fixing up specs/config parameters
This commit is contained in:
James Fryman
parent
12ece07bb4
commit
0d939d3e13
5 changed files with 136 additions and 122 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
|
@ -5,3 +5,5 @@ pkg/
|
|||
Gemfile.lock
|
||||
spec/fixtures/modules
|
||||
spec/fixtures/manifests
|
||||
vendor
|
||||
.ruby-version
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
# Usage of Hiera
|
||||
|
||||
<<<<<<< HEAD
|
||||
Passing through parameters from the main Class[nginx] and then having them chain down to Class[nginx::config] creates a ton of unnecessary spaghetti code that makes the module more complex to understand and difficult to extend.
|
||||
|
||||
Going forward, it is recommended to declare your changes in Hiera based on the system(s) role and location in your environment. In Puppet < 3.x, this is accomplished with Hiera bindings.
|
||||
|
|
|
|||
|
|
@ -15,25 +15,25 @@
|
|||
# This class file is not called directly
|
||||
class nginx::config(
|
||||
### START Module/App Configuration ###
|
||||
$client_body_temp_path = $nginx::params::client_body_temp_path,
|
||||
$client_body_temp_path = $::nginx::params::client_body_temp_path,
|
||||
$confd_purge = false,
|
||||
$conf_dir = $nginx::params::conf_dir,
|
||||
$daemon_user = $nginx::params::daemon_user,
|
||||
$global_owner = $nginx::params::global_owner,
|
||||
$global_group = $nginx::params::global_group,
|
||||
$global_mode = $nginx::params::global_mode,
|
||||
$log_dir = $nginx::params::log_dir,
|
||||
$http_access_log = $nginx::params::http_access_log,
|
||||
$nginx_error_log = $nginx::params::nginx_error_log,
|
||||
$pid = $nginx::params::pid,
|
||||
$proxy_temp_path = $nginx::params::proxy_temp_path,
|
||||
$root_group = $nginx::params::root_group,
|
||||
$run_dir = $nginx::params::run_dir,
|
||||
$sites_available_owner = $nginx::params::sites_available_owner,
|
||||
$sites_available_group = $nginx::params::sites_available_group,
|
||||
$sites_available_mode = $nginx::params::sites_available_mode,
|
||||
$super_user = $nginx::params::super_user,
|
||||
$temp_dir = $nginx::params::temp_dir,
|
||||
$conf_dir = $::nginx::params::conf_dir,
|
||||
$daemon_user = $::nginx::params::daemon_user,
|
||||
$global_owner = $::nginx::params::global_owner,
|
||||
$global_group = $::nginx::params::global_group,
|
||||
$global_mode = $::nginx::params::global_mode,
|
||||
$log_dir = $::nginx::params::log_dir,
|
||||
$http_access_log = $::nginx::params::http_access_log,
|
||||
$nginx_error_log = $::nginx::params::nginx_error_log,
|
||||
$pid = $::nginx::params::pid,
|
||||
$proxy_temp_path = $::nginx::params::proxy_temp_path,
|
||||
$root_group = $::nginx::params::root_group,
|
||||
$run_dir = $::nginx::params::run_dir,
|
||||
$sites_available_owner = $::nginx::params::sites_available_owner,
|
||||
$sites_available_group = $::nginx::params::sites_available_group,
|
||||
$sites_available_mode = $::nginx::params::sites_available_mode,
|
||||
$super_user = $::nginx::params::super_user,
|
||||
$temp_dir = $::nginx::params::temp_dir,
|
||||
$vhost_purge = false,
|
||||
|
||||
# Primary Templates
|
||||
|
|
@ -89,7 +89,7 @@ class nginx::config(
|
|||
$worker_processes = 1,
|
||||
$worker_rlimit_nofile = 1024,
|
||||
### END Nginx Configuration ###
|
||||
) inherits nginx::params {
|
||||
) inherits ::nginx::params {
|
||||
|
||||
### Validations ###
|
||||
if (!is_string($worker_processes)) and (!is_integer($worker_processes)) {
|
||||
|
|
|
|||
|
|
@ -1,56 +1,69 @@
|
|||
class nginx::params {
|
||||
### Operating System Configuration
|
||||
## This is my hacky... no hiera system. Oh well. :)
|
||||
$_module_defaults = {
|
||||
'conf_dir' => '/etc/nginx',
|
||||
'daemon_user' => 'nginx',
|
||||
'pid' => '/var/run/nginx.pid',
|
||||
'root_group' => 'root',
|
||||
}
|
||||
case $::osfamily {
|
||||
'Archlinux': {
|
||||
$_pid = false
|
||||
$_daemon_user = 'http'
|
||||
'ArchLinux': {
|
||||
$_module_os_overrides = {
|
||||
'pid' => false,
|
||||
'daemon_user' => 'http',
|
||||
}
|
||||
}
|
||||
'Debian': {
|
||||
$_daemon_user = 'www-data'
|
||||
$_module_os_overrides = {
|
||||
'daemon_user' => 'www-data',
|
||||
}
|
||||
}
|
||||
'FreeBSD': {
|
||||
$_conf_dir = '/usr/local/etc/nginx'
|
||||
$_daemon_user = 'www'
|
||||
$_root_group = 'wheel'
|
||||
$_module_os_overrides = {
|
||||
'conf_dir' => '/usr/local/etc/nginx',
|
||||
'daemon_user' => 'www',
|
||||
'root_group' => 'wheel',
|
||||
}
|
||||
}
|
||||
'Solaris': {
|
||||
$_daemon_user = 'webservd'
|
||||
$_module_os_overrides = {
|
||||
'daemon_user' => 'webservd',
|
||||
}
|
||||
}
|
||||
default: {
|
||||
## For cases not covered in $::osfamily
|
||||
case $::operatingsystem {
|
||||
'SmartOS': {
|
||||
$_conf_dir = '/opt/local/etc/nginx'
|
||||
$_daemon_user = 'www'
|
||||
}
|
||||
## True module defaults
|
||||
default: {
|
||||
$_conf_dir = '/etc/nginx'
|
||||
$_daemon_user = 'nginx'
|
||||
$_pid = '/var/run/nginx.pid'
|
||||
$_root_group = 'root'
|
||||
$_module_os_overrides = {
|
||||
'conf_dir' => '/usr/local/etc/nginx',
|
||||
'daemon_user' => 'www',
|
||||
}
|
||||
}
|
||||
default: { $_module_os_overrides = {} }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$_module_parameters = merge($_module_defaults, $_module_os_overrides)
|
||||
### END Operating System Configuration
|
||||
|
||||
### Referenced Variables
|
||||
$conf_dir = $_conf_dir
|
||||
$conf_dir = $_module_parameters['conf_dir']
|
||||
$log_dir = '/var/log/nginx'
|
||||
$run_dir = '/var/nginx'
|
||||
$temp_dir = '/tmp'
|
||||
$pid = $_pid
|
||||
$pid = $_module_parameters['pid']
|
||||
|
||||
$client_body_temp_path = "${run_dir}/client_body_temp"
|
||||
$daemon_user = $_daemon_user
|
||||
$daemon_user = $_module_parameters['daemon_user']
|
||||
$global_owner = 'root'
|
||||
$global_group = 'root'
|
||||
$global_mode = '0644'
|
||||
$http_access_log = "${log_dir}/access.log"
|
||||
$nginx_error_log = "${log_dir}/error.log"
|
||||
$root_group = $_root_group
|
||||
$proxy_temp_path = "${run_dir}/proxy_temp_path"
|
||||
$root_group = $_module_parameters['root_group']
|
||||
$proxy_temp_path = "${run_dir}/proxy_temp"
|
||||
$sites_available_owner = 'root'
|
||||
$sites_available_group = 'root'
|
||||
$sites_available_mode = '0644'
|
||||
|
|
|
|||
|
|
@ -148,89 +148,89 @@
|
|||
# ssl_key => '/tmp/server.pem',
|
||||
# }
|
||||
define nginx::resource::vhost (
|
||||
$ensure = 'present',
|
||||
$listen_ip = '*',
|
||||
$listen_port = '80',
|
||||
$listen_options = undef,
|
||||
$location_allow = [],
|
||||
$location_deny = [],
|
||||
$ipv6_enable = false,
|
||||
$ipv6_listen_ip = '::',
|
||||
$ipv6_listen_port = '80',
|
||||
$ipv6_listen_options = 'default ipv6only=on',
|
||||
$add_header = undef,
|
||||
$ssl = false,
|
||||
$ssl_listen_option = true,
|
||||
$ssl_cert = undef,
|
||||
$ssl_dhparam = undef,
|
||||
$ssl_key = undef,
|
||||
$ssl_port = '443',
|
||||
$ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2',
|
||||
$ssl_ciphers = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA',
|
||||
$ssl_cache = 'shared:SSL:10m',
|
||||
$ssl_stapling = false,
|
||||
$ssl_stapling_file = undef,
|
||||
$ssl_stapling_responder = undef,
|
||||
$ssl_stapling_verify = false,
|
||||
$ssl_session_timeout = '5m',
|
||||
$ssl_trusted_cert = undef,
|
||||
$spdy = $nginx::config::spdy,
|
||||
$proxy = undef,
|
||||
$proxy_redirect = undef,
|
||||
$proxy_read_timeout = $nginx::config::proxy_read_timeout,
|
||||
$proxy_connect_timeout = $nginx::config::proxy_connect_timeout,
|
||||
$proxy_set_header = [],
|
||||
$proxy_cache = false,
|
||||
$proxy_cache_valid = false,
|
||||
$proxy_method = undef,
|
||||
$proxy_set_body = undef,
|
||||
$resolver = [],
|
||||
$fastcgi = undef,
|
||||
$fastcgi_params = "${nginx::config::conf_dir}/fastcgi_params",
|
||||
$fastcgi_script = undef,
|
||||
$index_files = [
|
||||
$ensure = 'present',
|
||||
$listen_ip = '*',
|
||||
$listen_port = '80',
|
||||
$listen_options = undef,
|
||||
$location_allow = [],
|
||||
$location_deny = [],
|
||||
$ipv6_enable = false,
|
||||
$ipv6_listen_ip = '::',
|
||||
$ipv6_listen_port = '80',
|
||||
$ipv6_listen_options = 'default ipv6only=on',
|
||||
$add_header = undef,
|
||||
$ssl = false,
|
||||
$ssl_listen_option = true,
|
||||
$ssl_cert = undef,
|
||||
$ssl_dhparam = undef,
|
||||
$ssl_key = undef,
|
||||
$ssl_port = '443',
|
||||
$ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2',
|
||||
$ssl_ciphers = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA',
|
||||
$ssl_cache = 'shared:SSL:10m',
|
||||
$ssl_stapling = false,
|
||||
$ssl_stapling_file = undef,
|
||||
$ssl_stapling_responder = undef,
|
||||
$ssl_stapling_verify = false,
|
||||
$ssl_session_timeout = '5m',
|
||||
$ssl_trusted_cert = undef,
|
||||
$spdy = $nginx::config::spdy,
|
||||
$proxy = undef,
|
||||
$proxy_redirect = undef,
|
||||
$proxy_read_timeout = $nginx::config::proxy_read_timeout,
|
||||
$proxy_connect_timeout = $nginx::config::proxy_connect_timeout,
|
||||
$proxy_set_header = [],
|
||||
$proxy_cache = false,
|
||||
$proxy_cache_valid = false,
|
||||
$proxy_method = undef,
|
||||
$proxy_set_body = undef,
|
||||
$resolver = [],
|
||||
$fastcgi = undef,
|
||||
$fastcgi_params = "${nginx::config::conf_dir}/fastcgi_params",
|
||||
$fastcgi_script = undef,
|
||||
$index_files = [
|
||||
'index.html',
|
||||
'index.htm',
|
||||
'index.php'],
|
||||
$autoindex = undef,
|
||||
$server_name = [$name],
|
||||
$www_root = undef,
|
||||
$rewrite_www_to_non_www = false,
|
||||
$rewrite_to_https = undef,
|
||||
$location_custom_cfg = undef,
|
||||
$location_cfg_prepend = undef,
|
||||
$location_cfg_append = undef,
|
||||
$autoindex = undef,
|
||||
$server_name = [$name],
|
||||
$www_root = undef,
|
||||
$rewrite_www_to_non_www = false,
|
||||
$rewrite_to_https = undef,
|
||||
$location_custom_cfg = undef,
|
||||
$location_cfg_prepend = undef,
|
||||
$location_cfg_append = undef,
|
||||
$location_custom_cfg_prepend = undef,
|
||||
$location_custom_cfg_append = undef,
|
||||
$try_files = undef,
|
||||
$auth_basic = undef,
|
||||
$auth_basic_user_file = undef,
|
||||
$client_body_timeout = undef,
|
||||
$client_header_timeout = undef,
|
||||
$client_max_body_size = undef,
|
||||
$raw_prepend = undef,
|
||||
$raw_append = undef,
|
||||
$location_raw_prepend = undef,
|
||||
$location_raw_append = undef,
|
||||
$vhost_cfg_prepend = undef,
|
||||
$vhost_cfg_append = undef,
|
||||
$vhost_cfg_ssl_prepend = undef,
|
||||
$vhost_cfg_ssl_append = undef,
|
||||
$include_files = undef,
|
||||
$access_log = undef,
|
||||
$error_log = undef,
|
||||
$format_log = undef,
|
||||
$passenger_cgi_param = undef,
|
||||
$log_by_lua = undef,
|
||||
$log_by_lua_file = undef,
|
||||
$use_default_location = true,
|
||||
$rewrite_rules = [],
|
||||
$string_mappings = {},
|
||||
$geo_mappings = {},
|
||||
$gzip_types = undef,
|
||||
$owner = $nginx::config::global_owner,
|
||||
$group = $nginx::config::global_group,
|
||||
$mode = $nginx::config::global_mode,
|
||||
$try_files = undef,
|
||||
$auth_basic = undef,
|
||||
$auth_basic_user_file = undef,
|
||||
$client_body_timeout = undef,
|
||||
$client_header_timeout = undef,
|
||||
$client_max_body_size = undef,
|
||||
$raw_prepend = undef,
|
||||
$raw_append = undef,
|
||||
$location_raw_prepend = undef,
|
||||
$location_raw_append = undef,
|
||||
$vhost_cfg_prepend = undef,
|
||||
$vhost_cfg_append = undef,
|
||||
$vhost_cfg_ssl_prepend = undef,
|
||||
$vhost_cfg_ssl_append = undef,
|
||||
$include_files = undef,
|
||||
$access_log = undef,
|
||||
$error_log = undef,
|
||||
$format_log = undef,
|
||||
$passenger_cgi_param = undef,
|
||||
$log_by_lua = undef,
|
||||
$log_by_lua_file = undef,
|
||||
$use_default_location = true,
|
||||
$rewrite_rules = [],
|
||||
$string_mappings = {},
|
||||
$geo_mappings = {},
|
||||
$gzip_types = undef,
|
||||
$owner = $nginx::config::global_owner,
|
||||
$group = $nginx::config::global_group,
|
||||
$mode = $nginx::config::global_mode,
|
||||
) {
|
||||
|
||||
validate_re($ensure, '^(present|absent)$',
|
||||
|
|
@ -572,7 +572,7 @@ define nginx::resource::vhost (
|
|||
# Also opted to add more logic here and keep template cleaner which
|
||||
# unfortunately means resorting to the $varname_real thing
|
||||
$ssl_access_log_tmp = $access_log ? {
|
||||
undef => "${nginx::config::logdir}/ssl-${name_sanitized}.access.log",
|
||||
undef => "${nginx::config::log_dir}/ssl-${name_sanitized}.access.log",
|
||||
default => $access_log,
|
||||
}
|
||||
|
||||
|
|
@ -582,7 +582,7 @@ define nginx::resource::vhost (
|
|||
}
|
||||
|
||||
$ssl_error_log_real = $error_log ? {
|
||||
undef => "${nginx::config::logdir}/ssl-${name_sanitized}.error.log",
|
||||
undef => "${nginx::config::log_dir}/ssl-${name_sanitized}.error.log",
|
||||
default => $error_log,
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue