From 5ce9ff0c113f64052dd8c5d6cb971289d53075a3 Mon Sep 17 00:00:00 2001 From: Ari Aosved Date: Wed, 8 Apr 2015 10:51:12 -0700 Subject: [PATCH 01/44] Allow debug symbols to be included when compiling from source- http://wiki.nginx.org/Debugging#Core_dump --- nginx/source.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nginx/source.sls b/nginx/source.sls index 6fb2d7e..d58cdb1 100644 --- a/nginx/source.sls +++ b/nginx/source.sls @@ -163,7 +163,11 @@ nginx: - cwd: {{ nginx_source }} - names: - ( + {%- if nginx.get('debug_symbols', false) %} + CFLAGS="-g -O0" ./configure --conf-path={{ conf_dir }}/nginx.conf + {%- else %} ./configure --conf-path={{ conf_dir }}/nginx.conf + {%- endif %} --sbin-path={{ sbin_dir }}/nginx --user={{ nginx_map.default_user }} --group={{ nginx_map.default_group }} From fb818fc4cd65374b91d7cf8c7559b3e4fa027f6a Mon Sep 17 00:00:00 2001 From: "J. Eduardo" Date: Fri, 21 Apr 2017 23:29:14 +0200 Subject: [PATCH 02/44] Fixed reference to pkg state when installing from official Debian repo --- nginx/ng/pkg.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/ng/pkg.sls b/nginx/ng/pkg.sls index 35baaf1..fe5f8ba 100644 --- a/nginx/ng/pkg.sls +++ b/nginx/ng/pkg.sls @@ -20,9 +20,9 @@ nginx-official-repo: - keyid: ABF5BD827BD9BF62 - keyserver: keyserver.ubuntu.com - require_in: - - pkg: nginx + - pkg: nginx_install - watch_in: - - pkg: nginx + - pkg: nginx_install {%- else %} nginx_ppa_repo: pkgrepo: From 5d67b095944f24f5b09f304250f56f3e00251152 Mon Sep 17 00:00:00 2001 From: Benjamin Neff Date: Sun, 18 Jun 2017 21:09:05 +0200 Subject: [PATCH 03/44] Move includes to the top of nginx.conf --- nginx/ng/files/nginx.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nginx/ng/files/nginx.conf b/nginx/ng/files/nginx.conf index 05d8f01..e32edea 100644 --- a/nginx/ng/files/nginx.conf +++ b/nginx/ng/files/nginx.conf @@ -32,6 +32,10 @@ # # This file is managed by Salt. +{% if 'include' in config.keys() %} +{{ nginx_block(config.pop('include'), 'include') }} +{%- endif -%} + {% for key, value in config.items() %} {{ nginx_block(value, key) }} {%- endfor -%} From 79ddb497d088c4eab5d596f0c38de519af4f6985 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20B=C3=A9rtoli?= Date: Sat, 24 Jun 2017 10:43:25 -0300 Subject: [PATCH 04/44] Add support to install and configure passenger --- nginx/ng/map.jinja | 27 +++++++++++++++ nginx/ng/passenger.sls | 41 +++++++++++++++++++++++ nginx/ng/pkg.sls | 76 ++++++++++++++++++++++++++++++++++++------ pillar.example | 22 +++++++++++- 4 files changed, 154 insertions(+), 12 deletions(-) create mode 100644 nginx/ng/passenger.sls diff --git a/nginx/ng/map.jinja b/nginx/ng/map.jinja index 8bf0e3e..fc3c45d 100644 --- a/nginx/ng/map.jinja +++ b/nginx/ng/map.jinja @@ -8,6 +8,7 @@ 'lookup': salt['grains.filter_by']({ 'Debian': { 'package': 'nginx', + 'passenger_package': 'passenger', 'service': 'nginx', 'webuser': 'www-data', 'conf_file': '/etc/nginx/nginx.conf', @@ -18,6 +19,7 @@ }, 'CentOS': { 'package': 'nginx', + 'passenger_package': 'passenger', 'service': 'nginx', 'webuser': 'nginx', 'conf_file': '/etc/nginx/nginx.conf', @@ -31,6 +33,7 @@ }, 'RedHat': { 'package': 'nginx', + 'passenger_package': 'passenger', 'service': 'nginx', 'webuser': 'nginx', 'conf_file': '/etc/nginx/nginx.conf', @@ -41,6 +44,11 @@ 'rh_os_releasever': '$releasever', 'gpg_check': False, 'gpg_key': 'http://nginx.org/keys/nginx_signing.key', + 'passenger': { + 'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini', + 'passenger_instance_registry_dir': ' /var/run/passenger-instreg', + 'passenger_ruby': '/usr/bin/ruby', + }, }, 'Suse': { 'package': 'nginx', @@ -76,6 +84,7 @@ 'install_from_source': False, 'install_from_ppa': False, 'install_from_repo': False, + 'install_from_phusionpassenger': False, 'ppa_version': 'stable', 'source_version': '1.10.0', 'source_hash': '8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d', @@ -125,6 +134,10 @@ }, 'managed': {}, }, + 'passenger': { + 'passenger_root': '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', + 'passenger_ruby': '/usr/bin/ruby', + }, }, merge=True) %} {% if 'user' not in nginx.server.config %} @@ -139,3 +152,17 @@ })%} {% endif %} +{% if salt['grains.get']('os_family') == 'RedHat' %} +{% do nginx.passenger.update({ + 'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini', + 'passenger_instance_registry_dir': '/var/run/passenger-instreg', +})%} + {% if salt['grains.get']('osfinger') == 'CentOS-6' %} + {% do nginx.server.config.update({ + 'pid': '/var/run/nginx.pid', + })%} + {% do nginx.passenger.update({ + 'passenger_root': '/usr/lib/ruby/1.8/phusion_passenger/locations.ini', + })%} + {% endif %} +{% endif %} diff --git a/nginx/ng/passenger.sls b/nginx/ng/passenger.sls new file mode 100644 index 0000000..6b03430 --- /dev/null +++ b/nginx/ng/passenger.sls @@ -0,0 +1,41 @@ +# nginx.ng.passenger +# +# Manages installation of passenger from repo. +# Requires install_from_phusionpassenger = True + +{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %} + +{% if salt['grains.get']('os_family') in ['Debian', 'RedHat'] %} +include: + - nginx.ng.pkg + - nginx.ng.service + +passenger_install: + pkg.installed: + - name: {{ nginx.lookup.passenger_package }} + - require: + - pkg: nginx_install + - require_in: + - service: nginx_service + +/etc/nginx/passenger.conf: + file.absent: + - require: + - pkg: passenger_install + +passenger_config: + file.managed: + {{ sls_block(nginx.server.opts) }} + - name: /etc/nginx/conf.d/passenger.conf + - source: salt://nginx/ng/files/nginx.conf + - template: jinja + - context: + config: {{ nginx.passenger|json() }} + - watch_in: + - service: nginx_service + - require_in: + - service: nginx_service + - require: + - file: /etc/nginx/passenger.conf + - pkg: passenger_install +{% endif %} diff --git a/nginx/ng/pkg.sls b/nginx/ng/pkg.sls index fe5f8ba..ab63560 100644 --- a/nginx/ng/pkg.sls +++ b/nginx/ng/pkg.sls @@ -3,6 +3,19 @@ # Manages installation of nginx from pkg. {% from 'nginx/ng/map.jinja' import nginx, sls_block with context %} +{%- if nginx.install_from_repo %} + {% set from_official = true %} + {% set from_ppa = false %} + {% set from_phusionpassenger = false %} +{% elif nginx.install_from_ppa %} + {% set from_official = false %} + {% set from_ppa = true %} + {% set from_phusionpassenger = false %} +{% elif nginx.install_from_phusionpassenger %} + {% set from_official = false %} + {% set from_ppa = false %} + {% set from_phusionpassenger = true %} +{%- endif %} nginx_install: pkg.installed: @@ -10,10 +23,13 @@ nginx_install: - name: {{ nginx.lookup.package }} {% if salt['grains.get']('os_family') == 'Debian' %} - {%- if nginx.install_from_repo %} -nginx-official-repo: +nginx_official_repo: pkgrepo: + {%- if from_official %} - managed + {%- else %} + - absent + {%- endif %} - humanname: nginx apt repo - name: deb http://nginx.org/packages/{{ grains['os'].lower() }}/ {{ grains['oscodename'] }} nginx - file: /etc/apt/sources.list.d/nginx-official-{{ grains['oscodename'] }}.list @@ -23,10 +39,10 @@ nginx-official-repo: - pkg: nginx_install - watch_in: - pkg: nginx_install - {%- else %} + nginx_ppa_repo: pkgrepo: - {%- if nginx.install_from_ppa %} + {%- if from_ppa %} - managed {%- else %} - absent @@ -42,13 +58,29 @@ nginx_ppa_repo: - pkg: nginx_install - watch_in: - pkg: nginx_install - {%- endif %} + +nginx_phusionpassenger_repo: + pkgrepo: + {%- if from_phusionpassenger %} + - managed + {%- else %} + - absent + {%- endif %} + - humanname: nginx phusionpassenger repo + - name: deb https://oss-binaries.phusionpassenger.com/apt/passenger {{ grains['oscodename'] }} main + - file: /etc/apt/sources.list.d/nginx-phusionpassenger-{{ grains['oscodename'] }}.list + - keyid: 561F9B9CAC40B2F7 + - keyserver: keyserver.ubuntu.com + - require_in: + - pkg: nginx_install + - watch_in: + - pkg: nginx_install {% endif %} {% if salt['grains.get']('os_family') == 'Suse' %} nginx_zypp_repo: pkgrepo: - {%- if nginx.install_from_repo %} + {%- if from_official %} - managed {%- else %} - absent @@ -68,11 +100,12 @@ nginx_zypp_repo: {% if salt['grains.get']('os_family') == 'RedHat' %} nginx_yum_repo: - {%- if nginx.install_from_repo %} - pkgrepo.managed: - {%- else %} - pkgrepo.absent: - {%- endif %} + pkgrepo: + {%- if from_official %} + - managed + {%- else %} + - absent + {%- endif %} - name: nginx - humanname: nginx repo {%- if salt['grains.get']('os') == 'CentOS' %} @@ -87,4 +120,25 @@ nginx_yum_repo: - pkg: nginx_install - watch_in: - pkg: nginx_install + +nginx_phusionpassenger_yum_repo: + pkgrepo: + {%- if from_phusionpassenger %} + - managed + {%- else %} + - absent + {%- endif %} + - name: passenger + - humanname: nginx phusionpassenger repo + - baseurl: 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch' + - repo_gpgcheck: 1 + - gpgcheck: 0 + - gpgkey: 'https://packagecloud.io/gpg.key' + - enabled: True + - sslverify: 1 + - sslcacert: /etc/pki/tls/certs/ca-bundle.crt + - require_in: + - pkg: nginx_install + - watch_in: + - pkg: nginx_install {% endif %} diff --git a/pillar.example b/pillar.example index 4399586..0f229f4 100644 --- a/pillar.example +++ b/pillar.example @@ -21,8 +21,19 @@ nginx: nginx: ng: + # The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided + # package will be installed. If one of the `install_from` option is set to `True`, the state will + # make sure the other two repos are removed. + + # Use the official's nginx repo binaries + install_from_repo: false + + # Use Phusionpassenger's repo to install nginx and passenger binaries + # Debian, Centos, Ubuntu and Redhat are currently available + install_from_phusionpassenger: false + # PPA install - install_from_ppa: True + install_from_ppa: false # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx ) ppa_version: 'stable' @@ -140,3 +151,12 @@ nginx: -----BEGIN RSA PRIVATE KEY----- (Your Private Key: www.example.com.key) -----END RSA PRIVATE KEY----- + + # Passenger configuration + # Default passenger configuration is provided, and will be deployed in + # /etc/nginx/conf.d/passenger.conf + passenger: + passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini + passenger_ruby: /usr/bin/ruby + passenger_instance_registry_dir: /var/run/passenger-instreg + From a656014934ed818bbf4945bedf6672c0d09af5c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20B=C3=A9rtoli?= Date: Sat, 24 Jun 2017 10:48:17 -0300 Subject: [PATCH 05/44] Update the README --- README.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.rst b/README.rst index b363633..2add944 100644 --- a/README.rst +++ b/README.rst @@ -98,3 +98,12 @@ and does not bind them to service calls. ------------------- Manages nginx virtual hosts files and binds them to service calls. + +``nginx.ng.passenger`` +---------------------- + +Installs and configures Phusion Passenger module for nginx. You need to enable +the upstream phusion passenger repository with `install_from_phusionpassenger: true`. +Nginx will also be installed from that repository, as it needs to be modified to +allow the passenger module to work. + From 0be21dff4c4fe37f337145d15bbd04ff30224d2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20B=C3=A9rtoli?= Date: Mon, 26 Jun 2017 13:10:44 -0300 Subject: [PATCH 06/44] Fix missing defaults when no `install_from_*` is set --- nginx/ng/pkg.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nginx/ng/pkg.sls b/nginx/ng/pkg.sls index ab63560..bd75b0e 100644 --- a/nginx/ng/pkg.sls +++ b/nginx/ng/pkg.sls @@ -15,6 +15,10 @@ {% set from_official = false %} {% set from_ppa = false %} {% set from_phusionpassenger = true %} +{% else %} + {% set from_official = false %} + {% set from_ppa = false %} + {% set from_phusionpassenger = false %} {%- endif %} nginx_install: From 57011ba3bf4f19105716eddbc1479620b3bb7f68 Mon Sep 17 00:00:00 2001 From: abednarik Date: Mon, 31 Jul 2017 15:51:58 -0300 Subject: [PATCH 07/44] Make certificates path configurable. --- nginx/ng/certificates.sls | 5 +++-- pillar.example | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/nginx/ng/certificates.sls b/nginx/ng/certificates.sls index db3e05a..8fdc54f 100644 --- a/nginx/ng/certificates.sls +++ b/nginx/ng/certificates.sls @@ -1,11 +1,12 @@ include: - nginx.ng.service +{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %} {%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %} nginx_{{ domain }}_ssl_certificate: file.managed: - - name: /etc/nginx/ssl/{{ domain }}.crt + - name: {{ certificates_path }}/{{ domain }}.crt - makedirs: True - contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert - watch_in: @@ -14,7 +15,7 @@ nginx_{{ domain }}_ssl_certificate: {% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %} nginx_{{ domain }}_ssl_key: file.managed: - - name: /etc/nginx/ssl/{{ domain }}.key + - name: {{ certificates_path }}/{{ domain }}.key - mode: 600 - makedirs: True - contents_pillar: nginx:ng:certificates:{{ domain }}:private_key diff --git a/pillar.example b/pillar.example index 0f229f4..3c63029 100644 --- a/pillar.example +++ b/pillar.example @@ -132,6 +132,7 @@ nginx: # } # } + certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path. # If you're doing SSL termination, you can deploy certificates this way. # The private one(s) should go in a separate pillar file not in version # control (or use encrypted pillar data). From 9ab4e3f41140eb8de5d8b959a7ae9a61a17dd9ad Mon Sep 17 00:00:00 2001 From: Tobias Macey Date: Mon, 19 Sep 2016 11:35:30 -0400 Subject: [PATCH 08/44] Added dhparam file creation In order to improve security and ease of use, added creation/generation of dhparam file. --- nginx/ng/certificates.sls | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/nginx/ng/certificates.sls b/nginx/ng/certificates.sls index 8fdc54f..ea74c28 100644 --- a/nginx/ng/certificates.sls +++ b/nginx/ng/certificates.sls @@ -2,6 +2,24 @@ include: - nginx.ng.service {% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %} + +{% if salt.pillar.get('nginx:ng:dh_contents') %} +create_nginx_dhparam_key: + file.managed: + - name: {{ certificates_path }}/dhparam.pem + - contents_pillar: nginx:ng:dh_contents + - makedirs: True +{% elif salt.pillar.get('nginx:ng:dh_keygen', False) %} +generate_nginx_dhparam_key: + file.directory: + - name: {{ certificates_path }} + - makedirs: True + cmd.run: + - name: openssl dhparam -out dhparam.pem {{ salt.pillar.get('nginx:ng:dh_keysize', 2048) }} + - cwd: {{ certificates_path }} + - creates: {{ certificates_path }}/dhparam.pem +{% endif %} + {%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %} nginx_{{ domain }}_ssl_certificate: From 19ab90ebb56440db09b70436c60421125dbc7cf8 Mon Sep 17 00:00:00 2001 From: Gilles Dartiguelongue Date: Thu, 4 May 2017 18:34:22 +0200 Subject: [PATCH 09/44] Add example for DH management --- pillar.example | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pillar.example b/pillar.example index 3c63029..61e6171 100644 --- a/pillar.example +++ b/pillar.example @@ -153,6 +153,14 @@ nginx: (Your Private Key: www.example.com.key) -----END RSA PRIVATE KEY----- + dh_contents: | + -----BEGIN DH PARAMETERS----- + (Your custom DH prime) + -----END DH PARAMETERS----- + # or to generate one on-the-fly + dh_keygen: true + dh_keysize: 2048 + # Passenger configuration # Default passenger configuration is provided, and will be deployed in # /etc/nginx/conf.d/passenger.conf @@ -160,4 +168,3 @@ nginx: passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini passenger_ruby: /usr/bin/ruby passenger_instance_registry_dir: /var/run/passenger-instreg - From db2db31300c967e1dba700ee57a6ea14764fbfb3 Mon Sep 17 00:00:00 2001 From: Gilles Dartiguelongue Date: Tue, 11 Jul 2017 11:31:17 +0200 Subject: [PATCH 10/44] Handle installation of openssl to generate DH param --- nginx/ng/certificates.sls | 4 ++++ nginx/ng/map.jinja | 8 +++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/nginx/ng/certificates.sls b/nginx/ng/certificates.sls index ea74c28..a9e2659 100644 --- a/nginx/ng/certificates.sls +++ b/nginx/ng/certificates.sls @@ -1,3 +1,5 @@ +{% from 'nginx/ng/map.jinja' import nginx with context %} + include: - nginx.ng.service @@ -11,6 +13,8 @@ create_nginx_dhparam_key: - makedirs: True {% elif salt.pillar.get('nginx:ng:dh_keygen', False) %} generate_nginx_dhparam_key: + pkg.installed: + - name: {{ nginx.lookup.openssl_package }} file.directory: - name: {{ certificates_path }} - makedirs: True diff --git a/nginx/ng/map.jinja b/nginx/ng/map.jinja index fc3c45d..e2f70d4 100644 --- a/nginx/ng/map.jinja +++ b/nginx/ng/map.jinja @@ -16,6 +16,7 @@ 'server_enabled': '/etc/nginx/sites-enabled', 'server_use_symlink': True, 'pid_file': '/run/nginx.pid', + 'openssl_package': 'openssl', }, 'CentOS': { 'package': 'nginx', @@ -30,6 +31,7 @@ 'rh_os_releasever': '$releasever', 'gpg_check': False, 'gpg_key': 'http://nginx.org/keys/nginx_signing.key', + 'openssl_package': 'openssl', }, 'RedHat': { 'package': 'nginx', @@ -49,6 +51,7 @@ 'passenger_instance_registry_dir': ' /var/run/passenger-instreg', 'passenger_ruby': '/usr/bin/ruby', }, + 'openssl_package': 'openssl', }, 'Suse': { 'package': 'nginx', @@ -60,7 +63,8 @@ 'server_use_symlink': False, 'pid_file': '/run/nginx.pid', 'gpg_check': True, - 'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_13.2/repodata/repomd.xml.key' + 'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_13.2/repodata/repomd.xml.key', + 'openssl_package': 'openssl', }, 'Arch': { 'package': 'nginx', @@ -70,6 +74,7 @@ 'server_available': '/etc/nginx/sites-available', 'server_enabled': '/etc/nginx/sites-enabled', 'server_use_symlink': True, + 'openssl_package': 'openssl', }, 'Gentoo': { 'package': 'www-servers/nginx', @@ -79,6 +84,7 @@ 'server_available': '/etc/nginx/sites-available', 'server_enabled': '/etc/nginx/sites-enabled', 'server_use_symlink': True, + 'openssl_package': 'dev-libs/openssl', }, }, default='Debian' ), 'install_from_source': False, From d2bc1e6d7c4e0dc0b50da8fa2b68eb71ec601f5f Mon Sep 17 00:00:00 2001 From: Gilles Dartiguelongue Date: Tue, 11 Jul 2017 12:19:47 +0200 Subject: [PATCH 11/44] Add support for specifying dh_param file name --- nginx/ng/certificates.sls | 20 +++++++++++--------- pillar.example | 15 ++++++++------- 2 files changed, 19 insertions(+), 16 deletions(-) diff --git a/nginx/ng/certificates.sls b/nginx/ng/certificates.sls index a9e2659..7bd01aa 100644 --- a/nginx/ng/certificates.sls +++ b/nginx/ng/certificates.sls @@ -5,24 +5,26 @@ include: {% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %} -{% if salt.pillar.get('nginx:ng:dh_contents') %} -create_nginx_dhparam_key: +{%- for dh_param, value in salt.pillar.get('nginx:ng:dh_param').items() %} +{%- if value is string %} +create_nginx_dhparam_{{ dh_param }}_key: file.managed: - - name: {{ certificates_path }}/dhparam.pem - - contents_pillar: nginx:ng:dh_contents + - name: {{ certificates_path }}/{{ dh_param }} + - contents_pillar: nginx:ng:dh_param:{{ dh_param }} - makedirs: True -{% elif salt.pillar.get('nginx:ng:dh_keygen', False) %} -generate_nginx_dhparam_key: +{%- else %} +generate_nginx_dhparam_{{ dh_param }}_key: pkg.installed: - name: {{ nginx.lookup.openssl_package }} file.directory: - name: {{ certificates_path }} - makedirs: True cmd.run: - - name: openssl dhparam -out dhparam.pem {{ salt.pillar.get('nginx:ng:dh_keysize', 2048) }} + - name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }} - cwd: {{ certificates_path }} - - creates: {{ certificates_path }}/dhparam.pem -{% endif %} + - creates: {{ certificates_path }}/{{ dh_param }} +{%- endif %} +{%- endfor %} {%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %} diff --git a/pillar.example b/pillar.example index 61e6171..c879065 100644 --- a/pillar.example +++ b/pillar.example @@ -153,13 +153,14 @@ nginx: (Your Private Key: www.example.com.key) -----END RSA PRIVATE KEY----- - dh_contents: | - -----BEGIN DH PARAMETERS----- - (Your custom DH prime) - -----END DH PARAMETERS----- - # or to generate one on-the-fly - dh_keygen: true - dh_keysize: 2048 + dh_param: + 'mydhparam1.pem': | + -----BEGIN DH PARAMETERS----- + (Your custom DH prime) + -----END DH PARAMETERS----- + # or to generate one on-the-fly + 'mydhparam2.pem': + keysize: 2048 # Passenger configuration # Default passenger configuration is provided, and will be deployed in From 43c4eca3bbdce189e715d2d5e8289fa0a74d4cf0 Mon Sep 17 00:00:00 2001 From: Gilles Dartiguelongue Date: Tue, 11 Jul 2017 11:44:40 +0200 Subject: [PATCH 12/44] Add missing dependency on nginx_service --- nginx/ng/certificates.