Giter Site home page Giter Site logo

saltstack-formulas / nginx-formula Goto Github PK

View Code? Open in Web Editor NEW
162.0 53.0 421.0 863 KB

Nginx Salt Formula

Home Page: http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html

License: Other

Shell 2.43% SaltStack 44.51% Ruby 23.31% JavaScript 8.02% Jinja 21.73%

nginx-formula's Introduction

nginx-formula

Travis CI Build Status Semantic Release

Formula to set up and configure NGINX.

WARNING: BREAKING CHANGES SINCE v1.0.0

Prior to v1.0.0, this formula provided two methods for managing NGINX; the old method under nginx and the new method under nginx.ng. The old method has now been removed and nginx.ng has been promoted to be nginx in its place.

If you are not in a position to migrate, please pin your repo to the final release tag before v1.0.0, i.e. v0.56.1.

To migrate from nginx.ng, simply modify your pillar to promote the entire section under nginx:ng so that it is under nginx instead. So with the editor of your choice, highlight the entire section and then unindent one level. Finish by removing the ng: line.

To migrate from the old nginx, first convert to nginx.ng under v0.56.1 and then follow the steps laid out in the paragraph directly above.

Table of Contents

General notes

See the full SaltStack Formulas installation and usage instructions.

If you are interested in writing or contributing to formulas, please pay attention to the Writing Formula Section.

If you want to use this formula, please pay attention to the FORMULA file and/or git tag, which contains the currently released version. This formula is versioned according to Semantic Versioning.

See Formula Versioning Section for more details.

Contributing to this repo

Commit message formatting is significant!!

Please see How to contribute for more details.

Available states

nginx

Meta-state for inclusion of all states.

Note: nginx requires the merge parameter of salt.modules.pillar.get(), first available in the Helium release.

nginx.pkg

Installs nginx from package, from the distribution repositories, the official nginx repo or the ppa from Launchpad.

nginx.src

Builds and installs nginx from source.

nginx.certificates

Manages the deployment of nginx certificates.

nginx.config

Manages the nginx main server configuration file.

nginx.service

Manages the startup and running state of the nginx service.

nginx.servers_config

Manages virtual host files. This state only manages the content of the files and does not bind them to service calls.

nginx.servers

Manages nginx virtual hosts files and binds them to service calls.

nginx.passenger

Installs and configures Phusion Passenger module for nginx. You need to enable the upstream phusion passenger repository with install_from_phusionpassenger: true. Nginx will also be installed from that repository, as it needs to be modified to allow the passenger module to work.

Testing

Linux testing is done with kitchen-salt.

Requirements

  • Ruby
  • Docker
$ gem install bundler
$ bundle install
$ bin/kitchen test [platform]

Where [platform] is the platform name defined in kitchen.yml, e.g. debian-9-2019-2-py3.

bin/kitchen converge

Creates the docker instance and runs the nginx main state, ready for testing.

bin/kitchen verify

Runs the inspec tests on the actual instance.

bin/kitchen destroy

Removes the docker instance.

bin/kitchen test

Runs all of the stages above in one go: i.e. destroy + converge + verify + destroy.

bin/kitchen login

Gives you SSH access to the instance for manual testing.

Testing with Vagrant

Windows/FreeBSD/OpenBSD testing is done with kitchen-salt.

Requirements

  • Ruby
  • Virtualbox
  • Vagrant

Setup

$ gem install bundler
$ bundle install --with=vagrant
$ bin/kitchen test [platform]

Where [platform] is the platform name defined in kitchen.vagrant.yml, e.g. windows-81-latest-py3.

Note

When testing using Vagrant you must set the environment variable KITCHEN_LOCAL_YAML to kitchen.vagrant.yml. For example:

$ KITCHEN_LOCAL_YAML=kitchen.vagrant.yml bin/kitchen test      # Alternatively,
$ export KITCHEN_LOCAL_YAML=kitchen.vagrant.yml
$ bin/kitchen test

Then run the following commands as needed.

bin/kitchen converge

Creates the Vagrant instance and runs the nginx main state, ready for testing.

bin/kitchen verify

Runs the inspec tests on the actual instance.

bin/kitchen destroy

Removes the Vagrant instance.

bin/kitchen test

Runs all of the stages above in one go: i.e. destroy + converge + verify + destroy.

bin/kitchen login

Gives you RDP/SSH access to the instance for manual testing.

nginx-formula's People

Contributors

aboe76 avatar ahmadsherif avatar amontalban avatar arthurzenika avatar auser avatar cackovic avatar dafyddj avatar daks avatar dseira avatar evasdk avatar gravyboat avatar imran1008 avatar javierbertoli avatar morsik avatar msciciel avatar myii avatar n-rodriguez avatar nmadhok avatar noelmcloughlin avatar puneetk avatar rfairburn avatar semantic-release-bot avatar stp-ip avatar taishinet avatar techhat avatar teepark avatar terminalmage avatar toanju avatar westurner avatar whiteinge avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

auser costibleotu mike-ainsworth grengojbo mohae metamx carlosrah ekristen gravyboat trexglobal jokipii nikicat worlds-enough-studios namliz percipient tfolio theseubert spsoit audreyfeldroy hvnsweeting the-control-group ahmadsherif libermentix jaanush fayetted snakeatd crucialcloudhosting rokka-n gepoch westurner foundnoname mrkeng icmedia verisys joroy rommelbruehl askholme shift svqtq emencia restlessbandit trecouvr ivankruchkoff rfairburn irwen-rescale bentwire dratone ckng johnswanson corwintanner chenweihua tasarturas meiya-dev iamtew productreview mikebd mriedmann ianwu2014 libertyy harmeet-bb ezeep puneetk upcontent heimdull taishinet kurt108 ugns davearata charneetsingh andrew-vant volantisops anil24g mattcarlson swathiyakkali bahymohammmed gpcsolutions backerman aurynn devaos ninjada dferramosi zajk alkivi-sas timjones pluralsight atulguptabb vinod-bb aravamuthan rbang1 spillmantech onestic roberthoner juicemobile singlehopllc cusuco stromnet thingks imran1008 neocid amitchotaliya

nginx-formula's Issues

On Debian 7.4 it doesn't work properly

As you can see, adding the service fails on Debian 7.4:

root@2boffice:~# salt 'sites-ruby' state.sls nginx
sites-ruby:
----------
          ID: /usr/share/nginx
    Function: file.directory
      Result: True
     Comment: Directory /usr/share/nginx is in the correct state
     Changes:   
----------
          ID: /etc/nginx/conf.d/default.conf
    Function: file.absent
      Result: True
     Comment: File /etc/nginx/conf.d/default.conf is not present
     Changes:   
----------
          ID: /etc/nginx/conf.d/example_ssl.conf
    Function: file.absent
      Result: True
     Comment: File /etc/nginx/conf.d/example_ssl.conf is not present
     Changes:   
----------
          ID: /var/log/nginx/access.log
    Function: file.absent
      Result: True
     Comment: File /var/log/nginx/access.log is not present
     Changes:   
----------
          ID: nginx-logger-access
    Function: file.managed
        Name: /etc/init/nginx-logger-access.conf
      Result: True
     Comment: File /etc/init/nginx-logger-access.conf is in the correct state
     Changes:   
----------
          ID: nginx-logger-access
    Function: service.running
      Result: False
     Comment: The named service nginx-logger-access is not available
     Changes:   
----------
          ID: /var/log/nginx/error.log
    Function: file.absent
      Result: True
     Comment: File /var/log/nginx/error.log is not present
     Changes:   
----------
          ID: nginx-logger-error
    Function: file.managed
        Name: /etc/init/nginx-logger-error.conf
      Result: True
     Comment: File /etc/init/nginx-logger-error.conf is in the correct state
     Changes:   
----------
          ID: nginx-logger-error
    Function: service.running
      Result: False
     Comment: The named service nginx-logger-error is not available
     Changes:   
----------
          ID: /etc/logrotate.d/nginx
    Function: file.absent
      Result: True
     Comment: File /etc/logrotate.d/nginx is not present
     Changes:   
----------
          ID: /etc/nginx
    Function: file.directory
      Result: True
     Comment: Directory /etc/nginx is in the correct state
     Changes:   
----------
          ID: /etc/nginx/nginx.conf
    Function: file.managed
      Result: True
     Comment: File /etc/nginx/nginx.conf is in the correct state
     Changes:   
----------
          ID: /etc/nginx/sites-enabled
    Function: file.directory
      Result: True
     Comment: Directory /etc/nginx/sites-enabled is in the correct state
     Changes:   
----------
          ID: /etc/nginx/sites-available
    Function: file.directory
      Result: True
     Comment: Directory /etc/nginx/sites-available is in the correct state
     Changes:   
----------
          ID: htpasswd
    Function: pkg.installed
        Name: apache2-utils
      Result: True
     Comment: Package apache2-utils is already installed
     Changes:   
----------
          ID: nginx-old-init
    Function: file.rename
        Name: /usr/share/nginx/init.d
      Result: True
     Comment: Source file "/etc/init.d/nginx" has already been moved out of place
     Changes:   
----------
          ID: nginx-old-init
    Function: module.wait
        Name: cmd.run
      Result: True
     Comment: 
     Changes:   
----------
          ID: nginx-old-init
    Function: cmd.wait
        Name: dpkg-divert --divert /usr/share/nginx/init.d --add /etc/init.d/nginx
      Result: True
     Comment: 
     Changes:   
----------
          ID: nginx-old-init-disable
    Function: cmd.wait
        Name: update-rc.d -f nginx remove
      Result: True
     Comment: 
     Changes:   
----------
          ID: nginx
    Function: pkg.installed
      Result: True
     Comment: Package nginx is already installed
     Changes:   
----------
          ID: nginx
    Function: file.managed
        Name: /etc/init/nginx.conf
      Result: True
     Comment: File /etc/init/nginx.conf is in the correct state
     Changes:   
----------
          ID: nginx
    Function: service.running
      Result: False
     Comment: One or more requisite failed
     Changes:   

Summary
-------------
Succeeded: 19
Failed:     3
-------------
Total:     22

nginx.ng -- get() got an unexpected keyword argument 'merge'

Ubuntu 14.04 with a fresh cloud.map deploy running the latest version of salt-minion 2014.1.5


---
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/salt/utils/templates.py", line 263, in render_jinja_tmpl
    output = jinja_env.from_string(tmplstr).render(**unicode_context)
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 969, in render
    return self.environment.handle_exception(exc_info, True)
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 742, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "<template>", line 5, in top-level template code
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 1013, in make_module
    return TemplateModule(self, self.new_context(vars, shared, locals))
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 1070, in __init__
    self._body_stream = list(template.root_render_func(context))
  File "/var/cache/salt/minion/files/base/nginx/ng/map.jinja", line 7, in top-level template code
    {% set nginx = salt['pillar.get']('nginx:ng', {
TypeError: get() got an unexpected keyword argument 'merge'


----------
    Rendering SLS "base:nginx.ng.vhosts" failed: Jinja error: get() got an unexpected keyword argument 'merge'
/var/cache/salt/minion/files/base/nginx/ng/map.jinja(7):

---
[...]
    {% for key, value in dict.items() %}
    - {{ key }}: {{ value|json() }}
    {% endfor %}
{% endmacro %}

{% set nginx = salt['pillar.get']('nginx:ng', {    <======================
    'lookup': salt['grains.filter_by']({
        'Debian': {
            'package': 'nginx',
            'service': 'nginx',
            'webuser': 'www-data',
[...]

---
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/salt/utils/templates.py", line 263, in render_jinja_tmpl
    output = jinja_env.from_string(tmplstr).render(**unicode_context)
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 969, in render
    return self.environment.handle_exception(exc_info, True)
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 742, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "<template>", line 5, in top-level template code
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 1013, in make_module
    return TemplateModule(self, self.new_context(vars, shared, locals))
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 1070, in __init__
    self._body_stream = list(template.root_render_func(context))
  File "/var/cache/salt/minion/files/base/nginx/ng/map.jinja", line 7, in top-level template code
    {% set nginx = salt['pillar.get']('nginx:ng', {
TypeError: get() got an unexpected keyword argument 'merge'

sendfile: on (and other parameters)

When you use the word on it'll end up in the config as True, you'd have to use 'on'
I think it can be fixed by appending quotes to the sls

implement test suite

Hola!

