saltstack-formulas/nginx-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: replace old nginx with nginx.ng

Browse Source 
BREAKING CHANGE: all previous `nginx` based configurations must be reviewed;
`nginx.ng` usage must be promoted to `nginx` and any uses of the original
`nginx` will have to be converted.
This commit is contained in:
Eric Veiras Galisson 2019-05-10 23:07:18 +02:00 committed by Imran Iqbal
parent 90d2601a8b
commit 0fc507055d
35 changed files with 550 additions and 1744 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
docs/README.rst
View File

@ -17,99 +17,50 @@ Available states
:local: :local:
``nginx`` ``nginx``
---------
Runs the states to install nginx, configure the common files, and the users.
``nginx.common``
----------------
Ensures standard nginx files are in place, and configures enabled sites.
``nginx.luajit2``
-----------------
Installs luajit.
``nginx.openresty``
-------------------
Installs openresty.
``nginx.package``
-----------------
Installs the nginx package via package manager.
``nginx.source``
----------------
Installs nginx via the source files.
``nginx.users``
---------------
Installs apache utils, and configures nginx users specified in the pillar.
This requires `basicauth <https://github.com/saltstack/salt-contrib/blob/master/modules/basicauth.py>`_
from `salt-contrib <https://github.com/saltstack/salt-contrib/>`_ (either add it to your salt or ship
this single file in your `_modules` directory see `Dynamic Module Distribution
<https://docs.saltstack.com/en/latest/ref/file_server/dynamic-modules.html>`_
Next-generation, alternate approach
===================================
The following states provide an alternate approach to managing Nginx and Nginx
servers, as well as code organization. Please provide feedback by filing issues,
discussing in ``#salt`` in Freenode and the mailing list as normal.
.. contents::
:local:
``nginx.ng``
------------ ------------
Meta-state for inclusion of all ng states. Meta-state for inclusion of all states.
**Note:** nginx.ng requires the merge parameter of salt.modules.pillar.get(), **Note:** nginx requires the merge parameter of salt.modules.pillar.get(),
first available in the Helium release. first available in the Helium release.
``nginx.ng.pkg`` ``nginx.pkg``
-------------------- --------------------
Installs nginx from package, from the distribution repositories, the official nginx repo or the ppa from Launchpad. Installs nginx from package, from the distribution repositories, the official nginx repo or the ppa from Launchpad.
``nginx.ng.src`` ``nginx.src``
-------------------- --------------------
Builds and installs nginx from source. Builds and installs nginx from source.
``nginx.ng.certificates`` ``nginx.certificates``
------------------- -------------------
Manages the deployment of nginx certificates. Manages the deployment of nginx certificates.
``nginx.ng.config`` ``nginx.config``
------------------- -------------------
Manages the nginx main server configuration file. Manages the nginx main server configuration file.
``nginx.ng.service`` ``nginx.service``
-------------------- --------------------
Manages the startup and running state of the nginx service. Manages the startup and running state of the nginx service.
``nginx.ng.servers_config`` ``nginx.servers_config``
-------------------------- --------------------------
Manages virtual host files. This state only manages the content of the files Manages virtual host files. This state only manages the content of the files
and does not bind them to service calls. and does not bind them to service calls.
``nginx.ng.servers`` ``nginx.servers``
------------------- -------------------
Manages nginx virtual hosts files and binds them to service calls. Manages nginx virtual hosts files and binds them to service calls.
``nginx.ng.passenger`` ``nginx.passenger``
---------------------- ----------------------
Installs and configures Phusion Passenger module for nginx. You need to enable Installs and configures Phusion Passenger module for nginx. You need to enable

2
docs/TOFS_pattern.rst
View File

@ -39,7 +39,7 @@ Using SaltStack is a simple and effective way to implement configuration managem
To avoid this situation we can use the `pillar mechanism <http://docs.saltstack.com/en/latest/topics/pillar/>`_, which is designed to provide controlled access to data from the minions based on some selection rules. As pillar data could be easily integrated in the `Jinja <http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html>`_ templates, it is a good mechanism to store values to be used in the final rendering of state files and templates. To avoid this situation we can use the `pillar mechanism <http://docs.saltstack.com/en/latest/topics/pillar/>`_, which is designed to provide controlled access to data from the minions based on some selection rules. As pillar data could be easily integrated in the `Jinja <http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html>`_ templates, it is a good mechanism to store values to be used in the final rendering of state files and templates.
There are a variety of approaches on the usage of pillar and templates as seen in the `saltstack-formulas <https://github.com/saltstack-formulas>`_' repositories. `Some <https://github.com/saltstack-formulas/nginx-formula/pull/18>`_ `developments <https://github.com/saltstack-formulas/php-formula/pull/14>`_ stress the initial purpose of pillar data into a storage for most of the possible variables for a determined system configuration. This, in my opinion, is shifting too much load from the original template files approach. Adding up some `non-trivial Jinja <https://github.com/spsoit/nginx-formula/blob/81de880fe0276dd9488ffa15bc78944c0fc2b919/nginx/ng/files/nginx.conf>`_ code as essential part of composing the state file definitely makes SaltStack state files (hence formulas) more difficult to read. The extreme of this approach is that we could end up with a new render mechanism, implemented in Jinja, storing everything needed in pillar data to compose configurations. Additionally, we are establishing a strong dependency with the Jinja renderer. There are a variety of approaches on the usage of pillar and templates as seen in the `saltstack-formulas <https://github.com/saltstack-formulas>`_' repositories. `Some <https://github.com/saltstack-formulas/nginx-formula/pull/18>`_ `developments <https://github.com/saltstack-formulas/php-formula/pull/14>`_ stress the initial purpose of pillar data into a storage for most of the possible variables for a determined system configuration. This, in my opinion, is shifting too much load from the original template files approach. Adding up some `non-trivial Jinja <https://github.com/spsoit/nginx-formula/blob/81de880fe0276dd9488ffa15bc78944c0fc2b919/nginx/files/nginx.conf>`_ code as essential part of composing the state file definitely makes SaltStack state files (hence formulas) more difficult to read. The extreme of this approach is that we could end up with a new render mechanism, implemented in Jinja, storing everything needed in pillar data to compose configurations. Additionally, we are establishing a strong dependency with the Jinja renderer.
In opposition to the *put the code in file_roots and the data in pillars* approach, there is the *pillar as a store for a set of key-values* approach. A full-blown configuration file abstracted in pillar and jinja is complicated to develop, understand and maintain. I think a better and simpler approach is to keep a configuration file templated using just a basic (non-extensive but extensible) set of pillar values. In opposition to the *put the code in file_roots and the data in pillars* approach, there is the *pillar as a store for a set of key-values* approach. A full-blown configuration file abstracted in pillar and jinja is complicated to develop, understand and maintain. I think a better and simpler approach is to keep a configuration file templated using just a basic (non-extensive but extensible) set of pillar values.

2
kitchen.yml
View File

@ -72,7 +72,7 @@ provisioner:
state_top: state_top:
base: base:
'*': '*':
- nginx.ng - nginx
pillars: pillars:
top.sls: top.sls:
base: base:

26
nginx/ng/certificates.sls → nginx/certificates.sls
View File

@ -1,16 +1,16 @@
{% from 'nginx/ng/map.jinja' import nginx with context %} {% from 'nginx/map.jinja' import nginx with context %}
include: include:
- nginx.ng.service - nginx.service
{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %} {% set certificates_path = salt['pillar.get']('nginx:certificates_path', '/etc/nginx/ssl') %}
{%- for dh_param, value in salt['pillar.get']('nginx:ng:dh_param', {}).items() %} {%- for dh_param, value in salt['pillar.get']('nginx:dh_param', {}).items() %}
{%- if value is string %} {%- if value is string %}
create_nginx_dhparam_{{ dh_param }}_key: create_nginx_dhparam_{{ dh_param }}_key:
file.managed: file.managed:
- name: {{ certificates_path }}/{{ dh_param }} - name: {{ certificates_path }}/{{ dh_param }}
- contents_pillar: nginx:ng:dh_param:{{ dh_param }} - contents_pillar: nginx:dh_param:{{ dh_param }}
- makedirs: True - makedirs: True
- watch_in: - watch_in:
- service: nginx_service - service: nginx_service
@ -30,30 +30,30 @@ generate_nginx_dhparam_{{ dh_param }}_key:
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %} {%- for domain in salt['pillar.get']('nginx:certificates', {}).keys() %}
nginx_{{ domain }}_ssl_certificate: nginx_{{ domain }}_ssl_certificate:
file.managed: file.managed:
- name: {{ certificates_path }}/{{ domain }}.crt - name: {{ certificates_path }}/{{ domain }}.crt
- makedirs: True - makedirs: True
{% if salt['pillar.get']("nginx:ng:certificates:{}:public_cert_pillar".format(domain)) %} {% if salt['pillar.get']("nginx:certificates:{}:public_cert_pillar".format(domain)) %}
- contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:public_cert_pillar'.format(domain))}} - contents_pillar: {{salt['pillar.get']('nginx:certificates:{}:public_cert_pillar'.format(domain))}}
{% else %} {% else %}
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert - contents_pillar: nginx:certificates:{{ domain }}:public_cert
{% endif %} {% endif %}
- watch_in: - watch_in:
- service: nginx_service - service: nginx_service
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain))%} {% if salt['pillar.get']("nginx:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain))%}
nginx_{{ domain }}_ssl_key: nginx_{{ domain }}_ssl_key:
file.managed: file.managed:
- name: {{ certificates_path }}/{{ domain }}.key - name: {{ certificates_path }}/{{ domain }}.key
- mode: 600 - mode: 600
- makedirs: True - makedirs: True
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain)) %} {% if salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}
- contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:private_key_pillar'.format(domain))}} - contents_pillar: {{salt['pillar.get']('nginx:certificates:{}:private_key_pillar'.format(domain))}}
{% else %} {% else %}
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key - contents_pillar: nginx:certificates:{{ domain }}:private_key
{% endif %} {% endif %}
- watch_in: - watch_in:
- service: nginx_service - service: nginx_service

58
nginx/common.sls
View File

@ -1,58 +0,0 @@
{% from "nginx/map.jinja" import nginx as nginx_map with context %}
{% set nginx = pillar.get('nginx', {}) -%}
{% set home = nginx.get('home', nginx_map.home) -%}
{% set conf_dir = nginx.get('conf_dir', nginx_map.conf_dir) -%}
{% set conf_template = nginx.get('conf_template', 'salt://nginx/templates/config.jinja') -%}
{{ home }}:
file:
- directory
- user: {{ nginx_map.default_user }}
- group: {{ nginx_map.default_group }}
- mode: 0755
- makedirs: True
- require:
{%- if pillar.get('nginx', {}).get('install_from_source', false) %}
- user: {{ nginx_map.default_user }}
- group: {{ nginx_map.default_group }}
{%- else %}
- pkg: nginx
{% endif %}
/usr/share/nginx:
file:
- directory
{% for filename in ('default', 'example_ssl') %}
{{ conf_dir }}/conf.d/{{ filename }}.conf:
file.absent
{% endfor %}
{{ conf_dir }}:
file.directory:
- user: root
- group: root
- makedirs: True
{{ conf_dir }}/nginx.conf:
file:
- managed
- template: jinja
- user: root
- group: root
- mode: 644
- source: {{ conf_template }}
- require:
- file: {{ conf_dir }}
- context:
default_user: {{ nginx_map.default_user }}
default_group: {{ nginx_map.default_group }}
{% if nginx.get('init_conf_dirs', True) %}
{% for dir in ('sites-enabled', 'sites-available') %}
{{ conf_dir }}/{{ dir }}:
file.directory:
- user: root
- group: root
{% endfor -%}
{% endif %}

6
nginx/ng/config.sls → nginx/config.sls
View File

@ -1,8 +1,8 @@
# nginx.ng.config # nginx.config
# #
# Manages the main nginx server configuration file. # Manages the main nginx server configuration file.
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %} {% from 'nginx/map.jinja' import nginx, sls_block with context %}
{% if nginx.install_from_source %} {% if nginx.install_from_source %}
nginx_log_dir: nginx_log_dir:
@ -15,7 +15,7 @@ nginx_log_dir:
{% if 'source_path' in nginx.server.config %} {% if 'source_path' in nginx.server.config %}
{% set source_path = nginx.server.config.source_path %} {% set source_path = nginx.server.config.source_path %}
{% else %} {% else %}
{% set source_path = 'salt://nginx/ng/files/nginx.conf' %} {% set source_path = 'salt://nginx/files/nginx.conf' %}
{% endif %} {% endif %}
nginx_config: nginx_config:
file.managed: file.managed:

0
nginx/ng/files/nginx.conf → nginx/files/nginx.conf
View File

0
nginx/ng/files/nginx.service → nginx/files/nginx.service
View File

0
nginx/ng/files/server.conf → nginx/files/server.conf
View File

40
nginx/init.sls
View File

@ -1,18 +1,30 @@
{% from "nginx/map.jinja" import nginx as nginx_map with context %} # nginx
#
# Meta-state to fully install nginx.
{% from 'nginx/map.jinja' import nginx, sls_block with context %}
include: include:
- nginx.common - nginx.config
{% if salt['pillar.get']('nginx:use_upstart', nginx_map['use_upstart']) %} - nginx.service
- nginx.upstart {% if nginx.snippets is defined %}
{% elif salt['pillar.get']('nginx:use_sysvinit', nginx_map['use_sysvinit']) %} - nginx.snippets
- nginx.sysvinit
{% endif %} {% endif %}
{% if pillar.get('nginx', {}).get('user_auth_enabled', true) %} - nginx.servers
- nginx.users - nginx.certificates
{% endif %}
{% if pillar.get('nginx', {}).get('install_from_source', false) %}
- nginx.source
{% else %}
- nginx.package
{% endif -%}
extend:
nginx_service:
service:
- listen:
- file: nginx_config
- require:
- file: nginx_config
nginx_config:
file:
- require:
{% if nginx.install_from_source %}
- cmd: nginx_install
{% else %}
- pkg: nginx_install
{% endif %}

16
nginx/luajit2.sls
View File

@ -1,16 +0,0 @@
{% set nginx = pillar.get('nginx', {}) -%}
{% set home = nginx.get('home', '/var/www') -%}
{% set source = nginx.get('source_root', '/usr/local/src') -%}
get-luajit2:
file.managed:
- name: {{ source }}/luajit.tar.gz
- source: http://luajit.org/download/LuaJIT-2.0.1.tar.gz
- source_hash: sha1=330492aa5366e4e60afeec72f15e44df8a794db5
cmd.wait:
- cwd: {{ nginx_home }}
- name: tar -zxf {{ source }}/luajit.tar.gz -C {{ source }}
- watch:
- file: get-luajit2
- require_in:
- cmd: nginx