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nginx/ng/certificates.sls b/nginx/ng/certificates.sls index 7bd01aa..dbc8cbd 100644 --- a/nginx/ng/certificates.sls +++ b/nginx/ng/certificates.sls @@ -12,6 +12,8 @@ create_nginx_dhparam_{{ dh_param }}_key: - name: {{ certificates_path }}/{{ dh_param }} - contents_pillar: nginx:ng:dh_param:{{ dh_param }} - makedirs: True + - watch_in: + - service: nginx_service {%- else %} generate_nginx_dhparam_{{ dh_param }}_key: pkg.installed: @@ -23,6 +25,8 @@ generate_nginx_dhparam_{{ dh_param }}_key: - name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }} - cwd: {{ certificates_path }} - creates: {{ certificates_path }}/{{ dh_param }} + - watch_in: + - service: nginx_service {%- endif %} {%- endfor %} From 6b09358838c9c10697bc402e1cfadf8aae0dd012 Mon Sep 17 00:00:00 2001 From: Noel McLoughlin Date: Thu, 24 Aug 2017 10:52:59 +0100 Subject: [PATCH 13/44] Fix for OpenSuse leap, salt 2016.3.4-84.13 --- nginx/ng/pkg.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/ng/pkg.sls b/nginx/ng/pkg.sls index bd75b0e..6407ef7 100644 --- a/nginx/ng/pkg.sls +++ b/nginx/ng/pkg.sls @@ -81,7 +81,7 @@ nginx_phusionpassenger_repo: - pkg: nginx_install {% endif %} -{% if salt['grains.get']('os_family') == 'Suse' %} +{% if salt['grains.get']('os_family') == 'Suse' or salt['grains.get']('os') == 'SUSE' %} nginx_zypp_repo: pkgrepo: {%- if from_official %} From 2e03d4c17d18cbc9c126c96fc05075dd90b8d6f7 Mon Sep 17 00:00:00 2001 From: Noel McLoughlin Date: Mon, 28 Aug 2017 16:20:58 +0100 Subject: [PATCH 14/44] Updated pillar.example file with installation learnings (OpenSUSE, Ubuntu, Fedora) --- pillar.example | 64 +++++++++++++++++++++++++++----------------------- 1 file changed, 35 insertions(+), 29 deletions(-) diff --git a/pillar.example b/pillar.example index 3c63029..0b69708 100644 --- a/pillar.example +++ b/pillar.example @@ -1,19 +1,19 @@ -nginx: - install_from_source: True - use_upstart: True - use_sysvinit: False - user_auth_enabled: True - with_luajit: False - with_openresty: True - repo_version: development # Must be using ppa install by setting `repo_source = ppa` - set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled - from_ips: - - 10.10.10.0/24 - real_ip_header: X-Forwarded-For - modules: - headers-more: - source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21 - source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b +# nginx: + # install_from_source: True + # use_upstart: True + # use_sysvinit: False + # user_auth_enabled: True + # with_luajit: False + # with_openresty: True + # repo_version: development # Must be using ppa install by setting `repo_source = ppa` + # set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled + # from_ips: + # - 10.10.10.0/24 + # real_ip_header: X-Forwarded-For + # modules: + # headers-more: + # source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21 + # source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b # ======== # nginx.ng @@ -43,17 +43,19 @@ nginx: # These are usually set by grains in map.jinja lookup: - package: nginx-custom - service: nginx - webuser: www-data - conf_file: /etc/nginx/nginx.conf - server_available: /etc/nginx/sites-available - server_enabled: /etc/nginx/sites-enabled - server_use_symlink: True + # package: nginx-custom + # service: nginx + # webuser: www-data + # conf_file: /etc/nginx/nginx.conf + # server_available: /etc/nginx/sites-available + # server_enabled: /etc/nginx/sites-enabled + # server_use_symlink: True # This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever - rh_os_releasever: '6' + # rh_os_releasever: '6' # Currently it can be used on rhel/centos/suse when installing from repo - gpg_check: True + # gpg_check: True + pid_file: /var/run/nginx.pid ### Prevent Rendering SLS error (map.jinja:149) if nginx.server.config.pid undefined (Ubuntu, etc) ### + # Source compilation is not currently a part of nginx.ng from_source: False @@ -75,12 +77,13 @@ nginx: # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values config: worker_processes: 4 - pid: /run/nginx.pid + pid: /var/run/nginx.pid ### Directory location must exist events: worker_connections: 768 http: sendfile: 'on' include: + #### Note: Syntax issues in these files generate nginx [emerg] errors on startup. #### - /etc/nginx/mime.types - /etc/nginx/conf.d/*.conf - /etc/nginx/sites-enabled/* @@ -97,10 +100,13 @@ nginx: managed: mysite: # relative pathname of the server file # may be True, False, or None where True is enabled, False, disabled, and None indicates no action - available_dir: /tmp/sites-available # an alternate directory (not sites-available) where this server may be found - enabled_dir: /tmp/sites-enabled # an alternate directory (not sites-enabled) where this server may be found - disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking enabled: True + ########### + ## PLEASE MODIFY 'available_dir' AND 'enabled_dir' VALUES TO ALTERNATIVE VALUES ## + ########### + available_dir: /etc/nginx/sites-available # an alternate directory (not sites-available) where this server may be found + enabled_dir: /etc/nginx/sites-enabled # an alternate directory (not sites-enabled) where this server may be found + disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking overwrite: True # overwrite an existing server file or not # May be a list of config options or None, if None, no server file will be managed/templated From 433bda5671995493d183ba601f5e6c1e19758d5b Mon Sep 17 00:00:00 2001 From: Noel McLoughlin Date: Tue, 29 Aug 2017 14:34:25 +0100 Subject: [PATCH 15/44] Additional explanatory comments for pillar.example --- pillar.example | 51 +++++++++++++++++++++++++------------------------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/pillar.example b/pillar.example index 0b69708..661b09b 100644 --- a/pillar.example +++ b/pillar.example @@ -1,19 +1,19 @@ # nginx: - # install_from_source: True - # use_upstart: True - # use_sysvinit: False - # user_auth_enabled: True - # with_luajit: False - # with_openresty: True - # repo_version: development # Must be using ppa install by setting `repo_source = ppa` - # set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled - # from_ips: - # - 10.10.10.0/24 - # real_ip_header: X-Forwarded-For - # modules: - # headers-more: - # source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21 - # source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b + install_from_source: True + use_upstart: True + use_sysvinit: False + user_auth_enabled: True + with_luajit: False + with_openresty: True + repo_version: development # Must be using ppa install by setting `repo_source = ppa` + set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled + from_ips: + - 10.10.10.0/24 + real_ip_header: X-Forwarded-For + modules: + headers-more: + source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21 + source_hash: sha1=dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b # ======== # nginx.ng @@ -42,18 +42,19 @@ nginx: source_hash: '' # These are usually set by grains in map.jinja + # Typically you can comment these out. lookup: - # package: nginx-custom - # service: nginx - # webuser: www-data - # conf_file: /etc/nginx/nginx.conf - # server_available: /etc/nginx/sites-available - # server_enabled: /etc/nginx/sites-enabled - # server_use_symlink: True + package: nginx-custom + service: nginx + webuser: www-data + conf_file: /etc/nginx/nginx.conf + server_available: /etc/nginx/sites-available + server_enabled: /etc/nginx/sites-enabled + server_use_symlink: True # This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever - # rh_os_releasever: '6' + rh_os_releasever: '6' # Currently it can be used on rhel/centos/suse when installing from repo - # gpg_check: True + gpg_check: True pid_file: /var/run/nginx.pid ### Prevent Rendering SLS error (map.jinja:149) if nginx.server.config.pid undefined (Ubuntu, etc) ### @@ -102,7 +103,7 @@ nginx: # may be True, False, or None where True is enabled, False, disabled, and None indicates no action enabled: True ########### - ## PLEASE MODIFY 'available_dir' AND 'enabled_dir' VALUES TO ALTERNATIVE VALUES ## + ## Modify 'available_dir' AND 'enabled_dir' '/etc/nginx' location to alternative value. ########### available_dir: /etc/nginx/sites-available # an alternate directory (not sites-available) where this server may be found enabled_dir: /etc/nginx/sites-enabled # an alternate directory (not sites-enabled) where this server may be found From 1f697b9d6bbad30538e0456df9e06683540b0b4e Mon Sep 17 00:00:00 2001 From: David Seira Date: Wed, 30 Aug 2017 19:48:44 +0200 Subject: [PATCH 16/44] New feature - Enable the uploading of the config file (nginx.conf and sites) instead of templating those file --- nginx/ng/config.sls | 9 ++++++++- nginx/ng/servers_config.sls | 9 ++++++++- pillar.example | 9 +++++++++ 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/nginx/ng/config.sls b/nginx/ng/config.sls index 4d2ed1d..c27ac69 100644 --- a/nginx/ng/config.sls +++ b/nginx/ng/config.sls @@ -12,11 +12,18 @@ nginx_log_dir: - group: {{ nginx.server.config.user }} {% endif %} +{% if 'source' in nginx.server.config %} +{% set source_path = nginx.server.config.source %} +{% else %} +{% set source_path = 'salt://nginx/ng/files/nginx.conf' %} +{% endif %} nginx_config: file.managed: {{ sls_block(nginx.server.opts) }} - name: {{ nginx.lookup.conf_file }} - - source: salt://nginx/ng/files/nginx.conf + - source: {{ source_path }} - template: jinja +{% if 'source' not in nginx.server.config %} - context: config: {{ nginx.server.config|json() }} +{% endif %} diff --git a/nginx/ng/servers_config.sls b/nginx/ng/servers_config.sls index 75cf529..0162c5d 100644 --- a/nginx/ng/servers_config.sls +++ b/nginx/ng/servers_config.sls @@ -85,15 +85,22 @@ nginx_server_available_dir: # Managed enabled/disabled state for servers {% for server, settings in nginx.servers.managed.items() %} {% if settings.config != None %} +{% if 'source' in settings.config %} +{% set source_path = settings.config.source %} +{% else %} +{% set source_path = 'salt://nginx/ng/files/server.conf' %} +{% endif %} {% set conf_state_id = 'server_conf_' ~ loop.index0 %} {{ conf_state_id }}: file.managed: {{ sls_block(nginx.servers.managed_opts) }} - name: {{ server_curpath(server) }} - - source: salt://nginx/ng/files/server.conf + - source: {{ source_path }} - template: jinja +{% if 'source' not in settings.config %} - context: config: {{ settings.config|json() }} +{% endif %} {% if 'overwrite' in settings and settings.overwrite == False %} - unless: - test -e {{ server_curpath(server) }} diff --git a/pillar.example b/pillar.example index 661b09b..cc6708a 100644 --- a/pillar.example +++ b/pillar.example @@ -77,6 +77,9 @@ nginx: # nginx.conf (main server) declarations # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values config: + source: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with the rest of the + # options; if it is found other options (worker_processes: 4 and so + # on) are not processed and just upload the file from source worker_processes: 4 pid: /var/run/nginx.pid ### Directory location must exist events: @@ -138,6 +141,12 @@ nginx: # test something else; # } # } + mysite2: # Using source options to upload the file instead of templating all the file + enabled: True + available_dir: /etc/nginx/sites-available + enabled_dir: /etc/nginx/sites-enabled + config: + source: salt://path-to-site-file/mysite2 certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path. # If you're doing SSL termination, you can deploy certificates this way. From bc7f8f4970bed754f7127cb75c66bc99c6751c08 Mon Sep 17 00:00:00 2001 From: David Seira Date: Thu, 31 Aug 2017 13:19:46 +0200 Subject: [PATCH 17/44] Replace source for source_path variable name --- nginx/ng/servers_config.sls | 6 +++--- pillar.example | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/nginx/ng/servers_config.sls b/nginx/ng/servers_config.sls index 0162c5d..041e1db 100644 --- a/nginx/ng/servers_config.sls +++ b/nginx/ng/servers_config.sls @@ -85,8 +85,8 @@ nginx_server_available_dir: # Managed enabled/disabled state for servers {% for server, settings in nginx.servers.managed.items() %} {% if settings.config != None %} -{% if 'source' in settings.config %} -{% set source_path = settings.config.source %} +{% if 'source_path' in settings.config %} +{% set source_path = settings.config.source_path %} {% else %} {% set source_path = 'salt://nginx/ng/files/server.conf' %} {% endif %} @@ -97,7 +97,7 @@ nginx_server_available_dir: - name: {{ server_curpath(server) }} - source: {{ source_path }} - template: jinja -{% if 'source' not in settings.config %} +{% if 'source_path' not in settings.config %} - context: config: {{ settings.config|json() }} {% endif %} diff --git a/pillar.example b/pillar.example index cc6708a..3debc2a 100644 --- a/pillar.example +++ b/pillar.example @@ -77,7 +77,7 @@ nginx: # nginx.conf (main server) declarations # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values config: - source: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with the rest of the + source_path: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with the rest of the # options; if it is found other options (worker_processes: 4 and so # on) are not processed and just upload the file from source worker_processes: 4 @@ -141,12 +141,12 @@ nginx: # test something else; # } # } - mysite2: # Using source options to upload the file instead of templating all the file + mysite2: # Using source_path options to upload the file instead of templating all the file enabled: True available_dir: /etc/nginx/sites-available enabled_dir: /etc/nginx/sites-enabled config: - source: salt://path-to-site-file/mysite2 + source_path: salt://path-to-site-file/mysite2 certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path. # If you're doing SSL termination, you can deploy certificates this way. From 8c0259c593bc0607f523a97b2c45d857f1e0fc69 Mon Sep 17 00:00:00 2001 From: David Seira Date: Thu, 31 Aug 2017 13:22:55 +0200 Subject: [PATCH 18/44] Replace source for source_path variable name in nginx.conf file --- nginx/ng/config.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/ng/config.sls b/nginx/ng/config.sls index c27ac69..c7f1c40 100644 --- a/nginx/ng/config.sls +++ b/nginx/ng/config.sls @@ -12,7 +12,7 @@ nginx_log_dir: - group: {{ nginx.server.config.user }} {% endif %} -{% if 'source' in nginx.server.config %} +{% if 'source_path' in nginx.server.config %} {% set source_path = nginx.server.config.source %} {% else %} {% set source_path = 'salt://nginx/ng/files/nginx.conf' %} @@ -23,7 +23,7 @@ nginx_config: - name: {{ nginx.lookup.conf_file }} - source: {{ source_path }} - template: jinja -{% if 'source' not in nginx.server.config %} +{% if 'source_path' not in nginx.server.config %} - context: config: {{ nginx.server.config|json() }} {% endif %} From 60b5c732d76e337083a79c698ad3b5a17872b635 Mon Sep 17 00:00:00 2001 From: David Seira Date: Thu, 31 Aug 2017 13:36:10 +0200 Subject: [PATCH 19/44] Fix in config.sls with the new naming for source_path --- nginx/ng/config.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/ng/config.sls b/nginx/ng/config.sls index c7f1c40..0bca27a 100644 --- a/nginx/ng/config.sls +++ b/nginx/ng/config.sls @@ -13,7 +13,7 @@ nginx_log_dir: {% endif %} {% if 'source_path' in nginx.server.config %} -{% set source_path = nginx.server.config.source %} +{% set source_path = nginx.server.config.source_path %} {% else %} {% set source_path = 'salt://nginx/ng/files/nginx.conf' %} {% endif %} From f7fb8e3925736e8f2863bfa9ad94524f9e4c23d4 Mon Sep 17 00:00:00 2001 From: james pinkster Date: Fri, 1 Sep 2017 15:43:42 +1000 Subject: [PATCH 20/44] update README, closes #121 --- README.rst | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 2add944..34b87ec 100644 --- a/README.rst +++ b/README.rst @@ -73,10 +73,15 @@ Meta-state for inclusion of all ng states. **Note:** nginx.ng requires the merge parameter of salt.modules.pillar.get(), first available in the Helium release. -``nginx.ng.install`` +``nginx.ng.pkg`` -------------------- -Installs the nginx package. +Installs nginx from package, from the distribution repositories, the official nginx repo or the ppa from Launchpad. + +``nginx.ng.src`` +-------------------- + +Builds and installs nginx from source. ``nginx.ng.config`` ------------------- From f50c7e27e1767e3e5755311ac458e81987101de7 Mon Sep 17 00:00:00 2001 From: David Seira Date: Fri, 1 Sep 2017 11:23:15 +0200 Subject: [PATCH 21/44] New Feature - Added deleted option to be able to remove site files (clean up sites folder) Improvement - Disable reload of nginx when enabled=False (previously the nginx was always reloaded if settings.config != None; even with enabled=False) --- nginx/ng/servers_config.sls | 32 +++++++++++++++++++++++++++----- pillar.example | 4 ++++ 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/nginx/ng/servers_config.sls b/nginx/ng/servers_config.sls index 041e1db..c22761c 100644 --- a/nginx/ng/servers_config.sls +++ b/nginx/ng/servers_config.sls @@ -37,7 +37,7 @@ {%- endmacro %} # Creates the sls block that manages symlinking / renaming servers -{% macro manage_status(server, state) -%} +{% macro manage_status(server, state, deleted) -%} {%- set anti_state = {True:False, False:True}.get(state) -%} {% if state == True %} {%- if nginx.lookup.server_use_symlink %} @@ -46,20 +46,30 @@ - name: {{ server_path(server, state) }} - target: {{ server_path(server, anti_state) }} {%- else %} + {%- if deleted == True %} + file.absent: + - name: {{ server_path(server, state) }} + {%- else %} file.rename: {{ sls_block(nginx.servers.rename_opts) }} - name: {{ server_path(server, state) }} - source: {{ server_path(server, anti_state) }} + {%- endif %} {%- endif %} {%- elif state == False %} {%- if nginx.lookup.server_use_symlink %} file.absent: - name: {{ server_path(server, anti_state) }} {%- else %} + {%- if deleted == True %} + file.absent: + - name: {{ server_path(server, state) }} + {%- else %} file.rename: {{ sls_block(nginx.servers.rename_opts) }} - name: {{ server_path(server, state) }} - source: {{ server_path(server, anti_state) }} + {%- endif %} {%- endif -%} {%- endif -%} {%- endmacro %} @@ -84,13 +94,18 @@ nginx_server_available_dir: # Managed enabled/disabled state for servers {% for server, settings in nginx.servers.managed.items() %} -{% if settings.config != None %} +{% set conf_state_id = 'server_conf_' ~ loop.index0 %} +{% if 'deleted' in settings and settings.deleted %} +{{ conf_state_id }}: + file.absent: + - name: {{ server_curpath(server) }} +{% else %} +{% if settings.config != None and settings.enabled == True %} {% if 'source_path' in settings.config %} {% set source_path = settings.config.source_path %} {% else %} {% set source_path = 'salt://nginx/ng/files/server.conf' %} {% endif %} -{% set conf_state_id = 'server_conf_' ~ loop.index0 %} {{ conf_state_id }}: file.managed: {{ sls_block(nginx.servers.managed_opts) }} @@ -107,16 +122,23 @@ nginx_server_available_dir: {% endif %} {% do server_states.append(conf_state_id) %} {% endif %} +{% endif %} {% if settings.enabled != None %} {% set status_state_id = 'server_state_' ~ loop.index0 %} {{ status_state_id }}: -{{ manage_status(server, settings.enabled) }} -{% if settings.config != None %} +{% if 'deleted' in settings and settings.deleted %} +{{ manage_status(server, False, True) }} +{% else %} +{{ manage_status(server, settings.enabled, False) }} +{% endif %} +{% if settings.config != None and settings.enabled == True %} - require: - file: {{ conf_state_id }} {% endif %} +{% if 'deleted' not in settings or ( 'deleted' in settings and settings.deleted == False ) %} {% do server_states.append(status_state_id) %} {% endif %} +{% endif %} {% endfor %} diff --git a/pillar.example b/pillar.example index 3debc2a..7786849 100644 --- a/pillar.example +++ b/pillar.example @@ -105,6 +105,10 @@ nginx: mysite: # relative pathname of the server file # may be True, False, or None where True is enabled, False, disabled, and None indicates no action enabled: True + # Remove the site config file. Nice to clean up the conf.d (or sites-available). + # It also remove the symlink (if it is exists). + # The site MUST be disabled before delete it (if not the nginx is not reloaded). + deleted: True ########### ## Modify 'available_dir' AND 'enabled_dir' '/etc/nginx' location to alternative value. ########### From 7e259ebdd4f1d059f371e28848728e724dcb6e96 Mon Sep 17 00:00:00 2001 From: Andres Montalban Date: Tue, 12 Dec 2017 17:08:06 -0300 Subject: [PATCH 22/44] Add support for FreeBSD --- nginx/ng/map.jinja | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/nginx/ng/map.jinja b/nginx/ng/map.jinja index fc3c45d..e0665ec 100644 --- a/nginx/ng/map.jinja +++ b/nginx/ng/map.jinja @@ -80,6 +80,17 @@ 'server_enabled': '/etc/nginx/sites-enabled', 'server_use_symlink': True, }, + 'FreeBSD': { + 'package': 'nginx', + 'passenger_package': 'passenger', + 'service': 'nginx', + 'webuser': 'www', + 'conf_file': '/usr/local/etc/nginx/nginx.conf', + 'server_available': '/usr/local/etc/nginx/sites-available', + 'server_enabled': '/usr/local/etc/nginx/sites-enabled', + 'server_use_symlink': True, + 'pid_file': '/var/run/nginx.pid', + }, }, default='Debian' ), 'install_from_source': False, 'install_from_ppa': False, @@ -117,9 +128,9 @@ 'gzip': 'off', 'gzip_disable': '"msie6"', 'include': [ - '/etc/nginx/mime.types', - '/etc/nginx/conf.d/*.conf', - '/etc/nginx/sites-enabled/*', + 'mime.types', + 'conf.d/*.conf', + 'sites-enabled/*', ], }, }, From 73899178fc7173e1ba5af86f657626b1b376e341 Mon Sep 17 00:00:00 2001 From: Andres Montalban Date: Tue, 12 Dec 2017 17:10:51 -0300 Subject: [PATCH 23/44] Remove trailing spaces --- README.rst | 12 ++++++------ nginx/ng/config.sls | 4 ++-- nginx/ng/service.sls | 4 ++-- nginx/openresty.sls | 4 ++-- nginx/package.sls | 2 +- nginx/source.sls | 2 +- nginx/templates/upstart.jinja | 12 ++++++------ pillar.example | 20 ++++++++++---------- 8 files changed, 30 insertions(+), 30 deletions(-) diff --git a/README.rst b/README.rst index 34b87ec..2f61b7d 100644 --- a/README.rst +++ b/README.rst @@ -49,10 +49,10 @@ Installs nginx via the source files. ``nginx.users`` --------------- -Installs apache utils, and configures nginx users specified in the pillar. -This requires `basicauth `_ -from `salt-contrib `_ (either add it to your salt or ship -this single file in your `_modules` directory see `Dynamic Module Distribution +Installs apache utils, and configures nginx users specified in the pillar. +This requires `basicauth `_ +from `salt-contrib `_ (either add it to your salt or ship +this single file in your `_modules` directory see `Dynamic Module Distribution `_ Next-generation, alternate approach @@ -108,7 +108,7 @@ Manages nginx virtual hosts files and binds them to service calls. ---------------------- Installs and configures Phusion Passenger module for nginx. You need to enable -the upstream phusion passenger repository with `install_from_phusionpassenger: true`. +the upstream phusion passenger repository with `install_from_phusionpassenger: true`. Nginx will also be installed from that repository, as it needs to be modified to -allow the passenger module to work. +allow the passenger module to work. diff --git a/nginx/ng/config.sls b/nginx/ng/config.sls index 0bca27a..1944101 100644 --- a/nginx/ng/config.sls +++ b/nginx/ng/config.sls @@ -14,8 +14,8 @@ nginx_log_dir: {% if 'source_path' in nginx.server.config %} {% set source_path = nginx.server.config.source_path %} -{% else %} -{% set source_path = 'salt://nginx/ng/files/nginx.conf' %} +{% else %} +{% set source_path = 'salt://nginx/ng/files/nginx.conf' %} {% endif %} nginx_config: file.managed: diff --git a/nginx/ng/service.sls b/nginx/ng/service.sls index 2cc51c6..59fe80f 100644 --- a/nginx/ng/service.sls +++ b/nginx/ng/service.sls @@ -17,8 +17,8 @@ nginx_systemd_service_file: file.managed: - name: /lib/systemd/system/nginx.service - source: salt://nginx/ng/files/nginx.service -{% endif %} - +{% endif %} + nginx_service: service.{{ service_function }}: {{ sls_block(nginx.service.opts) }} diff --git a/nginx/openresty.sls b/nginx/openresty.sls index fc51a17..23764df 100644 --- a/nginx/openresty.sls +++ b/nginx/openresty.sls @@ -21,10 +21,10 @@ get-openresty: install_openresty: cmd.wait: - cwd: {{ home }}/ngx_openresty-{{ openresty_version }} - - names: + - names: - ./configure --with-luajit \ --with-http_drizzle_module \ - --with-http_postgres_module \ + --with-http_postgres_module \ --with-http_iconv_module - make && make install - watch: diff --git a/nginx/package.sls b/nginx/package.sls index 3a765e5..3229ae2 100644 --- a/nginx/package.sls +++ b/nginx/package.sls @@ -102,7 +102,7 @@ nginx: - require: - pkg: nginx - file: nginx-old-init - - module: nginx-old-init + - module: nginx-old-init {% endif %} service.running: - enable: True diff --git a/nginx/source.sls b/nginx/source.sls index 3d13f48..5af016b 100644 --- a/nginx/source.sls +++ b/nginx/source.sls @@ -216,7 +216,7 @@ nginx: {% if use_sysvinit %} - watch_in: {% set logger_types = ('access', 'error') %} - {% for log_type in logger_types %} + {% for log_type in logger_types %} - service: nginx-logger-{{ log_type }} {% endfor %} {% endif %} diff --git a/nginx/templates/upstart.jinja b/nginx/templates/upstart.jinja index a67fdd3..64bab02 100644 --- a/nginx/templates/upstart.jinja +++ b/nginx/templates/upstart.jinja @@ -1,23 +1,23 @@ # nginx - + description "nginx http daemon" author "George Shammas " - + start on (runlevel [345] and started network) stop on (runlevel [!345] or stopping network) - + env DAEMON=/usr/sbin/nginx - + expect fork respawn respawn limit 10 5 #oom never - + pre-start script $DAEMON -t if [ $? -ne 0 ] then exit $? fi end script - + exec $DAEMON diff --git a/pillar.example b/pillar.example index 7786849..1716034 100644 --- a/pillar.example +++ b/pillar.example @@ -40,7 +40,7 @@ nginx: # Source install source_version: '1.10.0' source_hash: '' - + # These are usually set by grains in map.jinja # Typically you can comment these out. lookup: @@ -56,7 +56,7 @@ nginx: # Currently it can be used on rhel/centos/suse when installing from repo gpg_check: True pid_file: /var/run/nginx.pid ### Prevent Rendering SLS error (map.jinja:149) if nginx.server.config.pid undefined (Ubuntu, etc) ### - + # Source compilation is not currently a part of nginx.ng from_source: False @@ -76,9 +76,9 @@ nginx: # nginx.conf (main server) declarations # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values - config: + config: source_path: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with the rest of the - # options; if it is found other options (worker_processes: 4 and so + # options; if it is found other options (worker_processes: 4 and so # on) are not processed and just upload the file from source worker_processes: 4 pid: /var/run/nginx.pid ### Directory location must exist @@ -108,22 +108,22 @@ nginx: # Remove the site config file. Nice to clean up the conf.d (or sites-available). # It also remove the symlink (if it is exists). # The site MUST be disabled before delete it (if not the nginx is not reloaded). - deleted: True - ########### + deleted: True + ########### ## Modify 'available_dir' AND 'enabled_dir' '/etc/nginx' location to alternative value. ########### available_dir: /etc/nginx/sites-available # an alternate directory (not sites-available) where this server may be found enabled_dir: /etc/nginx/sites-enabled # an alternate directory (not sites-enabled) where this server may be found disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking overwrite: True # overwrite an existing server file or not - + # May be a list of config options or None, if None, no server file will be managed/templated # Take server directives as lists of dictionaries. If the dictionary value is another list of # dictionaries a block {} will be started with the dictionary key name config: - server: - server_name: localhost - - listen: + - listen: - 80 - default_server - index: @@ -134,7 +134,7 @@ nginx: - $uri - $uri/ =404 - test: something else - + # The above outputs: # server { # server_name localhost; @@ -144,7 +144,7 @@ nginx: # try_files $uri $uri/ =404; # test something else; # } - # } + # } mysite2: # Using source_path options to upload the file instead of templating all the file enabled: True available_dir: /etc/nginx/sites-available From 19d0102c2ea69e6419a196250036f33590277fab Mon Sep 17 00:00:00 2001 From: Matt M Date: Wed, 20 Dec 2017 22:31:49 -0500 Subject: [PATCH 24/44] Ensure that pillar.get on nginx:ng:dhparam has a sane default value if dhparam isn't defined in the pillar. --- nginx/ng/certificates.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/ng/certificates.sls b/nginx/ng/certificates.sls index dbc8cbd..17e2060 100644 --- a/nginx/ng/certificates.sls +++ b/nginx/ng/certificates.sls @@ -5,7 +5,7 @@ include: {% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %} -{%- for dh_param, value in salt.pillar.get('nginx:ng:dh_param').items() %} +{%- for dh_param, value in salt['pillar.get']('nginx:ng:dh_param', {}).items() %} {%- if value is string %} create_nginx_dhparam_{{ dh_param }}_key: file.managed: From ac90a9f07b0029b8f3b996ad92185c94806dc068 Mon Sep 17 00:00:00 2001 From: Andres Montalban Date: Thu, 21 Dec 2017 16:48:00 -0300 Subject: [PATCH 25/44] Fix for saltstack-formulas/nginx-formula/#172 --- nginx/ng/servers_config.sls | 4 ++++ pillar.example | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/nginx/ng/servers_config.sls b/nginx/ng/servers_config.sls index c22761c..8faddb9 100644 --- a/nginx/ng/servers_config.sls +++ b/nginx/ng/servers_config.sls @@ -126,6 +126,9 @@ nginx_server_available_dir: {% if settings.enabled != None %} {% set status_state_id = 'server_state_' ~ loop.index0 %} +{%- set enabled_dir = path_join(server, nginx.servers.managed.get(server).get('enabled_dir', nginx.lookup.server_enabled)) -%} +{%- set available_dir = path_join(server, nginx.servers.managed.get(server).get('available_dir', nginx.lookup.server_available)) -%} +{%- if enabled_dir != available_dir %} {{ status_state_id }}: {% if 'deleted' in settings and settings.deleted %} {{ manage_status(server, False, True) }} @@ -140,5 +143,6 @@ nginx_server_available_dir: {% if 'deleted' not in settings or ( 'deleted' in settings and settings.deleted == False ) %} {% do server_states.append(status_state_id) %} {% endif %} +{%- endif %} {# enabled != available_dir #} {% endif %} {% endfor %} diff --git a/pillar.example b/pillar.example index fd35817..b728869 100644 --- a/pillar.example +++ b/pillar.example @@ -152,6 +152,25 @@ nginx: config: source_path: salt://path-to-site-file/mysite2 + # Below configuration becomes handy if you want to create custom configuration files + # for example if you want to create /usr/local/etc/nginx/http_options.conf with + # the following content: + + # sendfile on; + # tcp_nopush on; + # tcp_nodelay on; + # send_iowait 12000; + + http_options.conf: + enabled: True + available_dir: /usr/local/etc/nginx + enabled_dir: /usr/local/etc/nginx + config: + - sendfile: 'on' + - tcp_nopush: 'on' + - tcp_nodelay: 'on' + - send_iowait: 12000 + certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path. # If you're doing SSL termination, you can deploy certificates this way. # The private one(s) should go in a separate pillar file not in version From f3ef626ec4847e00429eb684baeb94f2f91ffbf8 Mon Sep 17 00:00:00 2001 From: Arthur Lutz Date: Wed, 24 Jan 2018 16:44:51 +0100 Subject: [PATCH 26/44] [users.sls] touch /etc/nginx/.htpasswd --- nginx/users.