diff --git a/data/common.yaml b/data/common.yaml new file mode 100644 index 0000000..db935a4 --- /dev/null +++ b/data/common.yaml @@ -0,0 +1,91 @@ +--- +nginx::config::temp_dir: /tmp +nginx::config::run_dir: /var/nginx +nginx::config::conf_template: nginx/conf.d/nginx.conf.erb +nginx::config::proxy_conf_template: nginx/conf.d/proxy.conf.erb +nginx::config::confd_purge: false +nginx::config::vhost_purge: false +nginx::config::worker_processes: 1 +nginx::config::worker_connections: 1024 +nginx::config::worker_rlimit_nofile: 1024 +nginx::config::types_hash_max_size: 1024 +nginx::config::types_hash_bucket_size: 512 +nginx::config::names_hash_bucket_size: 64 +nginx::config::names_hash_max_size: 512 +nginx::config::multi_accept: off +nginx::config::events_use: false +nginx::config::sendfile: on +nginx::config::keepalive_timeout: 65 +nginx::config::http_tcp_nodelay: on +nginx::config::http_tcp_nopush: off +nginx::config::gzip: on +nginx::config::server_tokens: on +nginx::config::spdy: off +nginx::config::ssl_stapling: off +nginx::config::proxy_redirect: off +nginx::config::proxy_set_header: + - 'Host $host' + - 'X-Real-IP $remote_addr' + - 'X-Forwarded-For $proxy_add_x_forwarded_for' +nginx::config::proxy_cache_path: false +nginx::config::proxy_cache_levels: 1 +nginx::config::proxy_cache_keys_zone: 'd2:100m' +nginx::config::proxy_cache_max_size: 500m +nginx::config::proxy_cache_inactive: 20m +nginx::config::fastcgi_cache_path: false +nginx::config::fastcgi_cache_levels: 1 +nginx::config::fastcgi_cache_keys_zone: 'd3:100m' +nginx::config::fastcgi_cache_max_size: 500m +nginx::config::fastcgi_cache_inactive: 20m +nginx::config::fastcgi_cache_key: false +nginx::config::fastcgi_cache_use_stale: false +nginx::config::client_body_temp_path: /var/nginx/client_body_temp +nginx::config::client_body_buffer_size: 128k +nginx::config::client_max_body_size: 10m +nginx::config::proxy_temp_path: /var/nginx/proxy_temp +nginx::config::proxy_connect_timeout: 90 +nginx::config::proxy_send_timeout: 90 +nginx::config::proxy_read_timeout: 90 +nginx::config::proxy_buffers: '32 4k' +nginx::config::proxy_http_version: 1.0 +nginx::config::proxy_buffer_size: 8k +nginx::config::proxy_headers_hash_bucket_size: 64 +nginx::config::logdir: /var/log/nginx + +# Service restart after Nginx 0.7.53 could also be just +# "/path/to/nginx/bin -s HUP" Some init scripts do a configtest, some don't. +# If configtest_enable it's true then service restart will take +# $nx_service_restart value, forcing configtest. +nginx::config::configtest_enable: false +nginx::config::service_restart: '/etc/init.d/nginx configtest && /etc/init.d/nginx restart' +nginx::config::service_ensure: running + +nginx::config::mail: false + +nginx::config::http_cfg_append: false +nginx::config::nginx_error_log: /var/log/nginx/error.log +nginx::config::http_access_log: /var/log/nginx/access.log + +# package name depends on distribution, e.g. for Debian nginx-full | nginx-light +nginx::config::package_name: nginx +nginx::config::package_ensure: present +nginx::config::package_source: nginx +nginx::config::manage_repo: true + +nginx::config::root_group: root +# Specific owner for sites-available directory +nginx::config::sites_available_owner: root +nginx::config::sites_available_group: root +nginx::config::sites_available_mode: '0644' + +# Owner for all other files +nginx::config::global_owner: root +nginx::config::global_group: root +nginx::config::global_mode: '0644' + +nginx::config::pid: /var/run/nginx.pid + +nginx::config::conf_dir: /etc/nginx + +nginx::config::super_user: true +nginx::config::daemon_user: nginx diff --git a/data/hiera.yaml b/data/hiera.yaml new file mode 100644 index 0000000..3aa54c7 --- /dev/null +++ b/data/hiera.yaml @@ -0,0 +1,6 @@ +-- +:hierarchy: +- osfamily/%{::osfamily} +- kernelversion/%{::kernelversion} +- kernel/%{::kernel} +- common diff --git a/data/kernelversion/Joyent.yaml b/data/kernelversion/Joyent.yaml new file mode 100644 index 0000000..bafc7e6 --- /dev/null +++ b/data/kernelversion/Joyent.yaml @@ -0,0 +1,3 @@ +--- +nginx::config::conf_dir: /opt/local/etc/nginx +nginx::config::daemon_user: www \ No newline at end of file diff --git a/data/osfamily/Archlinux.yaml b/data/osfamily/Archlinux.yaml new file mode 100644 index 0000000..071c50e --- /dev/null +++ b/data/osfamily/Archlinux.yaml @@ -0,0 +1,3 @@ +--- +nginx::config::pid: false +nginx::config::daemon_user: http \ No newline at end of file diff --git a/data/osfamily/Debian.yaml b/data/osfamily/Debian.yaml new file mode 100644 index 0000000..565ea96 --- /dev/null +++ b/data/osfamily/Debian.yaml @@ -0,0 +1,2 @@ +--- +nginx::config::daemon_user: www-data \ No newline at end of file diff --git a/data/osfamily/FreeBSD.yaml b/data/osfamily/FreeBSD.yaml new file mode 100644 index 0000000..fb601d5 --- /dev/null +++ b/data/osfamily/FreeBSD.yaml @@ -0,0 +1,4 @@ +--- +nginx::config::conf_dir: /usr/local/etc/nginx +nginx::config::daemon_user: www +nginx::config::root_group: wheel \ No newline at end of file diff --git a/data/osfamily/Solaris.yaml b/data/osfamily/Solaris.yaml new file mode 100644 index 0000000..27ca557 --- /dev/null +++ b/data/osfamily/Solaris.yaml @@ -0,0 +1,2 @@ +--- +nginx::config::daemon_user: webservd \ No newline at end of file diff --git a/docs/hiera.md b/docs/hiera.md new file mode 100644 index 0000000..59e82ac --- /dev/null +++ b/docs/hiera.md @@ -0,0 +1,33 @@ +# Usage of Hiera + +This module takes advantage of the `puppet-module-data` pattern as introduced +by R.I. Pinnear to allow for a significant amount of flexibility with base +configuration of the module. This is to reduce the amount of clutter starting +to gather in `params.pp`, and provide a foundation for future enhancements. + +## Upgrading + +If you happen to be here because of some silly deprecation notice, it is +probably because a manifest is declaring attributes for the Nginx Class. +Upgrading should be easy! + +* Step 1: Make sure you have Hiera configured. https://docs.puppetlabs.com/hiera/1/puppet.html#puppet-3-and-newer +* Step 2: Move any declared parameters to hiera. +* Step 3: Profit! + +For example: + +``` +class { 'nginx': + logdir => '/data/nginx/logs', +} +``` + +should become in your hiera configs: + +``` +nginx::config::logdir: /data/nginx/logs +``` + +Please note: This module takes advantage of Puppet 3 data module bindings. +Be aware of any gotchas that accompany this. Take a look at https://docs.puppetlabs.com/hiera/1/puppet.html#limitations diff --git a/manifests/config.pp b/manifests/config.pp index 918039e..4aa1588 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -14,70 +14,149 @@ # # This class file is not called directly class nginx::config( - $client_body_buffer_size = $nginx::params::nx_client_body_buffer_size, - $client_body_temp_path = $nginx::params::nx_client_body_temp_path, - $client_max_body_size = $nginx::params::nx_client_max_body_size, - $confd_purge = $nginx::params::nx_confd_purge, - $conf_dir = $nginx::params::nx_conf_dir, - $conf_template = $nginx::params::nx_conf_template, - $daemon_user = $nginx::params::nx_daemon_user, - $events_use = $nginx::params::nx_events_use, - $fastcgi_cache_inactive = $nginx::params::nx_fastcgi_cache_inactive, - $fastcgi_cache_key = $nginx::params::nx_fastcgi_cache_key, - $fastcgi_cache_keys_zone = $nginx::params::nx_fastcgi_cache_keys_zone, - $fastcgi_cache_levels = $nginx::params::nx_fastcgi_cache_levels, - $fastcgi_cache_max_size = $nginx::params::nx_fastcgi_cache_max_size, - $fastcgi_cache_path = $nginx::params::nx_fastcgi_cache_path, - $fastcgi_cache_use_stale = $nginx::params::nx_fastcgi_cache_use_stale, - $gzip = $nginx::params::nx_gzip, - $http_access_log = $nginx::params::nx_http_access_log, - $http_cfg_append = $nginx::params::nx_http_cfg_append, - $http_tcp_nodelay = $nginx::params::nx_http_tcp_nodelay, - $http_tcp_nopush = $nginx::params::nx_http_tcp_nopush, - $keepalive_timeout = $nginx::params::nx_keepalive_timeout, - $logdir = $nginx::params::nx_logdir, - $mail = $nginx::params::nx_mail, - $multi_accept = $nginx::params::nx_multi_accept, - $names_hash_bucket_size = $nginx::params::nx_names_hash_bucket_size, - $names_hash_max_size = $nginx::params::nx_names_hash_max_size, - $nginx_error_log = $nginx::params::nx_nginx_error_log, - $pid = $nginx::params::nx_pid, - $proxy_buffers = $nginx::params::nx_proxy_buffers, - $proxy_buffer_size = $nginx::params::nx_proxy_buffer_size, - $proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive, - $proxy_cache_keys_zone = $nginx::params::nx_proxy_cache_keys_zone, - $proxy_cache_levels = $nginx::params::nx_proxy_cache_levels, - $proxy_cache_max_size = $nginx::params::nx_proxy_cache_max_size, - $proxy_cache_path = $nginx::params::nx_proxy_cache_path, - $proxy_conf_template = $nginx::params::nx_proxy_conf_template, - $proxy_connect_timeout = $nginx::params::nx_proxy_connect_timeout, - $proxy_headers_hash_bucket_size = $nginx::params::nx_proxy_headers_hash_bucket_size, - $proxy_http_version = $nginx::params::nx_proxy_http_version, - $proxy_read_timeout = $nginx::params::nx_proxy_read_timeout, - $proxy_redirect = $nginx::params::nx_proxy_redirect, - $proxy_send_timeout = $nginx::params::nx_proxy_send_timeout, - $proxy_set_header = $nginx::params::nx_proxy_set_header, - $proxy_temp_path = $nginx::params::nx_proxy_temp_path, - $run_dir = $nginx::params::nx_run_dir, - $sendfile = $nginx::params::nx_sendfile, - $server_tokens = $nginx::params::nx_server_tokens, - $spdy = $nginx::params::nx_spdy, - $super_user = $nginx::params::nx_super_user, - $temp_dir = $nginx::params::nx_temp_dir, - $types_hash_bucket_size = $nginx::params::nx_types_hash_bucket_size, - $types_hash_max_size = $nginx::params::nx_types_hash_max_size, - $vhost_purge = $nginx::params::nx_vhost_purge, - $worker_connections = $nginx::params::nx_worker_connections, - $worker_processes = $nginx::params::nx_worker_processes, - $worker_rlimit_nofile = $nginx::params::nx_worker_rlimit_nofile, - $global_owner = $nginx::params::global_owner, - $global_group = $nginx::params::global_group, - $global_mode = $nginx::params::global_mode, - $sites_available_owner = $nginx::params::sites_available_owner, - $sites_available_group = $nginx::params::sites_available_group, - $sites_available_mode = $nginx::params::sites_available_mode, -) inherits nginx::params { + $client_body_buffer_size = undef, + $client_body_temp_path = undef, + $client_max_body_size = undef, + $confd_purge = undef, + $conf_dir = undef, + $conf_template = undef, + $daemon_user = undef, + $events_use = undef, + $fastcgi_cache_inactive = undef, + $fastcgi_cache_key = undef, + $fastcgi_cache_keys_zone = undef, + $fastcgi_cache_levels = undef, + $fastcgi_cache_max_size = undef, + $fastcgi_cache_path = undef, + $fastcgi_cache_use_stale = undef, + $gzip = undef, + $http_access_log = undef, + $http_cfg_append = undef, + $http_tcp_nodelay = undef, + $http_tcp_nopush = undef, + $keepalive_timeout = undef, + $logdir = undef, + $mail = undef, + $multi_accept = undef, + $names_hash_bucket_size = undef, + $names_hash_max_size = undef, + $nginx_error_log = undef, + $pid = undef, + $proxy_buffers = undef, + $proxy_buffer_size = undef, + $proxy_cache_inactive = undef, + $proxy_cache_keys_zone = undef, + $proxy_cache_levels = undef, + $proxy_cache_max_size = undef, + $proxy_cache_path = undef, + $proxy_conf_template = undef, + $proxy_connect_timeout = undef, + $proxy_headers_hash_bucket_size = undef, + $proxy_http_version = undef, + $proxy_read_timeout = undef, + $proxy_redirect = undef, + $proxy_send_timeout = undef, + $proxy_set_header = undef, + $proxy_temp_path = undef, + $run_dir = undef, + $sendfile = undef, + $server_tokens = undef, + $spdy = undef, + $super_user = undef, + $temp_dir = undef, + $types_hash_bucket_size = undef, + $types_hash_max_size = undef, + $vhost_purge = undef, + $worker_connections = undef, + $worker_processes = undef, + $worker_rlimit_nofile = undef, + $global_owner = undef, + $global_group = undef, + $global_mode = undef, + $sites_available_owner = undef, + $sites_available_group = undef, + $sites_available_mode = undef, +) { + ### Validations ### + if (!is_string($worker_processes)) and (!is_integer($worker_processes)) { + fail('$worker_processes must be an integer or have value "auto".') + } + if (!is_integer($worker_connections)) { + fail('$worker_connections must be an integer.') + } + if (!is_integer($worker_rlimit_nofile)) { + fail('$worker_rlimit_nofile must be an integer.') + } + if (!is_string($events_use)) and ($events_use != false) { + fail('$events_use must be a string or false.') + } + validate_string($multi_accept) + validate_string($package_name) + validate_string($package_ensure) + validate_string($package_source) + validate_array($proxy_set_header) + validate_string($proxy_http_version) + validate_bool($confd_purge) + validate_bool($vhost_purge) + if ($proxy_cache_path != false) { + validate_string($proxy_cache_path) + } + validate_re($proxy_cache_levels, '^[12](:[12])*$') + validate_string($proxy_cache_keys_zone) + validate_string($proxy_cache_max_size) + validate_string($proxy_cache_inactive) + + if ($fastcgi_cache_path != false) { + validate_string($fastcgi_cache_path) + } + validate_re($fastcgi_cache_levels, '^[12](:[12])*$') + validate_string($fastcgi_cache_keys_zone) + validate_string($fastcgi_cache_max_size) + validate_string($fastcgi_cache_inactive) + if ($fastcgi_cache_key != false) { + validate_string($fastcgi_cache_key) + } + if ($fastcgi_cache_use_stale != false) { + validate_string($fastcgi_cache_use_stale) + } + + validate_bool($configtest_enable) + validate_string($service_restart) + validate_bool($mail) + validate_string($server_tokens) + validate_string($client_max_body_size) + if (!is_integer($names_hash_bucket_size)) { + fail('$names_hash_bucket_size must be an integer.') + } + if (!is_integer($names_hash_max_size)) { + fail('$names_hash_max_size must be an integer.') + } + validate_string($proxy_buffers) + validate_string($proxy_buffer_size) + if ($http_cfg_append != false) { + if !