246
nginx/map.jinja
View File

@ -1,65 +1,197 @@
{% set nginx = salt['grains.filter_by']({ {% macro sls_block(dict) %}
{% for key, value in dict.items() %}
- {{ key }}: {{ value|json(sort_keys=False) }}
{% endfor %}
{% endmacro %}
{% set nginx = salt['pillar.get']('nginx', {
'lookup': salt['grains.filter_by']({
'Debian': { 'Debian': {
'apache_utils': 'apache2-utils', 'package': 'nginx',
'group_action': 'pkg.installed', 'passenger_package': 'passenger',
'group_pkg': 'build-essential', 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
'libpcre_dev': 'libpcre3-dev', 'service': 'nginx',
'libssl_dev': 'libssl-dev', 'webuser': 'www-data',
'pid_path': '/var/run/nginx.pid', 'conf_file': '/etc/nginx/nginx.conf',
'package': 'nginx-full', 'server_available': '/etc/nginx/sites-available',
'default_user': 'www-data', 'server_enabled': '/etc/nginx/sites-enabled',
'default_group': 'www-data', 'snippets_dir': '/etc/nginx/snippets',
'disable_before_rename': False, 'server_use_symlink': True,
'old_init_disable': 'update-rc.d -f nginx remove', 'pid_file': '/run/nginx.pid',
'use_upstart': True, 'openssl_package': 'openssl',
'use_sysvinit': False, },
'home': '/var/www', 'CentOS': {
'conf_dir': '/etc/nginx', 'package': 'nginx',
'log_dir': '/var/log/nginx', 'passenger_package': 'passenger',
'sbin_dir': '/usr/sbin', 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
'install_prefix': '/usr/local/nginx', 'service': 'nginx',
'make_flags': '-j2' 'webuser': 'nginx',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/conf.d',
'server_enabled': '/etc/nginx/conf.d',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': False,
'pid_file': '/run/nginx.pid',
'rh_os_releasever': '$releasever',
'gpg_check': False,
'gpg_key': 'http://nginx.org/keys/nginx_signing.key',
'openssl_package': 'openssl',
}, },
'RedHat': { 'RedHat': {
'apache_utils': 'httpd-tools',
'group_action': 'pkg.group_installed',
'group_pkg': 'Development Tools',
'libpcre_dev': 'pcre-devel',
'libssl_dev': 'openssl-devel',
'pid_path': '/run/nginx.pid',
'package': 'nginx', 'package': 'nginx',
'default_user': 'nginx', 'passenger_package': 'passenger',
'default_group': 'nginx', 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
'disable_before_rename': True, 'service': 'nginx',
'old_init_disable': 'chkconfig --del nginx', 'webuser': 'nginx',
'use_upstart': True, 'conf_file': '/etc/nginx/nginx.conf',
'use_sysvinit': False, 'server_available': '/etc/nginx/conf.d',
'home': '/var/www', 'server_enabled': '/etc/nginx/conf.d',
'conf_dir': '/etc/nginx', 'snippets_dir': '/etc/nginx/snippets',
'log_dir': '/var/log/nginx', 'server_use_symlink': False,
'sbin_dir': '/usr/sbin', 'pid_file': '/run/nginx.pid',
'install_prefix': '/usr/local/nginx', 'rh_os_releasever': '$releasever',
'make_flags': '-j2' 'gpg_check': False,
'gpg_key': 'http://nginx.org/keys/nginx_signing.key',
'passenger': {
'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini',
'passenger_instance_registry_dir': ' /var/run/passenger-instreg',
'passenger_ruby': '/usr/bin/ruby',
},
'openssl_package': 'openssl',
}, },
'Suse': { 'Suse': {
'apache_utils': 'apache2-utils',
'group_action': 'pkg.installed',
'group_pkg': 'patterns-devel-base-devel_rpm_build',
'libpcre_dev': 'pcre-devel',
'libssl_dev': 'openssl-devel',
'pid_path': '/run/nginx.pid',
'package': 'nginx', 'package': 'nginx',
'default_user': 'nginx', 'service': 'nginx',
'default_group': 'nginx', 'webuser': 'nginx',
'disable_before_rename': True, 'conf_file': '/etc/nginx/nginx.conf',
'old_init_disable': 'chkconfig --del nginx', 'server_available': '/etc/nginx/vhosts.d',
'use_upstart': False, 'server_enabled': '/etc/nginx/vhosts.d',
'use_sysvinit': False, 'snippets_dir': '/etc/nginx/snippets',
'home': '/srv/www', 'server_use_symlink': False,
'conf_dir': '/etc/nginx', 'pid_file': '/run/nginx.pid',
'log_dir': '/var/log/nginx', 'gpg_check': True,
'sbin_dir': '/usr/sbin', 'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_{{ grains.osrelease }}/repodata/repomd.xml.key',
'install_prefix': '/usr/local/nginx', 'openssl_package': 'openssl',
'make_flags': '-j2'
}, },
}, grain='os_family', merge=salt['pillar.get']('nginx:lookup'), default='Debian') %} 'Arch': {
'package': 'nginx',
'service': 'nginx',
'webuser': 'http',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/sites-available',
'server_enabled': '/etc/nginx/sites-enabled',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': True,
'openssl_package': 'openssl',
},
'Gentoo': {
'package': 'www-servers/nginx',
'service': 'nginx',
'webuser': 'nginx',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/sites-available',
'server_enabled': '/etc/nginx/sites-enabled',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': True,
'openssl_package': 'dev-libs/openssl',
},
'FreeBSD': {
'package': 'nginx',
'passenger_package': 'passenger',
'service': 'nginx',
'webuser': 'www',
'conf_file': '/usr/local/etc/nginx/nginx.conf',
'server_available': '/usr/local/etc/nginx/sites-available',
'server_enabled': '/usr/local/etc/nginx/sites-enabled',
'snippets_dir': '/usr/local/etc/nginx/snippets',
'server_use_symlink': True,
'pid_file': '/var/run/nginx.pid',
},
}, default='Debian' ),
'install_from_source': False,
'install_from_ppa': False,
'install_from_repo': False,
'install_from_phusionpassenger': False,
'ppa_version': 'stable',
'source_version': '1.10.0',
'source_hash': '8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d',
'source': {
'opts': {},
},
'package': {
'opts': {},
},
'service': {
'enable': True,
'opts': {},
},
'server': {
'opts': {},
'config': {
'worker_processes': 'auto',
'events': {
'worker_connections': 768,
},
'http': {
'sendfile': 'on',
'tcp_nopush': 'on',
'tcp_nodelay': 'on',
'keepalive_timeout': '65',
'types_hash_max_size': '2048',
'default_type': 'application/octet-stream',
'access_log': '/var/log/nginx/access.log',
'error_log': '/var/log/nginx/error.log',
'gzip': 'off',
'gzip_disable': '"msie6"',
'include': [
'mime.types',
'conf.d/*.conf',
'sites-enabled/*',
],
},
},
},
'servers': {
'disabled_postfix': '.disabled',
'symlink_opts': {},
'rename_opts': {},
'managed_opts': {
'makedirs': True,
},
'dir_opts': {
'makedirs': True,
},
'managed': {},
},
'passenger': {
'passenger_root': '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
'passenger_ruby': '/usr/bin/ruby',
},
}, merge=True) %}
{% if 'user' not in nginx.server.config %}
{% do nginx.server.config.update({
'user': nginx.lookup.webuser,
})%}
{% endif %}
{% if 'pid' not in nginx.server.config and 'pid_file' in nginx.lookup %}
{% do nginx.server.config.update({
'pid': nginx.lookup.pid_file,
})%}
{% endif %}
{% if salt['grains.get']('os_family') == 'RedHat' %}
{% do nginx.passenger.update({
'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini',
'passenger_instance_registry_dir': '/var/run/passenger-instreg',
})%}
{% if salt['grains.get']('osfinger') == 'CentOS-6' %}
{% do nginx.server.config.update({
'pid': '/var/run/nginx.pid',
})%}
{% do nginx.passenger.update({
'passenger_root': '/usr/lib/ruby/1.8/phusion_passenger/locations.ini',
})%}
{% endif %}
{% endif %}

30
nginx/ng/init.sls
View File

@ -1,30 +0,0 @@
# nginx.ng
#
# Meta-state to fully install nginx.
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %}
include:
- nginx.ng.config
- nginx.ng.service
{% if nginx.snippets is defined %}
- nginx.ng.snippets
{% endif %}
- nginx.ng.servers
- nginx.ng.certificates
extend:
nginx_service:
service:
- listen:
- file: nginx_config
- require:
- file: nginx_config
nginx_config:
file:
- require:
{% if nginx.install_from_source %}
- cmd: nginx_install
{% else %}
- pkg: nginx_install
{% endif %}

