Initial commit to add nms ansible role (#4)

* Initial commit to add nms install role

* Update defaults/main.yml, remove comment from init

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Removing 'nginx_remove_license', not needed.

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update tasks/main.yml

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update vars/main.yml

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update tasks/cleanup.yml

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update tasks/check-controller-support.yml

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Removing 'example' directory

* Remove 'roles' directory

* Updates to align with nginx role

* Changing 'NIM' to 'NMS', replace 'with_items' with 'loop', and reference ansible_facts using dictionary format.

* Moving rpm specific repo from defaults/main.yml to vars/main.yml

* Changing from 'with_items' to 'loop'

* Updating galaxy_info with proper information

* Removing comments and updating supported versions

* Use ansible_fact dictionary format

* Removing workaround for RHEL7 install and hardcoding ssl cert location

* Also install latest when nms_clickhouse_version or nms_version are absent

* Hardcode https://nginx.org/keys/nginx_signing.key

* Splitting out tasks so they are Debian and RedHat 'os_family' specific.

* Changing task to hardcode contents in /etc/apt/apt.conf.d/90nginx

* Need to also include os_family support check

* Enabling anisble-lint when running 'molecule'

* Resolve linting fails

* Adding 'nms_remove_certs: false' to work around idempotence check

* Added workflow and dependabot updates

* Updating common md files for project

* Check if firewalld is installed on RH distro families and nginx must be last to restart

* AL2 is failing, disable for now, issue created for tracking

* SECURITY.md is moved to .github directory

* Fix Molecule tests in CI  and README.md updates.

* Suspect latest CI used older commit?

* Elaborate on this role's requirements

* Updating nginxinc.nginx version

* Add note to rename certs for nms repo

* Install 'pip' on all distros, install 'cryptography' and 'passlib' via pip

* Changing nms username and password variables to match with Mark's nms collection

* Updating nms support check for OracleLinux, version 8 is supported

* Fixing bug so firewalld rules need to be reloaded on RedHat OS Family

* Update

* Update requirements_molecule.txt

* Update release-drafter.yml

* Fix mis-spelling in CONTRIBUTING.md

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update copyright year in README.md

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Fix link to Apache License in README.md

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update meta/main.yml

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Renaming to pip2.yml and pip3.yml in tasks/prerequisites

* Update file name to include

* Add lablels..

* Only one requirement.yml file needed, need to define 'role' section within yml.

* Update requirememnt file example and remove survey.

* No not need the entire 'nginxinc.nginx_core' collection, just the nginxinc.nginx role

* Resolve ansible-lint errors

* Moving clickhouse and nms install tasks to directories

* NMS and Clickhouse file renaming

* Prefix 'nms_' on clickhouse variables

* Organizied files in tasks/ and consolidated validation checks to 1 task (from nginxinc.nginx)

* Adding RHEL9 as a supported version

* Adding abilty to configure nms_gpgcheck for dev purpose when installing nms.

* Updates!

* Resolving ansible-lint fails in 'molecule' directory

* Update .github/workflows/galaxy.yml

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update README.md

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update .github/workflows/release-drafter.yml

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update CHANGELOG.md

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update .github/workflows/molecule.yml

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update .github/release-drafter.yml

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update .github/release-drafter.yml

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update CONTRIBUTING.md

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update CONTRIBUTING.md

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update CONTRIBUTING.md

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update CONTRIBUTING.md

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Update CONTRIBUTING.md

Co-authored-by: Alessandro Fael Garcia <[email protected]>

* Updates per PR

* Preparing for git project name change

* README updates and prereq name changes

* Update versions in README

* Bug fixes in tasks and README

* Fix in nms redhat install

* Fix linting error

* Updates to README

---------

Co-authored-by: Alessandro Fael Garcia <[email protected]>

.ansible-lint

@@ -0,0 +1,4 @@
+---
+skip_list:
+  - name[template]
+  - yaml[line-length]

.github/CODEOWNERS

@@ -1,3 +1,5 @@
 # Main global owner #
 #####################
-*
+* @jswongf5
+/.github/workflows/
+*.md

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,10 +1,11 @@
 ---
 name: Bug report
 about: Create a report to help us improve
-title: ''
-labels: ''
-assignees: ''
+title: ""
+labels: ""
+assignees: ""
 ---
+
 ### Describe the bug
 
 A clear and concise description of what the bug is.
@@ -13,8 +14,8 @@ A clear and concise description of what the bug is.
 
 Steps to reproduce the behavior:
 
-1. Deploy ansible_role_nginx_management_suite using
-2. View output/logs/configuration on '...'
+1. Deploy the Ansible NGINX Management Suite role using `playbook.yml`
+2. View output/logs/configuration on ...
 3. See error
 
 ### Expected behavior
@@ -23,8 +24,9 @@ A clear and concise description of what you expected to happen.
 
 ### Your environment
 
-- Version of the ansible_role_nginx_management_suite or specific commit
-<!-- - Version of project language -->
+- Version of the Ansible NGINX Management Suite role or specific commit
+- Version of Ansible
+- Version of Jinja2 (if you are using any templating capability)
 - Target deployment platform
 
 ### Additional context

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,10 +1,11 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
-title: ''
-labels: ''
-assignees: ''
+title: ""
+labels: ""
+assignees: ""
 ---
+
 ### Is your feature request related to a problem? Please describe
 
 A clear and concise description of what the problem is. Ex. I'm always frustrated when ...