I've noticed plenty of activity on this formula recently. I wanted to mention the test suite I implemented in docker-formula earlier this week. It consists of test-kitchen, kitchen-docker, kitchen-salt, and testinfra (for integration tests). You can get Travis hooked up by putting in a request to salt-users.

Feel free to implement a similar test suite in this repo! I think it could help by reducing the complexity of making changes to this formula.

Cheers!
Brandon Bradley

Specified path /etc/nginx/.htpasswd does not exist

Have nothing about .htpasswd in my pillars

----------
          ID: htpasswd
    Function: pkg.installed
        Name: apache2-utils
      Result: True
     Comment: Package apache2-utils is already installed
     Started: 23:45:11.566766
    Duration: 0.396 ms
     Changes:
----------
          ID: make sure /etc/nginx/.htpasswd exists
    Function: file.exists
        Name: /etc/nginx/.htpasswd
      Result: False
     Comment: Specified path /etc/nginx/.htpasswd does not exist
     Started: 23:45:11.567240
    Duration: 0.342 ms
     Changes:

Autocomplete symlink failure

/etc/init.d/nginx is auto installed during my deploy. This causes the symlink for autocompletion to fail. Adding - force: True fixes this. I've submitted #52 to fix this.

Hangs during nginx package install on Ubuntu 14.04

This formula hangs during:

[INFO    ] Executing command ['apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nginx'] in directory '/home/vagrant'

It happens even with very conservative pillar choices:

nginx:
  install_from_source: False
  use_upstart: False
  with_luajit: False
  with_openresty: False

I let it go for over 1 hour and it looks like nothing's happening. I think it's a nginx-formula issue because:

  • I have this isolated on my system: I am executing just the nginx states from this formula, not highstate.
  • I have this set up as a gitfs remote in my master.conf
  • My internet connection is strong and hiccup-free.

I'm using a local VM instance, provisioned with Vagrant from this box image: http://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-i386-vagrant-disk1.box

I am now going through nginx-formula in detail to troubleshoot this. If anyone has suggestions about things to try or possible causes, your feedback would be welcome and very appreciated.

Files inside conf.d

Would it be possible to manage files inside conf.d through pillars? (as non-vhosts I mean)
I tend to use an 'upstreams.conf' file there (custom per site)

Debian 8 not supported

Debian 8 uses systemd so this error would get fired up:

          ID: nginx
    Function: service.running
      Result: False
     Comment: One or more requisite failed: nginx.upstart.nginx-logger-access, nginx.upstart.nginx-logger-error
     Started: 
    Duration: 
     Changes:

I am not sure if adding Debian 8 support or rewriting the install formula to make it simpler would be the better option.

Creating vhosts should be an importable macro

That way if you are working to make a formula to manage monit or other applications, the vhosts for these applications can be created from that formula. That way something like this could be used:

{% from 'monit/map.sls' import monit with context %}
{% from 'nginx/ng/vhosts_config.sls' import vhost_create with context %}

{% for app in {{ monit.apps.items() }} %}
{{ vhost_create('app') }}
{% endfor %}

This would assume of course that all the necessary config aspects are in the monit.apps map.

wrong sites-enabled inclusion pattern

the nginx.conf that comes in the debian/ubuntu package includes sites-enabled/* and conf.d/*.conf, while the one in this formula requires a .conf extension on sites-enabled, meaning even the package-distributed "default" symlink doesn't get included and it 404s on everything until a site is explicitly created.

if we don't want the default one included that's fine, but let's do it properly and file.absent out sites-enabled/default rather than having it accidentally skipped.

rewrite log value in pillar for nginx.conf is changed from 'off' to 'False'

Here is the part of the pillar data that generates the nginx.conf

    server:
      opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file

      # nginx.conf (main server) declarations
      # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values
      config:
        user: www-data
        worker_processes: 8
        worker_rlimit_nofile: 999999
        pid: /run/nginx.pid
        events:
          worker_connections: 900000
          use: epoll
        http:
          sendfile: 'on'
          tcp_nopush: on
          tcp_nodelay: on
          keepalive_timeout: 30
          types_hash_max_size: 2048
          keepalive_requests: 100000
          include:
            - /etc/nginx/mime.types
            - /etc/nginx/conf.d/*.conf
            - /etc/nginx/sites-enabled/*
          default_type: application/octet-stream
          access_log: /var/log/nginx/access.log
          rewrite_log: off
          error_log: /var/log/nginx/error.log

Here is the log error message:

2015/01/22 00:24:16 [emerg] 17239#0: invalid value "False" in "rewrite_log" directive, it must be "on" or "off" in /etc/nginx/nginx.conf:24

This is the compiled config file:

# Default nginx server configuration
#
# **** DO NOT EDIT THIS FILE ****
#
# This file is managed by Salt.


events {
    use epoll;
    worker_connections 900000;
}
http {
    access_log /var/log/nginx/access.log;
    default_type application/octet-stream;
    error_log /var/log/nginx/error.log;
    gzip off;
    gzip_disable "msie6";

    include /etc/nginx/mime.types;
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
    keepalive_requests 100000;
    keepalive_timeout 30;
    rewrite_log False;
    sendfile on;
    tcp_nodelay True;
    tcp_nopush True;
    types_hash_max_size 2048;
}
pid /run/nginx.pid;
user www-data;
worker_processes 8;
worker_rlimit_nofile 999999;

No matching sls found for nginx.ng.install

I added the formula and tried to install nginx-full with a pillar like:

nginx:
  ng:
    lookup:
      package: nginx-full

I used this line:

salt 'role:web' state.apply nginx.ng.install

but I got:

web:
    Data failed to compile:
----------
    No matching sls found for 'nginx.ng.install' in env 'base'

Why is nrpe included?

nginx/common.sls starts with

include:
  - nrpe

But, nothing else appears to add anything to an nrpe config directory. Further, nagios-formula contains a state called nagios.nrpe, but nothing has just plain nrpe.