197
nginx/ng/map.jinja
View File

@ -1,197 +0,0 @@
{% macro sls_block(dict) %}
{% for key, value in dict.items() %}
- {{ key }}: {{ value|json(sort_keys=False) }}
{% endfor %}
{% endmacro %}
{% set nginx = salt['pillar.get']('nginx:ng', {
'lookup': salt['grains.filter_by']({
'Debian': {
'package': 'nginx',
'passenger_package': 'passenger',
'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
'service': 'nginx',
'webuser': 'www-data',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/sites-available',
'server_enabled': '/etc/nginx/sites-enabled',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': True,
'pid_file': '/run/nginx.pid',
'openssl_package': 'openssl',
},
'CentOS': {
'package': 'nginx',
'passenger_package': 'passenger',
'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
'service': 'nginx',
'webuser': 'nginx',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/conf.d',
'server_enabled': '/etc/nginx/conf.d',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': False,
'pid_file': '/run/nginx.pid',
'rh_os_releasever': '$releasever',
'gpg_check': False,
'gpg_key': 'http://nginx.org/keys/nginx_signing.key',
'openssl_package': 'openssl',
},
'RedHat': {
'package': 'nginx',
'passenger_package': 'passenger',
'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
'service': 'nginx',
'webuser': 'nginx',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/conf.d',
'server_enabled': '/etc/nginx/conf.d',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': False,
'pid_file': '/run/nginx.pid',
'rh_os_releasever': '$releasever',
'gpg_check': False,
'gpg_key': 'http://nginx.org/keys/nginx_signing.key',
'passenger': {
'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini',
'passenger_instance_registry_dir': ' /var/run/passenger-instreg',
'passenger_ruby': '/usr/bin/ruby',
},
'openssl_package': 'openssl',
},
'Suse': {
'package': 'nginx',
'service': 'nginx',
'webuser': 'nginx',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/vhosts.d',
'server_enabled': '/etc/nginx/vhosts.d',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': False,
'pid_file': '/run/nginx.pid',
'gpg_check': True,
'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_{{ grains.osrelease }}/repodata/repomd.xml.key',
'openssl_package': 'openssl',
},
'Arch': {
'package': 'nginx',
'service': 'nginx',
'webuser': 'http',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/sites-available',
'server_enabled': '/etc/nginx/sites-enabled',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': True,
'openssl_package': 'openssl',
},
'Gentoo': {
'package': 'www-servers/nginx',
'service': 'nginx',
'webuser': 'nginx',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/sites-available',
'server_enabled': '/etc/nginx/sites-enabled',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': True,
'openssl_package': 'dev-libs/openssl',
},
'FreeBSD': {
'package': 'nginx',
'passenger_package': 'passenger',
'service': 'nginx',
'webuser': 'www',
'conf_file': '/usr/local/etc/nginx/nginx.conf',
'server_available': '/usr/local/etc/nginx/sites-available',
'server_enabled': '/usr/local/etc/nginx/sites-enabled',
'snippets_dir': '/usr/local/etc/nginx/snippets',
'server_use_symlink': True,
'pid_file': '/var/run/nginx.pid',
},
}, default='Debian' ),
'install_from_source': False,
'install_from_ppa': False,
'install_from_repo': False,
'install_from_phusionpassenger': False,
'ppa_version': 'stable',
'source_version': '1.10.0',
'source_hash': '8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d',
'source': {
'opts': {},
},
'package': {
'opts': {},
},
'service': {
'enable': True,
'opts': {},
},
'server': {
'opts': {},
'config': {
'worker_processes': 'auto',
'events': {
'worker_connections': 768,
},
'http': {
'sendfile': 'on',
'tcp_nopush': 'on',
'tcp_nodelay': 'on',
'keepalive_timeout': '65',
'types_hash_max_size': '2048',
'default_type': 'application/octet-stream',
'access_log': '/var/log/nginx/access.log',
'error_log': '/var/log/nginx/error.log',
'gzip': 'off',
'gzip_disable': '"msie6"',
'include': [
'mime.types',
'conf.d/*.conf',
'sites-enabled/*',
],
},
},
},
'servers': {
'disabled_postfix': '.disabled',
'symlink_opts': {},
'rename_opts': {},
'managed_opts': {
'makedirs': True,
},
'dir_opts': {
'makedirs': True,
},
'managed': {},
},
'passenger': {
'passenger_root': '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
'passenger_ruby': '/usr/bin/ruby',
},
}, merge=True) %}
{% if 'user' not in nginx.server.config %}
{% do nginx.server.config.update({
'user': nginx.lookup.webuser,
})%}
{% endif %}
{% if 'pid' not in nginx.server.config and 'pid_file' in nginx.lookup %}
{% do nginx.server.config.update({
'pid': nginx.lookup.pid_file,
})%}
{% endif %}
{% if salt['grains.get']('os_family') == 'RedHat' %}
{% do nginx.passenger.update({
'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini',
'passenger_instance_registry_dir': '/var/run/passenger-instreg',
})%}
{% if salt['grains.get']('osfinger') == 'CentOS-6' %}
{% do nginx.server.config.update({
'pid': '/var/run/nginx.pid',
})%}
{% do nginx.passenger.update({
'passenger_root': '/usr/lib/ruby/1.8/phusion_passenger/locations.ini',
})%}
{% endif %}
{% endif %}

31
nginx/openresty.sls
View File

@ -1,31 +0,0 @@
{% set nginx = pillar.get('nginx', {}) -%}
{% set home = nginx.get('home', '/var/www') -%}
{% set source = nginx.get('source_root', '/usr/local/src') -%}
{% set openresty = nginx.get('openresty', {}) -%}
{% set openresty_version = openresty.get('version', '1.2.7.8') -%}
{% set openresty_checksum = openresty.get('checksum', 'sha1=f8bee501529ffec33f9cabc00ea4ca512a8d7b59') -%}
{% set openresty_package = source + '/openresty-' + openresty_version + '.tar.gz' -%}
get-openresty:
file.managed:
- name: {{ openresty_package }}
- source: http://openresty.org/download/ngx_openresty-{{ openresty_version }}.tar.gz
- source_hash: {{ openresty_checksum }}
cmd.wait:
- cwd: {{ source }}
- name: tar -zxf {{ openresty_package }} -C {{ home }}
- watch:
- file: get-openresty
install_openresty:
cmd.wait:
- cwd: {{ home }}/ngx_openresty-{{ openresty_version }}
- names:
- ./configure --with-luajit \
--with-http_drizzle_module \
--with-http_postgres_module \
--with-http_iconv_module
- make && make install
- watch:
- cmd: get-openresty

128
nginx/package.sls
View File

@ -1,128 +0,0 @@
{% from "nginx/map.jinja" import nginx with context %}
{% set use_upstart = salt['pillar.get']('nginx:use_upstart', nginx['use_upstart']) %}
{% if use_upstart %}
nginx-old-init:
file.rename:
- name: /usr/share/nginx/init.d
- source: /etc/init.d/nginx
- require_in:
- file: nginx
- require:
- pkg: nginx
- force: True
{% if grains.get('os_family') == 'Debian' %}
# Don't dpkg-divert if we are not Debian based!
cmd.wait:
- name: dpkg-divert --divert /usr/share/nginx/init.d --add /etc/init.d/nginx
- require:
- module: nginx-old-init
- watch:
- file: nginx-old-init
- require_in:
- file: nginx
{% endif %}
module.wait:
- name: cmd.run
- cmd: sh -c "kill `cat /var/run/nginx.pid`"
- watch:
- file: nginx-old-init
- require_in:
- file: nginx
- onlyif: [ -e /var/run/nginx.pid ]
# RedHat requires the init file in place to chkconfig off
{% if nginx['disable_before_rename'] %}
{% set _in = '_in' %}
{% else %}
{% set _in = '' %}
{% endif %}
nginx-old-init-disable:
cmd.run:
- name: {{ nginx.old_init_disable }}
- require{{ _in }}:
- module: nginx-old-init
- onlyif: [ -f /etc/init.d/nginx ]
{% endif %}
{% if grains.get('os_family') == 'Debian' %}
{% set repo_source = pillar.get('nginx', {}).get('repo_source', 'default') %}
{% set use_ppa = repo_source == 'ppa' and grains.get('os') == 'Ubuntu' %}
{% set use_official = repo_source == 'official' and grains.get('os') in ('Ubuntu', 'Debian') %}
nginx-ppa-repo:
pkgrepo:
{%- if use_ppa %}
- managed
{%- else %}
- absent
{%- endif %}
- humanname: nginx-ppa-{{ grains['oscodename'] }}
- name: deb http://ppa.launchpad.net/nginx/{{ pillar.get('nginx', {}).get('repo_version', 'stable') }}/ubuntu {{ grains['oscodename'] }} main
- file: /etc/apt/sources.list.d/nginx-{{ pillar.get('nginx', {}).get('repo_version', 'stable') }}-{{ grains['oscodename'] }}.list
- dist: {{ grains['oscodename'] }}
- keyid: C300EE8C
- keyserver: keyserver.ubuntu.com
- require_in:
- pkg: nginx
- watch_in:
- pkg: nginx
nginx-official-repo:
pkgrepo:
{%- if use_official %}
- managed
{%- else %}
- absent
{%- endif %}
- humanname: nginx apt repo
- name: deb http://nginx.org/packages/{{ grains['os'].lower() }}/ {{ grains['oscodename'] }} nginx
- file: /etc/apt/sources.list.d/nginx-official-{{ grains['oscodename'] }}.list
- keyid: ABF5BD827BD9BF62
- keyserver: keyserver.ubuntu.com
- require_in:
- pkg: nginx
- watch_in:
- pkg: nginx
{% endif %}
nginx:
pkg.installed:
- name: {{ nginx.package }}
{% if use_upstart %}
file.managed:
- name: /etc/init/nginx.conf
- template: jinja
- user: root
- group: root
- mode: 440
- source: salt://nginx/templates/upstart.jinja
- require:
- pkg: nginx
- file: nginx-old-init
- module: nginx-old-init
{% endif %}
service.running:
- enable: True
- restart: True
- watch:
{% if use_upstart %}
- file: nginx
{% endif %}
{% set conf_dir = salt['pillar.get']('nginx:conf_dir', '/etc/nginx') %}
- file: {{ conf_dir }}/nginx.conf
- file: {{ conf_dir }}/conf.d/default.conf
- file: {{ conf_dir }}/conf.d/example_ssl.conf
- pkg: nginx
# Create 'service' symlink for tab completion.
# This is not supported in os_family RedHat and likely only works in
# Debian-based distros
{% if use_upstart and grains['os_family'] == 'Debian' %}
/etc/init.d/nginx:
file.symlink:
- target: /lib/init/upstart-job
- force: True
{% endif %}