.github/SECURITY.md

@@ -0,0 +1,26 @@
+# Security Policy
+
+## Versions
+
+### Latest Versions
+
+We advise users to run or update to the most recent release of the Ansible NGINX Management Suite role. Older versions of this role may not have all enhancements and/or bug fixes applied to them.
+
+### Supported Versions
+
+This codebase mainly consists of an Ansible role, sprinkled with a dose of GitHub actions for CI/CD. Ansible applies security fixes to the most recent three releases. Please find more information in [the Ansible docs](https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#release-status).
+
+## Reporting a Vulnerability
+
+### Ansible
+
+If you find a security vulnerability that affects Ansible directly, we encourage you to report it according to the [Ansible guidelines](https://docs.ansible.com/ansible/devel/community/reporting_bugs_and_features.html#reporting-a-bug).
+
+### Codebase
+
+If you find a security vulnerability that affects the codebase, we encourage you to report it to the F5 Security Incident Response Team (F5 SIRT):
+
+- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support).
+- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities to the F5 SIRT at <[email protected]>.
+
+For more information visit [https://www.f5.com/services/support/report-a-vulnerability](https://www.f5.com/services/support/report-a-vulnerability)

.github/dependabot.yml

@@ -7,3 +7,12 @@ updates:
       interval: weekly
       day: monday
       time: "00:00"
+    labels:
+      - "dependencies"
+      - "skip-changelog"
+  - package-ecosystem: pip
+    directory: /.github/workflows/requirements
+    schedule:
+      interval: weekly
+      day: monday
+      time: "00:00"

.github/pull_request_template.md

@@ -6,7 +6,7 @@ Describe the use case and detail of the change. If this PR addresses an issue on
 
 Before creating a PR, run through this checklist and mark each as complete.
 
-- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginxinc/ansible-role-nginx-management-suite/blob/main/CONTRIBUTING.md) document
+- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginxinc/ansible-role-nms/blob/main/CONTRIBUTING.md) document
 - [ ] If applicable, I have added tests that prove my fix is effective or that my feature works
 - [ ] If applicable, I have checked that any relevant tests pass after adding my changes
-- [ ] I have updated any relevant documentation ([`README.md`](https://github.com/nginxinc/ansible-role-nginx-management-suite/blob/main/README.md) and [`CHANGELOG.md`](https://github.com/nginxinc/ansible-role-nginx-management-suite/blob/main/CHANGELOG.md))
+- [ ] I have updated any relevant documentation ([`README.md`](https://github.com/nginxinc/ansible-role-nms/blob/main/README.md) and [`CHANGELOG.md`](https://github.com/nginxinc/ansible-role-nms/blob/main/CHANGELOG.md))

.github/release-drafter.yml

@@ -0,0 +1,103 @@
+---
+name-template: "$RESOLVED_VERSION"
+tag-template: "$RESOLVED_VERSION"
+include-pre-releases: true
+categories:
+  - title: "💣 Breaking Changes"
+    labels:
+      - "breaking change"
+  - title: "🔔 Deprecation Warnings"
+    labels:
+      - "deprecation"
+  - title: "🚀 Features"
+    labels:
+      - "feature"
+  - title: "🎉 Enhancements"
+    labels:
+      - "enhancement"
+  - title: "🐛 Bug Fixes"
+    labels:
+      - "bug"
+  - title: "🧪 Tests"
+    labels:
+      - "tests"
+  - title: "📝 Documentation"
+    labels:
+      - "documentation"
+  - title: "⬆️ Dependencies"
+    labels:
+      - "dependencies"
+exclude-labels:
+  - "skip-changelog"
+version-resolver:
+  minor:
+    labels:
+      - "breaking change"
+      - "deprecation"
+  patch:
+    labels:
+      - "bug"
+      - "dependencies"
+      - "documentation"
+      - "feature"
+      - "enhancement"
+  default: patch
+autolabeler:
+  - label: "breaking change"
+    body:
+      - "/breaking/i"
+  - label: "deprecation"
+    branch:
+      - "/deprecate\/.+/"
+    title:
+      - "/deprecate/i"
+  - label: "feature"
+    branch:
+      - "/feat\/.+/"
+      - "/feature\/.+/"
+    title:
+      - "/feat/i"
+      - "/feature/i"
+  - label: "enhancement"
+    branch:
+      - "/enhancement\/.+/"
+    title:
+      - "/enhancement/i"
+  - label: "bug"
+    branch:
+      - "/fix\/.+/"
+    title:
+      - "/fix/i"
+  - label: "tests"
+    branch:
+      - "/molecule\/.+/"
+    title:
+      - "/molecule/i"
+  - label: "documentation"
+    branch:
+      - "/docs\/.+/"
+    files:
+      - "**/!(changelog).md"
+    title:
+      - "/docs/i"
+      - "/documentation/i"
+  - label: "dependencies"
+    files:
+      - ".github/workflows/requirements/*"
+template: |
+  ## What's new in NGINX Management Suite's Ansible role $RESOLVED_VERSION!
+
+  $CHANGES
+
+  ## Install & Upgrade
+
+  - To install the Ansible NGINX Management Suite role on a fresh environment, run `ansible-galaxy install nginxinc.nms`.
+  - To upgrade the Ansible NGINX Management Suite role to the latest release, run `ansible-galaxy install -f nginxinc.nms`.
+  - To install or upgrade to this specific Ansible NGINX Management Suite role release ($RESOLVED_VERSION), run `ansible-galaxy install -f nginxinc.nms,v$RESOLVED_VERSION`.
+
+  ## Resources
+
+  - Functional configuration examples (check `converge.yml` under each `molecule` scenario) -- [github.com/nginxinc/ansible-role-nms/tree/$RESOLVED_VERSION/molecule](https://github.com/nginxinc/ansible-role-nms/tree/$RESOLVED_VERSION/molecule).
+  - Ansible Galaxy repository -- [galaxy.ansible.com/nginxinc/nginx](https://galaxy.ansible.com/nginxinc/nginx).
+  - NGINX Ansible role & collection introductory blog -- [nginx.com/blog/announcing-nginx-core-collection-ansible](https://www.nginx.com/blog/announcing-nginx-core-collection-ansible).
+  - NGINX: Better with Ansible demo -- [github.com/alessfg/nginx-ansible-demo](https://github.com/alessfg/nginx-ansible-demo).

.github/workflows/galaxy.yml

@@ -0,0 +1,25 @@
+---
+name: Ansible Galaxy import
+on:
+  release:
+    types:
+      - published
+  workflow_dispatch:
+jobs:
+  galaxy:
+    name: Galaxy
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check out the codebase
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.x
+
+      - name: Install Ansible
+        run: pip3 install -r .github/workflows/requirements/requirements_galaxy.txt
+
+      - name: Import release to Ansible Galaxy
+        run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

.github/workflows/molecule.yml

@@ -0,0 +1,48 @@
+---
+name: Molecule CI/CD
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+    ignore-tags:
+      - "*"
+  schedule:
+    - cron: "0 0 1 * *"
+  workflow_dispatch:
+jobs:
+  molecule:
+    name: Molecule
+    runs-on: ubuntu-22.04
+    env:
+      NGINX_CRT: ${{ secrets.NGINX_CRT }}
+      NGINX_KEY: ${{ secrets.NGINX_KEY }}
+    strategy:
+      fail-fast: false
+      matrix:
+        scenario:
+          - default
+          - plus
+          - upgrade
+    steps:
+      - name: Check out the codebase
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.x
+
+      - name: Install Molecule dependencies
+        run: pip3 install -r .github/workflows/requirements/requirements_molecule.txt
+
+      - name: Install Ansible core dependencies
+        run: ansible-galaxy install -r .github/workflows/requirements/requirements_ansible.yml
+
+      - name: Run Molecule tests
+        run: molecule test -s ${{ matrix.scenario }}
+        env:
+          PY_COLORS: 1
+          ANSIBLE_FORCE_COLOR: 1

.github/workflows/release-drafter.yml

@@ -0,0 +1,20 @@
+---
+name: Release Drafter
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+jobs:
+  update_release_draft:
+    name: Update release draft
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: release-drafter/release-drafter@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/requirements/requirements_ansible.yml

@@ -0,0 +1,13 @@
+---
+roles:
+  - name: nginxinc.nginx
+    version: 0.24.0
+collections:
+  - name: ansible.posix
+    version: 1.5.1
+  - name: community.general
+    version: 6.4.0
+  - name: community.crypto # Only required if you plan to install NGINX Plus
+    version: 2.11.0
+  - name: community.docker # Only required if you plan to use Molecule
+    version: 3.4.2

.github/workflows/requirements/requirements_galaxy.txt

@@ -0,0 +1 @@
+ansible-core==2.14.3

.github/workflows/requirements/requirements_molecule.txt

@@ -0,0 +1,7 @@
+ansible-core==2.14.3
+jinja2==3.1.2
+ansible-lint==6.14.1
+yamllint==1.29.0
+molecule==4.0.4
+molecule-plugins[docker]==23.0.0
+docker==6.0.1

.gitignore

@@ -11,6 +11,15 @@ Thumbs.db
 .DS_Store
 .vscode
 
+# Ansible specific #
+####################
+.cache
+*.retry
+
+# Python specific #
+###################
+__pycache__
+
 # Logs #
 ########
 *.log

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
-## 1.0.0 (Month Date, Year)
+## 0.1.0 -  Initial release (Month Date, Year)
 
-Initial release of the NGINX template repository.
+Initial release of the NGINX Management Suite Ansible role. Features include:
+
+* Install NGINX Management Suite (NMS).
+* Create initial NMS password