[Request] Allow using strings for vhost config blocks

It seems like an unnecessary nuisance to have to convert config sections from the nginx config file format to YAML. It would be great if there was a way to simply use a config block directly. The closest I've come to that is this, but it leaves an extra ; at the end if the block, which nginx can't handle.

nginx:
  ng:
    vhosts:
      managed:
        default:
          config:
            - server:
              - location /:
                - '': |
                    proxy_set_header ...;
                    if (something) {
                        etc...;
                    }
                    charset utf-8

The way I got around the limitation was to add the redundant charset line at the end, but leave off the semicolon.

Service not enabled on AWS Amazon Linux

top.sls:

base:
  '*':
     - nginx
     - nginx.ng
     - nginx.ng.config
     - nginx.ng.service

apply output:

    amazon-ebs: ----------
    amazon-ebs: ID: nginx-logger-access
    amazon-ebs: Function: file.managed
    amazon-ebs: Name: /etc/init/nginx-logger-access.conf
    amazon-ebs: Result: True
    amazon-ebs: Comment: File /etc/init/nginx-logger-access.conf updated
    amazon-ebs: Started: 19:15:47.887061
    amazon-ebs: Duration: 7.55 ms
    amazon-ebs: Changes:
    amazon-ebs: ----------
    amazon-ebs: diff:
    amazon-ebs: New file
    amazon-ebs: mode:
    amazon-ebs: 0440
    amazon-ebs: ----------
    amazon-ebs: ID: nginx-logger-access
    amazon-ebs: Function: service.running
    amazon-ebs: Result: True
    amazon-ebs: Comment: Service nginx-logger-access is already enabled, and is running
    amazon-ebs: Started: 19:15:47.895953
    amazon-ebs: Duration: 20.867 ms
    amazon-ebs: Changes:
    amazon-ebs: ----------
    amazon-ebs: nginx-logger-access:
    amazon-ebs: True
    amazon-ebs: ----------
    amazon-ebs: ID: nginx
    amazon-ebs: Function: file.managed
    amazon-ebs: Name: /etc/init/nginx.conf
    amazon-ebs: Result: True
    amazon-ebs: Comment: File /etc/init/nginx.conf updated
    amazon-ebs: Started: 19:15:51.343657
    amazon-ebs: Duration: 5.486 ms
    amazon-ebs: Changes:
    amazon-ebs: ----------
    amazon-ebs: diff:
    amazon-ebs: New file
    amazon-ebs: mode:
    amazon-ebs: 0440

It says nginx is enabled: amazon-ebs: Comment: File /etc/init/nginx.conf updated
But on startup, nginx is not.

[ec2-user@ip-10-0-3-154 ~]$ sudo initctl list | grep nginx
nginx-logger-error stop/waiting
nginx stop/waiting
nginx-logger-access stop/waiting

Changed the upstart conf to start on (runlevel [345] and started network) and restarted, nginx now works at startup:

[ec2-user@ip-10-0-3-154 ~]$ sudo initctl list | grep nginx
nginx-logger-error start/running, process 1882
nginx start/running, process 1944
nginx-logger-access start/running, process 1886

Errors from vanilla install

I'm currently getting the following error, after commenting out nginx.ng, no other changes:

ID: get-nginx-headers-
Function: file.managed
Name: /usr/local/src/nginx-modules/headers-more.tar.gz
Result: False
Comment: File sum set for file /usr/local/src/nginx-modules/headers-more.tar.gz of dbf914cbf3f7b6cb7e033fa7b7c49e2f8879113b does not match real sum of 9146cb314cd3510d5fb7ac08e2027d1f24c924a0
Changes:
diff:
New file

How, I can using condition in nginx-ng

I have:

location = /robots.txt {
set $subdomain_robots "robots.txt";
if ($host ~* ^((?!(www|test))[^.]+).(.*)) {
set $subdomain_robots robots_$1.txt;
}

How?

Parameters sorted incorrectly inside nginx.conf

Currently I'm suffering an issue due to contents being sorted with includes first:

http {
    access_log /var/log/nginx/access.log;
    client_max_body_size 10m;
    default_type application/octet-stream;
    error_log /var/log/nginx/error.log;
    gzip off;
    gzip_disable "msie6";

    include /etc/nginx/mime.types;
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
    keepalive_timeout 65;
    proxy_cache_path /var/run/nginx-cache keys_zone=temp:100m;
    proxy_temp_path /var/run/nginx-tmp;
    sendfile on;
    server_names_hash_bucket_size 128;
    tcp_nodelay on;
    tcp_nopush on;
    types_hash_max_size 2048;
    underscores_in_headers on;
}

Given that I'm trying to use cache, this makes my configuration fail (vhost is loaded before cache is defined)

Create better namespacing for pillar items

For better clarity, I think the pillar items for this formula need a few namespacing enhancements:

  • anything thing that finds its way into /etc/nginx/nginx.conf would go under nginx:conf instead of just nginx. Items directly below nginx would be reserved for special values that affect the behavior of the formula, e.g. use_upstart. For example, this:
nginx:
  install_from_source: False
  use_upstart: False
  user: www-data
  events:
    worker_connections: 5000

would become:

nginx:
  install_from_source: False
  use_upstart: False
  config:
    user: www-data
    events:
      worker_connections: 5000
  • Items in the events block of nginx.conf are namespaced separately from global nginx configuration items, but items in the http block are not. For example, this:
nginx:
  keepalive_timeout: 15

should be (not taking into account the config namespace from the first example):

nginx:
  http:  
    keepalive_timeout: 15

Many of the saltstack-formulas could use more standard namespacing, but it's especially useful in this formula as the number of supported pillar items grow (also because I happen to be working on this one :))

I would have submitted this as a pull request, but wanted to get opinions before presuming to change the structure. Thoughts, anyone?

TemplateNotFound when trying to install the nginx formula

In a CentOS 7 vagrant box, I have nginx-formula in the 'gitfs_remotes' and git in 'fileserver_backend'. But when I try to run the nginx state, I get the following error:

$ sudo salt-call state.sls nginx
[INFO    ] pygit2 gitfs_provider enabled
[INFO    ] Wrote new gitfs_remote map to /var/cache/salt/minion/gitfs/remote_map.txt
[INFO    ] Loading fresh modules for state activity
[INFO    ] Fetching file from saltenv 'base', ** done ** u'nginx/init.sls'
[INFO    ] Fetching file from saltenv 'base', ** done ** 'nginx/map.jinja'
[CRITICAL] Rendering SLS 'base:nginx' failed: Jinja error: nginx/map.jinja
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/salt/utils/templates.py", line 286, in render_jinja_tmpl
    output = template.render(**unicode_context)
  File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 969, in render
    return self.environment.handle_exception(exc_info, True)
  File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 742, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "<template>", line 1, in top-level template code
  File "/usr/lib/python2.7/site-packages/salt/utils/jinja.py", line 132, in get_source
    raise TemplateNotFound(template)
TemplateNotFound: nginx/map.jinja

; line 1

---
{% from "nginx/map.jinja" import nginx as nginx_map with context %}    <======================

include:
  - nginx.common
{% if salt['pillar.get']('nginx:use_upstart', nginx_map['use_upstart']) %}
  - nginx.upstart
[...]

