From 4edd99fca764f4364d810218ad95416589b56400 Mon Sep 17 00:00:00 2001 From: Florent Audebert Date: Mon, 29 Jun 2020 14:27:51 +0200 Subject: [PATCH 1/6] refactor(import): uniformize map.jinja imports This is already done mostly everywhere and covers few remaining locations. --- nginx/certificates.sls | 3 ++- nginx/init.sls | 3 ++- nginx/pkg.sls | 3 ++- nginx/src.sls | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/nginx/certificates.sls b/nginx/certificates.sls index 2a8330b5..2bd6b494 100644 --- a/nginx/certificates.sls +++ b/nginx/certificates.sls @@ -1,4 +1,5 @@ -{% from 'nginx/map.jinja' import nginx with context %} +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ '/map.jinja' import nginx with context %} include: - nginx.service diff --git a/nginx/init.sls b/nginx/init.sls index 7ad31bd2..fc60e847 100644 --- a/nginx/init.sls +++ b/nginx/init.sls @@ -2,7 +2,8 @@ # # Meta-state to fully install nginx. -{%- from 'nginx/map.jinja' import nginx, sls_block with context %} +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ '/map.jinja' import nginx with context %} include: {%- if nginx.ng is defined %} diff --git a/nginx/pkg.sls b/nginx/pkg.sls index 11d91eca..c8b0feb0 100644 --- a/nginx/pkg.sls +++ b/nginx/pkg.sls @@ -2,7 +2,8 @@ # # Manages installation of nginx from pkg. -{% from 'nginx/map.jinja' import nginx, sls_block with context %} +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ '/map.jinja' import nginx, sls_block with context %} {%- if nginx.install_from_repo %} {% set from_official = true %} {% set from_ppa = false %} diff --git a/nginx/src.sls b/nginx/src.sls index b97b8b99..7a04be5d 100644 --- a/nginx/src.sls +++ b/nginx/src.sls @@ -2,7 +2,8 @@ # # Manages installation of nginx from source. -{% from 'nginx/map.jinja' import nginx, sls_block with context %} +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ '/map.jinja' import nginx, sls_block with context %} nginx_deps: pkg.installed: From 591919e0a40bdeb286ee73c6db8d85b0652a0462 Mon Sep 17 00:00:00 2001 From: Florent Audebert Date: Wed, 1 Jul 2020 18:57:31 +0200 Subject: [PATCH 2/6] refactor(certs): use jinja.map to get pillars --- nginx/certificates.sls | 27 +++++++++++++-------------- nginx/map.jinja | 3 +++ 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/nginx/certificates.sls b/nginx/certificates.sls index 2bd6b494..b833d6c9 100644 --- a/nginx/certificates.sls +++ b/nginx/certificates.sls @@ -4,17 +4,16 @@ include: - nginx.service -{% set certificates_path = salt['pillar.get']('nginx:certificates_path', '/etc/nginx/ssl') %} prepare_certificates_path_dir: file.directory: - - name: {{ certificates_path }} + - name: {{ nginx.certificates_path }} - makedirs: True -{%- for dh_param, value in salt['pillar.get']('nginx:dh_param', {}).items() %} +{%- for dh_param, value in nginx.dh_param.items() %} {%- if value is string %} create_nginx_dhparam_{{ dh_param }}_key: file.managed: - - name: {{ certificates_path }}/{{ dh_param }} + - name: {{ nginx.certificates_path }}/{{ dh_param }} - contents_pillar: nginx:dh_param:{{ dh_param }} - makedirs: True - require: @@ -27,8 +26,8 @@ generate_nginx_dhparam_{{ dh_param }}_key: - name: {{ nginx.lookup.openssl_package }} cmd.run: - name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }} - - cwd: {{ certificates_path }} - - creates: {{ certificates_path }}/{{ dh_param }} + - cwd: {{ nginx.certificates_path }} + - creates: {{ nginx.certificates_path }}/{{ dh_param }} - require: - file: prepare_certificates_path_dir - watch_in: @@ -36,28 +35,28 @@ generate_nginx_dhparam_{{ dh_param }}_key: {%- endif %} {%- endfor %} -{%- for domain in salt['pillar.get']('nginx:certificates', {}).keys() %} +{%- for domain in nginx.certificates.keys() %} nginx_{{ domain }}_ssl_certificate: file.managed: - - name: {{ certificates_path }}/{{ domain }}.crt + - name: {{ nginx.certificates_path }}/{{ domain }}.crt - makedirs: True -{% if salt['pillar.get']("nginx:certificates:{}:public_cert_pillar".format(domain)) %} - - contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:public_cert_pillar'.format(domain)) }} +{% if domain in nginx.certificates and 'public_cert_pillar' in nginx.certificates[domain] %} + - contents_pillar: {{ nginx.certificates[domain].public_cert_pillar }} {% else %} - contents_pillar: nginx:certificates:{{ domain }}:public_cert {% endif %} - watch_in: - service: nginx_service -{% if salt['pillar.get']("nginx:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %} +{% if 'private_key' in nginx.certificates[domain] or 'private_key_pillar' in nginx.certificates[domain] %} nginx_{{ domain }}_ssl_key: file.managed: - - name: {{ certificates_path }}/{{ domain }}.key + - name: {{ nginx.certificates_path }}/{{ domain }}.key - mode: 600 - makedirs: True -{% if salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %} - - contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:private_key_pillar'.format(domain)) }} +{% if 'private_key_pillar' in nginx.certificates[domain] %} + - contents_pillar: {{ nginx.certificates[domain].private_key_pillar }} {% else %} - contents_pillar: nginx:certificates:{{ domain }}:private_key {% endif %} diff --git a/nginx/map.jinja b/nginx/map.jinja index c2733492..98f2420d 100644 --- a/nginx/map.jinja +++ b/nginx/map.jinja @@ -125,6 +125,9 @@ 'enable': True, 'opts': {}, }, + 'certificates_path': '/etc/nginx/ssl', + 'dh_param': {}, + 'certificates': {}, 'server': { 'opts': {}, 'config': { From 01a0c9623a4b9e78916928966d48017993f1c3f5 Mon Sep 17 00:00:00 2001 From: Florent Audebert Date: Mon, 29 Jun 2020 14:45:59 +0200 Subject: [PATCH 3/6] refactor(meta-state): use relative includes Allow to rename the meta-state without having to change substates references. This might be useful one wants to use this formula with a (renamed) fork within the same environment. --- nginx/certificates.sls | 2 +- nginx/common.sls | 2 +- nginx/init.sls | 12 ++++++------ nginx/luajit2.sls | 2 +- nginx/ng/certificates.sls | 2 +- nginx/ng/config.sls | 2 +- nginx/ng/init.sls | 2 +- nginx/ng/passenger.sls | 2 +- nginx/ng/pkg.sls | 2 +- nginx/ng/servers.sls | 2 +- nginx/ng/servers_config.sls | 2 +- nginx/ng/service.sls | 2 +- nginx/ng/snippets.sls | 2 +- nginx/ng/src.sls | 2 +- nginx/openresty.sls | 2 +- nginx/package.sls | 2 +- nginx/passenger.sls | 12 ++++++------ nginx/servers.sls | 4 ++-- nginx/service.sls | 8 ++++---- nginx/source.sls | 2 +- nginx/sysvinit.sls | 2 +- nginx/upstart.sls | 2 +- nginx/users.sls | 2 +- 23 files changed, 37 insertions(+), 37 deletions(-) diff --git a/nginx/certificates.sls b/nginx/certificates.sls index b833d6c9..6237eefb 100644 --- a/nginx/certificates.sls +++ b/nginx/certificates.sls @@ -2,7 +2,7 @@ {%- from tplroot ~ '/map.jinja' import nginx with context %} include: - - nginx.service + - .service prepare_certificates_path_dir: file.directory: diff --git a/nginx/common.sls b/nginx/common.sls index 1999cba1..25f1b36e 100644 --- a/nginx/common.sls +++ b/nginx/common.