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nginx/users.sls b/nginx/users.sls index 34a6672..83ca4e1 100644 --- a/nginx/users.sls +++ b/nginx/users.sls @@ -5,6 +5,10 @@ htpasswd: pkg.installed: - name: {{ nginx.apache_utils }} +touch /etc/nginx/.htpasswd: + cmd.run: + - creates: /etc/nginx/.htpasswd + make sure {{ htauth }} exists: file.exists: - name: {{ htauth }} From 78ddf90f5b188942bc1aab3ffd7ed905fe7d79e7 Mon Sep 17 00:00:00 2001 From: Arthur Lutz Date: Wed, 24 Jan 2018 16:56:43 +0100 Subject: [PATCH 27/44] [users] use {{ htauth }} variable --- nginx/users.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/users.sls b/nginx/users.sls index 83ca4e1..8f3a65e 100644 --- a/nginx/users.sls +++ b/nginx/users.sls @@ -5,9 +5,9 @@ htpasswd: pkg.installed: - name: {{ nginx.apache_utils }} -touch /etc/nginx/.htpasswd: +touch {{ htauth }}: cmd.run: - - creates: /etc/nginx/.htpasswd + - creates: {{ htauth }} make sure {{ htauth }} exists: file.exists: From 159f4da4d058d4a9aa9b579e3be22cfab23ffb17 Mon Sep 17 00:00:00 2001 From: Arthur Lutz Date: Fri, 26 Jan 2018 15:37:34 +0100 Subject: [PATCH 28/44] [README] include nginx.ng.certifcates --- README.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.rst b/README.rst index 2f61b7d..cf15a6b 100644 --- a/README.rst +++ b/README.rst @@ -83,6 +83,11 @@ Installs nginx from package, from the distribution repositories, the official ng Builds and installs nginx from source. +``nginx.ng.certificates`` +------------------- + +Manages the deployment of nginx certificates. + ``nginx.ng.config`` ------------------- From c5c10478650a6bbc8b91573544babd7e66b97f18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20B=C3=A9rtoli?= Date: Tue, 13 Feb 2018 21:27:15 -0300 Subject: [PATCH 29/44] Allow to specify a different passenger config file in nginx.ng --- nginx/ng/map.jinja | 3 +++ nginx/ng/passenger.sls | 2 +- pillar.example | 4 ++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/nginx/ng/map.jinja b/nginx/ng/map.jinja index c166877..c5bb973 100644 --- a/nginx/ng/map.jinja +++ b/nginx/ng/map.jinja @@ -9,6 +9,7 @@ 'Debian': { 'package': 'nginx', 'passenger_package': 'passenger', + 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf', 'service': 'nginx', 'webuser': 'www-data', 'conf_file': '/etc/nginx/nginx.conf', @@ -21,6 +22,7 @@ 'CentOS': { 'package': 'nginx', 'passenger_package': 'passenger', + 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf', 'service': 'nginx', 'webuser': 'nginx', 'conf_file': '/etc/nginx/nginx.conf', @@ -36,6 +38,7 @@ 'RedHat': { 'package': 'nginx', 'passenger_package': 'passenger', + 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf', 'service': 'nginx', 'webuser': 'nginx', 'conf_file': '/etc/nginx/nginx.conf', diff --git a/nginx/ng/passenger.sls b/nginx/ng/passenger.sls index 6b03430..220056b 100644 --- a/nginx/ng/passenger.sls +++ b/nginx/ng/passenger.sls @@ -26,7 +26,7 @@ passenger_install: passenger_config: file.managed: {{ sls_block(nginx.server.opts) }} - - name: /etc/nginx/conf.d/passenger.conf + - name: {{ nginx.lookup.passenger_config_file }} - source: salt://nginx/ng/files/nginx.conf - template: jinja - context: diff --git a/pillar.example b/pillar.example index b728869..a91ad14 100644 --- a/pillar.example +++ b/pillar.example @@ -51,6 +51,10 @@ nginx: server_available: /etc/nginx/sites-available server_enabled: /etc/nginx/sites-enabled server_use_symlink: True + # If you install nginx+passenger from phusionpassenger in Debian, these values will probably be needed + passenger_package: libnginx-mod-http-passenger + passenger_config_file: /etc/nginx/conf.d/mod-http-passenger.conf + # This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever rh_os_releasever: '6' # Currently it can be used on rhel/centos/suse when installing from repo From 73b7acea44dac937dc2ebf542ef9654863dabdb3 Mon Sep 17 00:00:00 2001 From: Megan Date: Sat, 17 Mar 2018 15:25:25 -0500 Subject: [PATCH 30/44] implement test harness --- .gitignore | 10 +++ .travis.yml | 24 ++++++ Makefile | 80 +++++++++++++++++++ README.rst | 45 +++++++++++ tests/pytests/apply-all-tests/__init__.py | 0 .../apply-all-tests/test_000_apply_state.py | 23 ++++++ tests/srv/salt/top.sls | 3 + tools/filltmpl.py | 27 +++++++ tools/run-tests.sh | 21 +++++ tools/templates/Dockerfile.j2 | 14 ++++ 10 files changed, 247 insertions(+) create mode 100644 .travis.yml create mode 100644 Makefile create mode 100644 tests/pytests/apply-all-tests/__init__.py create mode 100644 tests/pytests/apply-all-tests/test_000_apply_state.py create mode 100644 tests/srv/salt/top.sls create mode 100644 tools/filltmpl.py create mode 100755 tools/run-tests.sh create mode 100644 tools/templates/Dockerfile.j2 diff --git a/.gitignore b/.gitignore index 3a6cc82..4aa68cb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,12 @@ +*.egg +*.egg-info/ +*.py[cod] .*.sw? +.env +.pytest_cache/ +.venv/ /.idea/ +__pycache__/ +Dockerfile.*_* +ignore/ +tmp/ diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..9894711 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,24 @@ +env: + matrix: + - OS_ID: centos_master_2017.7.2 + - OS_ID: debian_master_2017.7.2 + - OS_ID: opensuse_master_2017.7.2 + - OS_ID: ubuntu_master_2016.11.3 + - OS_ID: ubuntu_master_2017.7.2 + +sudo: required + +language: python + +services: +- docker + +before_install: +- pip install Jinja2 +- python ${TRAVIS_BUILD_DIR}/tools/filltmpl.py nginx ${OS_ID} + +install: +- docker build --force-rm -t "nginx:salt-testing-${OS_ID}" -f "Dockerfile.${OS_ID}" . + +script: +- ./tools/run-tests.sh nginx ${OS_ID} diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..068031f --- /dev/null +++ b/Makefile @@ -0,0 +1,80 @@ +FORMULA_NAME = "nginx" +PWD = $(shell pwd) + +# --------------------------------------------------------------- +define render_dockerfile + python $(PWD)/tools/filltmpl.py $(FORMULA_NAME) $(1) +endef + +define docker_build + docker build --force-rm -t $(FORMULA_NAME):salt-testing-$(1) -f Dockerfile.$(1) . +endef + +define docker_run_local + docker run --rm -v $(PWD):/opt/$(FORMULA_NAME)-formula --env=STAGE=TEST -h salt-testing-$(1) --name salt-testing-$(1) -it $(FORMULA_NAME):salt-testing-$(1) /bin/bash +endef + +define run_tests + ./tools/run-tests.sh $(FORMULA_NAME) $(1) +endef + +# --- convenience functions ------------------------------------- +define build_thing + $(call render_dockerfile,$(1)) && $(call docker_build,$(1)) +endef + +define run_local_tests + $(call build_thing,$(1)) && $(call run_tests,$(1)) +endef + +define run_local + $(call build_thing,$(1)) && $(call docker_run_local,$(1)) +endef + +# --------------------------------------------------------------- +setup: + pip install Jinja2 + +clean: + find . -name '*.pyc' -exec rm '{}' ';' + rm -rf Dockerfile.* + # delete pytest caches... + # rm -rf tests/pytests/*/.pytest_cache + # rm -rf tests/pytests/*/__pycache__ + rm -rf tests/pytests/apply-all-tests/.pytest_cache + rm -rf tests/pytests/apply-all-tests/__pycache__ + +# --- centos_master_2017.7.2 ------------------------------------ +test-centos_master_2017.7.2: clean + $(call run_local_tests,centos_master_2017.7.2) + +local-centos_master_2017.7.2: clean + $(call run_local,centos_master_2017.7.2) + +# --- debian_master_2017.7.2 ------------------------------------ +test-debian_master_2017.7.2: clean + $(call run_local_tests,debian_master_2017.7.2) + +local-debian_master_2017.7.2: clean + $(call run_local,debian_master_2017.7.2) + +# --- opensuse_master_2017.7.2 ------------------------------------ +test-opensuse_master_2017.7.2: clean + $(call run_local_tests,opensuse_master_2017.7.2) + +local-opensuse_master_2017.7.2: clean + $(call run_local,opensuse_master_2017.7.2) + +# --- ubuntu_master_2016.11.3 ------------------------------------ +test-ubuntu_master_2016.11.3: clean + $(call run_local_tests,ubuntu_master_2016.11.3) + +local-ubuntu_master_2016.11.3: clean + $(call run_local,ubuntu_master_2016.11.3) + +# --- ubuntu_master_2017.7.2 ------------------------------------ +test-ubuntu_master_2017.7.2: clean + $(call run_local_tests,ubuntu_master_2017.7.2) + +local-ubuntu_master_2017.7.2: clean + $(call run_local,ubuntu_master_2017.7.2) diff --git a/README.rst b/README.rst index 2f61b7d..590161e 100644 --- a/README.rst +++ b/README.rst @@ -112,3 +112,48 @@ the upstream phusion passenger repository with `install_from_phusionpassenger: t Nginx will also be installed from that repository, as it needs to be modified to allow the passenger module to work. + + +Running Tests +============= + +This test runner was implemented using the formula-test-harness_ project. + +Tests will be run on the following base images: + +* ``simplyadrian/allsalt:centos_master_2017.7.2`` +* ``simplyadrian/allsalt:debian_master_2017.7.2`` +* ``simplyadrian/allsalt:opensuse_master_2017.7.2`` +* ``simplyadrian/allsalt:ubuntu_master_2016.11.3`` +* ``simplyadrian/allsalt:ubuntu_master_2017.7.2`` + +Local Setup +----------- + +.. code-block:: shell + + pip install -U virtualenv + virtualenv .venv + source .venv/bin/activate + make setup + +Run tests +--------- + +* ``make test-centos_master_2017.7.2`` +* ``make test-debian_master_2017.7.2`` +* ``make test-opensuse_master_2017.7.2`` +* ``make test-ubuntu_master_2016.11.3`` +* ``make test-ubuntu_master_2017.7.2`` + +Run Containers +-------------- + +* ``make local-centos_master_2017.7.2`` +* ``make local-debian_master_2017.7.2`` +* ``make local-opensuse_master_2017.7.2`` +* ``make local-ubuntu_master_2016.11.3`` +* ``make local-ubuntu_master_2017.7.2`` + + +.. _formula-test-harness: https://github.com/intuitivetechnologygroup/formula-test-harness diff --git a/tests/pytests/apply-all-tests/__init__.py b/tests/pytests/apply-all-tests/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/tests/pytests/apply-all-tests/test_000_apply_state.py b/tests/pytests/apply-all-tests/test_000_apply_state.py new file mode 100644 index 0000000..cf0b620 --- /dev/null +++ b/tests/pytests/apply-all-tests/test_000_apply_state.py @@ -0,0 +1,23 @@ +from subprocess import check_output +from unittest import TestCase + + +class ApplyStateTest(TestCase): + + def test_000_apply(self): + state_apply_response = check_output(["salt-call", "--local", "state.apply"]) + print('') + print('-' * 50) + print('state_apply_response:') + print(state_apply_response) + print('-' * 50) + print('') + + state_apply_response = state_apply_response.split('\n') + summary = state_apply_response[-8:] + failed = 0 + for line in summary: + if line.startswith('Failed:'): + failed = int(line.split(':').pop().strip()) + + self.assertEqual(failed, 0) diff --git a/tests/srv/salt/top.sls b/tests/srv/salt/top.sls new file mode 100644 index 0000000..9f754f2 --- /dev/null +++ b/tests/srv/salt/top.sls @@ -0,0 +1,3 @@ +base: + '*': + - nginx diff --git a/tools/filltmpl.py b/tools/filltmpl.py new file mode 100644 index 0000000..0bbeace --- /dev/null +++ b/tools/filltmpl.py @@ -0,0 +1,27 @@ +import os +import sys + +from jinja2 import Template + +# base/tests +dir_path = os.path.dirname(os.path.realpath(__file__)) + +# base +base_path = os.path.dirname(dir_path) + + +if __name__ == '__main__': + formula_name = sys.argv[1] + image_tag = sys.argv[2] + + template = Template( + open(os.path.join(dir_path, 'templates', 'Dockerfile.j2')).read() + ) + + dockerfile = template.render({ + 'formula_name': formula_name, + 'image_tag': image_tag + }) + + with open(os.path.join(base_path, 'Dockerfile.{}'.format(image_tag)), 'w') as fh: + fh.write(dockerfile) diff --git a/tools/run-tests.sh b/tools/run-tests.sh new file mode 100755 index 0000000..550fa58 --- /dev/null +++ b/tools/run-tests.sh @@ -0,0 +1,21 @@ +#!/bin/bash +set -ev + +test -z $2 && echo "Usage: ${0} FORMULA_NAME OS_ID" && exit 1 +export FORMULA_NAME=$1 +export OS_ID=$2 + + +function docker-run-pytest() { + docker run --rm \ + -v "$@":/opt/tests \ + --env=STAGE=TEST \ + -h "salt-testing-${OS_ID}" \ + --name "salt-testing-${OS_ID}" \ + -it ${FORMULA_NAME}:"salt-testing-${OS_ID}" \ + pytest -sv /opt/tests +} + +for i in $(find $PWD/tests/pytests/* -maxdepth 0 -type d); do + docker-run-pytest $i; +done diff --git a/tools/templates/Dockerfile.j2 b/tools/templates/Dockerfile.j2 new file mode 100644 index 0000000..5686069 --- /dev/null +++ b/tools/templates/Dockerfile.j2 @@ -0,0 +1,14 @@ +FROM simplyadrian/allsalt:{{ image_tag }} + +{% if 'debian' in image_tag or 'ubuntu' in image_tag -%} +RUN apt-get update && \ + apt-get install -y python-pip +{% endif %} + +RUN pip install pytest && \ + sed -i "s/#master: salt/master: localhost/g" /etc/salt/minion + +ADD tests/srv /srv +ADD {{ formula_name }} /srv/salt/{{ formula_name }} + +WORKDIR /srv/salt From 28d106961754ba310156418af8d2d9d4bcfaf226 Mon Sep 17 00:00:00 2001 From: Arthur Lutz Date: Tue, 24 Apr 2018 11:01:29 +0200 Subject: [PATCH 31/44] [nginx/users] add makedirs to htpasswd deploy --- nginx/users.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/nginx/users.sls b/nginx/users.sls index 34a6672..1cdbfd8 100644 --- a/nginx/users.sls +++ b/nginx/users.sls @@ -8,6 +8,7 @@ htpasswd: make sure {{ htauth }} exists: file.exists: - name: {{ htauth }} + - makedirs: True {% for name, user in pillar.get('users', {}).items() %} {% if user['webauth'] is defined -%} From 4da13b9f8bc4f4dc41b33873b9e9b6ea1e51b176 Mon Sep 17 00:00:00 2001 From: Arthur Lutz Date: Tue, 24 Apr 2018 11:20:08 +0200 Subject: [PATCH 32/44] [nginx/users] convert file.present into file.managed with no content --- nginx/users.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/users.sls b/nginx/users.sls index 1cdbfd8..db1414c 100644 --- a/nginx/users.sls +++ b/nginx/users.sls @@ -6,7 +6,7 @@ htpasswd: - name: {{ nginx.apache_utils }} make sure {{ htauth }} exists: - file.exists: + file.managed: - name: {{ htauth }} - makedirs: True From dabbc99cc1ac8c73866f4a4f18e1db3b92b997f7 Mon Sep 17 00:00:00 2001 From: Andres Montalban Date: Tue, 26 Dec 2017 19:37:01 -0300 Subject: [PATCH 33/44] Servers config should require available/enabled dirs --- nginx/ng/map.jinja | 4 +++- nginx/ng/servers_config.sls | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/nginx/ng/map.jinja b/nginx/ng/map.jinja index c166877..a34eeb1 100644 --- a/nginx/ng/map.jinja +++ b/nginx/ng/map.jinja @@ -145,7 +145,9 @@ 'disabled_postfix': '.disabled', 'symlink_opts': {}, 'rename_opts': {}, - 'managed_opts': {}, + 'managed_opts': { + 'makedirs': True, + }, 'dir_opts': { 'makedirs': True, }, diff --git a/nginx/ng/servers_config.sls b/nginx/ng/servers_config.sls index 8faddb9..b5cd9e0 100644 --- a/nginx/ng/servers_config.sls +++ b/nginx/ng/servers_config.sls @@ -112,6 +112,8 @@ nginx_server_available_dir: - name: {{ server_curpath(server) }} - source: {{ source_path }} - template: jinja + - require_in: + - service: nginx_service {% if 'source_path' not in settings.config %} - context: config: {{ settings.config|json() }} From f16d800c833d11e645db33817e5422f55ad5985d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Konrad=20Moso=C5=84?= Date: Tue, 8 May 2018 19:07:20 +0200 Subject: [PATCH 34/44] Allow to use load_module without including external files --- nginx/ng/files/nginx.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nginx/ng/files/nginx.conf b/nginx/ng/files/nginx.conf index e32edea..91efad6 100644 --- a/nginx/ng/files/nginx.conf +++ b/nginx/ng/files/nginx.conf @@ -32,6 +32,10 @@ # # This file is managed by Salt. +{% if 'load_module' in config.keys() %} +{{ nginx_block(config.pop('load_module'), 'load_module') }} +{%- endif -%} + {% if 'include' in config.keys() %} {{ nginx_block(config.pop('include'), 'include') }} {%- endif -%} From 9c4634d40a3bb58e7fc67641f1b5f44c219f2414 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Konrad=20Moso=C5=84?= Date: Fri, 29 Jun 2018 12:46:12 +0200 Subject: [PATCH 35/44] Example for load_module --- pillar.example | 1 + 1 file changed, 1 insertion(+) diff --git a/pillar.example b/pillar.example index a91ad14..017e775 100644 --- a/pillar.example +++ b/pillar.example @@ -85,6 +85,7 @@ nginx: # options; if it is found other options (worker_processes: 4 and so # on) are not processed and just upload the file from source worker_processes: 4 + load_module: modules/ngx_http_lua_module.so pid: /var/run/nginx.pid ### Directory location must exist events: worker_connections: 768 From c75ad643485a6b0642b4135e1b1d038abbeaaabd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Konrad=20Moso=C5=84?= Date: Fri, 29 Jun 2018 12:55:17 +0200 Subject: [PATCH 36/44] Example for load_module: comment how it works --- pillar.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pillar.example b/pillar.example index 017e775..f511eb2 100644 --- a/pillar.example +++ b/pillar.example @@ -85,7 +85,7 @@ nginx: # options; if it is found other options (worker_processes: 4 and so # on) are not processed and just upload the file from source worker_processes: 4 - load_module: modules/ngx_http_lua_module.so + load_module: modules/ngx_http_lua_module.so # this will be passed very first in configuration; otherwise nginx will fail to start pid: /var/run/nginx.pid ### Directory location must exist events: worker_connections: 768 From f4b3530e50d1eefc90f4867a68b37398ec805a68 Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Sun, 23 Sep 2018 23:11:40 +0200 Subject: [PATCH 37/44] Replace tabs in pillar.example with spaces. tabs cause salt to trigger a render error because tabs are 'illegal': ``` yaml.scanner.ScannerError: while scanning for the next token found character '\t' that cannot start any token in "", line 33, column 32: pid: /var/run/nginx.pid\t\t### Directory location must exist ^ ``` --- pillar.