From b9725608f1e3495b4ed91ef3ff94a25027220b07 Mon Sep 17 00:00:00 2001 From: Aaron Jackson Date: Wed, 27 Nov 2024 11:36:15 +0000 Subject: [PATCH 1/4] Bump all containers to Ubuntu 24.04 --- clamav/molecule/default/molecule.yml | 2 +- reverse_proxy/molecule/default/molecule.yml | 2 +- squid/molecule/default/molecule.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/clamav/molecule/default/molecule.yml b/clamav/molecule/default/molecule.yml index e3a915e..ccc6716 100644 --- a/clamav/molecule/default/molecule.yml +++ b/clamav/molecule/default/molecule.yml @@ -5,7 +5,7 @@ driver: name: docker platforms: - name: clamav - image: ubuntu:20.04 + image: ubuntu:24.04 privileged: true pre_build_image: false provisioner: diff --git a/reverse_proxy/molecule/default/molecule.yml b/reverse_proxy/molecule/default/molecule.yml index 32f5a3f..2d405c0 100644 --- a/reverse_proxy/molecule/default/molecule.yml +++ b/reverse_proxy/molecule/default/molecule.yml @@ -5,7 +5,7 @@ driver: name: docker platforms: - name: reverse_proxy - image: ubuntu:20.04 + image: ubuntu:24.04 privileged: true pre_build_image: false provisioner: diff --git a/squid/molecule/default/molecule.yml b/squid/molecule/default/molecule.yml index 2cb8f44..ac9aacc 100644 --- a/squid/molecule/default/molecule.yml +++ b/squid/molecule/default/molecule.yml @@ -5,7 +5,7 @@ driver: name: docker platforms: - name: instance - image: ubuntu:20.04 + image: ubuntu:24.04 privileged: true pre_build_image: false provisioner: From 3d528ce0c58b184ec889787ece797f57c1cbbebd Mon Sep 17 00:00:00 2001 From: Aaron Jackson Date: Wed, 27 Nov 2024 11:37:05 +0000 Subject: [PATCH 2/4] Replace nginx with openresty --- reverse_proxy/handlers/main.yml | 2 +- reverse_proxy/molecule/default/verify.yml | 4 +-- reverse_proxy/tasks/bioconductor.yml | 2 +- reverse_proxy/tasks/conda.yml | 2 +- reverse_proxy/tasks/cran.yml | 2 +- reverse_proxy/tasks/main.yml | 44 +++++++++++++++++++---- 6 files changed, 44 insertions(+), 12 deletions(-) diff --git a/reverse_proxy/handlers/main.yml b/reverse_proxy/handlers/main.yml index 34404de..60e71bd 100644 --- a/reverse_proxy/handlers/main.yml +++ b/reverse_proxy/handlers/main.yml @@ -2,7 +2,7 @@ - name: restart nginx become: true service: - name: nginx + name: openresty state: restarted enabled: true diff --git a/reverse_proxy/molecule/default/verify.yml b/reverse_proxy/molecule/default/verify.yml index abd18b1..0f508e2 100644 --- a/reverse_proxy/molecule/default/verify.yml +++ b/reverse_proxy/molecule/default/verify.yml @@ -9,13 +9,13 @@ - name: nginx is installed assert: - that: services.ansible_facts.services.nginx is defined + that: services.ansible_facts.services.openresty is defined fail_msg: "No nginx service was defined" success_msg: "Nginx service found!" - name: nginx is running assert: - that: services.ansible_facts.services['nginx'].state == "running" + that: services.ansible_facts.services['openresty'].state == "running" fail_msg: "The nginx service does not appear to be running" success_msg: "Nginx service is running" diff --git a/reverse_proxy/tasks/bioconductor.yml b/reverse_proxy/tasks/bioconductor.yml index 9dae4a2..280e066 100644 --- a/reverse_proxy/tasks/bioconductor.yml +++ b/reverse_proxy/tasks/bioconductor.yml @@ -3,7 +3,7 @@ - name: add our bioconductor reverse proxy config become: true template: - dest: /etc/nginx/sites-enabled/bioconductor.conf + dest: /etc/openresty/sites-enabled/bioconductor.conf src: generic.conf.j2 vars: generic_name: bioconductor diff --git a/reverse_proxy/tasks/conda.yml b/reverse_proxy/tasks/conda.yml index 027a2e4..013bc80 100644 --- a/reverse_proxy/tasks/conda.yml +++ b/reverse_proxy/tasks/conda.yml @@ -3,7 +3,7 @@ - name: add our conda-forge reverse proxy config become: true template: - dest: /etc/nginx/sites-enabled/conda.conf + dest: /etc/openresty/sites-enabled/conda.conf src: generic.conf.j2 vars: generic_name: conda diff --git a/reverse_proxy/tasks/cran.yml b/reverse_proxy/tasks/cran.yml index 4a6ef48..48ba091 100644 --- a/reverse_proxy/tasks/cran.yml +++ b/reverse_proxy/tasks/cran.yml @@ -3,7 +3,7 @@ - name: add our cran reverse proxy config become: true template: - dest: /etc/nginx/sites-enabled/cran.conf + dest: /etc/openresty/sites-enabled/cran.conf src: generic.conf.j2 vars: generic_name: cran diff --git a/reverse_proxy/tasks/main.yml b/reverse_proxy/tasks/main.yml index a2fb4ca..892efd1 100644 --- a/reverse_proxy/tasks/main.yml +++ b/reverse_proxy/tasks/main.yml @@ -1,16 +1,48 @@ --- +- name: install gnupg + become: true + apt: + update_cache: true + name: + - gnupg + +- name: install openresty repository key + become: true + apt_key: + url: https://openresty.org/package/pubkey.gpg + id: E52218E7087897DC6DEA6D6D97DB7443D5EDEB74 + +- name: add openresty repository + when: ansible_architecture == "x86_64" + ansible.builtin.apt_repository: + repo: deb http://openresty.org/package/ubuntu noble main + state: present + +- name: add openresty repository + when: ansible_architecture == "aarch64" + ansible.builtin.apt_repository: + repo: deb http://openresty.org/package/arm64/ubuntu noble main + state: present + - name: install nginx become: true apt: + update_cache: true + install_recommends: false name: - - nginx-extras # for proxying - git # for testing + - openresty -- name: remove default site configuration - become: true - file: - path: /etc/nginx/sites-enabled/default - state: absent +- name: ensure openresty includes enabled sites + ansible.builtin.lineinfile: + path: /etc/openresty/nginx.conf + insertafter: "default_type" + line: "include /etc/openresty/sites-enabled/*.conf;" + +- name: create sites-enabled directory + ansible.builtin.file: + path: /etc/openresty/sites-enabled + state: directory - include_tasks: cran.yml - include_tasks: bioconductor.yml From edb6c1073dbc541f535ca5a6817c3678cdb3d144 Mon Sep 17 00:00:00 2001 From: Aaron Jackson Date: Wed, 27 Nov 2024 12:49:00 +0000 Subject: [PATCH 3/4] Differences in lua versions (os.execute return code) --- reverse_proxy/templates/generic.conf.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/reverse_proxy/templates/generic.conf.j2 b/reverse_proxy/templates/generic.conf.j2 index 33f21a6..e71c75c 100644 --- a/reverse_proxy/templates/generic.conf.j2 +++ b/reverse_proxy/templates/generic.conf.j2 @@ -78,7 +78,8 @@ server { -- Launch the antivirus scanner on the temporary file. local t_start = os.clock() - local ret = os.execute("{{ av_scanner }} " .. path) + local ret = 1 + _, _, ret = os.execute("{{ av_scanner }} " .. path) local t_end = os.clock() os.remove(path) From 80ef5d05b1d945685e4ae75e344ce2f37c5030f4 Mon Sep 17 00:00:00 2001 From: Aaron Jackson Date: Wed, 27 Nov 2024 12:59:58 +0000 Subject: [PATCH 4/4] enable R installation test again --- reverse_proxy/molecule/default/verify.yml | 42 ++++++++++------------- 1 file changed, 19 insertions(+), 23 deletions(-) diff --git a/reverse_proxy/molecule/default/verify.yml b/reverse_proxy/molecule/default/verify.yml index 0f508e2..83f0236 100644 --- a/reverse_proxy/molecule/default/verify.yml +++ b/reverse_proxy/molecule/default/verify.yml @@ -64,29 +64,25 @@ fail_msg: "Request to valid file extension was blocked." success_msg: "Request to valid file extension was not blocked." - # Ubuntu 20.04 uses R 3, and packages for R 3 are no longer - # available in CRAN. We can sort this out when we move to Ubuntu - # 22.04 or later: - - # - name: r package installation - # shell: - # cmd: | - # rm -rf /usr/local/lib/R/site-library/dplyr # remove if installed - # /usr/bin/R --no-save <