---

Nginx package installed but service is dead

I am trying to install Nginx on one of my salt-minion using salt-master when I used the command below everything seems to be installed fine but Nginx service looks dead.
sudo salt 'envdev' state.apply

This command returns:

----------
          ID: nginx
    Function: service.running
      Result: False
     Comment: Service nginx is already enabled, and is dead
     Started: 07:31:00.671874
    Duration: 80.319 ms
     Changes:

Summary for envdev
-------------
Succeeded: 38 (changed=1)
Failed:     1
-------------
Total states run:     39
Total run time:    1.471 s
[DEBUG   ] jid 20160922073057008717 found all minions set(['envdev'])
ERROR: Minions returned with non-zero exit code

When I checked nginx version on my minion.

vagrant@envdev:~$ nginx -v
nginx version: nginx/1.10.1

When I tried to restart nginx service, it shows unrecognized service:

vagrant@envdev:~$ sudo service nginx restart
nginx: unrecognized service

Also, the Nginx configuration file is not present at location /etc/nginx/sites-enabled/default

Below is /srv/pillar/nginx.sls file:

nginx:
  install_from_source: True
  use_upstart: True
  use_sysvinit: False
  user_auth_enabled: True
  with_luajit: False
  with_openresty: True
  #repo_version: stable  # Must be using ppa install by setting `repo_source = ppa`
  set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled
    from_ips:
      - 10.10.10.0/24
    real_ip_header: X-Forwarded-For
  modules:
    headers-more:
      source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21
      source_hash: sha1=9146cb314cd3510d5fb7ac08e2027d1f24c924a0
  ng:
    # PPA install
    install_from_ppa: False
    # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx )
    ppa_version: 'stable'

    # Source install
    source_version: '1.10.1'
    source_hash: ''

    # These are usually set by grains in map.jinja
    lookup:
      package: nginx-custom
      service: nginx
      webuser: www-data
      conf_file: /etc/nginx/nginx.conf
      vhost_available: /etc/nginx/sites-available
      vhost_enabled: /etc/nginx/sites-enabled
      vhost_use_symlink: True
      # This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever
      rh_os_releasever: '6'
      # Currently it can be used on rhel/centos/suse when installing from repo
      gpg_check: True

    # Source compilation is not currently a part of nginx.ng
    from_source: False

    source:
      opts: {}

    package:
      opts: {} # this partially exposes parameters of pkg.installed

    service:
      enable: True # Whether or not the service will be enabled/running or dead
      opts: {} # this partially exposes parameters of service.running / service.dead

    server:
      opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file

      # nginx.conf (main server) declarations
      # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values
      config: 
        worker_processes: 4
        pid: /run/nginx.pid
        events:
          worker_connections: 768
        http:
          sendfile: 'on'
          include:
            - /etc/nginx/mime.types
            - /etc/nginx/conf.d/*.conf
            - /etc/nginx/sites-enabled/*

    vhosts:
      disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling
      symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites
      rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites
      managed_opts: {} # partially exposes file.managed params for managed vhost files
      dir_opts: {} # partially exposes file.directory params for site available/enabled dirs

      # vhost declarations
      # vhosts will default to being placed in vhost_available
      managed:
        mysite: # relative pathname of the vhost file
          # may be True, False, or None where True is enabled, False, disabled, and None indicates no action
          available_dir: /tmp/sites-available # an alternate directory (not sites-available) where this vhost may be found
          enabled_dir: /tmp/sites-enabled # an alternate directory (not sites-enabled) where this vhost may be found
          disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking
          enabled: True
          overwrite: True # overwrite an existing vhost file or not

          # May be a list of config options or None, if None, no vhost file will be managed/templated
          # Take server directives as lists of dictionaries. If the dictionary value is another list of
          # dictionaries a block {} will be started with the dictionary key name
          config:
            - server:
              - server_name: localhost
              - listen: 
                - 80
                - default_server
              - index:
                - index.html
                - index.htm
              - location ~ .htm:
                - try_files:
                  - $uri
                  - $uri/ =404
                - test: something else

          # The above outputs:
          # server {
          #    server_name localhost;
          #    listen 80 default_server;
          #    index index.html index.htm;
          #    location ~ .htm {
          #        try_files $uri $uri/ =404;
          #        test something else;
          #    }
          # }         

    # If you're doing SSL termination, you can deploy certificates this way.
    # The private one(s) should go in a separate pillar file not in version
    # control (or use encrypted pillar data).
    certificates:
      'www.example.com':
        public_cert: |
          -----BEGIN CERTIFICATE-----
          (Your Primary SSL certificate: www.example.com.crt)
          -----END CERTIFICATE-----
          -----BEGIN CERTIFICATE-----
          (Your Intermediate certificate: ExampleCA.crt)
          -----END CERTIFICATE-----
          -----BEGIN CERTIFICATE-----
          (Your Root certificate: TrustedRoot.crt)
          -----END CERTIFICATE-----
        private_key: |
          -----BEGIN RSA PRIVATE KEY-----
          (Your Private Key: www.example.com.key)
          -----END RSA PRIVATE KEY-----

Can anyone help me with this. I am running ubuntu/trusty64 box on virtualbox using vagrant with salt-master and salt-minion on two seperate VM.

Sorting keys breaks nginx.conf

Using a pillar like:

nginx:
  ng:
    server:
      config:
        http:
          log_format: "main '$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\"'" \"$http_user_agent\" \"$http_x_forwarded_for\""
          access_log: logs/access.log main

with the state nginx.ng.config produces an invalid nginx.conf since the access_log directive is put higher in the config and the log_format isn't defined yet.
Nginx HTTP Log Module Reference

"location" has no opening "{"

Given the configuration at the bottom, the default configuration seems to omit the opening brace in the location param.

server {
    server_name localhost;
    listen 80 default_server;
    root /var/apps/test/current;
    location /.well-known allow all
}

I've tried combining them into one config, but no matter what it fails to write location in the correct format.

nginx:
    ng:
        servers:
            managed:
                default:
                    enabled: True
                    config:
                        - server:
                            - server_name: localhost
                            - listen:
                                - 80
                                - default_server
                            - root: /var/apps/test/current
                            - location /.well-known:
                                - allow all
                watsonhere:
                    enabled: True
                    config:
                        - server:
                            - server_name: localhost
                            - ssl_certificate: /etc/letsencrypt/live/api.test.com/fullchain.pem
                            - ssl_certificate_key: /etc/letsencrypt/live/api.test.com/privkey.pem
                            - listen:
                                - 443
                                - ssl
                            - root: /var/apps/test/current
                            - location /:
                                - proxy_pass: http://localhost:3010
                                - proxy_http_version: 1.1
                                - proxy_set_header: Upgrade $http_upgrade
                                - proxy_set_header: Connection 'upgrade'
                                - proxy_set_header: Host $host
                                - proxy_cache_bypass: $http_upgrade

file.rename failure when using upstart after initial highstate

The upstart state works the first time that it is run, but subsequent runs fail because the file.rename for nginx-old-init can't overwrite the existing target. I've submitted #59 that addresses this issue, but I'm not sure that this is the best way to handle the problem.

Nginx logger error

I keep getting install errors complaining about nginx-logger-(access|error) missing

Minion logs:

2017-01-20 01:08:28,888 [salt.state       ][ERROR   ][6994] The named service nginx-logger-access is not available
2017-01-20 01:08:29,046 [salt.state       ][ERROR   ][6994] The named service nginx-logger-error is not available

I'm not sure what these services are and if they are even necessary. Is there any known fix for this error?

Minion version: Linux version 4.4.0-59-generic (buildd@lgw01-11) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) ) #80-Ubuntu SMP Fri Jan 6 17:47:47 UTC 2017

nginx.ng with cli pillar data not generating config correctly

Hello, my use case is very specific to what I am building and must pass the pillar data in this manner. Other formula's and states work just fine, but this is the results I get from this formula when passing pillar data via the CLI

COMMAND:

salt 'homestead' state.sls nginx.ng pillar="{'nginx': {'ng': {'install_from_ppa': True, 'ppa_version': 'stable', 'service': {'enable': True}, 'from_source': False, 'servers': {'managed': {'default': {'config': None, 'enabled': False}, 'nxpanel.app': {'config': {'server': {'location /': {'try_files': ['$uri', '$uri/', '/index.php?$query_string']}, 'index': ['index.html', 'index.php', 'index.htm'], 'root': ['/usr/local/nxpanel/public'], 'server_name': 'nxpanel.app', 'listen': [80, 'default_server']}}, 'enabled': True, 'overwrite': True}}}, 'server': {'config': {'http': {'sendfile': 'on', 'types_hash_max_size': '2048', 'tcp_nodelay': 'on', 'gzip_disable': 'msie6', 'default_type': 'application/octet-stream', 'keepalive_timeout': '65', 'access_log': '/var/log/nginx/access.log', 'gzip': 'on', 'include': ['/etc/nginx/mime.types', '/etc/nginx/conf.d/*.conf', '/etc/nginx/sites-enabled/*']}, 'pid': '/run/nginx.pid', 'error_log': '/var/log/nginx/error.log', 'worker_processes': '20', 'user': 'www-data', 'events': {'worker_connections': '1024', 'multi_accept': 'on'}}}}}}" --out=json

RESULTS:

{
    "homestead": {
        "service_|-nginx_service_reload_|-nginx_|-running": {
            "comment": "The service nginx is already running", 
            "name": "nginx", 
            "start_time": "03:17:46.513832", 
            "result": true, 
            "duration": 17.034, 
            "__run_num__": 10, 
            "changes": {}, 
            "__id__": "nginx_service_reload"
        }, 
        "pkgrepo_|-nginx_ppa_repo_|-nginx_ppa_repo_|-managed": {
            "comment": "Configured package repo 'nginx_ppa_repo'", 
            "name": "nginx_ppa_repo", 
            "start_time": "03:17:45.424066", 
            "result": true, 
            "duration": 193.137, 
            "__run_num__": 0, 
            "changes": {}, 
            "__id__": "nginx_ppa_repo"
        }, 
        "file_|-server_state_1_|-/etc/nginx/sites-enabled/nxpanel.app_|-symlink": {
            "comment": "Symlink /etc/nginx/sites-enabled/nxpanel.app is present and owned by root:root", 
            "pchanges": {}, 
            "name": "/etc/nginx/sites-enabled/nxpanel.app", 
            "start_time": "03:17:46.511725", 
            "result": true, 
            "duration": 1.204, 
            "__run_num__": 9, 
            "changes": {}, 
            "__id__": "server_state_1"
        }, 
        "file_|-nginx_server_available_dir_|-/etc/nginx/sites-available_|-directory": {
            "comment": "Directory /etc/nginx/sites-available is in the correct state", 
            "pchanges": {}, 
            "name": "/etc/nginx/sites-available", 
            "start_time": "03:17:46.416386", 
            "result": true, 
            "duration": 0.457, 
            "__run_num__": 5, 
            "changes": {}, 
            "__id__": "nginx_server_available_dir"
        }, 
        "file_|-server_conf_1_|-/etc/nginx/sites-available/nxpanel.app_|-managed": {
            "comment": "File /etc/nginx/sites-available/nxpanel.app updated", 
            "pchanges": {}, 
            "name": "/etc/nginx/sites-available/nxpanel.app", 
            "start_time": "03:17:46.464360", 
            "result": true, 
            "duration": 46.971, 
            "__run_num__": 8, 
            "changes": {
                "diff": "New file", 
                "mode": "0644"
            }, 
            "__id__": "server_conf_1"
        }, 
        "file_|-server_conf_0_|-/etc/nginx/sites-available/default_|-managed": {
            "comment": "File /etc/nginx/sites-available/default is in the correct state", 
            "pchanges": {}, 
            "name": "/etc/nginx/sites-available/default", 
            "start_time": "03:17:46.416953", 
            "result": true, 
            "duration": 46.526, 
            "__run_num__": 6, 
            "changes": {}, 
            "__id__": "server_conf_0"
        }, 
        "service_|-listener_nginx_service_reload_|-nginx_|-mod_watch": {
            "comment": "Failed to reload the service", 
            "name": "nginx", 
            "start_time": "03:17:46.531187", 
            "result": false, 
            "duration": 47.918, 
            "__run_num__": 11, 
            "changes": {
                "nginx": false
            }, 
            "__id__": "listener_nginx_service_reload"
        }, 
        "service_|-nginx_service_|-nginx_|-running": {
            "comment": "Service nginx is already enabled, and is running", 
            "name": "nginx", 
            "start_time": "03:17:46.297097", 
            "__id__": "nginx_service", 
            "duration": 118.333, 
            "__run_num__": 3, 
            "changes": {
                "nginx": true
            }, 
            "result": true
        }, 
        "file_|-nginx_config_|-/etc/nginx/nginx.conf_|-managed": {
            "comment": "File /etc/nginx/nginx.conf is in the correct state", 
            "pchanges": {}, 
            "name": "/etc/nginx/nginx.conf", 
            "start_time": "03:17:46.243905", 
            "result": true, 
            "duration": 52.45, 
            "__run_num__": 2, 
            "changes": {}, 
            "__id__": "nginx_config"
        }, 
        "pkg_|-nginx_install_|-nginx_|-installed": {
            "comment": "Package nginx is already installed", 
            "name": "nginx", 
            "start_time": "03:17:45.617467", 
            "result": true, 
            "duration": 626.16, 
            "__run_num__": 1, 
            "changes": {}, 
            "__id__": "nginx_install"
        }, 
        "file_|-server_state_0_|-/etc/nginx/sites-enabled/default_|-absent": {
            "comment": "File /etc/nginx/sites-enabled/default is not present", 
            "pchanges": {}, 
            "name": "/etc/nginx/sites-enabled/default", 
            "start_time": "03:17:46.463891", 
            "result": true, 
            "duration": 0.375, 
            "__run_num__": 7, 
            "changes": {}, 
            "__id__": "server_state_0"
        }, 
        "file_|-nginx_server_enabled_dir_|-/etc/nginx/sites-enabled_|-directory": {
            "comment": "Directory /etc/nginx/sites-enabled is in the correct state", 
            "pchanges": {}, 
            "name": "/etc/nginx/sites-enabled", 
            "start_time": "03:17:46.415614", 
            "result": true, 
            "duration": 0.675, 
            "__run_num__": 4, 
            "changes": {}, 
            "__id__": "nginx_server_enabled_dir"
        }
    }
}

nxpanel.app CONFIG

# Nginx server configuration
#
# **** DO NOT EDIT THIS FILE ****
#
# This file is managed by Salt.

 server;

and a nicer formatted example of the above dictionary that was passed

{
    'nginx': {
        'ng': {
            'install_from_ppa': True,
            'ppa_version': 'stable',
            'service': {
                'enable': True
            },
            'from_source': False,
            'servers': {
                'managed': {
                    'default': {
                        'config': None,
                        'enabled': False
                    },
                    'nxpanel.app': {
                        'config': {
                            'server': {
                                'location /': {
                                    'try_files': ['$uri', '$uri/', '/index.php?$query_string']
                                },
                                'index': ['index.html', 'index.php', 'index.htm'],
                                'root': ['/usr/local/nxpanel/public'],
                                'server_name': 'nxpanel.app',
                                'listen': [80, 'default_server']
                            }
                        },
                        'enabled': True,
                        'overwrite': True
                    }
                }
            },
            'server': {
                'config': {
                    'http': {
                        'sendfile': 'on',
                        'types_hash_max_size': '2048',
                        'tcp_nodelay': 'on',
                        'gzip_disable': 'msie6',
                        'default_type': 'application/octet-stream',
                        'keepalive_timeout': '65',
                        'access_log': '/var/log/nginx/access.log',
                        'gzip': 'on',
                        'include': ['/etc/nginx/mime.types', '/etc/nginx/conf.d/*.conf', '/etc/nginx/sites-enabled/*']
                    },
                    'pid': '/run/nginx.pid',
                    'error_log': '/var/log/nginx/error.log',
                    'worker_processes': '20',
                    'user': 'www-data',
                    'events': {
                        'worker_connections': '1024',
                        'multi_accept': 'on'
                    }
                }
            }
        }
    }
}

TypeError when trying to run

Mostly default values, was just testing how would the output files be. master and minion both ubuntu 14.04

Not sure where to look on this given error

    Data failed to compile:
----------
    Rendering SLS "base:nginx.ng.config" failed: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/salt/utils/templates.py", line 77, in render_tmpl
    output = render_str(tmplstr, context, tmplpath)
  File "/usr/lib/python2.7/dist-packages/salt/utils/templates.py", line 169, in render_jinja_tmpl
    output = jinja_env.from_string(tmplstr).render(**unicode_context)
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 969, in render
    return self.environment.handle_exception(exc_info, True)
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 742, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "<template>", line 5, in top-level template code
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 1013, in make_module
    return TemplateModule(self, self.new_context(vars, shared, locals))
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 1070, in __init__
    self._body_stream = list(template.root_render_func(context))
  File "/var/cache/salt/minion/files/base/nginx/ng/map.jinja", line 7, in top-level template code
    {% set nginx = salt['pillar.get']('nginx:ng', {
TypeError: filter_by() got an unexpected keyword argument 'default'

----------
    Rendering SLS "base:nginx.ng.service" failed: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/salt/utils/templates.py", line 77, in render_tmpl
    output = render_str(tmplstr, context, tmplpath)
  File "/usr/lib/python2.7/dist-packages/salt/utils/templates.py", line 169, in render_jinja_tmpl
    output = jinja_env.from_string(tmplstr).render(**unicode_context)
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 969, in render
    return self.environment.handle_exception(exc_info, True)
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 742, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "<template>", line 5, in top-level template code
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 1013, in make_module
    return TemplateModule(self, self.new_context(vars, shared, locals))
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 1070, in __init__
    self._body_stream = list(template.root_render_func(context))
  File "/var/cache/salt/minion/files/base/nginx/ng/map.jinja", line 7, in top-level template code
    {% set nginx = salt['pillar.get']('nginx:ng', {
TypeError: filter_by() got an unexpected keyword argument 'default'

----------
    Rendering SLS "base:nginx.ng.vhosts" failed: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/salt/utils/templates.py", line 77, in render_tmpl
    output = render_str(tmplstr, context, tmplpath)
  File "/usr/lib/python2.7/dist-packages/salt/utils/templates.py", line 169, in render_jinja_tmpl
    output = jinja_env.from_string(tmplstr).render(**unicode_context)
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 969, in render
    return self.environment.handle_exception(exc_info, True)
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 742, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "<template>", line 5, in top-level template code
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 1013, in make_module
    return TemplateModule(self, self.new_context(vars, shared, locals))
  File "/usr/lib/python2.7/dist-packages/jinja2/environment.py", line 1070, in __init__
    self._body_stream = list(template.root_render_func(context))
  File "/var/cache/salt/minion/files/base/nginx/ng/map.jinja", line 7, in top-level template code
    {% set nginx = salt['pillar.get']('nginx:ng', {
TypeError: filter_by() got an unexpected keyword argument 'default'

Overriding values in nginx.ng is pretty tricky.

The biggest problem that I have with this formula is in overriding values. Different minions have different server_name directives, for example. Given the list structure for most directives, I can't rely on dictionary merging to allow me to supply additional bits of config in other files.

I am wondering what approach the authors of this formula have arrived at to minimize repetition while still allowing different minions to be targeted with different values at the vhost level. I'd be happy to compile the output of this discussion into additional examples in the pillar.example file.

Managed SSL Certificates owned by root

The nginx.ng.certificates state forces all managed certificates to be owned by root. This causes issues when the nginx server is being run by users other than root as the SSL key has permissions 600.

Ideally the certificates should be owned by user and group of the default nginx user (ie www-data), taken from the map file, nginx:ng:webuser.

Logger init files go missing after reboot

Hi,

After calling state.highstate, everything works fine, I can see logger processes and init.d files. But after a reboot, logger init.d scripts are gone and nginx won't start because of fifo file.

Here's my configuration:

salt/top.sls:

base:
  '*':
    - nginx

pillar/top.sls:

base:
  '*':
    - setup

pillar/setup.sls:

nginx:
  install_from_source: True
  ngx_devel_kit: False
  use_sysvinit: True
  service_enable: True

salt --versions-report:

Salt Version:
           Salt: 2015.8.0

Dependency Versions:
         Jinja2: 2.7.2
       M2Crypto: 0.21.1
           Mako: Not Installed
         PyYAML: 3.10
          PyZMQ: 14.0.1
         Python: 2.7.6 (default, Jun 22 2015, 17:58:13)
           RAET: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.0.4
           cffi: Not Installed
       cherrypy: Not Installed
       dateutil: Not Installed
          gitdb: 0.5.4
      gitpython: Not Installed
          ioflo: Not Installed
        libnacl: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.3.0
   mysql-python: Not Installed
      pycparser: Not Installed
       pycrypto: 2.6.1
         pygit2: Not Installed
   python-gnupg: Not Installed
          smmap: 0.8.2
        timelib: Not Installed

System Versions:
           dist: Ubuntu 14.04 trusty
        machine: x86_64
        release: 3.13.0-57-generic
         system: Ubuntu 14.04 trusty

Default site conflicts with configured site

Hi

I've configured my own site declaration as per below. When I run the formula the first time then nginx won't start because of a conflict in default_server. This is because the 'default' site is created. When I run the formula the second time then the 'default' site is removed and everything works perfectly. Is this a bug? Should I just use 'default' as the site file name?

    servers:

      # vhost declarations
      # vhosts will default to being placed in vhost_available
      managed:
        site1: # relative pathname of the vhost file
          # may be True, False, or None where True is enabled, False, disabled, and None indicates no action
          enabled: True
          config:
            - server:
              - root:
                - `/var/www/site1`

              - listen: 
                - 80
                - default_server

user on EL7

default user on Centos 7 (and probably on any other Enterprise Linux 7) for nginx is nginx not httpd. I think this formula should reflect this.

Ubuntu 15.04 install problem

ID: nginx
Function: service.running
Result: False
Comment: One or more requisite failed
Started:
Duration:
Changes:

ID: nginx-logger-error
Function: service.running
Result: False
Comment: Service nginx-logger-error is already enabled, and is dead
Started: 06:28:15.038805
Duration: 97.832 ms
Changes:

ID: nginx-logger-access
Function: service.running
Result: False
Comment: Service nginx-logger-access is already enabled, and is dead
Started: 06:28:14.488591
Duration: 383.95 ms
Changes:

Ubuntu 15.04 has used systemd instead of upstart.

daemon: no breaks jessie + systemd

Hi,

On debian jessie with systemd, service reloading fails with :

nginx: [emerg] "daemon" directive is duplicate in /etc/nginx/nginx.conf

Looks like daemon: no directive in /etc/nginx/nginx.conf is useful for upstart or sysvinit files that do not call properly nginx.

Systemd unit file already setup daemon directive and nginx does not allow duplicate of this directive.

Here is a workaround i use :

{% if grains['oscodename'] == 'jessie' -%}
patch_nginx_conf:
  file.comment:
    - name: /etc/nginx/nginx.conf
    - regex: daemon
    - char: '# '

extend:
  nginx:
    pkg:
      - require:
        - file: patch_nginx_conf
{%- endif %}

See also : jdauphant/ansible-role-nginx#38

nginx configuration dependencies unresolvable with alphabetically sorted processing of pillars

If you want to set some sort of an option in nginx that depends on another option being set before, it breaks if the options don't follow each other alphabetically.

For example, access_log has an option to define a custom format. But the custom log format gets ordered below the access_log entry due to sorting happening in either the map.jinja or in the sls_block/nginx macro. This way, access_log can never find it's custom settings because it's always defined below it (since access_log starts with an A).

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.