diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 7b836fe..e194d6a 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -27,6 +27,8 @@ jobs: - plus - upgrade - modules + - uninstall + - uninstall-module - plus-count-ubuntu - plus-count-rhel - plus-count-upgrade diff --git a/README.md b/README.md index f8a2d30..547e69a 100644 --- a/README.md +++ b/README.md @@ -147,6 +147,7 @@ Working functional playbook examples can be found in the **[`molecule/`](https:/ | **[`plus/converge.yml`](https://github.com/nginxinc/ansible-role-nginx-management-suite/blob/main/molecule/plus/converge.yml)** | Install NGINX Plus and NMS | | **[`upgrade/converge.yml`](https://github.com/nginxinc/ansible-role-nginx-management-suite/blob/main/molecule/upgrade/converge.yml)** | Upgrade NMS | | **[`modules/converge.yml`](https://github.com/nginxinc/ansible-role-nginx-management-suite/blob/main/molecule/modules/converge.yml)** | Install NGINX OSS and NMS & the API Connectivity Manager module | +| **[`uninstall/converge.yml`](https://github.com/nginxinc/ansible-role-nginx-management-suite/blob/main/molecule/uninstall/converge.yml)** | Uninstall NMS | Do note that if you install this repository via Ansible Galaxy, you will have to replace the role variable in the sample playbooks from `ansible-role-nginx-management-suite` to `nginxinc.nginx_management_suite`. diff --git a/molecule/uninstall-module/converge.yml b/molecule/uninstall-module/converge.yml new file mode 100644 index 0000000..c63d7e1 --- /dev/null +++ b/molecule/uninstall-module/converge.yml @@ -0,0 +1,17 @@ +--- +- name: Converge + hosts: all + tasks: + - name: Uninstall NMS ACM Module + ansible.builtin.include_role: + name: ansible-role-nginx-management-suite + vars: + nms_user_passwd: 'Password123' + nms_remove_certs: false + nginx_remove_license: false + nginx_license: + certificate: license/nginx-repo.crt + key: license/nginx-repo.key + nms_modules: + - name: acm + setup: uninstall diff --git a/molecule/uninstall-module/molecule.yml b/molecule/uninstall-module/molecule.yml new file mode 100644 index 0000000..896f0fa --- /dev/null +++ b/molecule/uninstall-module/molecule.yml @@ -0,0 +1,112 @@ +--- +driver: + name: docker +lint: | + set -e + ansible-lint --force-color . +platforms: + - name: amazonlinux-2 + image: amazonlinux:2 + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init + - name: oraclelinux-7 + image: oraclelinux:7 + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init + - name: oraclelinux-8 + image: oraclelinux:8 + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init + - name: centos-7 + image: centos:7 + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init + - name: rhel-7 + image: registry.access.redhat.com/ubi7/ubi:7.9 + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init + - name: rhel-8 + image: redhat/ubi8:8.7 + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init + - name: debian-buster + image: debian:buster-slim + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init + - name: debian-bullseye + image: debian:bullseye-slim + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init + - name: ubuntu-bionic + image: ubuntu:bionic + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init + - name: ubuntu-focal + image: ubuntu:focal + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init + - name: ubuntu-jammy + image: ubuntu:jammy + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init +provisioner: + name: ansible + playbooks: + prepare: prepare.yml + converge: converge.yml + verify: verify.yml diff --git a/molecule/uninstall-module/prepare.yml b/molecule/uninstall-module/prepare.yml new file mode 100644 index 0000000..0d025f1 --- /dev/null +++ b/molecule/uninstall-module/prepare.yml @@ -0,0 +1,35 @@ +--- +- name: Prepare License + hosts: localhost + gather_facts: false + tasks: + - name: Create ephemeral license certificate file from b64 decoded env var # noqa template-instead-of-copy + ansible.builtin.copy: + content: "{{ lookup('env', 'NGINX_CRT') | b64decode }}" + dest: ../../files/license/nginx-repo.crt + force: false + mode: "0444" + + - name: Create ephemeral license key file from b64 decoded env var # noqa template-instead-of-copy + ansible.builtin.copy: + content: "{{ lookup('env', 'NGINX_KEY') | b64decode }}" + dest: ../../files/license/nginx-repo.key + force: false + mode: "0444" + +- name: Prepare NMS + hosts: all + tasks: + - name: Install NMS & ACM Module + ansible.builtin.include_role: + name: ansible-role-nginx-management-suite + vars: + nms_setup: install + nms_user_passwd: 'Password123' + nginx_remove_license: false + nms_remove_certs: false + nginx_license: + certificate: license/nginx-repo.crt + key: license/nginx-repo.key + nms_modules: + - name: acm \ No newline at end of file diff --git a/molecule/uninstall-module/verify.yml b/molecule/uninstall-module/verify.yml new file mode 100644 index 0000000..0928b36 --- /dev/null +++ b/molecule/uninstall-module/verify.yml @@ -0,0 +1,46 @@ +--- +- name: Verify + hosts: all + tasks: + - name: Check if NGINX is installed + ansible.builtin.package: + name: nginx + state: present + check_mode: true + register: install + failed_when: (install is changed) or (install is failed) + + - name: Check if NGINX service is running + ansible.builtin.service: + name: nginx + state: started + enabled: true + check_mode: true + register: service + failed_when: (service is changed) or (service is failed) + + - name: Verify NGINX is up and running + ansible.builtin.uri: + url: http://localhost + status_code: 200 + + - name: Check if NGINX Management Suite services are still running + ansible.builtin.systemd: + name: "{{ item }}" + state: running + check_mode: true + register: install + failed_when: (install is changed) or (install is failed) + loop: + - nms + - nms-core + - nms-dpm + - nms-ingestion + - nms-integrations + + - name: Check if NGINX Management Suite Module services are no longer installed + ansible.builtin.service_facts: + register: systemd_services + failed_when: item in systemd_services.ansible_facts.services + loop: + - nms-acm.service diff --git a/molecule/uninstall/converge.yml b/molecule/uninstall/converge.yml new file mode 100644 index 0000000..cf78611 --- /dev/null +++ b/molecule/uninstall/converge.yml @@ -0,0 +1,15 @@ +--- +- name: Converge + hosts: all + tasks: + - name: Uninstall NMS + ansible.builtin.include_role: + name: ansible-role-nginx-management-suite + vars: + nms_setup: uninstall + nms_user_passwd: 'Password123' + nms_remove_certs: false + nginx_remove_license: false + nginx_license: + certificate: license/nginx-repo.crt + key: license/nginx-repo.key diff --git a/molecule/uninstall/molecule.yml b/molecule/uninstall/molecule.yml new file mode 100644 index 0000000..896f0fa --- /dev/null +++ b/molecule/uninstall/molecule.yml @@ -0,0 +1,112 @@ +--- +driver: + name: docker +lint: | + set -e + ansible-lint --force-color . +platforms: + - name: amazonlinux-2 + image: amazonlinux:2 + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init + - name: oraclelinux-7 + image: oraclelinux:7 + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init + - name: oraclelinux-8 + image: oraclelinux:8 + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init + - name: centos-7 + image: centos:7 + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init + - name: rhel-7 + image: registry.access.redhat.com/ubi7/ubi:7.9 + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init + - name: rhel-8 + image: redhat/ubi8:8.7 + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /usr/sbin/init + - name: debian-buster + image: debian:buster-slim + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init + - name: debian-bullseye + image: debian:bullseye-slim + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init + - name: ubuntu-bionic + image: ubuntu:bionic + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init + - name: ubuntu-focal + image: ubuntu:focal + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init + - name: ubuntu-jammy + image: ubuntu:jammy + platform: x86_64 + dockerfile: ../common/Dockerfile.j2 + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + command: /sbin/init +provisioner: + name: ansible + playbooks: + prepare: prepare.yml + converge: converge.yml + verify: verify.yml diff --git a/molecule/uninstall/prepare.yml b/molecule/uninstall/prepare.yml new file mode 100644 index 0000000..65198f8 --- /dev/null +++ b/molecule/uninstall/prepare.yml @@ -0,0 +1,33 @@ +--- +- name: Prepare License + hosts: localhost + gather_facts: false + tasks: + - name: Create ephemeral license certificate file from b64 decoded env var # noqa template-instead-of-copy + ansible.builtin.copy: + content: "{{ lookup('env', 'NGINX_CRT') | b64decode }}" + dest: ../../files/license/nginx-repo.crt + force: false + mode: "0444" + + - name: Create ephemeral license key file from b64 decoded env var # noqa template-instead-of-copy + ansible.builtin.copy: + content: "{{ lookup('env', 'NGINX_KEY') | b64decode }}" + dest: ../../files/license/nginx-repo.key + force: false + mode: "0444" + +- name: Prepare NMS + hosts: all + tasks: + - name: Install NMS + ansible.builtin.include_role: + name: ansible-role-nginx-management-suite + vars: + nms_setup: install + nms_user_passwd: 'Password123' + nginx_remove_license: false + nms_remove_certs: false + nginx_license: + certificate: license/nginx-repo.crt + key: license/nginx-repo.key diff --git a/molecule/uninstall/verify.yml b/molecule/uninstall/verify.yml new file mode 100644 index 0000000..ee2ec0c --- /dev/null +++ b/molecule/uninstall/verify.yml @@ -0,0 +1,36 @@ +--- +- name: Verify + hosts: all + tasks: + - name: Check if NGINX is installed + ansible.builtin.package: + name: nginx + state: present + check_mode: true + register: install + failed_when: (install is changed) or (install is failed) + + - name: Check if NGINX service is running + ansible.builtin.service: + name: nginx + state: started + enabled: true + check_mode: true + register: service + failed_when: (service is changed) or (service is failed) + + - name: Verify NGINX is up and running + ansible.builtin.uri: + url: http://localhost + status_code: 200 + + - name: Check if NGINX Management Suite services are no longer installed + ansible.builtin.service_facts: + register: systemd_services + failed_when: item in systemd_services.ansible_facts.services + loop: + - nms.service + - nms-core.service + - nms-dpm.service + - nms-ingestion.service + - nms-integrations.service diff --git a/molecule/upgrade/prepare.yml b/molecule/upgrade/prepare.yml index d3e8716..80038a9 100644 --- a/molecule/upgrade/prepare.yml +++ b/molecule/upgrade/prepare.yml @@ -20,11 +20,10 @@ - name: Prepare NMS hosts: all tasks: - - name: Install NMS + - name: Install NMS & ACM ansible.builtin.include_role: name: ansible-role-nginx-management-suite vars: - nms_version: 2.4.0* nms_setup: install nms_user_passwd: 'Password123' nginx_selinux: true @@ -34,3 +33,5 @@ nginx_license: certificate: license/nginx-repo.crt key: license/nginx-repo.key + nms_modules: + - name: acm diff --git a/vars/main.yml b/vars/main.yml index cd170ac..6747824 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,6 +1,6 @@ --- nms_setup_vars: [ - install, upgrade, + install, upgrade, uninstall, ] # This role defaults to an setup type.