10
nginx/ng/passenger.sls → nginx/passenger.sls
View File

@ -1,14 +1,14 @@
# nginx.ng.passenger # nginx.passenger
# #
# Manages installation of passenger from repo. # Manages installation of passenger from repo.
# Requires install_from_phusionpassenger = True # Requires install_from_phusionpassenger = True
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %} {% from 'nginx/map.jinja' import nginx, sls_block with context %}
{% if salt['grains.get']('os_family') in ['Debian', 'RedHat'] %} {% if salt['grains.get']('os_family') in ['Debian', 'RedHat'] %}
include: include:
- nginx.ng.pkg - nginx.pkg
- nginx.ng.service - nginx.service
passenger_install: passenger_install:
pkg.installed: pkg.installed:
@ -27,7 +27,7 @@ passenger_config:
file.managed: file.managed:
{{ sls_block(nginx.server.opts) }} {{ sls_block(nginx.server.opts) }}
- name: {{ nginx.lookup.passenger_config_file }} - name: {{ nginx.lookup.passenger_config_file }}
- source: salt://nginx/ng/files/nginx.conf - source: salt://nginx/files/nginx.conf
- template: jinja - template: jinja
- context: - context:
config: {{ nginx.passenger|json() }} config: {{ nginx.passenger|json() }}

4
nginx/ng/pkg.sls → nginx/pkg.sls
View File

@ -1,8 +1,8 @@
# nginx.ng.pkg # nginx.pkg
# #
# Manages installation of nginx from pkg. # Manages installation of nginx from pkg.
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %} {% from 'nginx/map.jinja' import nginx, sls_block with context %}
{%- if nginx.install_from_repo %} {%- if nginx.install_from_repo %}
{% set from_official = true %} {% set from_official = true %}
{% set from_ppa = false %} {% set from_ppa = false %}

12
nginx/ng/servers.sls → nginx/servers.sls
View File

@ -1,10 +1,10 @@
# nginx.ng.servers # nginx.servers
# #
# Manages virtual hosts and their relationship to the nginx service. # Manages virtual hosts and their relationship to the nginx service.
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %} {% from 'nginx/map.jinja' import nginx, sls_block with context %}
{% from 'nginx/ng/servers_config.sls' import server_states with context %} {% from 'nginx/servers_config.sls' import server_states with context %}
{% from 'nginx/ng/service.sls' import service_function with context %} {% from 'nginx/service.sls' import service_function with context %}
{% macro file_requisites(states) %} {% macro file_requisites(states) %}
{%- for state in states %} {%- for state in states %}
@ -13,8 +13,8 @@
{% endmacro %} {% endmacro %}
include: include:
- nginx.ng.service - nginx.service
- nginx.ng.servers_config - nginx.servers_config
{% if server_states|length() > 0 %} {% if server_states|length() > 0 %}
nginx_service_reload: nginx_service_reload:

6
nginx/ng/servers_config.sls → nginx/servers_config.sls
View File

@ -1,8 +1,8 @@
# nginx.ng.servers_config # nginx.servers_config
# #
# Manages the configuration of virtual host files. # Manages the configuration of virtual host files.
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %} {% from 'nginx/map.jinja' import nginx, sls_block with context %}
{% set server_states = [] %} {% set server_states = [] %}
# Simple path concatenation. # Simple path concatenation.
@ -104,7 +104,7 @@ nginx_server_available_dir:
{% if 'source_path' in settings.config %} {% if 'source_path' in settings.config %}
{% set source_path = settings.config.source_path %} {% set source_path = settings.config.source_path %}
{% else %} {% else %}
{% set source_path = 'salt://nginx/ng/files/server.conf' %} {% set source_path = 'salt://nginx/files/server.conf' %}
{% endif %} {% endif %}
{{ conf_state_id }}: {{ conf_state_id }}:
file.managed: file.managed:

14
nginx/ng/service.sls → nginx/service.sls
View File

@ -1,22 +1,22 @@
# nginx.ng.service # nginx.service
# #
# Manages the nginx service. # Manages the nginx service.
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %} {% from 'nginx/map.jinja' import nginx, sls_block with context %}
{% set service_function = {True:'running', False:'dead'}.get(nginx.service.enable) %} {% set service_function = {True:'running', False:'dead'}.get(nginx.service.enable) %}
include: include:
{% if nginx.install_from_source %} {% if nginx.install_from_source %}
- nginx.ng.src - nginx.src
{% else %} {% else %}
- nginx.ng.pkg - nginx.pkg
{% endif %} {% endif %}
{% if nginx.install_from_source %} {% if nginx.install_from_source %}
nginx_systemd_service_file: nginx_systemd_service_file:
file.managed: file.managed:
- name: /lib/systemd/system/nginx.service - name: /lib/systemd/system/nginx.service
- source: salt://nginx/ng/files/nginx.service - source: salt://nginx/files/nginx.service
{% endif %} {% endif %}
nginx_service: nginx_service:
@ -26,9 +26,9 @@ nginx_service:
- enable: {{ nginx.service.enable }} - enable: {{ nginx.service.enable }}
- require: - require:
{% if nginx.install_from_source %} {% if nginx.install_from_source %}
- sls: nginx.ng.src - sls: nginx.src
{% else %} {% else %}
- sls: nginx.ng.pkg - sls: nginx.pkg
{% endif %} {% endif %}
- listen: - listen:
{% if nginx.install_from_source %} {% if nginx.install_from_source %}

6
nginx/ng/snippets.sls → nginx/snippets.sls
View File

@ -1,8 +1,8 @@
# nginx.ng.snippet # nginx.snippet
# #
# Manages creation of snippets # Manages creation of snippets
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %} {% from 'nginx/map.jinja' import nginx, sls_block with context %}
nginx_snippets_dir: nginx_snippets_dir:
file.directory: file.directory:
@ -13,7 +13,7 @@ nginx_snippets_dir:
nginx_snippet_{{ snippet }}: nginx_snippet_{{ snippet }}:
file.managed: file.managed:
- name: {{ nginx.lookup.snippets_dir }}/{{ snippet }}.conf - name: {{ nginx.lookup.snippets_dir }}/{{ snippet }}.conf
- source: salt://nginx/ng/files/server.conf - source: salt://nginx/files/server.conf
- template: jinja - template: jinja
- context: - context:
config: {{ config|json() }} config: {{ config|json() }}

