From 7459e9174440c0c5eda7ed51426f4b2004c7873b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20O=CC=88rnstedt?= Date: Fri, 13 Jun 2014 12:15:42 +0200 Subject: [PATCH 1/3] Made config dir available as a parameter. --- manifests/config.pp | 33 ++++++++++++++-------------- manifests/init.pp | 2 ++ manifests/resource/location.pp | 4 ++-- manifests/resource/mailhost.pp | 2 +- manifests/resource/vhost.pp | 14 ++++++------ templates/conf.d/nginx.conf.erb | 8 +++---- templates/vhost/vhost_ssl_header.erb | 10 ++++----- 7 files changed, 38 insertions(+), 35 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index f91b721..52f66fc 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -17,6 +17,7 @@ class nginx::config( $client_body_buffer_size = $nginx::params::nx_client_body_buffer_size, $client_max_body_size = $nginx::params::nx_client_max_body_size, $confd_purge = $nginx::params::nx_confd_purge, + $conf_dir = $nginx::params::nx_conf_dir, $conf_template = $nginx::params::nx_conf_template, $daemon_user = $nginx::params::nx_daemon_user, $events_use = $nginx::params::nx_events_use, @@ -65,35 +66,35 @@ class nginx::config( mode => '0644', } - file { $nginx::params::nx_conf_dir: + file { $conf_dir: ensure => directory, } - file { "${nginx::params::nx_conf_dir}/conf.d": + file { "${conf_dir}/conf.d": ensure => directory, } if $confd_purge == true { - File["${nginx::params::nx_conf_dir}/conf.d"] { + File["${conf_dir}/conf.d"] { purge => true, recurse => true, } } - file { "${nginx::params::nx_conf_dir}/conf.mail.d": + file { "${conf_dir}/conf.mail.d": ensure => directory, } if $confd_purge == true { - File["${nginx::params::nx_conf_dir}/conf.mail.d"] { + File["${conf_dir}/conf.mail.d"] { purge => true, recurse => true, } } - file { "${nginx::params::nx_conf_dir}/conf.d/vhost_autogen.conf": + file { "${conf_dir}/conf.d/vhost_autogen.conf": ensure => absent, } - file { "${nginx::params::nx_conf_dir}/conf.mail.d/vhost_autogen.conf": + file { "${conf_dir}/conf.mail.d/vhost_autogen.conf": ensure => absent, } @@ -111,47 +112,47 @@ class nginx::config( owner => $daemon_user, } - file { "${nginx::params::nx_conf_dir}/sites-available": + file { "${conf_dir}/sites-available": ensure => directory, } if $vhost_purge == true { - File["${nginx::params::nx_conf_dir}/sites-available"] { + File["${conf_dir}/sites-available"] { purge => true, recurse => true, } } - file { "${nginx::params::nx_conf_dir}/sites-enabled": + file { "${conf_dir}/sites-enabled": ensure => directory, } if $vhost_purge == true { - File["${nginx::params::nx_conf_dir}/sites-enabled"] { + File["${conf_dir}/sites-enabled"] { purge => true, recurse => true, } } - file { '/etc/nginx/sites-enabled/default': + file { "${conf_dir}/sites-enabled/default": ensure => absent, } - file { "${nginx::params::nx_conf_dir}/nginx.conf": + file { "${conf_dir}/nginx.conf": ensure => file, content => template($conf_template), } - file { "${nginx::params::nx_conf_dir}/conf.d/proxy.conf": + file { "${conf_dir}/conf.d/proxy.conf": ensure => file, content => template($proxy_conf_template), } - file { "${nginx::params::nx_conf_dir}/conf.d/default.conf": + file { "${conf_dir}/conf.d/default.conf": ensure => absent, } - file { "${nginx::params::nx_conf_dir}/conf.d/example_ssl.conf": + file { "${conf_dir}/conf.d/example_ssl.conf": ensure => absent, } diff --git a/manifests/init.pp b/manifests/init.pp index 60df2d5..4ba5e37 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -33,6 +33,7 @@ class nginx ( $client_max_body_size = $nginx::params::nx_client_max_body_size, $confd_purge = $nginx::params::nx_confd_purge, $configtest_enable = $nginx::params::nx_configtest_enable, + $conf_dir = $nginx::params::nx_conf_dir, $conf_template = $nginx::params::nx_conf_template, $daemon_user = $nginx::params::nx_daemon_user, $events_use = $nginx::params::nx_events_use, @@ -170,6 +171,7 @@ class nginx ( client_body_buffer_size => $client_body_buffer_size, client_max_body_size => $client_max_body_size, confd_purge => $confd_purge, + conf_dir => $conf_dir, conf_template => $conf_template, daemon_user => $daemon_user, events_use => $events_use, diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 62e26f1..2361666 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -240,7 +240,7 @@ define nginx::resource::location ( } $vhost_sanitized = regsubst($vhost, ' ', '_', 'G') - $config_file = "${nginx::config::nx_conf_dir}/sites-available/${vhost_sanitized}.conf" + $config_file = "${nginx::config::conf_dir}/sites-available/${vhost_sanitized}.conf" $location_sanitized_tmp = regsubst($location, '\/', '_', 'G') $location_sanitized = regsubst($location_sanitized_tmp, "\\\\", '_', 'G') @@ -306,7 +306,7 @@ define nginx::resource::location ( if ($auth_basic_user_file != undef) { #Generate htpasswd with provided file-locations - file { "${nginx::params::nx_conf_dir}/${location_sanitized}_htpasswd": + file { "${nginx::config::conf_dir}/${location_sanitized}_htpasswd": ensure => $ensure, mode => '0644', source => $auth_basic_user_file, diff --git a/manifests/resource/mailhost.pp b/manifests/resource/mailhost.pp index 89e0245..b7048c2 100644 --- a/manifests/resource/mailhost.pp +++ b/manifests/resource/mailhost.pp @@ -101,7 +101,7 @@ define nginx::resource::mailhost ( validate_string($xclient) validate_array($server_name) - $config_file = "${nginx::config::nx_conf_dir}/conf.mail.d/${name}.conf" + $config_file = "${nginx::config::conf_dir}/conf.mail.d/${name}.conf" # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled # and support does not exist for it in the kernel. diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index 4f56b99..fcf09ed 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -334,8 +334,8 @@ define nginx::resource::vhost ( validate_array($rewrite_rules) # Variables - $vhost_dir = "${nginx::config::nx_conf_dir}/sites-available" - $vhost_enable_dir = "${nginx::config::nx_conf_dir}/sites-enabled" + $vhost_dir = "${nginx::config::conf_dir}/sites-available" + $vhost_enable_dir = "${nginx::config::conf_dir}/sites-enabled" $vhost_symlink_ensure = $ensure ? { 'absent' => absent, default => 'link', @@ -515,32 +515,32 @@ define nginx::resource::vhost ( # Check if the file has been defined before creating the file to # avoid the error when using wildcard cert on the multiple vhosts - ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.crt", { + ensure_resource('file', "${nginx::config::conf_dir}/${cert}.crt", { owner => $nginx::config::daemon_user, mode => '0444', source => $ssl_cert, }) - ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.key", { + ensure_resource('file', "${nginx::config::conf_dir}/${cert}.key", { owner => $nginx::config::daemon_user, mode => '0440', source => $ssl_key, }) if ($ssl_dhparam != undef) { - ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.dh.pem", { + ensure_resource('file', "${nginx::config::conf_dir}/${cert}.dh.pem", { owner => $nginx::config::daemon_user, mode => '0440', source => $ssl_dhparam, }) } if ($ssl_stapling_file != undef) { - ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.ocsp.resp", { + ensure_resource('file', "${nginx::config::conf_dir}/${cert}.ocsp.resp", { owner => $nginx::config::daemon_user, mode => '0440', source => $ssl_stapling_file, }) } if ($ssl_trusted_cert != undef) { - ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.trusted.crt", { + ensure_resource('file', "${nginx::config::conf_dir}/${cert}.trusted.crt", { owner => $nginx::config::daemon_user, mode => '0440', source => $ssl_trusted_cert, diff --git a/templates/conf.d/nginx.conf.erb b/templates/conf.d/nginx.conf.erb index 8f1267f..615fcb1 100644 --- a/templates/conf.d/nginx.conf.erb +++ b/templates/conf.d/nginx.conf.erb @@ -18,7 +18,7 @@ events { } http { - include <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/mime.types; + include <%= @conf_dir %>/mime.types; default_type application/octet-stream; access_log <%= @http_access_log %>; @@ -60,12 +60,12 @@ http { <% end -%> <% end -%> - include <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/conf.d/*.conf; - include <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/sites-enabled/*; + include <%= @conf_dir %>/conf.d/*.conf; + include <%= @conf_dir %>/sites-enabled/*; } <% if scope.lookupvar('nginx::mail') %> mail { - include <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/conf.mail.d/*.conf; + include <%= @conf_dir %>/conf.mail.d/*.conf; } <% end -%> diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb index 4adec10..aaf8678 100644 --- a/templates/vhost/vhost_ssl_header.erb +++ b/templates/vhost/vhost_ssl_header.erb @@ -7,10 +7,10 @@ server { ssl on; - ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt; - ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.key; + ssl_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt; + ssl_certificate_key <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.key; <% if defined? @ssl_dhparam -%> - ssl_dhparam <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem; + ssl_dhparam <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem; <% end -%> ssl_session_cache <%= @ssl_cache %>; ssl_session_timeout 5m; @@ -21,7 +21,7 @@ server { ssl_stapling on; <% end -%> <% if defined? @ssl_stapling_file -%> - ssl_stapling_file <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.ocsp.resp; + ssl_stapling_file <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.ocsp.resp; <% end -%> <% if defined? @ssl_stapling_responder -%> ssl_stapling_responder <%= @ssl_stapling_responder %>; @@ -30,7 +30,7 @@ server { ssl_stapling_verify on; <% end -%> <% if defined? @ssl_trusted_cert -%> - ssl_trusted_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= @name.gsub(' ', '_') %>.trusted.crt; + ssl_trusted_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.trusted.crt; <% end -%> <% if @resolver.count > 0 -%> resolver <% Array(@resolver).each do |r| %> <%= r %><% end %>; From d8e6d603e7fcd5322e334179d0e5f7ccebe2c2c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20O=CC=88rnstedt?= Date: Fri, 13 Jun 2014 12:29:02 +0200 Subject: [PATCH 2/3] Replace hardcoded paths referring to '/etc/nginx' with config variable instead. --- manifests/resource/location.pp | 6 +++--- manifests/resource/upstream.pp | 2 +- manifests/resource/vhost.pp | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 2361666..fca7449 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -116,7 +116,7 @@ define nginx::resource::location ( $proxy_connect_timeout = $nginx::config::proxy_connect_timeout, $proxy_set_header = $nginx::config::proxy_set_header, $fastcgi = undef, - $fastcgi_params = '/etc/nginx/fastcgi_params', + $fastcgi_params = "${nginx::config::conf_dir}/fastcgi_params", $fastcgi_script = undef, $fastcgi_split_path = undef, $ssl = false, @@ -271,8 +271,8 @@ define nginx::resource::location ( $content_real = template('nginx/vhost/vhost_location_empty.erb') } - if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) { - file { '/etc/nginx/fastcgi_params': + if $fastcgi != undef and !defined(File[$fastcgi_params]) { + file { $fastcgi_params: ensure => present, mode => '0770', content => template('nginx/vhost/fastcgi_params.erb'), diff --git a/manifests/resource/upstream.pp b/manifests/resource/upstream.pp index 920aff9..a3c49fe 100644 --- a/manifests/resource/upstream.pp +++ b/manifests/resource/upstream.pp @@ -57,7 +57,7 @@ define nginx::resource::upstream ( mode => '0644', } - file { "/etc/nginx/conf.d/${name}-upstream.conf": + file { "${nginx::config::conf_dir}/conf.d/${name}-upstream.conf": ensure => $ensure ? { 'absent' => absent, default => 'file', diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index fcf09ed..a690407 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -161,7 +161,7 @@ define nginx::resource::vhost ( $proxy_set_body = undef, $resolver = [], $fastcgi = undef, - $fastcgi_params = '/etc/nginx/fastcgi_params', + $fastcgi_params = "${nginx::config::conf_dir}/fastcgi_params", $fastcgi_script = undef, $index_files = [ 'index.html', @@ -450,8 +450,8 @@ define nginx::resource::vhost ( location_custom_cfg_append => $location_custom_cfg_append } } - if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) { - file { '/etc/nginx/fastcgi_params': + if $fastcgi != undef and !defined(File[$fastcgi_params]) { + file { $fastcgi_params: ensure => present, mode => '0770', content => template('nginx/vhost/fastcgi_params.erb'), From 1bfd597c92851151d78828fdf294b91592de33a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20O=CC=88rnstedt?= Date: Fri, 13 Jun 2014 14:09:37 +0200 Subject: [PATCH 3/3] Add pre conditions to spec file. --- spec/defines/resource_upstream_spec.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/spec/defines/resource_upstream_spec.rb b/spec/defines/resource_upstream_spec.rb index 8423eb4..415c5d6 100644 --- a/spec/defines/resource_upstream_spec.rb +++ b/spec/defines/resource_upstream_spec.rb @@ -10,6 +10,18 @@ describe 'nginx::resource::upstream' do :members => ['test'], } end + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'debian', + } + end + let :pre_condition do + [ + 'include ::nginx::params', + 'include ::nginx::config', + ] + end describe 'os-independent items' do