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pillar.example b/pillar.example index f511eb2..310daec 100644 --- a/pillar.example +++ b/pillar.example @@ -86,7 +86,7 @@ nginx: # on) are not processed and just upload the file from source worker_processes: 4 load_module: modules/ngx_http_lua_module.so # this will be passed very first in configuration; otherwise nginx will fail to start - pid: /var/run/nginx.pid ### Directory location must exist + pid: /var/run/nginx.pid # Directory location must exist events: worker_connections: 768 http: From cb030b04acb9b1ef67343447448a97ffa2f2166a Mon Sep 17 00:00:00 2001 From: Maximilian Eschenbacher Date: Thu, 4 Oct 2018 16:26:37 +0200 Subject: [PATCH 38/44] deploy certificates directly from pillar ... by providing a pillar string. I developed this for use in combination with ext_pillar and file_tree to deploy letsencrypt certificates. --- nginx/ng/certificates.sls | 10 +++++++++- pillar.example | 5 +++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/nginx/ng/certificates.sls b/nginx/ng/certificates.sls index 17e2060..27e1396 100644 --- a/nginx/ng/certificates.sls +++ b/nginx/ng/certificates.sls @@ -36,17 +36,25 @@ nginx_{{ domain }}_ssl_certificate: file.managed: - name: {{ certificates_path }}/{{ domain }}.crt - makedirs: True +{% if salt['pillar.get']("nginx:ng:certificates:{}:public_cert_pillar".format(domain)) %} + - contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:public_cert_pillar'.format(domain))}} +{% else %} - contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert +{% endif %} - watch_in: - service: nginx_service -{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %} +{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain))%} nginx_{{ domain }}_ssl_key: file.managed: - name: {{ certificates_path }}/{{ domain }}.key - mode: 600 - makedirs: True +{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain)) %} + - contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:private_key_pillar'.format(domain))}} +{% else %} - contents_pillar: nginx:ng:certificates:{{ domain }}:private_key +{% endif %} - watch_in: - service: nginx_service {% endif %} diff --git a/pillar.example b/pillar.example index 310daec..3fe24b3 100644 --- a/pillar.example +++ b/pillar.example @@ -182,6 +182,11 @@ nginx: # control (or use encrypted pillar data). certificates: 'www.example.com': + + # choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree) + # public_cert_pillar: certs:example.com:fullchain.pem + # private_key_pillar: certs:example.com:privkey.pem + # or directly pasting the cert public_cert: | -----BEGIN CERTIFICATE----- (Your Primary SSL certificate: www.example.com.crt) From b2c07443cafab297cac7ed20db4316a71168ef60 Mon Sep 17 00:00:00 2001 From: Alexandre Anriot Date: Fri, 19 Oct 2018 14:20:22 +0200 Subject: [PATCH 39/44] Allow installation of multiple packages --- nginx/ng/pkg.sls | 7 +++++++ pillar.example | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/nginx/ng/pkg.sls b/nginx/ng/pkg.sls index 6407ef7..b68cd1b 100644 --- a/nginx/ng/pkg.sls +++ b/nginx/ng/pkg.sls @@ -24,7 +24,14 @@ nginx_install: pkg.installed: {{ sls_block(nginx.package.opts) }} + {% if nginx.lookup.package is iterable and nginx.lookup.package is not string %} + - pkgs: + {% for pkg in nginx.lookup.package %} + - {{ pkg }} + {% endfor %} + {% else %} - name: {{ nginx.lookup.package }} + {% endif %} {% if salt['grains.get']('os_family') == 'Debian' %} nginx_official_repo: diff --git a/pillar.example b/pillar.example index 310daec..c326d9c 100644 --- a/pillar.example +++ b/pillar.example @@ -44,7 +44,7 @@ nginx: # These are usually set by grains in map.jinja # Typically you can comment these out. lookup: - package: nginx-custom + package: nginx-custom (can be a list) service: nginx webuser: www-data conf_file: /etc/nginx/nginx.conf From 3125f9dbcc6ecf4b425f133c2f1358910d6548ad Mon Sep 17 00:00:00 2001 From: Fabian Schlager Date: Wed, 30 Aug 2017 00:26:31 +0200 Subject: [PATCH 40/44] Add support for snippets --- nginx/ng/init.sls | 3 +++ nginx/ng/map.jinja | 6 ++++++ nginx/ng/snippets.sls | 20 ++++++++++++++++++++ pillar.example | 2 +- 4 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 nginx/ng/snippets.sls diff --git a/nginx/ng/init.sls b/nginx/ng/init.sls index 3af5427..411aeec 100644 --- a/nginx/ng/init.sls +++ b/nginx/ng/init.sls @@ -7,6 +7,9 @@ include: - nginx.ng.config - nginx.ng.service + {% if nginx.snippets is defined %} + - nginx.ng.snippets + {% endif %} - nginx.ng.servers - nginx.ng.certificates diff --git a/nginx/ng/map.jinja b/nginx/ng/map.jinja index c5bb973..d89c9a6 100644 --- a/nginx/ng/map.jinja +++ b/nginx/ng/map.jinja @@ -15,6 +15,7 @@ 'conf_file': '/etc/nginx/nginx.conf', 'server_available': '/etc/nginx/sites-available', 'server_enabled': '/etc/nginx/sites-enabled', + 'snippets_dir': '/etc/nginx/snippets', 'server_use_symlink': True, 'pid_file': '/run/nginx.pid', 'openssl_package': 'openssl', @@ -28,6 +29,7 @@ 'conf_file': '/etc/nginx/nginx.conf', 'server_available': '/etc/nginx/conf.d', 'server_enabled': '/etc/nginx/conf.d', + 'snippets_dir': '/etc/nginx/snippets', 'server_use_symlink': False, 'pid_file': '/run/nginx.pid', 'rh_os_releasever': '$releasever', @@ -44,6 +46,7 @@ 'conf_file': '/etc/nginx/nginx.conf', 'server_available': '/etc/nginx/conf.d', 'server_enabled': '/etc/nginx/conf.d', + 'snippets_dir': '/etc/nginx/snippets', 'server_use_symlink': False, 'pid_file': '/run/nginx.pid', 'rh_os_releasever': '$releasever', @@ -63,6 +66,7 @@ 'conf_file': '/etc/nginx/nginx.conf', 'server_available': '/etc/nginx/conf.d', 'server_enabled': '/etc/nginx/conf.d', + 'snippets_dir': '/etc/nginx/snippets', 'server_use_symlink': False, 'pid_file': '/run/nginx.pid', 'gpg_check': True, @@ -76,6 +80,7 @@ 'conf_file': '/etc/nginx/nginx.conf', 'server_available': '/etc/nginx/sites-available', 'server_enabled': '/etc/nginx/sites-enabled', + 'snippets_dir': '/etc/nginx/snippets', 'server_use_symlink': True, 'openssl_package': 'openssl', }, @@ -86,6 +91,7 @@ 'conf_file': '/etc/nginx/nginx.conf', 'server_available': '/etc/nginx/sites-available', 'server_enabled': '/etc/nginx/sites-enabled', + 'snippets_dir': '/etc/nginx/snippets', 'server_use_symlink': True, 'openssl_package': 'dev-libs/openssl', }, diff --git a/nginx/ng/snippets.sls b/nginx/ng/snippets.sls new file mode 100644 index 0000000..8635f2d --- /dev/null +++ b/nginx/ng/snippets.sls @@ -0,0 +1,20 @@ +# nginx.ng.snippet +# +# Manages creation of snippets + +{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %} + +nginx_snippets_dir: + file.directory: + {{ sls_block(nginx.servers.dir_opts) }} + - name: {{ nginx.lookup.snippets_dir }} + +{% for snippet, config in nginx.snippets.items() %} +nginx_snippet_{{ snippet }}: + file.managed: + - name: {{ nginx.lookup.snippets_dir }}/{{ snippet }}.conf + - source: salt://nginx/ng/files/server.conf + - template: jinja + - context: + config: {{ config|json() }} +{% endfor %} diff --git a/pillar.example b/pillar.example index c326d9c..a9660fa 100644 --- a/pillar.example +++ b/pillar.example @@ -102,7 +102,7 @@ nginx: symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites managed_opts: {} # partially exposes file.managed params for managed server files - dir_opts: {} # partially exposes file.directory params for site available/enabled dirs + dir_opts: {} # partially exposes file.directory params for site available/enabled and snippets dirs # server declarations # servers will default to being placed in server_available From cfd7e670f49ecacbd98543d77e1c9005fadf0b7c Mon Sep 17 00:00:00 2001 From: Fabian Schlager Date: Sat, 20 Oct 2018 16:36:16 +0200 Subject: [PATCH 41/44] Add example --- pillar.example | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pillar.example b/pillar.example index a9660fa..d269b6c 100644 --- a/pillar.example +++ b/pillar.example @@ -75,6 +75,11 @@ nginx: enable: True # Whether or not the service will be enabled/running or dead opts: {} # this partially exposes parameters of service.running / service.dead + snippets: # You can use snippets to define often repeated configuration once and include it later + letsencrypt: # e.g. this can be included using "- include: 'snippets/letsencrypt.conf'" + - location ^~ /.well-known/acme-challenge/: + - proxy_pass: http://localhost:9999 + server: opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file @@ -139,6 +144,7 @@ nginx: - $uri - $uri/ =404 - test: something else + - include 'snippets/letsencrypt.conf' # The above outputs: # server { From 8c780fa63f066723d6a6923493d052e8e17963be Mon Sep 17 00:00:00 2001 From: "Bernhard M. Wiedemann" Date: Thu, 20 Dec 2018 12:37:03 +0100 Subject: [PATCH 42/44] Use home and conf_dir from map.jinja to reduce duplication of constants --- nginx/common.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/common.sls b/nginx/common.sls index 93d0972..d26ad81 100644 --- a/nginx/common.sls +++ b/nginx/common.sls @@ -1,7 +1,7 @@ {% from "nginx/map.jinja" import nginx as nginx_map with context %} {% set nginx = pillar.get('nginx', {}) -%} -{% set home = nginx.get('home', '/var/www') -%} -{% set conf_dir = nginx.get('conf_dir', '/etc/nginx') -%} +{% set home = nginx.get('home', nginx_map.home) -%} +{% set conf_dir = nginx.get('conf_dir', nginx_map.conf_dir) -%} {% set conf_template = nginx.get('conf_template', 'salt://nginx/templates/config.jinja') -%} {{ home }}: From 6f5ac946d10586cbe7d98363cd07f169c9805818 Mon Sep 17 00:00:00 2001 From: "Bernhard M. Wiedemann" Date: Thu, 20 Dec 2018 12:37:46 +0100 Subject: [PATCH 43/44] Add support for SUSE OSes like openSUSE and SLES --- nginx/map.jinja | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/nginx/map.jinja b/nginx/map.jinja index b467106..67f93ee 100644 --- a/nginx/map.jinja +++ b/nginx/map.jinja @@ -41,4 +41,25 @@ 'install_prefix': '/usr/local/nginx', 'make_flags': '-j2' }, + 'Suse': { + 'apache_utils': 'apache2-utils', + 'group_action': 'pkg.installed', + 'group_pkg': 'patterns-devel-base-devel_rpm_build', + 'libpcre_dev': 'pcre-devel', + 'libssl_dev': 'openssl-devel', + 'pid_path': '/run/nginx.pid', + 'package': 'nginx', + 'default_user': 'nginx', + 'default_group': 'nginx', + 'disable_before_rename': True, + 'old_init_disable': 'chkconfig --del nginx', + 'use_upstart': False, + 'use_sysvinit': False, + 'home': '/srv/www', + 'conf_dir': '/etc/nginx', + 'log_dir': '/var/log/nginx', + 'sbin_dir': '/usr/sbin', + 'install_prefix': '/usr/local/nginx', + 'make_flags': '-j2' + }, }, grain='os_family', merge=salt['pillar.get']('nginx:lookup'), default='Debian') %} From 42ad7c11d8cbd29555204532e0229d3d0ceec6a4 Mon Sep 17 00:00:00 2001 From: "Bernhard M. Wiedemann" Date: Thu, 20 Dec 2018 13:19:28 +0100 Subject: [PATCH 44/44] Fix detection of systemd on openSUSE Leap 15.0, the string was systemd.cpython-36 --- nginx/templates/config.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/templates/config.jinja b/nginx/templates/config.jinja index 4c36c3d..3d0a94f 100644 --- a/nginx/templates/config.jinja +++ b/nginx/templates/config.jinja @@ -13,7 +13,7 @@ worker_rlimit_nofile {{ worker_rlimit_nofile }}; {% set error_log_level = nginx.get('error_log',{}).get('level', 'warn') -%} error_log {{ ' '.join([error_log_location, error_log_level]) }}; pid {{ nginx.get('pid', '/var/run/nginx.pid') }}; -{% if salt['test.provider']('service') != 'systemd' -%} +{% if not 'systemd' in salt['test.provider']('service') -%} daemon {{ nginx.get('daemon', 'on') }}; {%- endif %}