostname'"
+                    - "'server_address' '$server_addr:$server_port'"
+                    - "'server_url' '$request_uri'"
+                    - "'remote_addr' '$remote_addr:$remote_port'"
+                    - "'server_date' '$time_local'"
+                    - "'client_browser' '$http_user_agent'"
+                    - "'request_id' '$request_id'"
+                    - "'nginx_version' '$nginx_version'"
+                    - "'document_root' '$document_root'"
+                    - "'proxied_for_ip' '$http_x_forwarded_for'"
+              server_two:
+                listen:
+                  listen_server_two:
+                    port: 8082
+                server_name: localhost
+                access_log:
+                  - name: main
+                    location: /var/log/nginx/access.log
+                web_server:
+                  locations:
+                    server_two:
+                      location: /
+                      html_file_location: /usr/share/nginx/html
+                      html_file_name: server_two.html
+                sub_filter:
+                  once: false
+                  sub_filters:
+                    - "'server_hostname' '$hostname'"
+                    - "'server_address' '$server_addr:$server_port'"
+                    - "'server_url' '$request_uri'"
+                    - "'remote_addr' '$remote_addr:$remote_port'"
+                    - "'server_date' '$time_local'"
+                    - "'client_browser' '$http_user_agent'"
+                    - "'request_id' '$request_id'"
+                    - "'nginx_version' '$nginx_version'"
+                    - "'document_root' '$document_root'"
+                    - "'proxied_for_ip' '$http_x_forwarded_for'"
+            upstreams:
+              main:
+                name: upstr
+                lb_method: least_conn
+                servers:
+                  server_one:
+                    address: 0.0.0.0
+                    port: 8081
+                  server_two:
+                    address: 0.0.0.0
+                    port: 8082
+
+        nginx_config_html_demo_template_enable: true
+        nginx_config_html_demo_template:
+          server_one:
+            template_file: www/index.html.j2
+            html_file_name: server_one.html
+            html_file_location: /usr/share/nginx/html
+            web_server_name: Ansible NGINX collection - Server one
+          server_two:
+            template_file: www/index.html.j2
+            html_file_name: server_two.html
+            html_file_location: /usr/share/nginx/html
+            web_server_name: Ansible NGINX collection - Server two