Comments (8)
Here are a couple of solutions I could think of, but not sure if this would break some other behavior.
- listen to check nginx instead of run nginx
diff --git a/handlers/main.yml b/handlers/main.yml
index 94508ba..25330b9 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -11,7 +11,7 @@
var: config.stderr_lines
failed_when: config.rc != 0
when: config.rc != 0
- listen: (Handler - NGINX Config) Run NGINX
+ listen: (Handler - NGINX Config) Check NGINX
- name: (Handler - NGINX Config) Start/reload NGINX
service:
- add conditional to not run in check mode
diff --git a/handlers/main.yml b/handlers/main.yml
index 94508ba..5d97b17 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -9,8 +9,10 @@
- name: (Handler - NGINX Config) Print NGINX error if syntax check fails
debug:
var: config.stderr_lines
- failed_when: config.rc != 0
- when: config.rc != 0
+ failed_when: config.rc != 0
+ when:
+ - config.rc != 0
+ - not ansible_check_mode | bool
listen: (Handler - NGINX Config) Run NGINX
- name: (Handler - NGINX Config) Start/reload NGINX
from ansible-role-nginx-config.
It also might be considered to take on the bigger task of actually validating the configuration in check mode, but this seems much more complex.
from ansible-role-nginx-config.
Right. Option 2 looks fine to me (I think handler's might get a bit messy if we follow option 1), but what about setting up check_mode: no
on the Check NGINX
handler?
from ansible-role-nginx-config.
Yes, I think that makes sense with the current implementation. It might be worth noting in the documentation that configuration check cannot be performed in ansible check mode.
I think it would be a common feature request to have configuration validation working in check mode though.
from ansible-role-nginx-config.
By setting check_mode: no
the task should always be run, even when using check mode. Unless I am missing something? https://docs.ansible.com/ansible/latest/user_guide/playbooks_checkmode.html#enforcing-or-preventing-check-mode-on-tasks
from ansible-role-nginx-config.
You are correct. This is my suggestion in solution 2. I am using same syntax from other task Start/reload NGINX
- name: (Handler - NGINX Config) Start/reload NGINX
service:
name: nginx
state: reloaded
when:
- nginx_config_start | bool
- not ansible_check_mode | bool
listen: (Handler - NGINX Config) Run NGINX
I will open a second ticket as feature request for the following: Add support to validate nginx configuration in check mode.
This feature would be non-trivial and may not even be possible, but would be a big help in preventing bad configuration pushes.
from ansible-role-nginx-config.
If you set not ansible_check_mode | bool
then the Check NGINX
handler will get skipped on check mode, but if you set check_mode: no
, it will always run on check mode. I'm going to open a PR to add the latter functionality since it makes more sense to run Check NGINX
always.
from ansible-role-nginx-config.
Quick update, implementing what I mentioned above successfully turned out to be not as trivial as I expected. I have what I think might be a workable solution but I still need to do some testing. PR hopefully coming in early next week.
This still will not validate the NGINX config that you are deploying in the given playbook (as you mentioned, it might not even be possible within Ansible's check mode), but at least it should cover any unexpected failures when using check.
from ansible-role-nginx-config.
Related Issues (20)
- how to insert an if statement in the server stanza HOT 3
- How to omit load_module: modules/ngx_http_js_module.so HOT 3
- mime.types not included in default nginx configuration HOT 4
- Add `include` support in default.conf.j2 template HOT 1
- Templating error HOT 2
- "mappings" from the "map" directive are not applied to a resulting configuration HOT 2
- Role should restart/reload Nginx when SSL certificates change HOT 3
- How to set "global" variables in the HTTP context HOT 5
- Allow nginx.conf.j2 to create gzip settings HOT 2
- Nested location HOT 2
- Question - nginx-config and proxy rewrite HOT 4
- Question - QUIC config HOT 5
- Enforcing numeric types breaks certain templating patterns. HOT 3
- http2 directive uses enable but http3 uses enabled
- Variables for gzip_static HOT 1
- Logrotate does not format correctly HOT 2
- add map inside stream HOT 3
- Validate configuration HOT 3
- Role version 0.7.1 is not published to the ansible-galaxy repo HOT 1
- set_real_ip_from (ngx_http_realip_module) should be a list HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-role-nginx-config.