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/init.sls b/nginx/init.sls index fc60e847..57f889e4 100644 --- a/nginx/init.sls +++ b/nginx/init.sls @@ -7,15 +7,15 @@ include: {%- if nginx.ng is defined %} - - nginx.deprecated + - .deprecated {%- endif %} - - nginx.config - - nginx.service + - .config + - .service {%- if nginx.snippets is defined %} - - nginx.snippets + - .snippets {%- endif %} - - nginx.servers - - nginx.certificates + - .servers + - .certificates extend: nginx_service: diff --git a/nginx/luajit2.sls b/nginx/luajit2.sls index 1999cba1..25f1b36e 100644 --- a/nginx/luajit2.sls +++ b/nginx/luajit2.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/ng/certificates.sls b/nginx/ng/certificates.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/certificates.sls +++ b/nginx/ng/certificates.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/config.sls b/nginx/ng/config.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/config.sls +++ b/nginx/ng/config.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/init.sls b/nginx/ng/init.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/init.sls +++ b/nginx/ng/init.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/passenger.sls b/nginx/ng/passenger.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/passenger.sls +++ b/nginx/ng/passenger.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/pkg.sls b/nginx/ng/pkg.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/pkg.sls +++ b/nginx/ng/pkg.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/servers.sls b/nginx/ng/servers.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/servers.sls +++ b/nginx/ng/servers.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/servers_config.sls b/nginx/ng/servers_config.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/servers_config.sls +++ b/nginx/ng/servers_config.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/service.sls b/nginx/ng/service.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/service.sls +++ b/nginx/ng/service.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/snippets.sls b/nginx/ng/snippets.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/snippets.sls +++ b/nginx/ng/snippets.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/src.sls b/nginx/ng/src.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/src.sls +++ b/nginx/ng/src.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/openresty.sls b/nginx/openresty.sls index 1999cba1..25f1b36e 100644 --- a/nginx/openresty.sls +++ b/nginx/openresty.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/package.sls b/nginx/package.sls index 1999cba1..25f1b36e 100644 --- a/nginx/package.sls +++ b/nginx/package.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/passenger.sls b/nginx/passenger.sls index 91808c0a..f2ec555f 100644 --- a/nginx/passenger.sls +++ b/nginx/passenger.sls @@ -9,14 +9,14 @@ {% if salt['grains.get']('os_family') in ['Debian', 'RedHat'] %} include: - - nginx.pkg - - nginx.config - - nginx.service + - .pkg + - .config + - .service {%- if nginx.snippets is defined %} - - nginx.snippets + - .snippets {%- endif %} - - nginx.servers - - nginx.certificates + - .servers + - .certificates passenger_install: pkg.installed: diff --git a/nginx/servers.sls b/nginx/servers.sls index f3033bb2..33901d01 100644 --- a/nginx/servers.sls +++ b/nginx/servers.sls @@ -14,8 +14,8 @@ {% endmacro %} include: - - nginx.service - - nginx.servers_config + - .service + - .servers_config {% if server_states|length() > 0 %} nginx_service_reload: diff --git a/nginx/service.sls b/nginx/service.sls index 9cbc5cc8..6d82835a 100644 --- a/nginx/service.sls +++ b/nginx/service.sls @@ -10,9 +10,9 @@ include: {% if nginx.install_from_source %} - - nginx.src + - .src {% else %} - - nginx.pkg + - .pkg {% endif %} {% if nginx.install_from_source %} @@ -32,9 +32,9 @@ nginx_service: - enable: {{ nginx.service.enable }} - require: {% if nginx.install_from_source %} - - sls: nginx.src + - sls: {{ tplroot }}.src {% else %} - - sls: nginx.pkg + - sls: {{ tplroot }}.pkg {% endif %} - listen: {% if nginx.install_from_source %} diff --git a/nginx/source.sls b/nginx/source.sls index 1999cba1..25f1b36e 100644 --- a/nginx/source.sls +++ b/nginx/source.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/sysvinit.sls b/nginx/sysvinit.sls index 1999cba1..25f1b36e 100644 --- a/nginx/sysvinit.sls +++ b/nginx/sysvinit.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/upstart.sls b/nginx/upstart.sls index 1999cba1..25f1b36e 100644 --- a/nginx/upstart.sls +++ b/nginx/upstart.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/users.sls b/nginx/users.sls index 1999cba1..25f1b36e 100644 --- a/nginx/users.sls +++ b/nginx/users.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated From 1df077b2c6d68399b2da5f45545197c680d7b989 Mon Sep 17 00:00:00 2001 From: Florent Audebert Date: Mon, 29 Jun 2020 14:32:16 +0200 Subject: [PATCH 4/6] refactor(pillar): namespace defaults to meta-state name This might be useful if one wants to use this formula with a (renamed) fork within the same environment. Note this also permits to override pillar namespace by defining '{meta-state name}:pillar:namespace: str'. --- nginx/certificates.sls | 8 ++++---- nginx/map.jinja | 4 +++- pillar.example | 4 ++++ 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/nginx/certificates.sls b/nginx/certificates.sls index 6237eefb..bf93449d 100644 --- a/nginx/certificates.sls +++ b/nginx/certificates.sls @@ -1,5 +1,5 @@ {%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ '/map.jinja' import nginx with context %} +{%- from tplroot ~ '/map.jinja' import nginx, pillar_namespace with context %} include: - .service @@ -14,7 +14,7 @@ prepare_certificates_path_dir: create_nginx_dhparam_{{ dh_param }}_key: file.managed: - name: {{ nginx.certificates_path }}/{{ dh_param }} - - contents_pillar: nginx:dh_param:{{ dh_param }} + - contents_pillar: {{ pillar_namespace }}:dh_param:{{ dh_param }} - makedirs: True - require: - file: prepare_certificates_path_dir @@ -44,7 +44,7 @@ nginx_{{ domain }}_ssl_certificate: {% if domain in nginx.certificates and 'public_cert_pillar' in nginx.certificates[domain] %} - contents_pillar: {{ nginx.certificates[domain].public_cert_pillar }} {% else %} - - contents_pillar: nginx:certificates:{{ domain }}:public_cert + - contents_pillar: {{ pillar_namespace }}:certificates:{{ domain }}:public_cert {% endif %} - watch_in: - service: nginx_service @@ -58,7 +58,7 @@ nginx_{{ domain }}_ssl_key: {% if 'private_key_pillar' in nginx.certificates[domain] %} - contents_pillar: {{ nginx.certificates[domain].private_key_pillar }} {% else %} - - contents_pillar: nginx:certificates:{{ domain }}:private_key + - contents_pillar: {{ pillar_namespace }}:certificates:{{ domain }}:private_key {% endif %} - watch_in: - service: nginx_service diff --git a/nginx/map.jinja b/nginx/map.jinja index 98f2420d..4cd39efa 100644 --- a/nginx/map.jinja +++ b/nginx/map.jinja @@ -4,7 +4,9 @@ {% endfor %} {% endmacro %} -{% set nginx = salt['pillar.get']('nginx', { +{%- set tplroot = tpldir.split('/')[0] %} +{% set pillar_namespace = salt['pillar.get']('{}:pillar:namespace'.format(tplroot), tplroot) %} +{% set nginx = salt['pillar.get'](pillar_namespace, { 'lookup': salt['grains.filter_by']({ 'Debian': { 'package': 'nginx', diff --git a/pillar.example b/pillar.example index 3654979e..a749942b 100644 --- a/pillar.example +++ b/pillar.example @@ -357,3 +357,7 @@ nginx: - alt_nginx.service nginx_snippet_file_managed: - alt_server.conf + + # Configure formula pillar namespace + pillar: + namespace: nginx From 1317fb559cf81f6c81d81ef413ff82418636e955 Mon Sep 17 00:00:00 2001 From: Florent Audebert Date: Thu, 2 Jul 2020 10:39:35 +0200 Subject: [PATCH 5/6] refactor(pillar): store defaults into yaml files --- nginx/defaults.yaml | 56 +++++++++++++ nginx/map.jinja | 176 ++--------------------------------------- nginx/osfamilymap.yaml | 110 ++++++++++++++++++++++++++ 3 files changed, 174 insertions(+), 168 deletions(-) create mode 100644 nginx/defaults.yaml create mode 100644 nginx/osfamilymap.yaml diff --git a/nginx/defaults.yaml b/nginx/defaults.yaml new file mode 100644 index 00000000..88f863ea --- /dev/null +++ b/nginx/defaults.yaml @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +nginx: + lookup: {} + install_from_source: false + install_from_ppa: false + install_from_repo: false + install_from_phusionpassenger: false + ppa_version: stable + source_version: 1.10.0 + source_hash: 8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d + source: + opts: {} + package: + opts: {} + service: + enable: true + opts: {} + certificates_path: /etc/nginx/ssl + dh_param: {} + certificates: {} + server: + opts: {} + config: + worker_processes: auto + events: + worker_connections: 512 + http: + sendfile: 'on' + tcp_nopush: 'on' + tcp_nodelay: 'on' + keepalive_timeout: 65 + types_hash_max_size: 2048 + default_type: application/octet-stream + access_log: /var/log/nginx/access.log + error_log: /var/log/nginx/error.log + gzip: 'off' + gzip_disable: '"msie6"' + include: + - mime.types + - conf.d/*.conf + - sites-enabled/* + servers: + disabled_postfix: .disabled + symlink_opts: {} + rename_opts: {} + managed_opts: + makedirs: true + dir_opts: + makedirs: true + managed: {} + purge_servers_config: false + passenger: + passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini + passenger_ruby: /usr/bin/ruby diff --git a/nginx/map.jinja b/nginx/map.jinja index 4cd39efa..455167a6 100644 --- a/nginx/map.jinja +++ b/nginx/map.jinja @@ -6,174 +6,14 @@ {%- set tplroot = tpldir.split('/')[0] %} {% set pillar_namespace = salt['pillar.get']('{}:pillar:namespace'.format(tplroot), tplroot) %} -{% set nginx = salt['pillar.get'](pillar_namespace, { - 'lookup': salt['grains.filter_by']({ - 'Debian': { - 'package': 'nginx', - 'passenger_package': 'passenger', - 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf', - 'service': 'nginx', - 'webuser': 'www-data', - 'conf_file': '/etc/nginx/nginx.conf', - 'server_available': '/etc/nginx/sites-available', - 'server_enabled': '/etc/nginx/sites-enabled', - 'snippets_dir': '/etc/nginx/snippets', - 'server_use_symlink': True, - 'pid_file': '/run/nginx.pid', - 'openssl_package': 'openssl', - }, - 'CentOS': { - 'package': 'nginx', - 'passenger_package': 'passenger', - 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf', - 'service': 'nginx', - 'webuser': 'nginx', - 'conf_file': '/etc/nginx/nginx.conf', - 'server_available': '/etc/nginx/conf.d', - 'server_enabled': '/etc/nginx/conf.d', - 'snippets_dir': '/etc/nginx/snippets', - 'server_use_symlink': False, - 'pid_file': '/run/nginx.pid', - 'rh_os_releasever': '$releasever', - 