feat: add nginx upstream server module

[atammy-narmi]

Relates: #64

[atammy-narmi]

friendly ping

[ansibleguy]

Sorry for the delay - got pretty sick.

1. plugins/module_utils/main/nginx_upstream_server.py
   As the description is already set to required in the modules/nginx_upstream_server.py this additional check is not needed. You may be able to remove the whole check method as it will fall-back to the default module behavior.

2. plugins/modules/nginx_upstream_server.py
   Please add aliases=['name'] to the description parameter as this is a basic convention of ansible-modules.

3. tests/nginx_upstream_server.yml
   Remove the ipsec_psk tests.
   If not done yet - try to run the tests on your OPNSense box as seen in the developer docs

[atammy-narmi]

Ooh, sorry to hear that. Hope you're better now.
Thanks for the review, will do the updates this week.

[ansibleguy]

Thanks. I hope it is understandable how to run the tests.
You could also skip the tests, but I like them as they make the maintenance easier

[ansibleguy]

@atammy-narmi Please contact me if there is something unclear to you.

[atammy-narmi]

Sorry, irl work has been more pressing so this was on backburner. will try to work some more soon.

[atammy-narmi]

OK, I've added documentation and testing and the nginx_general module. I'm still unable to get everything to work correctly.

• The nginx_general isn't able to disable/enable nginx. Can I get some pointers on what's wrong with it?
• nginx_upstream will need nginx reload to work. And it seems like nginx reload isn't supported by the API and will need some kind of custom calls - https://github.com/opnsense/plugins/blob/68039e95fd92cfa8601da30e0c10f8747a6c3724/www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/Api/ServiceController.php#L32

[ansibleguy]

Sorry, irl work has been more pressing so this was on backburner. will try to work some more soon.

Understand that. I too currently am pretty held-up in some projects

[ansibleguy]

The nginx_general error was only a test-issue. The module seems to work (:

My debug workflow:

• Disable the failed_when of the failing task
• Add debug: true to the failing task (is a valid parameter for all of the modules of this collection - shows you some details like performed API calls)
• Run the tests: bash scripts/test_single.sh "$TEST_FIREWALL" "$TEST_API_KEY" $(pwd) nginx_general 1
• Analyse the debug output and fix the task or module ;b

[ansibleguy]

The service actions like restart and reload seem to be supported by the API: https://docs.opnsense.org/development/api/plugins/nginx.html#id3

You can see those API calls using the developer console:

This API can be manually triggered using the service module

But if you set debug: true on a single task - you can see that the reconfigure call is done automatically IF some config has changed:

- name: Enabling - should work
  ansibleguy.opnsense.nginx_general:
    enabled: true
    debug: true

[WARNING]: REQUEST: GET | URL: https://172.17.1.52/api/nginx/settings/get
[WARNING]: RESPONSE: '{'status_code': 200, '_request': <Request('GET', 'https://172.17.1.52/api/nginx/settings/get')>, '_num_bytes_downloaded': 840, '_elapsed': datetime.timedelta(microseconds=270299), '_content': b'{"nginx":{"gene
ral":{"enabled":"0","ban_ttl":"0"},"webgui":{"limitnetworks":"0"},"http":{"workerprocesses":"1","workerconnections":"1024","sendfile":"0","keepalive_timeout":"60","reset_timedout":"0","default_type":"","server_names_hash_bucket_siz
e":"","server_names_hash_max_size":"","ban_response":{"403":{"value":"403 Forbidden","selected":1},"444":{"value":"444 Terminate Connection","selected":0}},"headers_more_enable":""},"userlist":[],"credential":[],"upstream":[],"upst
ream_server":[],"location":[],"custom_policy":[],"naxsi_rule":[],"http_server":[],"stream_server":[],"sni_hostname_upstream_map":[],"sni_hostname_upstream_map_item":[],"ip_acl":[],"ip_acl_item":[],"http_rewrite":[],"security_header
":[],"limit_zone":[],"errorpage":[],"tls_fingerprint":[],"limit_request_connection":[],"ban":[],"cache_path":[],"syslog_target":[]}}'}'
[WARNING]: Field changed: 'enabled' 'False' != 'True'
[WARNING]: {'before': {'uuid': None, 'enabled': False, 'ban_ttl': 0}, 'after': {'uuid': None, 'enabled': True, 'ban_ttl': 0}}
[WARNING]: REQUEST: POST | URL: https://<IP>/api/nginx/settings/set | HEADERS: '{'Content-Type': 'application/json'}' | DATA: '{"nginx": {"general": {"enabled": 1, "ban_ttl": 0}}}'
[WARNING]: RESPONSE: '{'status_code': 200, '_request': <Request('POST', 'https://<IP>/api/nginx/settings/set')>, '_num_bytes_downloaded': 18, '_elapsed': datetime.timedelta(microseconds=127178), '_content':
b'{"result":"saved"}'}'
[WARNING]: REQUEST: POST | URL: https://<IP>/api/nginx/service/reconfigure | HEADERS: '{}'
[WARNING]: RESPONSE: '{'status_code': 200, '_request': <Request('POST', 'https://<IP>/api/nginx/service/reconfigure')>, '_num_bytes_downloaded': 15, '_elapsed': datetime.timedelta(microseconds=379274), '_content':
b'{"status":"ok"}'}'

This API call is related to these module variables:

API_CONT_REL = 'service'
API_CMD_REL = 'reconfigure'
# https://<IP>/api/nginx/<API_CONT_REL>/<API_CMD_REL>

[ansibleguy]

BTW: Don't worry @superstes is my default user - just forgot to change the git config (;

[ansibleguy]

lgtm

[ansibleguy]

@atammy-narmi As the description is already set to required in the modules/nginx_upstream_server.py this additional check is not needed.

[ansibleguy]

@atammy-narmi Please add aliases=['name'] to the description parameter as this is a basic convention of ansible-modules.

[atammy-narmi]

Great, thanks a bunch. That will help a lot with testing!