277
nginx/source.sls
View File

@ -1,277 +0,0 @@
{% from "nginx/map.jinja" import nginx as nginx_map with context %}
{% set nginx = pillar.get('nginx', {}) -%}
{% set use_sysvinit = nginx.get('use_sysvinit', nginx_map['use_sysvinit']) %}
{% set version = nginx.get('version', '1.6.2') -%}
{% set tarball_url = nginx.get('tarball_url', 'http://nginx.org/download/nginx-' + version + '.tar.gz') -%}
{% set checksum = nginx.get('checksum', 'sha256=b5608c2959d3e7ad09b20fc8f9e5bd4bc87b3bc8ba5936a513c04ed8f1391a18') -%}
{% set home = nginx.get('home', nginx_map['home']) -%}
{% set base_temp_dir = nginx.get('base_temp_dir', '/tmp') -%}
{% set source = nginx.get('source_root', '/usr/local/src') -%}
{% set conf_dir = nginx.get('conf_dir', nginx_map['conf_dir']) -%}
{% set conf_only = nginx.get('conf_only', false) -%}
{% set log_dir = nginx.get('log_dir', nginx_map['log_dir']) -%}
{% set pid_path = nginx.get('pid_path', nginx_map['pid_path']) -%}
{% set lock_path = nginx.get('lock_path', '/var/lock/nginx.lock') -%}
{% set sbin_dir = nginx.get('sbin_dir', nginx_map['sbin_dir']) -%}
{% set install_prefix = nginx.get('install_prefix', nginx_map['install_prefix']) -%}
{% set with_items = nginx.get('with', ['debug', 'http_dav_module', 'http_stub_status_module', 'pcre', 'ipv6']) -%}
{% set without_items = nginx.get('without', []) -%}
{% set make_flags = nginx.get('make_flags', nginx_map['make_flags']) -%}
{% set service_name = nginx.get('service_name', 'nginx') %}
{% set service_enable = nginx.get('service_enable', True) %}
{% set nginx_package = source + '/nginx-' + version + '.tar.gz' -%}
{% set nginx_source = source + "/nginx-" + version -%}
{% set nginx_modules_dir = source + "/nginx-modules" -%}
include:
- nginx.common
{% if nginx.get('with_luajit', false) %}
- nginx.luajit2
{% endif -%}
{% if nginx.get('with_openresty', false) %}
- nginx.openresty
{% endif -%}
nginx_group:
group.present:
- name: {{ nginx_map.default_group }}
nginx_user:
file.directory:
- name: {{ home }}
- user: {{ nginx_map.default_user }}
- group: {{ nginx_map.default_group }}
- mode: 0755
- require:
- user: nginx_user
- group: nginx_group
user.present:
- name: {{ nginx_map.default_user }}
- home: {{ home }}
- groups:
- {{ nginx_map.default_group }}
- require:
- group: nginx_group
{{ nginx_modules_dir }}:
file:
- directory
- makedirs: True
get-build-tools:
{% if grains['saltversion'] < '2015.8.0' and grains['os_family'] == 'RedHat' %}
module.run:
- name: pkg.group_install
- m_name: {{ nginx_map.group_pkg }}
{% else %}
{{ nginx_map.group_action }}:
- name: {{ nginx_map.group_pkg }}
{% endif %}
get-nginx:
pkg.installed:
- names:
- {{ nginx_map.libpcre_dev }}
- {{ nginx_map.libssl_dev }}
file.managed:
- name: {{ nginx_package }}
- source: {{ tarball_url }}
- source_hash: {{ checksum }}
- require:
- file: {{ nginx_modules_dir }}
cmd.wait:
- cwd: {{ source }}
- name: tar --transform "s,^$(tar --list -zf nginx-{{ version }}.tar.gz | head -n 1),nginx-{{ version }}/," -zxf {{ nginx_package }}
- require:
- pkg: get-nginx
- file: get-nginx
- watch:
- file: get-nginx
{% for name, module in nginx.get('modules', {}).items() -%}
get-nginx-{{name}}:
file.managed:
- name: {{ nginx_modules_dir }}/{{name}}.tar.gz
- source: {{ module['source'] }}
- source_hash: {{ module['source_hash'] }}
cmd.wait:
- cwd: {{ nginx_modules_dir }}
- names:
- tar --transform "s,^$(tar --list -zf {{name}}.tar.gz | head -n 1),{{name}}/," -zxf {{name}}.tar.gz
- watch:
- file: get-nginx-{{name}}
- require_in:
- cmd: nginx
{% endfor -%}
{% if nginx.get('ngx_devel_kit', true) -%}
get-ngx_devel_kit:
file.managed:
- name: {{ source }}/ngx_devel_kit.tar.gz
- source: https://github.com/simpl/ngx_devel_kit/archive/v0.2.18.tar.gz
- source_hash: sha1=e21ba642f26047661ada678b21eef001ee2121d8
cmd.wait:
- cwd: {{ source }}
- name: tar -zxf {{ source }}/ngx_devel_kit.tar.gz -C {{ source }}
- watch:
- file: get-ngx_devel_kit
{% endif %}
is-nginx-source-modified:
cmd.run:
- cwd: {{ source }}
- stateful: True
- names:
- if [ ! -d "nginx-{{ version }}" ]; then
echo "changed=yes comment='Tarball has not yet been extracted'";
exit 0;
fi;
cd "nginx-{{ version }}";
m=$(find . \! -name "build.*" -newer {{ sbin_dir }}/nginx -print -quit);
r=$?;
if [ x$r != x0 ]; then
echo "changed=yes comment='binary file does not exist or other find error'";
exit 0;
fi;
if [ x$m != "x" ]; then
echo "changed=yes comment='source files are newer than binary'";
exit 0;
fi;
echo "changed=no comment='source files are older than binary'"
{% for name, module in nginx.get('modules', {}).items() -%}
is-nginx-module-modified-{{name}}:
cmd.run:
- cwd: {{ nginx_modules_dir }}/{{name}}
- stateful: True
- names:
- m=$(find . \! -name "build.*" -newer {{ sbin_dir }}/nginx -print -quit);
r=$?;
if [ x$r != x0 ]; then
echo "changed=yes comment='binary file does not exist or other find error'";
exit 0;
fi;
if [ x$m != "x" ]; then
echo "changed=yes comment='module source files are newer than binary'";
exit 0;
fi;
echo "changed=no comment='module source files are older than binary'"
{% endfor -%}
nginx:
cmd.wait:
- cwd: {{ nginx_source }}
- names:
- (
{%- if nginx.get('debug_symbols', false) %}
CFLAGS="-g -O0" ./configure --conf-path={{ conf_dir }}/nginx.conf
{%- else %}
./configure --conf-path={{ conf_dir }}/nginx.conf
{%- endif %}
--sbin-path={{ sbin_dir }}/nginx
--user={{ nginx_map.default_user }}
--group={{ nginx_map.default_group }}
--prefix={{ install_prefix }}
--http-log-path={{ log_dir }}/access.log
--error-log-path={{ log_dir }}/error.log
--pid-path={{ pid_path }}
--lock-path={{ lock_path }}
--http-client-body-temp-path={{ base_temp_dir }}/body
--http-proxy-temp-path={{ base_temp_dir }}/proxy
--http-fastcgi-temp-path={{ base_temp_dir }}/fastcgi
--http-uwsgi-temp-path={{ base_temp_dir }}/temp_uwsgi
--http-scgi-temp-path={{ base_temp_dir }}/temp_scgi
{%- for name, module in nginx.get('modules', {}).items() %}
--add-module={{nginx_modules_dir}}/{{name}}
{%- endfor %}
{%- for name in with_items %}
--with-{{ name }}
{%- endfor %}
{%- for name in without_items %}
--without-{{ name }}
{%- endfor %}
&& make {{ make_flags }}
&& make install
)
{#- If they want to silence the compiler output, then save it to file so we can reference it later if needed #}
{%- if nginx.get('silence_compiler', true) %}
> {{ nginx_source }}/build.out 2> {{ nginx_source }}/build.err;
{#- If the build process failed, write stderr to stderr and exit with the error code #}
r=$?;
if [ x$r != x0 ]; then
cat {{ nginx_source }}/build.err 1>&2; {#- copy err output to stderr #}
exit $r;
fi;
{% endif %}
- watch:
- cmd: get-nginx
- cmd: is-nginx-source-modified
{% for name, module in nginx.get('modules', {}).items() -%}
- cmd: is-nginx-module-modified-{{name}}
- file: get-nginx-{{name}}
{% endfor %}
{% if use_sysvinit %}
- watch_in:
{% set logger_types = ('access', 'error') %}
{% for log_type in logger_types %}
- service: nginx-logger-{{ log_type }}
{% endfor %}
{% endif %}
- require:
- cmd: get-nginx
{% for name, module in nginx.get('modules', {}).items() -%}
- file: get-nginx-{{name}}
{% endfor %}
{% if use_sysvinit %}
file:
- managed
- template: jinja
- name: /etc/init.d/{{ service_name }}
- source: salt://nginx/templates/nginx.init.jinja
- user: root
- group: root
- mode: 0755
- context:
service_name: {{ service_name }}
sbin_dir: {{ sbin_dir }}
pid_path: {{ pid_path }}
{% endif %}
service:
{% if service_enable %}
- running
- enable: True
- restart: True
{% else %}
- dead
- enable: False
{% endif %}
- name: {{ service_name }}
- watch:
- cmd: nginx
- file: {{ conf_dir }}/nginx.conf
- require:
- cmd: nginx
- file: {{ conf_dir }}/nginx.conf
{% for file in nginx.get('delete_confs', []) %}
{{ conf_dir }}/{{ file }}:
file:
- absent
- require_in:
- service: nginx
{% endfor %}
{% for file in nginx.get('delete_htdocs', []) %}
{{ install_prefix }}/html/{{ file }}:
file:
- absent
- require_in:
- service: nginx
{% endfor %}

