Update role to Leap 15.6 and podman

This commit is large, I apoligize for it but there was no clever way to
split this up. It's a long overdue maintenance update.

Update the molecule tasks to use podman instead of docker and update the
test runs to use Leap 15.5 and Leap 15.6.

Also do some cleanup of the tests and required changes to make them work
again.

Also remove Debian bullseye.

Signed-off-by: phoenix <[email protected]>

.github/workflows/CI.yml

@@ -32,9 +32,13 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v2
         with:
-          python-version: '3.x'
-      - name: Install dependencies
-        run: pip3 install ansible molecule[docker] docker pytest testinfra
+          python-version: '3.11'
+      - name: Install requirements
+        run: sudo apt-get install podman python3-pip
+      - name: Install molecule
+        run: "pip3 install ansible-core molecule molecule-plugins[podman] pytest testinfra"
+      - name: Install ansible collections
+        run: ansible-galaxy collection install community.general
       - name: Run Molecule
         run: molecule test
         env:

README.md

@@ -4,9 +4,9 @@
 
 Configurable ansible role for setting up a nginx webserver on a Linux server. Works with
 
-- openSUSE Leap 15.3
-- openSUSE Leap 15.4
-- Debian Buster
+- openSUSE Leap 15.5
+- openSUSE Leap 15.6
+- Debian Buster (11)
 
 ## Role Variables
 --------------

files/www/index.html

@@ -0,0 +1,10 @@
+<!doctype html>
+<html>
+<head>
+<title>nginx</title>
+</head>
+<body>
+<h1>Default page for nginx</h1>
+<p>Congratulations! Your nginx role has been successfully installed on this server</p>
+</body>
+</html>

meta/main.yml

@@ -14,11 +14,8 @@ galaxy_info:
   platforms:
     - name: opensuse
       versions:
-        - 15.3
-        - 15.4
-    - name: debian
-      versions:
-        - bullseye
+        - 15.5
+        - 15.6
 
   galaxy_tags:
     - nginx

molecule/default/Dockerfile.bookworm → molecule/default/Containerfile.bookworm

@@ -1,4 +1,4 @@
-FROM docker.io/debian:bullseye
+FROM docker.io/debian:bookworm
 
 # Install systemd, and development tools, clear cache and clean system
 RUN apt-get update && apt-get install -y systemd systemd-sysv python3 curl && rm -rf /var/cache/* && systemctl mask -- dev-hugepages.mount sys-fs-fuse-connections.mount && rm -f /etc/machine-id /var/lib/dbus/machine-id

molecule/default/Containerfile.leap15_5

@@ -0,0 +1,7 @@
+FROM registry.opensuse.org/opensuse/leap:15.5
+
+# Install systemd and development tools, clear cache
+RUN zypper in -y systemd systemd-sysvinit python311 curl && rm -rf /var/cache/*
+
+# Start container with systemd
+ENTRYPOINT ["/usr/sbin/init"]

molecule/default/Containerfile.leap15_6

@@ -0,0 +1,7 @@
+FROM registry.opensuse.org/opensuse/leap:15.6
+
+# Install systemd and development tools, clear cache
+RUN zypper in -y systemd systemd-sysvinit firewalld python311 curl && rm -rf /var/cache/*
+
+# Start container with systemd
+ENTRYPOINT ["/usr/sbin/init"]

molecule/default/molecule.yml

@@ -2,42 +2,44 @@
 dependency:
   name: galaxy
 driver:
-  name: docker
+  name: podman
 platforms:
-  - name: leap15_4
-    image: registry.opensuse.org/opensuse/leap:15.4
-    dockerfile: Dockerfile.leap15_4
+  - name: leap15_5
+    image: registry.opensuse.org/opensuse/leap:15.5
+    dockerfile: Containerfile.leap15_5
     command: ${MOLECULE_DOCKER_COMMAND:-"/usr/sbin/init"}
-    privileged: true
-    cgroupns: host
+    systemd: true
     tmpfs:
-      - /run
-      - /tmp
-  - name: bullseye
-    image: docker.io/debian:bullseye
-    dockerfile: Dockerfile.bullseye
-    command: ${MOLECULE_DOCKER_COMMAND:-"/sbin/init"}
-    privileged: true
-    cgroupns: host
+      "/tmp": "exec"
+      "/run": "rw,noexec,nosuid,nodev"
+  - name: leap15_6
+    image: registry.opensuse.org/opensuse/leap:15.6
+    dockerfile: Containerfile.leap15_6
+    command: ${MOLECULE_DOCKER_COMMAND:-"/usr/sbin/init"}
+    systemd: true
     tmpfs:
-      - /run
-      - /tmp
+      "/tmp": "exec"
+      "/run": "rw,noexec,nosuid,nodev"
   - name: bookworm
     image: docker.io/debian:bookworm
-    dockerfile: Dockerfile.bookworm
+    dockerfile: Containerfile.bookworm
     command: ${MOLECULE_DOCKER_COMMAND:-"/sbin/init"}
-    privileged: true
-    cgroupns: host
+    systemd: true
     tmpfs:
-      - /run
-      - /tmp
+      "/tmp": "exec"
+      "/run": "rw,noexec,nosuid,nodev"
 provisioner:
   name: ansible
   inventory:
     host_vars:
-      leap15_4:
+      leap15_5:
+        vhosts_dir: "/etc/nginx/vhosts.d"
+        deploy_nginx_config: true
+        ansible_python_interpreter: "/usr/bin/python3.11"
+      leap15_6:
         vhosts_dir: "/etc/nginx/vhosts.d"
         deploy_nginx_config: true
+        ansible_python_interpreter: "/usr/bin/python3.11"
       bullseye:
         vhosts_dir: "/etc/nginx/sites-enabled"
         deploy_nginx_config: false

molecule/default/tests/test_default.py

@@ -7,7 +7,7 @@
 
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
 
-def test_phpinfo(host):
+def test_index(host):
 	cmd = host.run("curl -v http://127.0.0.1/index.html")
 	print(cmd.stdout)
 	assert 'HTTP/1.1 200 OK' in cmd.stderr

tasks/default-page.yml

@@ -1,27 +1,21 @@
 ---
-# setup a default page
+# setup default page
 
-- name: Ensure default page directory exists
-  file:
-    path: /srv/www/default
+- name: Ensure default template exists
+  copy:
+    src: www/
+    dest: "{{www_dir}}/default/"
     owner: "{{nginx_user}}"
     group: "{{nginx_group}}"
-    mode: 0755
-    state: directory
-  tags: ['nginx']
-- name: Ensure default page exists
-  template:
-    src: index.j2
-    dest: "{{www_dir}}/default/index.html"
-    owner: "{{nginx_user}}"
-    group: "{{nginx_group}}"
-    mode: 0755
+    mode: 0644
+    directory_mode: 0755
     force: false
   tags: ['nginx']
+
 - name: Ensure default page nginx template exists
   template:
-    src: default-www.j2
-    dest: "{{vhosts_dir}}/default-www.conf"
+    src: default.j2
+    dest: "{{vhosts_dir}}/default.conf"
     owner: root
     group: root
     mode: 0644

tasks/main.yml

@@ -3,11 +3,14 @@
 
 # Distribution specific vars are ALWAYS needed, so don't forget the tags here
 - name: include distribution specific vars
-  include_vars: "{{ansible_distribution}}_{{ansible_distribution_version}}.yml"
+  include_vars: "{{ansible_distribution}}.yml"
   tags: ['nginx', 'firewall', 'systemd']
 
 - include_tasks: software.yml
+  tags: ['nginx', 'firewall', 'systemd']
 - include_tasks: firewall.yml
   when: config_firewall == true
+  tags: ['firewall']
 - include_tasks: default-page.yml
   when: setup_default_page == true
+  tags: ['nginx']

tasks/software.yml

@@ -6,6 +6,7 @@
     name: "{{ packages }}"
     state: present
   tags: ['nginx']
+
 - name: Ensure nginx service is enabled
   systemd:
     name: "{{ nginx_service }}"

templates/default-www.j2 → templates/default.j2

@@ -5,7 +5,7 @@ server {
     listen [::]:80;
 
     root /srv/www/default;
-    index index.php index.html index.htm;
+    index index.html index.htm;
 
     server_name {{default_page_hostname}};
 

vars/main.yml

@@ -1,2 +1,2 @@
 ---
-# vars file for lemp
+# vars file for nginx

vars/openSUSE Leap_15.4.yml → vars/openSUSE Leap.yml

@@ -1,9 +1,10 @@
 ---
-# openSUSE Leap 15.4 specific variables
+# openSUSE Leap specific variables
 
 ## Software packages
 
-packages: ['nginx']
+packages:
+  - nginx
 nginx_service: "nginx"
 
 ## OS-Specific directories