diff --git a/.gitignore b/.gitignore index 3268211..3a6cc82 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .*.sw? +/.idea/ diff --git a/nginx/common.sls b/nginx/common.sls index 9e1b7a3..94b000f 100644 --- a/nginx/common.sls +++ b/nginx/common.sls @@ -1,32 +1,38 @@ +{% set nginx = pillar.get('nginx', {}) -%} +{% set home = nginx.get('home', '/var/www') -%} +{% set conf_dir = nginx.get('conf_dir', '/etc/nginx') -%} +{% set conf_template = nginx.get('conf_template', 'salt://nginx/templates/config.jinja') -%} + +{{ home }}: + file: + - directory + - user: www-data + - group: www-data + - mode: 0755 + - makedirs: True + /usr/share/nginx: file: - directory {% for filename in ('default', 'example_ssl') %} -/etc/nginx/conf.d/{{ filename }}.conf: +{{ conf_dir }}/conf.d/{{ filename }}.conf: file.absent {% endfor %} -/etc/nginx: +{{ conf_dir }}: file.directory: - user: root - group: root + - makedirs: True -/etc/nginx/nginx.conf: +{{ conf_dir }}/nginx.conf: file: - managed - template: jinja - user: root - group: root - - mode: 440 - - source: salt://nginx/templates/config.jinja + - mode: 644 + - source: {{ conf_template }} - require: - - file: /etc/nginx - - pkg: nginx - -{% for dir in ('sites-enabled', 'sites-available') %} -/etc/nginx/{{ dir }}: - file.directory: - - user: root - - group: root -{% endfor -%} + - file: {{ conf_dir }} diff --git a/nginx/init.sls b/nginx/init.sls index 66db126..8780266 100644 --- a/nginx/init.sls +++ b/nginx/init.sls @@ -8,7 +8,7 @@ include: {% if pillar.get('nginx', {}).get('user_auth_enabled', true) %} - nginx.users {% endif %} -{% if pillar.get('nginx', {}).get('install_from_source') %} +{% if pillar.get('nginx', {}).get('install_from_source', false) %} - nginx.source {% else %} - nginx.package diff --git a/nginx/source.sls b/nginx/source.sls index 8995ebc..9f37c34 100644 --- a/nginx/source.sls +++ b/nginx/source.sls @@ -1,22 +1,36 @@ {% set nginx = pillar.get('nginx', {}) -%} -{% set version = nginx.get('version', '1.5.2') -%} -{% set checksum = nginx.get('checksum', 'sha1=3546be28a72251f8823ab6be6a1180d300d06f76') -%} +{% set version = nginx.get('version', '1.6.2') -%} +{% set checksum = nginx.get('checksum', 'sha256=b5608c2959d3e7ad09b20fc8f9e5bd4bc87b3bc8ba5936a513c04ed8f1391a18') -%} {% set home = nginx.get('home', '/var/www') -%} +{% set base_temp_dir = nginx.get('base_temp_dir', '/tmp') -%} {% set source = nginx.get('source_root', '/usr/local/src') -%} +{% set conf_dir = nginx.get('conf_dir', '/etc/nginx') -%} +{% set conf_only = nginx.get('conf_only', false) -%} +{% set log_dir = nginx.get('log_dir', '/var/log/nginx') -%} +{% set pid_path = nginx.get('pid_path', '/var/run/nginx.pid') -%} +{% set lock_path = nginx.get('lock_path', '/var/lock/nginx.lock') -%} +{% set sbin_dir = nginx.get('sbin_dir', '/usr/sbin') -%} + +{% set install_prefix = nginx.get('install_prefix', '/usr/local/nginx') -%} +{% set with_items = nginx.get('with', ['debug', 'http_dav_module', 'http_stub_status_module', 'pcre', 'ipv6']) -%} +{% set without_items = nginx.get('without', []) -%} +{% set make_flags = nginx.get('make_flags', '-j2') -%} + {% set nginx_package = source + '/nginx-' + version + '.tar.gz' -%} -{% set nginx_home = home + "/nginx-" + version -%} +{% set nginx_source = source + "/nginx-" + version -%} {% set nginx_modules_dir = source + "/nginx-modules" -%} include: - nginx.common -{% if nginx['with_luajit'] %} +{% if nginx.get('with_luajit', false) %} - nginx.luajit2 {% endif -%} -{% if nginx['with_openresty'] %} +{% if nginx.get('with_openresty', false) %} - nginx.openresty {% endif -%} + nginx_group: group.present: - name: www-data @@ -38,6 +52,11 @@ nginx_user: - require: - group: nginx_group +{{ nginx_modules_dir }}: + file: + - directory + - makedirs: True + get-nginx: pkg.installed: - names: @@ -50,9 +69,8 @@ get-nginx: - source_hash: {{ checksum }} cmd.wait: - cwd: {{ source }} - - name: tar -zxf {{ nginx_package }} -C {{ home }} + - name: tar -zxf {{ nginx_package }} - require: - - file: nginx_user - pkg: get-nginx - watch: - file: get-nginx @@ -63,110 +81,109 @@ get-nginx-{{name}}: - name: {{ nginx_modules_dir }}/{{name}}.tar.gz - source: {{ module['source'] }} - source_hash: {{ module['source_hash'] }} - - require: - - file: nginx_user cmd.wait: - - cwd: {{ nginx_home }} + - cwd: {{ nginx_modules_dir }} - names: - - tar -zxf {{ nginx_modules_dir }}/{{name}}.tar.gz -C {{ nginx_modules_dir }}/{{name}} + - tar --transform "s,^$(tar --list -zf {{name}}.tar.gz | head -n 1),{{name}}/," -zxf {{name}}.tar.gz - watch: - - file: get-nginx + - file: get-nginx-{{name}} - require_in: - cmd: nginx {% endfor -%} +{% if nginx.get('ngx_devel_kit', true) -%} get-ngx_devel_kit: file.managed: - name: {{ source }}/ngx_devel_kit.tar.gz - source: https://github.com/simpl/ngx_devel_kit/archive/v0.2.18.tar.gz - source_hash: sha1=e21ba642f26047661ada678b21eef001ee2121d8 cmd.wait: - - cwd: {{ nginx_home }} + - cwd: {{ source }} - name: tar -zxf {{ source }}/ngx_devel_kit.tar.gz -C {{ source }} - watch: - file: get-ngx_devel_kit - -get-lua-nginx-module: - file.managed: - - name: {{ source }}/lua-nginx-module.tar.gz - - source: https://github.com/chaoslawful/lua-nginx-module/archive/v0.8.3rc1.tar.gz - - source_hash: sha1=49b2fa946517fb2e9b26185d418570e98ff5ff51 - cmd.wait: - - cwd: {{ nginx_home }} - - name: tar -zxf {{ source }}/lua-nginx-module.tar.gz -C {{ source }} - - watch: - - file: get-lua-nginx-module - -{{ home }}: - file.directory: - - user: www-data - - group: www-data - - makedirs: True - - mode: 0755 - -{% for dir in ('body', 'proxy', 'fastcgi') -%} -{{ home }}-{{dir}}: - file.directory: - - name: {{ home }}/{{dir}} - - user: www-data - - group: www-data - - mode: 0755 - - require: - - file: {{ home }} - - require_in: - - service: nginx -{% endfor -%} +{% endif %} nginx: cmd.wait: - - cwd: {{ nginx_home }} + - cwd: {{ nginx_source }} - names: - - ./configure --conf-path=/etc/nginx/nginx.conf - --sbin-path=/usr/sbin/nginx + - ./configure --conf-path={{ conf_dir }}/nginx.conf + --sbin-path={{ sbin_dir }}/nginx --user=www-data --group=www-data - --prefix=/usr/local/nginx - --error-log-path=/var/log/nginx/error.log - --pid-path=/var/run/nginx.pid - --lock-path=/var/lock/nginx.lock - --http-log-path=/var/log/nginx/access.log - --with-http_dav_module - --http-client-body-temp-path={{ home }}/body - --http-proxy-temp-path={{ home }}/proxy - --with-http_stub_status_module - --http-fastcgi-temp-path={{ home }}/fastcgi - --with-debug - --with-http_ssl_module - {% for name, module in nginx.get('modules', {}).items() -%} - --add-module={{nginx_modules_dir}}/{{name}} \ - --with-pcre --with-ipv6 - {% endfor %} - - make -j2 && make install + --prefix={{ install_prefix }} + --http-log-path={{ log_dir }}/access.log + --error-log-path={{ log_dir }}/error.log + --pid-path={{ pid_path }} + --lock-path={{ lock_path }} + --http-client-body-temp-path={{ base_temp_dir }}/body + --http-proxy-temp-path={{ base_temp_dir }}/proxy + --http-fastcgi-temp-path={{ base_temp_dir }}/fastcgi + --http-uwsgi-temp-path={{ base_temp_dir }}/temp_uwsgi + --http-scgi-temp-path={{ base_temp_dir }}/temp_scgi + {%- for name, module in nginx.get('modules', {}).items() %} + --add-module={{nginx_modules_dir}}/{{name}} + {%- endfor %} + {%- for name in with_items %} + --with-{{ name }} + {%- endfor %} + {%- for name in without_items %} + --without-{{ name }} + {%- endfor %} + && make {{ make_flags }} + && make install - watch: - cmd: get-nginx + {% for name, module in nginx.get('modules', {}).items() -%} + - file: get-nginx-{{name}} + {% endfor %} - require: - cmd: get-nginx - - cmd: get-lua-nginx-module - - cmd: get-ngx_devel_kit + {% for name, module in nginx.get('modules', {}).items() -%} + - file: get-nginx-{{name}} + {% endfor %} - require_in: - service: nginx - file.managed: - - name: /etc/init/nginx.conf + file: + - managed - template: jinja + - name: /etc/init.d/nginx + - source: salt://nginx/templates/nginx.init.jinja - user: root - group: root - - mode: 440 - - source: salt://nginx/templates/upstart.jinja - - require: - - cmd: nginx - service.running: + - mode: 0755 + - context: + sbin_dir: {{ sbin_dir }} + pid_path: {{ pid_path }} + service: + - running - enable: True + - reload: True - watch: - - file: nginx - - file: /etc/nginx/nginx.conf - - file: /etc/nginx/conf.d/default.conf - - file: /etc/nginx/conf.d/example_ssl.conf - - file: nginx + - cmd: nginx + - file: {{ conf_dir }}/nginx.conf - require: - cmd: nginx - - file: {{ home }} + - file: {{ conf_dir }}/nginx.conf + +{% for file in nginx.get('delete_confs', []) %} +{{ conf_dir }}/{{ file }}: + file: + - absent + watch: + - cmd: nginx +{{ conf_dir }}/{{ file }}.default: + file: + - absent + watch: + - cmd: nginx +{% endfor %} + +{% for file in nginx.get('delete_htdocs', []) %} +{{ install_prefix }}/html/{{ file }}: + file: + - absent + watch: + - cmd: nginx +{% endfor %} diff --git a/nginx/sysvinit.sls b/nginx/sysvinit.sls index dc1832d..97181a9 100644 --- a/nginx/sysvinit.sls +++ b/nginx/sysvinit.sls @@ -1,7 +1,10 @@ +{% set nginx = pillar.get('nginx', {}) -%} +{% set log_dir = nginx.get('log_dir', '/var/log/nginx') -%} + {% set logger_types = ('access', 'error') %} {% for log_type in logger_types %} -/var/log/nginx/{{ log_type }}.log: +{{ log_dir }}/{{ log_type }}.log: file.absent nginx-logger-{{ log_type }}: @@ -18,13 +21,13 @@ nginx-logger-{{ log_type }}: service: - running - enable: True + - restart: True + - watch: + - cmd: nginx - require: - file: nginx-logger-{{ log_type }} - require_in: - service: nginx - cmd: - - wait - - name: /usr/sbin/update-rc.d nginx-logger-{{ log_type }} defaults {% endfor %} /etc/logrotate.d/nginx: diff --git a/nginx/templates/nginx.init.jinja b/nginx/templates/nginx.init.jinja new file mode 100644 index 0000000..2ed3c91 --- /dev/null +++ b/nginx/templates/nginx.init.jinja @@ -0,0 +1,101 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: nginx +# Required-Start: $local_fs $remote_fs $network $syslog +# Required-Stop: $local_fs $remote_fs $network $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: starts the nginx web server +# Description: starts nginx using start-stop-daemon +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON={{ sbin_dir }}/nginx +NAME=nginx +DESC=nginx + +# Include nginx defaults if available +if [ -f /etc/default/nginx ]; then + . /etc/default/nginx +fi + +test -x $DAEMON || exit 0 + +set -e + +. /lib/lsb/init-functions + +test_nginx_config() { + if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then + return 0 + else + $DAEMON -t $DAEMON_OPTS + return $? + fi +} + +case "$1" in + start) + echo -n "Starting $DESC: " + test_nginx_config + # Check if the ULIMIT is set in /etc/default/nginx + if [ -n "$ULIMIT" ]; then + # Set the ulimits + ulimit $ULIMIT + fi + start-stop-daemon --start --quiet --pidfile {{ pid_path }} \ + --exec $DAEMON -- $DAEMON_OPTS || true + echo "$NAME." + ;; + + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop --quiet --pidfile {{ pid_path }} \ + --exec $DAEMON || true + echo "$NAME." + ;; + + restart|force-reload) + echo -n "Restarting $DESC: " + start-stop-daemon --stop --quiet --pidfile \ + {{ pid_path }} --exec $DAEMON || true + sleep 1 + test_nginx_config + # Check if the ULIMIT is set in /etc/default/nginx + if [ -n "$ULIMIT" ]; then + # Set the ulimits + ulimit $ULIMIT + fi + start-stop-daemon --start --quiet --pidfile \ + {{ pid_path }} --exec $DAEMON -- $DAEMON_OPTS || true + echo "$NAME." + ;; + + reload) + echo -n "Reloading $DESC configuration: " + test_nginx_config + start-stop-daemon --stop --signal HUP --quiet --pidfile {{ pid_path }} \ + --exec $DAEMON || true + echo "$NAME." + ;; + + configtest|testconfig) + echo -n "Testing $DESC configuration: " + if test_nginx_config; then + echo "$NAME." + else + exit $? + fi + ;; + + status) + status_of_proc -p {{ pid_path }} "$DAEMON" nginx && exit 0 || exit $? + ;; + *) + echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2 + exit 1 + ;; +esac + +exit 0