6
nginx/ng/src.sls → nginx/src.sls
View File

@ -1,8 +1,8 @@
# nginx.ng.src # nginx.src
# #
# Manages installation of nginx from source. # Manages installation of nginx from source.
{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %} {% from 'nginx/map.jinja' import nginx, sls_block with context %}
nginx_deps: nginx_deps:
pkg.installed: pkg.installed:
@ -23,7 +23,7 @@ nginx_download:
nginx_configure: nginx_configure:
cmd.run: cmd.run:
- name: ./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path={{ nginx.lookup.conf_file or '/etc/nginx/nginx.conf' }} {{ nginx.source.opts | join(' ') }} - name: ./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path={{ nginx.lookup.conf_file }} {{ nginx.source.opts | join(' ') }}
- cwd: /tmp/nginx-{{ nginx.source_version }} - cwd: /tmp/nginx-{{ nginx.source_version }}
- onchanges: - onchanges:
- archive: nginx_download - archive: nginx_download

34
nginx/sysvinit.sls
View File

@ -1,34 +0,0 @@
{% set nginx = pillar.get('nginx', {}) -%}
{% set log_dir = nginx.get('log_dir', '/var/log/nginx') -%}
{% set logger_types = ('access', 'error') %}
{% for log_type in logger_types %}
{{ log_dir }}/{{ log_type }}.log:
file.absent
nginx-logger-{{ log_type }}:
file:
- managed
- name: /etc/init.d/nginx-logger-{{ log_type }}
- template: jinja
- user: root
- group: root
- mode: 755
- source:
- salt://nginx/templates/{{ grains['os_family'] }}-sysvinit-logger.jinja
- salt://nginx/templates/sysvinit-logger.jinja
- context:
type: {{ log_type }}
service:
- running
- enable: True
- restart: True
- require:
- file: nginx-logger-{{ log_type }}
- require_in:
- service: nginx
{% endfor %}
/etc/logrotate.d/nginx:
file.absent

100
nginx/templates/RedHat-sysvinit-logger.jinja
View File

@ -1,100 +0,0 @@
#!/bin/bash
# /etc/init.d/nginx-logger-{{ type }}
#
# chkconfig: 345 84 16
# description: Nginx logger for {{ type }}
# processname: nginx-logger-{{ type }}
NAME=nginx-logger-{{ type }}
DESC="syslog forwarder for nginx {{type}} logs"
DAEMON=/usr/bin/logger
DAEMON_ARGS=" -f /var/log/nginx/{{ type }}.fifo -t nginx -p {% if type == 'error' %}warn{% else %}debug{% endif %}"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
# Exit if the daemon program isn't installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
. /etc/init.d/functions
do_start() {
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
echo -n "Starting $NAME"
pid=$(cat $PIDFILE 2>/dev/null)
if [ -n "$pid" ]; then
failure
echo
return 1;
fi
if [ ! -r /var/log/nginx/{{ type }}.fifo ]; then
mkdir -p /var/log/nginx
mkfifo /var/log/nginx/{{ type }}.fifo
chown root.root /var/log/nginx/{{ type }}.fifo
chmod 660 /var/log/nginx/{{ type }}.fifo
fi
$DAEMON $DAEMON_ARGS &
ERROR=$?
PID=$!
if [ $ERROR -eq 0 ]; then
success
echo
echo $PID > $PIDFILE
else
failure
echo
exit 2
fi
}
do_stop() {
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
echo -n Stopping $NAME
pid=$(cat $PIDFILE 2>/dev/null)
if [ $? -eq 0 ]; then
echo $pid | xargs kill 2&1>/dev/null
success
RETVAL=0
else
failure
RETVAL=1
fi
echo
[ "$RETVAL" = 2 ] && return 2
rm -f $PIDFILE
return "$RETVAL"
}
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
status)
status -p "$PIDFILE" "$DAEMON" && exit 0 || exit $?
;;
restart|force-reload)
do_stop
do_start
;;
*)
echo "Usage: /etc/init.d/nginx-logger-{{ type }} {start|stop|status|restart|force-reload}" >&2
exit 3
;;
esac
exit 0

79
nginx/templates/config.jinja
View File

@ -1,79 +0,0 @@
{% set nginx = pillar.get('nginx', {}) -%}
# defaults passed via context from the map.jinja
{% set user = nginx.get('user', default_user) -%}
{% set group = nginx.get('group', default_group) -%}
user {{ user }} {{ group }};
worker_processes {{ nginx.get('worker_processes', 1) }};
{% set worker_rlimit_nofile = nginx.get('worker_rlimit_nofile', '') -%}
{% if worker_rlimit_nofile -%}
worker_rlimit_nofile {{ worker_rlimit_nofile }};
{% endif -%}
{% set error_log_location = nginx.get('error_log',{}).get('location', '/var/log/nginx/error.fifo') -%}
{% set error_log_level = nginx.get('error_log',{}).get('level', 'warn') -%}
error_log {{ ' '.join([error_log_location, error_log_level]) }};
pid {{ nginx.get('pid', '/var/run/nginx.pid') }};
{% if not 'systemd' in salt['test.provider']('service') -%}
daemon {{ nginx.get('daemon', 'on') }};
{%- endif %}
events {
worker_connections {{ nginx.get('events', {}).get('worker_connections', 1024) }};
{% set use = nginx.get('events', {}).get('use', '') -%}
{% if use -%}
use {{ use }};
{% endif %}
}
http {
{% if 'set_real_ips' in nginx -%}
{% for ip in nginx.get('set_real_ips', {}).get('from_ips', []) -%}
set_real_ip_from {{ ip }};
{% endfor -%}
real_ip_header {{ nginx.get('set_real_ips', {}).get('real_ip_header', 'X-Forwarded-For') }};
{% endif -%}
include /etc/nginx/mime.types;
default_type {{ nginx.get('default_type', 'application/octet-stream') }};
log_format main '$scheme://$host:$server_port$uri$is_args$args $remote_addr:$remote_user "$request" $request_time $request_length:$bytes_sent $status "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.fifo main;
sendfile {{ nginx.get('sendfile', 'on') }};
#tcp_nopush on;
keepalive_timeout {{ nginx.get('keepalive_timeout', 65) }};
server_names_hash_bucket_size {{ nginx.get('server_names_hash_bucket_size', 128) }};
server_names_hash_max_size {{ nginx.get('server_names_hash_max_size', 1024) }};
types_hash_max_size {{ nginx.get('types_hash_max_size', 8192) }};
gzip {{ nginx.get('gzip', 'on') }};
gzip_vary {{ nginx.get('gzip_vary', 'on') }};
gzip_proxied {{ nginx.get('gzip_proxied', 'any') }};
gzip_comp_level {{ nginx.get('gzip_comp_level', 6) }};
gzip_buffers {{ nginx.get('gzip_buffers', '16 8k') }};
gzip_http_version {{ nginx.get('gzip_http_version', '1.1') }};
gzip_types {{ nginx.get('gzip_types', ['text/plain', 'text/css', 'application/json', 'application/x-javascript', 'text/xml', 'application/xml', 'application/xml+rss', 'text/javascript'])|join(' ') }};
gzip_disable "{{ nginx.get('gzip_disable', 'msie6') }}";
# turn on nginx_status on localhost
server {
listen 127.0.0.1:80;
server_name 127.0.0.1;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
{% if pillar['nginx'] is defined -%}
{% if pillar['nginx']['redirect_numeric_ip']|default(False) -%}
server {
server_name {% for ip in salt['network.interfaces']()['eth0']['inet'] %}{{ ip['address'] }}:80{% if not loop.last %} {% endif %}{% endfor %};
return 302 {{ pillar['nginx']['redirect_numeric_ip'] }};
access_log off;
}
{% endif -%}
{% endif %}
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
}