'gpg_check': False, - 'gpg_key': 'http://nginx.org/keys/nginx_signing.key', - 'openssl_package': 'openssl', - }, - 'RedHat': { - 'package': 'nginx', - 'passenger_package': 'passenger', - 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf', - 'service': 'nginx', - 'webuser': 'nginx', - 'conf_file': '/etc/nginx/nginx.conf', - 'server_available': '/etc/nginx/conf.d', - 'server_enabled': '/etc/nginx/conf.d', - 'snippets_dir': '/etc/nginx/snippets', - 'server_use_symlink': False, - 'pid_file': '/run/nginx.pid', - 'rh_os_releasever': '$releasever', - 'gpg_check': False, - 'gpg_key': 'http://nginx.org/keys/nginx_signing.key', - 'passenger': { - 'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini', - 'passenger_instance_registry_dir': ' /var/run/passenger-instreg', - 'passenger_ruby': '/usr/bin/ruby', - }, - 'openssl_package': 'openssl', - }, - 'Suse': { - 'package': 'nginx', - 'service': 'nginx', - 'webuser': 'nginx', - 'conf_file': '/etc/nginx/nginx.conf', - 'server_available': '/etc/nginx/vhosts.d', - 'server_enabled': '/etc/nginx/vhosts.d', - 'snippets_dir': '/etc/nginx/snippets', - 'server_use_symlink': False, - 'pid_file': '/run/nginx.pid', - 'gpg_check': True, - 'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_{{ grains.osrelease }}/repodata/repomd.xml.key', - 'openssl_package': 'openssl', - }, - 'Arch': { - 'package': 'nginx', - 'service': 'nginx', - 'webuser': 'http', - 'conf_file': '/etc/nginx/nginx.conf', - 'server_available': '/etc/nginx/sites-available', - 'server_enabled': '/etc/nginx/sites-enabled', - 'snippets_dir': '/etc/nginx/snippets', - 'server_use_symlink': True, - 'openssl_package': 'openssl', - }, - 'Gentoo': { - 'package': 'www-servers/nginx', - 'service': 'nginx', - 'webuser': 'nginx', - 'conf_file': '/etc/nginx/nginx.conf', - 'server_available': '/etc/nginx/sites-available', - 'server_enabled': '/etc/nginx/sites-enabled', - 'snippets_dir': '/etc/nginx/snippets', - 'server_use_symlink': True, - 'openssl_package': 'dev-libs/openssl', - }, - 'FreeBSD': { - 'package': 'nginx', - 'passenger_package': 'passenger', - 'service': 'nginx', - 'webuser': 'www', - 'conf_file': '/usr/local/etc/nginx/nginx.conf', - 'server_available': '/usr/local/etc/nginx/sites-available', - 'server_enabled': '/usr/local/etc/nginx/sites-enabled', - 'snippets_dir': '/usr/local/etc/nginx/snippets', - 'server_use_symlink': True, - 'pid_file': '/var/run/nginx.pid', - }, - }, default='Debian' ), - 'install_from_source': False, - 'install_from_ppa': False, - 'install_from_repo': False, - 'install_from_phusionpassenger': False, - 'ppa_version': 'stable', - 'source_version': '1.10.0', - 'source_hash': '8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d', - 'source': { - 'opts': {}, - }, - 'package': { - 'opts': {}, - }, - 'service': { - 'enable': True, - 'opts': {}, - }, - 'certificates_path': '/etc/nginx/ssl', - 'dh_param': {}, - 'certificates': {}, - 'server': { - 'opts': {}, - 'config': { - 'worker_processes': 'auto', - 'events': { - 'worker_connections': 512, - }, - 'http': { - 'sendfile': 'on', - 'tcp_nopush': 'on', - 'tcp_nodelay': 'on', - 'keepalive_timeout': '65', - 'types_hash_max_size': '2048', - 'default_type': 'application/octet-stream', - 'access_log': '/var/log/nginx/access.log', - 'error_log': '/var/log/nginx/error.log', - 'gzip': 'off', - 'gzip_disable': '"msie6"', - 'include': [ - 'mime.types', - 'conf.d/*.conf', - 'sites-enabled/*', - ], - }, - }, - }, - 'servers': { - 'disabled_postfix': '.disabled', - 'symlink_opts': {}, - 'rename_opts': {}, - 'managed_opts': { - 'makedirs': True, - }, - 'dir_opts': { - 'makedirs': True, - }, - 'managed': {}, - 'purge_servers_config': False, - }, - 'passenger': { - 'passenger_root': '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', - 'passenger_ruby': '/usr/bin/ruby', - }, -}, merge=True) %} + +{% import_yaml tplroot ~ "/defaults.yaml" as defaults %} +{% import_yaml tplroot ~ "/osfamilymap.yaml" as osfamilymap %} + +{% set osfamily = salt['grains.filter_by'](osfamilymap, grain='os_family') or {} %} +{% do salt['defaults.merge'](defaults.nginx, osfamily) %} + +{% set nginx = salt['pillar.get'](pillar_namespace, default=defaults.nginx, merge=True) %} {% if 'user' not in nginx.server.config %} {% do nginx.server.config.update({ diff --git a/nginx/osfamilymap.yaml b/nginx/osfamilymap.yaml new file mode 100644 index 00000000..146a5f28 --- /dev/null +++ b/nginx/osfamilymap.yaml @@ -0,0 +1,110 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +Debian: + lookup: + package: nginx + passenger_package: passenger + passenger_config_file: /etc/nginx/conf.d/passenger.conf + service: nginx + webuser: www-data + conf_file: /etc/nginx/nginx.conf + server_available: /etc/nginx/sites-available + server_enabled: /etc/nginx/sites-enabled + snippets_dir: /etc/nginx/snippets + server_use_symlink: true + pid_file: /run/nginx.pid + openssl_package: openssl + +CentOS: + lookup: + package: nginx + passenger_package: passenger + passenger_config_file: /etc/nginx/conf.d/passenger.conf + service: nginx + webuser: nginx + conf_file: /etc/nginx/nginx.conf + server_available: /etc/nginx/conf.d + server_enabled: /etc/nginx/conf.d + snippets_dir: /etc/nginx/snippets + server_use_symlink: false + pid_file: /run/nginx.pid + rh_os_releasever: $releasever + gpg_check: false + gpg_key: http://nginx.org/keys/nginx_signing.key + openssl_package: openssl + +RedHat: + lookup: + package: nginx + passenger_package: passenger + passenger_config_file: /etc/nginx/conf.d/passenger.conf + service: nginx + webuser: nginx + conf_file: /etc/nginx/nginx.conf + server_available: /etc/nginx/conf.d + server_enabled: /etc/nginx/conf.d + snippets_dir: /etc/nginx/snippets + server_use_symlink: false + pid_file: /run/nginx.pid + rh_os_releasever: $releasever + gpg_check: false + gpg_key: http://nginx.org/keys/nginx_signing.key + passenger: + passenger_root: /usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini + passenger_instance_registry_dir: /var/run/passenger-instreg + passenger_ruby: /usr/bin/ruby + openssl_package: openssl + +Suse: + lookup: + package: nginx + service: nginx + webuser: nginx + conf_file: /etc/nginx/nginx.conf + server_available: /etc/nginx/vhosts.d + server_enabled: /etc/nginx/vhosts.d + snippets_dir: /etc/nginx/snippets + server_use_symlink: false + pid_file: /run/nginx.pid + gpg_check: true + gpg_key: "http://download.opensuse.org/repositories/server:/http/openSUSE_\ + {{ grains.osrelease }}/repodata/repomd.xml.key" + openssl_package: openssl + +Arch: + lookup: + package: nginx + service: nginx + webuser: http + conf_file: /etc/nginx/nginx.conf + server_available: /etc/nginx/sites-available + server_enabled: /etc/nginx/sites-enabled + snippets_dir: /etc/nginx/snippets + server_use_symlink: true + openssl_package: openssl + +Gentoo: + lookup: + package: www-servers/nginx + service: nginx + webuser: nginx + conf_file: /etc/nginx/nginx.conf + server_available: /etc/nginx/sites-available + server_enabled: /etc/nginx/sites-enabled + snippets_dir: /etc/nginx/snippets + server_use_symlink: true + openssl_package: dev-libs/openssl + +FreeBSD: + lookup: + package: nginx + passenger_package: passenger + service: nginx + webuser: www + conf_file: /usr/local/etc/nginx/nginx.conf + server_available: /usr/local/etc/nginx/sites-available + server_enabled: /usr/local/etc/nginx/sites-enabled + snippets_dir: /usr/local/etc/nginx/snippets + server_use_symlink: true + pid_file: /var/run/nginx.pid From 5d1addc7ba39cb74bca07ae5fabb398ad2d56621 Mon Sep 17 00:00:00 2001 From: Florent Audebert Date: Thu, 2 Jul 2020 10:45:55 +0200 Subject: [PATCH 6/6] refactor(pillar): factorize some defaults --- nginx/defaults.yaml | 6 +++++- nginx/osfamilymap.yaml | 25 ------------------------- 2 files changed, 5 insertions(+), 26 deletions(-) diff --git a/nginx/defaults.yaml b/nginx/defaults.yaml index 88f863ea..9fcc5ae6 100644 --- a/nginx/defaults.yaml +++ b/nginx/defaults.yaml @@ -2,7 +2,11 @@ # vim: ft=yaml --- nginx: - lookup: {} + lookup: + package: nginx + service: nginx + conf_file: /etc/nginx/nginx.conf + snippets_dir: /etc/nginx/snippets install_from_source: false install_from_ppa: false install_from_repo: false diff --git a/nginx/osfamilymap.yaml b/nginx/osfamilymap.yaml index 146a5f28..f8623d5e 100644 --- a/nginx/osfamilymap.yaml +++ b/nginx/osfamilymap.yaml @@ -3,30 +3,22 @@ --- Debian: lookup: - package: nginx passenger_package: passenger passenger_config_file: /etc/nginx/conf.d/passenger.conf - service: nginx webuser: www-data - conf_file: /etc/nginx/nginx.conf server_available: /etc/nginx/sites-available server_enabled: /etc/nginx/sites-enabled - snippets_dir: /etc/nginx/snippets server_use_symlink: true pid_file: /run/nginx.pid openssl_package: openssl CentOS: lookup: - package: nginx passenger_package: passenger passenger_config_file: /etc/nginx/conf.d/passenger.conf - service: nginx webuser: nginx - conf_file: /etc/nginx/nginx.conf server_available: /etc/nginx/conf.d server_enabled: /etc/nginx/conf.d - snippets_dir: /etc/nginx/snippets server_use_symlink: false pid_file: /run/nginx.pid rh_os_releasever: $releasever @@ -36,15 +28,11 @@ CentOS: RedHat: lookup: - package: nginx passenger_package: passenger passenger_config_file: /etc/nginx/conf.d/passenger.conf - service: nginx webuser: nginx - conf_file: /etc/nginx/nginx.conf server_available: /etc/nginx/conf.d server_enabled: /etc/nginx/conf.d - snippets_dir: /etc/nginx/snippets server_use_symlink: false pid_file: /run/nginx.pid rh_os_releasever: $releasever @@ -58,13 +46,9 @@ RedHat: Suse: lookup: - package: nginx - service: nginx webuser: nginx - conf_file: /etc/nginx/nginx.conf server_available: /etc/nginx/vhosts.d server_enabled: /etc/nginx/vhosts.d - snippets_dir: /etc/nginx/snippets server_use_symlink: false pid_file: /run/nginx.pid gpg_check: true @@ -74,33 +58,24 @@ Suse: Arch: lookup: - package: nginx - service: nginx webuser: http - conf_file: /etc/nginx/nginx.conf server_available: /etc/nginx/sites-available server_enabled: /etc/nginx/sites-enabled - snippets_dir: /etc/nginx/snippets server_use_symlink: true openssl_package: openssl Gentoo: lookup: package: www-servers/nginx - service: nginx webuser: nginx - conf_file: /etc/nginx/nginx.conf server_available: /etc/nginx/sites-available server_enabled: /etc/nginx/sites-enabled - snippets_dir: /etc/nginx/snippets server_use_symlink: true openssl_package: dev-libs/openssl FreeBSD: lookup: - package: nginx passenger_package: passenger - service: nginx webuser: www conf_file: /usr/local/etc/nginx/nginx.conf server_available: /usr/local/etc/nginx/sites-available