From c4ee3fcfab7aea87874d12498c3547c994e9a815 Mon Sep 17 00:00:00 2001
From: acuervo <acuervo@idealista.com>
Date: Thu, 26 Oct 2017 16:04:01 +0200
Subject: [PATCH 1/4] idealista/features/32: allow worker_rlimit_nofile
 settings and add real_ip_module by default

---
 CHANGELOG.md            | 5 +++++
 defaults/main.yml       | 2 ++
 templates/nginx.conf.j2 | 6 +++++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e630f35..6e2b4b3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,11 @@ This project adheres to [Semantic Versioning](http://semver.org/) and [Keep a ch
 
 ## [Unreleased](https://github.com/idealista/nginx-role/tree/develop)
 
+## [1.6.0](https://github.com/idealista/nginx-role/tree/1.6.0) (2017-10-26)
+- *[#32](https://github.com/idealista/nginx-role/issues/32) Support worker_rlimit_nofile setting* @acuervof
+
+[Full Changelog](https://github.com/idealista/nginx-role/compare/1.5.0...1.6.0)
+
 ## [1.5.0](https://github.com/idealista/nginx-role/tree/1.5.0) (2017-06-30)
 [Full Changelog](https://github.com/idealista/nginx-role/compare/1.4.0...1.5.0)
 
diff --git a/defaults/main.yml b/defaults/main.yml
index 778776e..a162372 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -17,6 +17,7 @@ nginx_service_state: started
 
 # Connection properties
 nginx_workers: auto
+#nginx_worker_rlimit_nofile --if you don't set FD's then OS settings will be used which is by default 2000
 nginx_connections: 2500
 nginx_keepalive_timeout: 65
 nginx_keepalive_requests: 100000
@@ -56,6 +57,7 @@ nginx_force_reinstall: false
 ## https://www.nginx.com/resources/wiki/start/topics/tutorials/installoptions/
 nginx_compile_time_options_builtin_modules:
   - http_stub_status_module
+  - http_realip_module
 
 nginx_compile_time_options_external_modules_paths:
   - /tmp/headers-more-nginx-module-{{ headers_more_version }}
diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2
index 0cbde5a..9ca4a06 100644
--- a/templates/nginx.conf.j2
+++ b/templates/nginx.conf.j2
@@ -1,9 +1,13 @@
 worker_processes {{ nginx_workers }};
 error_log  {{ nginx_error_log }};
+{% if nginx_worker_rlimit_nofile is defined %}
+worker_rlimit_nofile {{ nginx_worker_rlimit_nofile }};
+{% endif %}
 
 events {
     worker_connections {{ nginx_connections }};
     use epoll;
+    multi_accept on;
 }
 
 http {
@@ -14,7 +18,7 @@ http {
 
     client_max_body_size {{ nginx_client_max_body_size }};
 
-    include  mime.types;
+    include mime.types;
 
     default_type  application/octet-stream;
     sendfile  on;

From f271edfa856174a4eb245bec03415df6c031c8c3 Mon Sep 17 00:00:00 2001
From: acuervo <acuervo@idealista.com>
Date: Fri, 27 Oct 2017 12:50:33 +0200
Subject: [PATCH 2/4] mend

---
 CHANGELOG.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6e2b4b3..9af3bd7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,10 +5,11 @@ This project adheres to [Semantic Versioning](http://semver.org/) and [Keep a ch
 ## [Unreleased](https://github.com/idealista/nginx-role/tree/develop)
 
 ## [1.6.0](https://github.com/idealista/nginx-role/tree/1.6.0) (2017-10-26)
-- *[#32](https://github.com/idealista/nginx-role/issues/32) Support worker_rlimit_nofile setting* @acuervof
-
 [Full Changelog](https://github.com/idealista/nginx-role/compare/1.5.0...1.6.0)
 
+### Added
+- *[#32](https://github.com/idealista/nginx-role/issues/32) Support worker_rlimit_nofile setting* @acuervof
+
 ## [1.5.0](https://github.com/idealista/nginx-role/tree/1.5.0) (2017-06-30)
 [Full Changelog](https://github.com/idealista/nginx-role/compare/1.4.0...1.5.0)
 

From f32136b0e326b1c3788642bc52178cb82627c893 Mon Sep 17 00:00:00 2001
From: acuervo <acuervo@idealista.com>
Date: Fri, 27 Oct 2017 16:03:49 +0200
Subject: [PATCH 3/4] mend

---
 defaults/main.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index a162372..0f4ad9a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -17,7 +17,8 @@ nginx_service_state: started
 
 # Connection properties
 nginx_workers: auto
-#nginx_worker_rlimit_nofile --if you don't set FD's then OS settings will be used which is by default 2000
+# if you don't set FD's then OS settings will be used which is by default 2000
+# nginx_worker_rlimit_nofile: 2000 
 nginx_connections: 2500
 nginx_keepalive_timeout: 65
 nginx_keepalive_requests: 100000

From 41cadcd7cf404b914051b56f1351f894aed89f9b Mon Sep 17 00:00:00 2001
From: jdvega <jdvega@idealista.com>
Date: Wed, 27 Dec 2017 17:17:41 +0100
Subject: [PATCH 4/4] use logrotate path var for template

---
 defaults/main.yml                |  4 +++-
 molecule.yml                     | 40 ++++++++++++++++++++++++++++++++
 tasks/config.yml                 |  2 +-
 tests/group_vars/group01.yml     |  2 +-
 tests/group_vars/group02.yml     |  4 ++--
 tests/templates/logrotate.j2     | 13 +++++++++++
 tests/templates/{ => sites}/web2 |  0
 7 files changed, 60 insertions(+), 5 deletions(-)
 create mode 100644 tests/templates/logrotate.j2
 rename tests/templates/{ => sites}/web2 (100%)

diff --git a/defaults/main.yml b/defaults/main.yml
index 0f4ad9a..294c08f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -18,7 +18,7 @@ nginx_service_state: started
 # Connection properties
 nginx_workers: auto
 # if you don't set FD's then OS settings will be used which is by default 2000
-# nginx_worker_rlimit_nofile: 2000 
+# nginx_worker_rlimit_nofile: 2000
 nginx_connections: 2500
 nginx_keepalive_timeout: 65
 nginx_keepalive_requests: 100000
@@ -35,6 +35,8 @@ nginx_extra_servers_template_path: "{{ playbook_dir }}/templates/nginx/servers"
 nginx_install_bin_path: "/usr"
 nginx_extra_path: "extra-conf"
 nginx_extra_conf_path: "{{ nginx_conf_path }}/{{ nginx_extra_path }}"
+nginx_logrotate_template_path: "{{ playbook_dir }}/templates/logrotate.j2"
+
 
 # Heathers_more
 headers_more_version: 0.31
diff --git a/molecule.yml b/molecule.yml
index a4c1903..ceeaefb 100644
--- a/molecule.yml
+++ b/molecule.yml
@@ -60,3 +60,43 @@ vagrant:
         - network_name: private_network
           type: dhcp
           auto_config: true
+docker:
+  network:
+    - name: nginx-network
+      driver: bridge
+  containers:
+    - name: nginx.vm
+      ansible_groups:
+        - group01
+      image: geerlingguy/docker-debian9-ansible
+      image_version: latest
+      privileged: True
+      cap_add:
+        - SYS_ADMIN
+      volume_mounts:
+        - '/sys/fs/cgroup:/sys/fs/cgroup:ro'
+      command: '/lib/systemd/systemd'
+      network_mode: nginx-network
+
+    - name: nginx-old.vm
+      ansible_groups:
+        - group01
+      image: geerlingguy/docker-debian9-ansible
+      image_version: latest
+      privileged: True
+      cap_add:
+        - SYS_ADMIN
+      volume_mounts:
+        - '/sys/fs/cgroup:/sys/fs/cgroup:ro'
+      command: '/lib/systemd/systemd'
+      network_mode: nginx-network
+
+verifier:
+  name: testinfra
+  options:
+    # We have to override these options because, when Docker driver selected,
+    # Testinfra uses Docker as backend connection instead of Ansible and the
+    # fixture in tests/test_ansible.yml won't work and neither will testinfra
+    # find the containers
+    connection: ansible
+    ansible-inventory: .molecule/ansible_inventory
diff --git a/tasks/config.yml b/tasks/config.yml
index b635547..87aaef9 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -43,7 +43,7 @@
 
 - name: NGINX | Copy logrotate config
   template:
-    src: logrotate.j2
+    src: "{{ nginx_logrotate_template_path }}"
     dest: /etc/logrotate.d/nginx
     mode: 0644
     owner: root
diff --git a/tests/group_vars/group01.yml b/tests/group_vars/group01.yml
index 6ce57fd..8216589 100644
--- a/tests/group_vars/group01.yml
+++ b/tests/group_vars/group01.yml
@@ -1,5 +1,5 @@
 nginx_extra_servers_path: "{{ playbook_dir }}/files"
-nginx_extra_servers_template_path: "{{ playbook_dir }}/templates"
+nginx_extra_servers_template_path: "{{ playbook_dir }}/templates/sites"
 
 web2_port: 8888
 nginx_prometheus_metrics_port: 9888
diff --git a/tests/group_vars/group02.yml b/tests/group_vars/group02.yml
index 4996e0e..39345bb 100644
--- a/tests/group_vars/group02.yml
+++ b/tests/group_vars/group02.yml
@@ -1,5 +1,5 @@
 nginx_extra_servers_path: "{{ playbook_dir }}/files"
-nginx_extra_servers_template_path: "{{ playbook_dir }}/templates"
+nginx_extra_servers_template_path: "{{ playbook_dir }}/templates/sites"
 
 web2_port: 8888
-nginx_prometheus_metrics_enabled: false
\ No newline at end of file
+nginx_prometheus_metrics_enabled: false
diff --git a/tests/templates/logrotate.j2 b/tests/templates/logrotate.j2
new file mode 100644
index 0000000..e7695ff
--- /dev/null
+++ b/tests/templates/logrotate.j2
@@ -0,0 +1,13 @@
+{{ nginx_log_path }}/*.log {
+    daily
+    missingok
+    rotate 7
+    size 500M
+    compress
+    notifempty
+    create 644 {{ nginx_user }} {{ nginx_group }}
+    sharedscripts
+    postrotate
+        [ -f /run/nginx/nginx.pid ] && kill -USR1 `cat /run/nginx/nginx.pid`
+    endscript
+}
diff --git a/tests/templates/web2 b/tests/templates/sites/web2
similarity index 100%
rename from tests/templates/web2
rename to tests/templates/sites/web2