101
nginx/templates/nginx.init.jinja
View File

@ -1,101 +0,0 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: {{ service_name }}
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the {{ service_name }} web server
# Description: starts {{ service_name }} using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON={{ sbin_dir }}/nginx
NAME={{ service_name }}
DESC={{ service_name }}
# Include nginx defaults if available
if [ -f /etc/default/$NAME ]; then
. /etc/default/$NAME
fi
test -x $DAEMON || exit 0
set -e
. /lib/lsb/init-functions
test_nginx_config() {
if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
return 0
else
$DAEMON -t $DAEMON_OPTS
return $?
fi
}
case "$1" in
start)
echo -n "Starting $DESC: "
test_nginx_config
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
# Set the ulimits
ulimit $ULIMIT
fi
start-stop-daemon --start --quiet --pidfile {{ pid_path }} \
--exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile {{ pid_path }} \
--exec $DAEMON || true
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile \
{{ pid_path }} --exec $DAEMON || true
sleep 1
test_nginx_config
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
# Set the ulimits
ulimit $ULIMIT
fi
start-stop-daemon --start --quiet --pidfile \
{{ pid_path }} --exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
reload)
echo -n "Reloading $DESC configuration: "
test_nginx_config
start-stop-daemon --stop --signal HUP --quiet --pidfile {{ pid_path }} \
--exec $DAEMON || true
echo "$NAME."
;;
configtest|testconfig)
echo -n "Testing $DESC configuration: "
if test_nginx_config; then
echo "$NAME."
else
exit $?
fi
;;
status)
status_of_proc -p {{ pid_path }} "$DAEMON" nginx && exit 0 || exit $?
;;
*)
echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
exit 1
;;
esac
exit 0

113
nginx/templates/sysvinit-logger.jinja
View File

@ -1,113 +0,0 @@
#!/bin/bash
# /etc/init.d/nginx-logger-{{ type }}
#
### BEGIN INIT INFO
# Provides: nginx-logger-{{ type }}
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx-logger-{{ type }}
# Description: starts nginx-logger-{{ type }} using start-stop-daemon
### END INIT INFO
NAME=nginx-logger-{{ type }}
DESC="syslog forwarder for nginx {{type}} logs"
DAEMON=/usr/bin/logger
DAEMON_ARGS=" -f /var/log/nginx/{{ type }}.fifo -t nginx -p {% if type == 'error' %}warn{% else %}debug{% endif %}"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
# Exit if the daemon program isn't installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
. /lib/lsb/init-functions
do_start() {
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
pid=$(pidofproc -p $PIDFILE $DAEMON)
if [ -n "$pid" ]; then
return 1;
fi
if [ ! -r /var/log/nginx/{{ type }}.fifo ]; then
mkdir -p /var/log/nginx
mkfifo /var/log/nginx/{{ type }}.fifo
chown root.root /var/log/nginx/{{ type }}.fifo
chmod 660 /var/log/nginx/{{ type }}.fifo
fi
start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_ARGS
}
do_stop() {
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
pids=$(pidof -x $DAEMON)
if [ $? -eq 0 ]; then
echo $pids | xargs kill 2&1>/dev/null
RETVAL=0
else
RETVAL=1
fi
[ "$RETVAL" = 2 ] && return 2
rm -f $PIDFILE
return "$RETVAL"
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
restart|force-reload)
[ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
echo "Usage: /etc/init.d/nginx-logger-{{ type }} {start|stop|status|restart|force-reload}" >&2
exit 3
;;
esac
exit 0

20
nginx/templates/upstart-logger.jinja
View File

@ -1,20 +0,0 @@
# {{ pillar.get('message_do_not_modify', '') }}
# startup script for Nginx loggers
start on starting nginx
stop on runlevel [!2345]
respawn
pre-start script
if [ ! -r /var/log/nginx/{{ type }}.fifo ]; then
mkdir -p /var/log/nginx
mkfifo /var/log/nginx/{{ type }}.fifo
chown root.root /var/log/nginx/{{ type }}.fifo
chmod 660 /var/log/nginx/{{ type }}.fifo
fi
end script
emits nginx-logger-{{ type }}
exec logger -f /var/log/nginx/{{ type }}.fifo -t nginx -p {% if type == 'error' %}warn{% else %}debug{% endif %}

23
nginx/templates/upstart.jinja
View File

@ -1,23 +0,0 @@
# nginx
description "nginx http daemon"
author "George Shammas <georgyo@gmail.com>"
start on (runlevel [345] and started network)
stop on (runlevel [!345] or stopping network)
env DAEMON=/usr/sbin/nginx
expect fork
respawn
respawn limit 10 5
#oom never
pre-start script
$DAEMON -t
if [ $? -ne 0 ]
then exit $?
fi
end script
exec $DAEMON

28
nginx/upstart.sls
View File

@ -1,28 +0,0 @@
{% set logger_types = ('access', 'error') %}
{% for log_type in logger_types %}
/var/log/nginx/{{ log_type }}.log:
file.absent
nginx-logger-{{ log_type }}:
file:
- managed
- name: /etc/init/nginx-logger-{{ log_type }}.conf
- template: jinja
- user: root
- group: root
- mode: 440
- source: salt://nginx/templates/upstart-logger.jinja
- context:
type: {{ log_type }}
service:
- running
- enable: True
- require:
- file: nginx-logger-{{ log_type }}
- require_in:
- service: nginx
{% endfor %}
/etc/logrotate.d/nginx:
file.absent

30
nginx/users.sls
View File

@ -1,30 +0,0 @@
{% from "nginx/map.jinja" import nginx with context %}
{% set htauth = nginx.get('htpasswd', '/etc/nginx/.htpasswd') -%}
htpasswd:
pkg.installed:
- name: {{ nginx.apache_utils }}
touch {{ htauth }}:
cmd.run:
- creates: {{ htauth }}
make sure {{ htauth }} exists:
file.managed:
- name: {{ htauth }}
- makedirs: True
{% for name, user in pillar.get('users', {}).items() %}
{% if user['webauth'] is defined -%}
nginx_user_{{name}}:
module.run:
- name: basicauth.adduser
- user: {{ name }}
- passwd: {{ user['webauth'] }}
- path: {{ htauth }}
- require:
- pkg: htpasswd
{% endif -%}
{% endfor %}

27
pillar.example
View File

@ -1,31 +1,8 @@
#=====
# nginx: see `nginx.ng` state instead.
#======
nginx:
install_from_source: True
use_upstart: True
use_sysvinit: False
user_auth_enabled: True
with_luajit: False
with_openresty: True
repo_version: development # Must be using ppa install by setting `repo_source = ppa`
set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled
from_ips:
- 10.10.10.0/24
real_ip_header: X-Forwarded-For
modules:
headers-more:
source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21
source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b
#pid: /var/run/nginx.pid
# Directory location must exist (i.e. it's /run/nginx.pid on EL7)
# ======== # ========
# nginx.ng # nginx (previously named nginx:ng)
# ======== # ========
nginx: nginx:
ng:
# The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided # The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided
# package will be installed. If one of the `install_from` option is set to `True`, the state will # package will be installed. If one of the `install_from` option is set to `True`, the state will
# make sure the other two repos are removed. # make sure the other two repos are removed.
@ -67,7 +44,7 @@ nginx:
pid_file: /var/run/nginx.pid ### prevents rendering SLS error nginx.server.config.pid undefined ### pid_file: /var/run/nginx.pid ### prevents rendering SLS error nginx.server.config.pid undefined ###
# Source compilation is not currently a part of nginx.ng # Source compilation is not currently a part of nginx
from_source: False from_source: False
source: source:

1
test/salt/default/pillar/nginx.sls
View File

@ -5,7 +5,6 @@
# - create 'mysite' site # - create 'mysite' site
nginx: nginx:
ng:
snippets: snippets:
letsencrypt: letsencrypt:
- location ^~ /.well-known/acme-challenge/: - location ^~ /.well-known/acme-challenge/: