diff --git a/README.rst b/README.rst index 0ad302c..bfdae84 100644 --- a/README.rst +++ b/README.rst @@ -1,2 +1,4 @@ nginx ===== + +Install `nginx` either by source or by package. \ No newline at end of file diff --git a/common.sls b/common.sls new file mode 100644 index 0000000..a096c48 --- /dev/null +++ b/common.sls @@ -0,0 +1,72 @@ +include: + - nrpe + +/usr/share/nginx: + file: + - directory + +{% for filename in ('default', 'example_ssl') %} +/etc/nginx/conf.d/{{ filename }}.conf: + file.absent +{% endfor %} + +{% set logger_types = ('access', 'error') %} + +{% for log_type in logger_types %} +/var/log/nginx/{{ log_type }}.log: + file.absent + +nginx-logger-{{ log_type }}: + file: + - managed + - name: /etc/init/nginx-logger-{{ log_type }}.conf + - template: jinja + - user: root + - group: root + - mode: 440 + - source: salt://nginx/templates/upstart_logger.jinja + - context: + type: {{ log_type }} + service: + - running + - enable: True + - require: + - file: nginx-logger-{{ log_type }} + - require_in: + - service: nginx +{% endfor %} + +/etc/logrotate.d/nginx: + file: + - absent + +{% for dir in ['sites-available', 'sites-enabled'] -%} +/etc/nginx/{{ dir }}: + file.directory: + - user: www-data + - group: www-data + - mode: 0755 +{% endfor -%} + +/etc/nginx: + file.directory: + - user: root + - group: root + +/etc/nginx/nginx.conf: + file: + - managed + - template: jinja + - user: root + - group: root + - mode: 440 + - source: salt://nginx/templates/config.jinja + - require: + - file: /etc/nginx + +{% for dir in ('sites-enabled', 'sites-available') %} +/etc/nginx/{{ dir }}: + file.directory: + - user: root + - group: root +{% endfor -%} diff --git a/init.sls b/init.sls new file mode 100644 index 0000000..165cc9c --- /dev/null +++ b/init.sls @@ -0,0 +1,9 @@ +include: + - nginx.common + - nginx.users +{% if pillar.get('nginx', {}).get('install_from_source') %} + - nginx.source +{% else %} + - nginx.package +{% endif -%} + diff --git a/luajit2.sls b/luajit2.sls new file mode 100644 index 0000000..e24459f --- /dev/null +++ b/luajit2.sls @@ -0,0 +1,16 @@ +{% set nginx = pillar.get('nginx', {}) -%} +{% set home = nginx.get('home', '/var/www') -%} +{% set source = nginx.get('source_root', '/usr/local/src') -%} + +get-luajit2: + file.managed: + - name: {{ source }}/luajit.tar.gz + - source: http://luajit.org/download/LuaJIT-2.0.1.tar.gz + - source_hash: sha1=330492aa5366e4e60afeec72f15e44df8a794db5 + cmd.wait: + - cwd: {{ nginx_home }} + - name: tar -zxf {{ source }}/luajit.tar.gz -C {{ source }} + - watch: + - file: get-luajit2 + - require_in: + - cmd: nginx \ No newline at end of file diff --git a/nginx/init.sls b/nginx/init.sls deleted file mode 100644 index 76abec0..0000000 --- a/nginx/init.sls +++ /dev/null @@ -1,107 +0,0 @@ -include: - - nginx.users - -{% for filename in ('default', 'example_ssl') %} -/etc/nginx/conf.d/{{ filename }}.conf: - file.absent -{% endfor %} - -/etc/nginx/nginx.conf: - file: - - managed - - template: jinja - - user: root - - group: root - - mode: 440 - - source: salt://nginx/files/config.jinja - - require: - - pkg: nginx - -nginx-old-init: - file: - - rename - - name: /usr/share/nginx/init.d - - source: /etc/init.d/nginx - - require: - - pkg: nginx - cmd: - - wait - - name: dpkg-divert --divert /usr/share/nginx/init.d --add /etc/init.d/nginx - - require: - - module: nginx-old-init - - watch: - - file: nginx-old-init - module: - - wait - - name: cmd.run - - cmd: kill `cat /var/run/nginx.pid` - - watch: - - file: nginx-old-init - -nginx-old-init-disable: - cmd: - - wait - - name: update-rc.d -f nginx remove - - require: - - module: nginx-old-init - - watch: - - file: nginx-old-init - -{% set logger_types = ('access', 'error') %} - -{% for log_type in logger_types %} -/var/log/nginx/{{ log_type }}.log: - file.absent - -nginx-logger-{{ log_type }}: - file: - - managed - - name: /etc/init/nginx-logger-{{ log_type }}.conf - - template: jinja - - user: root - - group: root - - mode: 440 - - source: salt://nginx/files/upstart-logger.jinja - - context: - type: {{ log_type }} - service: - - running - - enable: True - - require: - - file: nginx-logger-{{ log_type }} - - pkg: nginx -{% endfor %} - -/etc/logrotate.d/nginx: - file: - - absent - -nginx: - pkg: - - installed - - name: nginx - file: - - managed - - name: /etc/init/nginx.conf - - template: jinja - - user: root - - group: root - - mode: 440 - - source: salt://nginx/files/upstart.jinja - - require: - - pkg: nginx - - file: nginx-old-init - - module: nginx-old-init - service: - - running - - enable: True - - watch: - - file: nginx - - file: /etc/nginx/nginx.conf - - file: /etc/nginx/conf.d/default.conf - - file: /etc/nginx/conf.d/example_ssl.conf - - pkg: nginx - - require: -{% for log_type in logger_types %} - - service: nginx-logger-{{ log_type }} -{% endfor %} diff --git a/openresty.sls b/openresty.sls new file mode 100644 index 0000000..fc51a17 --- /dev/null +++ b/openresty.sls @@ -0,0 +1,31 @@ +{% set nginx = pillar.get('nginx', {}) -%} +{% set home = nginx.get('home', '/var/www') -%} +{% set source = nginx.get('source_root', '/usr/local/src') -%} + +{% set openresty = nginx.get('openresty', {}) -%} +{% set openresty_version = openresty.get('version', '1.2.7.8') -%} +{% set openresty_checksum = openresty.get('checksum', 'sha1=f8bee501529ffec33f9cabc00ea4ca512a8d7b59') -%} +{% set openresty_package = source + '/openresty-' + openresty_version + '.tar.gz' -%} + +get-openresty: + file.managed: + - name: {{ openresty_package }} + - source: http://openresty.org/download/ngx_openresty-{{ openresty_version }}.tar.gz + - source_hash: {{ openresty_checksum }} + cmd.wait: + - cwd: {{ source }} + - name: tar -zxf {{ openresty_package }} -C {{ home }} + - watch: + - file: get-openresty + +install_openresty: + cmd.wait: + - cwd: {{ home }}/ngx_openresty-{{ openresty_version }} + - names: + - ./configure --with-luajit \ + --with-http_drizzle_module \ + --with-http_postgres_module \ + --with-http_iconv_module + - make && make install + - watch: + - cmd: get-openresty diff --git a/package.sls b/package.sls new file mode 100644 index 0000000..56e992c --- /dev/null +++ b/package.sls @@ -0,0 +1,60 @@ + +nginx-old-init: + file: + - rename + - name: /usr/share/nginx/init.d + - source: /etc/init.d/nginx + - require_in: + - file: nginx + cmd: + - wait + - name: dpkg-divert --divert /usr/share/nginx/init.d --add /etc/init.d/nginx + - require: + - module: nginx-old-init + - watch: + - file: nginx-old-init + - require_in: + - file: nginx + module: + - wait + - name: cmd.run + - cmd: kill `cat /var/run/nginx.pid` + - watch: + - file: nginx-old-init + - require_in: + - file: nginx + +nginx-old-init-disable: + cmd: + - wait + - name: update-rc.d -f nginx remove + - require: + - module: nginx-old-init + - watch: + - file: nginx-old-init + +nginx: + pkg.installed: + - name: nginx + file: + - managed + - name: /etc/init/nginx.conf + - template: jinja + - user: root + - group: root + - mode: 440 + - source: salt://nginx/templates/upstart.jinja + - require: + - pkg: nginx + - file: nginx-old-init + - module: nginx-old-init + service: + - running + - enable: True + - restart: True + - watch: + - file: nginx + - file: /etc/nginx/nginx.conf + - file: /etc/nginx/conf.d/default.conf + - file: /etc/nginx/conf.d/example_ssl.conf + - pkg: nginx \ No newline at end of file diff --git a/pillar.example b/pillar.example index e69de29..3e90e79 100644 --- a/pillar.example +++ b/pillar.example @@ -0,0 +1,8 @@ +nginx: + install_from_source: True + with_luajit: False + with_openresty: True + modules: + headers-more: + source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21 + source_hash: sha1=DAFJAKSDFJAKDFJ diff --git a/source.sls b/source.sls new file mode 100644 index 0000000..5a061d3 --- /dev/null +++ b/source.sls @@ -0,0 +1,180 @@ +include: + - nginx.common + +{% set nginx = pillar.get('nginx', {}) -%} +{% set version = nginx.get('version', '1.5.2') -%} +{% set checksum = nginx.get('checksum', 'sha1=3546be28a72251f8823ab6be6a1180d300d06f76') -%} +{% set home = nginx.get('home', '/var/www') -%} +{% set source = nginx.get('source_root', '/usr/local/src') -%} + +{% set nginx_package = source + '/nginx-' + version + '.tar.gz' -%} +{% set nginx_home = home + "/nginx-" + version -%} +{% set nginx_modules_dir = source + "/nginx-modules" -%} + +{% if nginx['with_luajit'] -%} +include: + - nginx.luajit2 +{% endif -%} + +{% if nginx['with_openresty'] -%} +include: + - nginx.openresty +{% endif -%} + +nginx_group: + group.present: + - name: www-data + +nginx_user: + file.directory: + - name: {{ home }} + - user: www-data + - group: www-data + - mode: 0755 + - require: + - user: nginx_user + - group: nginx_group + user.present: + - name: www-data + - home: {{ home }} + - groups: + - www-data + - require: + - group: nginx_group + +get-nginx: + pkg.installed: + - names: + - libpcre3-dev + - build-essential + - libssl-dev + file.managed: + - name: {{ nginx_package }} + - source: http://nginx.org/download/nginx-{{ version }}.tar.gz + - source_hash: {{ checksum }} + cmd.wait: + - cwd: {{ source }} + - name: tar -zxf {{ nginx_package }} -C {{ home }} + - require: + - file: nginx_user + - pkg: get-nginx + - watch: + - file: get-nginx + +{% for name, module in nginx.get('modules', {}) -%} +get-nginx-{{name}}: + file.managed: + - name: {{ nginx_modules_dir }}/{{name}}.tar.gz + - source: {{ module['source'] }} + - source_hash: {{ module['source_hash'] }} + - require: + - file: nginx_user + cmd.wait: + - cwd: {{ nginx_home }} + - names: + - tar -zxf {{ nginx_modules_dir }}/{{name}}.tar.gz -C {{ nginx_modules_dir }}/{{name}} + - watch: + - file: get-nginx + - require_in: + - cmd: make-nginx +{% endfor -%} + +{% if install_luajit -%} + +{% endif -%} + +get-ngx_devel_kit: + file.managed: + - name: {{ source }}/ngx_devel_kit.tar.gz + - source: https://github.com/simpl/ngx_devel_kit/archive/v0.2.18.tar.gz + - source_hash: sha1=e21ba642f26047661ada678b21eef001ee2121d8 + cmd.wait: + - cwd: {{ nginx_home }} + - name: tar -zxf {{ source }}/ngx_devel_kit.tar.gz -C {{ source }} + - watch: + - file: get-ngx_devel_kit + +get-lua-nginx-module: + file.managed: + - name: {{ source }}/lua-nginx-module.tar.gz + - source: https://github.com/chaoslawful/lua-nginx-module/archive/v0.8.3rc1.tar.gz + - source_hash: sha1=49b2fa946517fb2e9b26185d418570e98ff5ff51 + cmd.wait: + - cwd: {{ nginx_home }} + - name: tar -zxf {{ source }}/lua-nginx-module.tar.gz -C {{ source }} + - watch: + - file: get-lua-nginx-module + +{{ home }}: + file.directory: + - user: www-data + - group: www-data + - makedirs: True + - mode: 0755 + +{% for dir in ('body', 'proxy', 'fastcgi') -%} +{{ home }}-{{dir}}: + file.directory: + - name: {{ home }}/{{dir}} + - user: www-data + - group: www-data + - mode: 0755 + - require: + - file: {{ home }} + - require_in: + - service: nginx +{% endfor -%} + +nginx: + cmd.wait: + - cwd: {{ nginx_home }} + - names: + - ./configure --conf-path=/etc/nginx/nginx.conf + --sbin-path=/usr/sbin/nginx + --user=www-data + --group=www-data + --prefix=/usr/local/nginx + --error-log-path=/var/log/nginx/error.log + --pid-path=/var/run/nginx.pid + --lock-path=/var/lock/nginx.lock + --http-log-path=/var/log/nginx/access.log + --with-http_dav_module + --http-client-body-temp-path={{ home }}/body + --http-proxy-temp-path={{ home }}/proxy + --with-http_stub_status_module + --http-fastcgi-temp-path={{ home }}/fastcgi + --with-debug + --with-http_ssl_module + {% for name, module in nginx.get('modules', {}) -%} + --add-module={{nginx_modules_dir}}/{{name}} \ + --with-pcre --with-ipv6 + {% endfor %} + - make -j2 && make install + - watch: + - cmd: get-nginx + - require: + - cmd: get-nginx + - cmd: get-lua-nginx-module + - cmd: get-ngx_devel_kit + - require_in: + - service: nginx + file.managed: + - name: /etc/init/nginx.conf + - template: jinja + - user: root + - group: root + - mode: 440 + - source: salt://nginx/templates/upstart.jinja + - require: + - cmd: nginx + service.running: + - enable: True + - watch: + - file: nginx + - file: /etc/nginx/nginx.conf + - file: /etc/nginx/conf.d/default.conf + - file: /etc/nginx/conf.d/example_ssl.conf + - file: nginx + - require: + - cmd: nginx + - file: {{ home }} diff --git a/nginx/files/config.jinja b/templates/config.jinja similarity index 100% rename from nginx/files/config.jinja rename to templates/config.jinja diff --git a/nginx/files/upstart-logger.jinja b/templates/upstart-logger.jinja similarity index 91% rename from nginx/files/upstart-logger.jinja rename to templates/upstart-logger.jinja index 4efb35e..e5356ad 100644 --- a/nginx/files/upstart-logger.jinja +++ b/templates/upstart-logger.jinja @@ -1,4 +1,4 @@ -# {{ pillar.get('message_do_not_modify') }} +# {{ pillar['message_do_not_modify'] }} # startup script for Nginx loggers start on starting nginx diff --git a/nginx/files/upstart.jinja b/templates/upstart.jinja similarity index 100% rename from nginx/files/upstart.jinja rename to templates/upstart.jinja diff --git a/nginx/users.sls b/users.sls similarity index 96% rename from nginx/users.sls rename to users.sls index 1d820bc..775410a 100644 --- a/nginx/users.sls +++ b/users.sls @@ -16,6 +16,6 @@ nginx_user_{{name}}: - path: {{ htauth }} - require: - pkg: htpasswd - + {% endif -%} {% endfor %} \ No newline at end of file