Updated structure as well as added package and source

2013-08-21 12:01:51 -07:00 · 2013-08-21 12:01:51 -07:00 · eb2bc62f5a
commit eb2bc62f5a
parent 0d192b3928
10 changed files with 473 additions and 0 deletions
--- a/common.sls
+++ b/common.sls
@ -0,0 +1,72 @@
+include:
+  - nrpe
+
+/usr/share/nginx:
+  file:
+    - directory
+
+{% for filename in ('default', 'example_ssl') %}
+/etc/nginx/conf.d/{{ filename }}.conf:
+  file.absent
+{% endfor %}
+
+{% set logger_types = ('access', 'error') %}
+
+{% for log_type in logger_types %}
+/var/log/nginx/{{ log_type }}.log:
+  file.absent
+
+nginx-logger-{{ log_type }}:
+  file:
+    - managed
+    - name: /etc/init/nginx-logger-{{ log_type }}.conf
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: 440
+    - source: salt://nginx/templates/upstart_logger.jinja
+    - context:
+      type: {{ log_type }}
+  service:
+    - running
+    - enable: True
+    - require:
+      - file: nginx-logger-{{ log_type }}
+    - require_in:
+      - service: nginx
+{% endfor %}
+
+/etc/logrotate.d/nginx:
+  file:
+    - absent
+
+{% for dir in ['sites-available', 'sites-enabled'] -%}
+/etc/nginx/{{ dir }}:
+  file.directory:
+    - user: www-data
+    - group: www-data
+    - mode: 0755
+{% endfor -%}
+
+/etc/nginx:
+  file.directory:
+    - user: root
+    - group: root
+
+/etc/nginx/nginx.conf:
+  file:
+    - managed
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: 440
+    - source: salt://nginx/templates/config.jinja
+    - require:
+      - file: /etc/nginx
+
+{% for dir in ('sites-enabled', 'sites-available') %}
+/etc/nginx/{{ dir }}:
+  file.directory:
+    - user: root
+    - group: root
+{% endfor -%}
--- a/init.sls
+++ b/init.sls
@ -0,0 +1,8 @@
+include:
+  - nginx.common
+  - nginx.users
+  # To install from a package
+  # If you want to install from source
+  # simply replace this comment
+  - nginx.package
+
--- a/luajit2.sls
+++ b/luajit2.sls
@ -0,0 +1,16 @@
+{% set nginx = pillar.get('nginx', {}) -%}
+{% set home = nginx.get('home', '/var/www') -%}
+{% set source = nginx.get('source_root', '/usr/local/src') -%}
+
+get-luajit2:
+  file.managed:
+    - name: {{ source }}/luajit.tar.gz
+    - source: http://luajit.org/download/LuaJIT-2.0.1.tar.gz
+    - source_hash: sha1=330492aa5366e4e60afeec72f15e44df8a794db5
+  cmd.wait:
+    - cwd: {{ nginx_home }}
+    - name: tar -zxf {{ source }}/luajit.tar.gz -C {{ source }}
+    - watch:
+      - file: get-luajit2
+    - require_in:
+      - cmd: nginx
--- a/openresty.sls
+++ b/openresty.sls
@ -0,0 +1,31 @@
+{% set nginx = pillar.get('nginx', {}) -%}
+{% set home = nginx.get('home', '/var/www') -%}
+{% set source = nginx.get('source_root', '/usr/local/src') -%}
+
+{% set openresty = nginx.get('openresty', {}) -%}
+{% set openresty_version = openresty.get('version', '1.2.7.8') -%}
+{% set openresty_checksum = openresty.get('checksum', 'sha1=f8bee501529ffec33f9cabc00ea4ca512a8d7b59') -%}
+{% set openresty_package = source + '/openresty-' + openresty_version + '.tar.gz' -%}
+
+get-openresty:
+  file.managed:
+    - name: {{ openresty_package }}
+    - source: http://openresty.org/download/ngx_openresty-{{ openresty_version }}.tar.gz
+    - source_hash: {{ openresty_checksum }}
+  cmd.wait:
+    - cwd: {{ source }}
+    - name: tar -zxf {{ openresty_package }} -C {{ home }}
+    - watch:
+      - file: get-openresty
+
+install_openresty:
+  cmd.wait:
+    - cwd: {{ home }}/ngx_openresty-{{ openresty_version }}
+    - names: 
+      - ./configure --with-luajit \
+                    --with-http_drizzle_module \
+                    --with-http_postgres_module \ 
+                    --with-http_iconv_module
+      - make && make install
+    - watch:
+      - cmd: get-openresty
--- a/package.sls
+++ b/package.sls
@ -0,0 +1,60 @@
+
+nginx-old-init:
+  file:
+    - rename
+    - name: /usr/share/nginx/init.d
+    - source: /etc/init.d/nginx
+    - require_in:
+      - file: nginx
+  cmd:
+    - wait
+    - name: dpkg-divert --divert /usr/share/nginx/init.d --add /etc/init.d/nginx
+    - require:
+      - module: nginx-old-init
+    - watch:
+      - file: nginx-old-init
+    - require_in:
+      - file: nginx
+  module:
+    - wait
+    - name: cmd.run
+    - cmd: kill `cat /var/run/nginx.pid`
+    - watch:
+      - file: nginx-old-init
+    - require_in:
+      - file: nginx
+
+nginx-old-init-disable:
+  cmd:
+    - wait
+    - name: update-rc.d -f nginx remove
+    - require:
+      - module: nginx-old-init
+    - watch:
+      - file: nginx-old-init
+
+nginx:
+  pkg.installed:
+    - name: nginx
+  file:
+    - managed
+    - name: /etc/init/nginx.conf
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: 440
+    - source: salt://nginx/templates/upstart.jinja
+    - require:
+      - pkg: nginx
+      - file: nginx-old-init
+      - module: nginx-old-init
+  service:
+    - running
+    - enable: True
+    - restart: True
+    - watch:
+      - file: nginx
+      - file: /etc/nginx/nginx.conf
+      - file: /etc/nginx/conf.d/default.conf
+      - file: /etc/nginx/conf.d/example_ssl.conf
+      - pkg: nginx
--- a/source.sls
+++ b/source.sls
@ -0,0 +1,180 @@
+include:
+  - nginx.common
+
+{% set nginx = pillar.get('nginx', {}) -%}
+{% set version = nginx.get('version', '1.5.2') -%}
+{% set checksum = nginx.get('checksum', 'sha1=3546be28a72251f8823ab6be6a1180d300d06f76') -%}
+{% set home = nginx.get('home', '/var/www') -%}
+{% set source = nginx.get('source_root', '/usr/local/src') -%}
+
+{% set nginx_package = source + '/nginx-' + version + '.tar.gz' -%}
+{% set nginx_home     = home + "/nginx-" + version -%}
+{% set nginx_modules_dir = source + "/nginx-modules" -%}
+
+{% if nginx['with_luajit'] -%}
+include:
+  - nginx.luajit2
+{% endif -%}
+
+{% if nginx['with_openresty'] -%}
+include:
+  - nginx.openresty
+{% endif -%}
+
+nginx_group:
+  group.present:
+    - name: www-data
+
+nginx_user:
+  file.directory:
+    - name: {{ home }}
+    - user: www-data
+    - group: www-data
+    - mode: 0755
+    - require:
+      - user: nginx_user
+      - group: nginx_group
+  user.present:
+    - name: www-data
+    - home: {{ home }}
+    - groups:
+      - www-data
+    - require:
+      - group: nginx_group
+
+get-nginx:
+  pkg.installed:
+    - names:
+      - libpcre3-dev
+      - build-essential
+      - libssl-dev
+  file.managed:
+    - name: {{ nginx_package }}
+    - source: http://nginx.org/download/nginx-{{ version }}.tar.gz
+    - source_hash: {{ checksum }}
+  cmd.wait:
+    - cwd: {{ source }}
+    - name: tar -zxf {{ nginx_package }} -C {{ home }}
+    - require:
+      - file: nginx_user
+      - pkg: get-nginx
+    - watch:
+      - file: get-nginx
+
+{% for name, module in nginx.get('modules', {}) -%}
+get-nginx-{{name}}:
+  file.managed:
+    - name: {{ nginx_modules_dir }}/{{name}}.tar.gz
+    - source: {{ module['source'] }}
+    - source_hash: {{ module['source_hash'] }}
+    - require:
+      - file: nginx_user
+  cmd.wait:
+    - cwd: {{ nginx_home }}
+    - names: 
+        - tar -zxf {{ nginx_modules_dir }}/{{name}}.tar.gz -C {{ nginx_modules_dir }}/{{name}}
+    - watch:
+      - file: get-nginx
+    - require_in:
+      - cmd: make-nginx
+{% endfor -%}
+
+{% if install_luajit -%}
+
+{% endif -%}
+
+get-ngx_devel_kit:
+  file.managed:
+    - name: {{ source }}/ngx_devel_kit.tar.gz
+    - source: https://github.com/simpl/ngx_devel_kit/archive/v0.2.18.tar.gz
+    - source_hash: sha1=e21ba642f26047661ada678b21eef001ee2121d8
+  cmd.wait:
+    - cwd: {{ nginx_home }}
+    - name: tar -zxf {{ source }}/ngx_devel_kit.tar.gz -C {{ source }}
+    - watch:
+      - file: get-ngx_devel_kit
+
+get-lua-nginx-module:
+  file.managed:
+    - name: {{ source }}/lua-nginx-module.tar.gz
+    - source: https://github.com/chaoslawful/lua-nginx-module/archive/v0.8.3rc1.tar.gz
+    - source_hash: sha1=49b2fa946517fb2e9b26185d418570e98ff5ff51
+  cmd.wait:
+    - cwd: {{ nginx_home }}
+    - name: tar -zxf {{ source }}/lua-nginx-module.tar.gz -C {{ source }}
+    - watch:
+      - file: get-lua-nginx-module
+
+{{ home }}:
+  file.directory:
+    - user: www-data
+    - group: www-data
+    - makedirs: True
+    - mode: 0755
+
+{% for dir in ('body', 'proxy', 'fastcgi') -%}
+{{ home }}-{{dir}}:
+  file.directory:
+    - name: {{ home }}/{{dir}}
+    - user: www-data
+    - group: www-data
+    - mode: 0755
+    - require:
+      - file: {{ home }}
+    - require_in:
+      - service: nginx
+{% endfor -%}
+
+nginx:
+  cmd.wait:
+    - cwd: {{ nginx_home }}
+    - names:
+      - ./configure --conf-path=/etc/nginx/nginx.conf
+        --sbin-path=/usr/sbin/nginx
+        --user=www-data
+        --group=www-data
+        --prefix=/usr/local/nginx
+        --error-log-path=/var/log/nginx/error.log
+        --pid-path=/var/run/nginx.pid
+        --lock-path=/var/lock/nginx.lock 
+        --http-log-path=/var/log/nginx/access.log 
+        --with-http_dav_module 
+        --http-client-body-temp-path={{ home }}/body 
+        --http-proxy-temp-path={{ home }}/proxy 
+        --with-http_stub_status_module 
+        --http-fastcgi-temp-path={{ home }}/fastcgi 
+        --with-debug 
+        --with-http_ssl_module 
+        {% for name, module in nginx.get('modules', {}) -%}
+        --add-module={{nginx_modules_dir}}/{{name}} \
+        --with-pcre --with-ipv6
+        {% endfor %}
+      - make -j2 && make install
+    - watch:
+      - cmd: get-nginx
+    - require:
+      - cmd: get-nginx
+      - cmd: get-lua-nginx-module
+      - cmd: get-ngx_devel_kit
+    - require_in:
+      - service: nginx
+  file.managed:
+    - name: /etc/init/nginx.conf
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: 440
+    - source: salt://nginx/templates/upstart.jinja
+    - require:
+      - cmd: nginx
+  service.running:
+    - enable: True
+    - watch:
+      - file: nginx
+      - file: /etc/nginx/nginx.conf
+      - file: /etc/nginx/conf.d/default.conf
+      - file: /etc/nginx/conf.d/example_ssl.conf
+      - file: nginx
+    - require:
+      - cmd: nginx
+      - file: {{ home }}
--- a/templates/config.jinja
+++ b/templates/config.jinja
@ -0,0 +1,58 @@
+{% set nginx = pillar.get('nginx', {}) -%}
+{% set user = nginx.get('user', 'www-data') -%}
+{% set group = nginx.get('group', 'www-data') -%}
+user   {{ user }} {{ group }};
+worker_processes  {{ nginx.get('worker_processes', 1) }};
+
+error_log /var/log/nginx/error.fifo warn;
+pid {{ nginx.get('pid', '/var/run/nginx.pid') }};
+daemon {{ nginx.get('daemon', 'off') }};
+
+events {
+    worker_connections {{ nginx.get('events', {}).get('worker_connections', 1024) }};
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    log_format main '$scheme://$host:$server_port$uri$is_args$args $remote_addr:$remote_user "$request" $request_time $request_length:$bytes_sent $status "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
+    access_log /var/log/nginx/access.fifo main;
+    sendfile {{ nginx.get('sendfile', 'on') }};
+    #tcp_nopush on;
+    keepalive_timeout {{ nginx.get('keepalive_timeout', 65) }};
+    server_names_hash_bucket_size {{ nginx.get('server_names_hash_bucket_size', 128) }};
+    server_names_hash_max_size {{ nginx.get('server_names_hash_max_size', 1024) }};
+    types_hash_max_size {{ nginx.get('types_hash_max_size', 8192) }};
+
+    gzip {{ nginx.get('gzip', 'on') }};
+    gzip_vary {{ nginx.get('gzip_vary', 'on') }};
+    gzip_proxied {{ nginx.get('gzip_proxied', 'any') }};
+    gzip_comp_level {{ nginx.get('gzip_comp_level', 6) }};
+    gzip_buffers {{ nginx.get('gzip_buffers', '16 8k') }};
+    gzip_http_version {{ nginx.get('gzip_http_version', '1.1') }};
+    gzip_types {{ nginx.get('gzip_types', ['text/plain', 'text/css', 'application/json', 'application/x-javascript', 'text/xml', 'application/xml', 'application/xml+rss', 'text/javascript'])|join(' ') }};
+
+    # turn on nginx_status on localhost
+    server {
+        listen 127.0.0.1:80;
+        server_name 127.0.0.1;
+        location /nginx_status {
+            stub_status on;
+            access_log off;
+            allow 127.0.0.1;
+            deny all;
+        }
+    }
+{% if pillar['nginx'] is defined -%}
+{% if pillar['nginx']['redirect_numeric_ip']|default(False) %}
+    server {
+        server_name {% for ip in salt['network.interfaces']()['eth0']['inet'] %}{{ ip['address'] }}:80{% if not loop.last %} {% endif %}{% endfor %};
+        return 302 {{ pillar['nginx']['redirect_numeric_ip'] }};
+        access_log off;
+    }
+{% endif %}
+{% endif %}
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*.conf;
+}
--- a/templates/upstart-logger.jinja
+++ b/templates/upstart-logger.jinja
@ -0,0 +1,19 @@
+# {{ pillar['message_do_not_modify'] }}
+# startup script for Nginx loggers
+
+start on starting nginx
+stop on runlevel [!2345]
+
+respawn
+
+pre-start script
+    if [ ! -r /var/log/nginx/{{ type }}.fifo ]; then
+        mkfifo /var/log/nginx/{{ type }}.fifo
+        chown root.root /var/log/nginx/{{ type }}.fifo
+        chmod 660 /var/log/nginx/{{ type }}.fifo
+    fi
+end script
+
+emits nginx-logger-{{ type }}
+
+exec logger -f /var/log/nginx/{{ type }}.fifo -t nginx -p {% if type == 'error' %}warn{% else %}debug{% endif %}
--- a/templates/upstart.jinja
+++ b/templates/upstart.jinja
@ -0,0 +1,8 @@
+# startup script for Nginx
+
+respawn
+
+start on filesystem or runlevel [2345]
+stop on runlevel [!2345]
+
+exec /usr/sbin/nginx -c /etc/nginx/nginx.conf
--- a/users.sls
+++ b/users.sls
@ -0,0 +1,21 @@
+{% set nginx  = pillar.get('nginx', {}) -%}
+{% set htauth = nginx.get('htpasswd', '/etc/nginx/.htpasswd') -%}
+
+htpasswd:
+  pkg.installed:
+    - name: apache2-utils
+
+{% for name, user in pillar.get('users', {}).items() %}
+{% if user['webauth'] is defined -%}
+
+nginx_user_{{name}}:
+  module.run:
+    - name: basicauth.adduser
+    - user: {{ name }}
+    - passwd: {{ user['webauth'] }}
+    - path: {{ htauth }}
+    - require:
+      - pkg: htpasswd
+
+{% endif -%}
+{% endfor %}