(is_hash($http_cfg_append) or is_array($http_cfg_append)) { + fail('$http_cfg_append must be either a hash or array') + } + } + + validate_string($nginx_error_log) + validate_string($http_access_log) + validate_hash($nginx_upstreams) + validate_hash($nginx_vhosts) + validate_hash($nginx_vhosts_defaults) + validate_hash($nginx_locations) + validate_hash($nginx_mailhosts) + validate_bool($manage_repo) + validate_string($proxy_headers_hash_bucket_size) + validate_bool($super_user) + + validate_hash($string_mappings) + validate_hash($geo_mappings) + ### END VALIDATIONS ### + + + ### CONFIGURATION ### File { owner => $global_owner, group => $global_group, diff --git a/manifests/init.pp b/manifests/init.pp index 08d9a98..c687e78 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -5,7 +5,7 @@ # Parameters: # # There are no default parameters for this class. All module parameters -# are managed via the nginx::params class +# are managed via puppet-module-data (see data/ dir) # # Actions: # @@ -29,160 +29,173 @@ # include nginx # } class nginx ( - $client_body_buffer_size = $nginx::params::nx_client_body_buffer_size, - $client_body_temp_path = $nginx::params::nx_client_body_temp_path, - $client_max_body_size = $nginx::params::nx_client_max_body_size, - $confd_purge = $nginx::params::nx_confd_purge, - $configtest_enable = $nginx::params::nx_configtest_enable, - $conf_dir = $nginx::params::nx_conf_dir, - $conf_template = $nginx::params::nx_conf_template, - $daemon_user = $nginx::params::nx_daemon_user, - $events_use = $nginx::params::nx_events_use, - $fastcgi_cache_inactive = $nginx::params::nx_fastcgi_cache_inactive, - $fastcgi_cache_key = $nginx::params::nx_fastcgi_cache_key, - $fastcgi_cache_keys_zone = $nginx::params::nx_fastcgi_cache_keys_zone, - $fastcgi_cache_levels = $nginx::params::nx_fastcgi_cache_levels, - $fastcgi_cache_max_size = $nginx::params::nx_fastcgi_cache_max_size, - $fastcgi_cache_path = $nginx::params::nx_fastcgi_cache_path, - $fastcgi_cache_use_stale = $nginx::params::nx_fastcgi_cache_use_stale, - $gzip = $nginx::params::nx_gzip, - $http_access_log = $nginx::params::nx_http_access_log, - $http_cfg_append = $nginx::params::nx_http_cfg_append, - $http_tcp_nodelay = $nginx::params::nx_http_tcp_nodelay, - $http_tcp_nopush = $nginx::params::nx_http_tcp_nopush, - $keepalive_timeout = $nginx::params::nx_keepalive_timeout, - $logdir = $nginx::params::nx_logdir, - $mail = $nginx::params::nx_mail, - $manage_repo = $nginx::params::manage_repo, - $multi_accept = $nginx::params::nx_multi_accept, - $names_hash_bucket_size = $nginx::params::nx_names_hash_bucket_size, - $names_hash_max_size = $nginx::params::nx_names_hash_max_size, - $nginx_error_log = $nginx::params::nx_nginx_error_log, + $client_body_buffer_size = undef, + $client_body_temp_path = undef, + $client_max_body_size = undef, + $confd_purge = undef, + $configtest_enable = undef, + $conf_dir = undef, + $conf_template = undef, + $daemon_user = undef, + $events_use = undef, + $fastcgi_cache_inactive = undef, + $fastcgi_cache_key = undef, + $fastcgi_cache_keys_zone = undef, + $fastcgi_cache_levels = undef, + $fastcgi_cache_max_size = undef, + $fastcgi_cache_path = undef, + $fastcgi_cache_use_stale = undef, + $gzip = undef, + $http_access_log = undef, + $http_cfg_append = undef, + $http_tcp_nodelay = undef, + $http_tcp_nopush = undef, + $keepalive_timeout = undef, + $logdir = undef, + $mail = undef, + $manage_repo = undef, + $multi_accept = undef, + $names_hash_bucket_size = undef, + $names_hash_max_size = undef, + $nginx_error_log = undef, $nginx_locations = {}, $nginx_mailhosts = {}, $nginx_upstreams = {}, $nginx_vhosts = {}, $nginx_vhosts_defaults = {}, - $package_ensure = $nginx::params::package_ensure, - $package_name = $nginx::params::package_name, - $package_source = $nginx::params::package_source, - $pid = $nginx::params::nx_pid, - $proxy_buffers = $nginx::params::nx_proxy_buffers, - $proxy_buffer_size = $nginx::params::nx_proxy_buffer_size, - $proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive, - $proxy_cache_keys_zone = $nginx::params::nx_proxy_cache_keys_zone, - $proxy_cache_levels = $nginx::params::nx_proxy_cache_levels, - $proxy_cache_max_size = $nginx::params::nx_proxy_cache_max_size, - $proxy_cache_path = $nginx::params::nx_proxy_cache_path, - $proxy_conf_template = $nginx::params::nx_proxy_conf_template, - $proxy_connect_timeout = $nginx::params::nx_proxy_connect_timeout, - $proxy_headers_hash_bucket_size = $nginx::params::nx_proxy_headers_hash_bucket_size, - $proxy_http_version = $nginx::params::nx_proxy_http_version, - $proxy_read_timeout = $nginx::params::nx_proxy_read_timeout, - $proxy_redirect = $nginx::params::nx_proxy_redirect, - $proxy_send_timeout = $nginx::params::nx_proxy_send_timeout, - $proxy_set_header = $nginx::params::nx_proxy_set_header, - $proxy_temp_path = $nginx::params::nx_proxy_temp_path, - $run_dir = $nginx::params::nx_run_dir, - $sendfile = $nginx::params::nx_sendfile, - $server_tokens = $nginx::params::nx_server_tokens, - $service_ensure = $nginx::params::nx_service_ensure, - $service_restart = $nginx::params::nx_service_restart, - $spdy = $nginx::params::nx_spdy, - $super_user = $nginx::params::nx_super_user, - $temp_dir = $nginx::params::nx_temp_dir, - $types_hash_bucket_size = $nginx::params::nx_types_hash_bucket_size, - $types_hash_max_size = $nginx::params::nx_types_hash_max_size, - $vhost_purge = $nginx::params::nx_vhost_purge, - $worker_connections = $nginx::params::nx_worker_connections, - $worker_processes = $nginx::params::nx_worker_processes, - $worker_rlimit_nofile = $nginx::params::nx_worker_rlimit_nofile, - $global_owner = $nginx::params::global_owner, - $global_group = $nginx::params::global_group, - $global_mode = $nginx::params::global_mode, - $sites_available_owner = $nginx::params::sites_available_owner, - $sites_available_group = $nginx::params::sites_available_group, - $sites_available_mode = $nginx::params::sites_available_mode, + $package_ensure = undef, + $package_name = undef, + $package_source = undef, + $pid = undef, + $proxy_buffers = undef, + $proxy_buffer_size = undef, + $proxy_cache_inactive = undef, + $proxy_cache_keys_zone = undef, + $proxy_cache_levels = undef, + $proxy_cache_max_size = undef, + $proxy_cache_path = undef, + $proxy_conf_template = undef, + $proxy_connect_timeout = undef, + $proxy_headers_hash_bucket_size = undef, + $proxy_http_version = undef, + $proxy_read_timeout = undef, + $proxy_redirect = undef, + $proxy_send_timeout = undef, + $proxy_set_header = undef, + $proxy_temp_path = undef, + $run_dir = undef, + $sendfile = undef, + $server_tokens = undef, + $service_ensure = undef, + $service_restart = undef, + $spdy = undef, + $super_user = undef, + $temp_dir = undef, + $types_hash_bucket_size = undef, + $types_hash_max_size = undef, + $vhost_purge = undef, + $worker_connections = undef, + $worker_processes = undef, + $worker_rlimit_nofile = undef, + $global_owner = undef, + $global_group = undef, + $global_mode = undef, + $sites_available_owner = undef, + $sites_available_group = undef, + $sites_available_mode = undef, $geo_mappings = {}, $string_mappings = {}, -) inherits nginx::params { +) { - include stdlib + ### DEPRECATION WARNING ### + ### + ### During the transition from the params pattern -> puppet-module-data, + ### we need a graceful way to notify the consumer that the pattern is + ### changing, and point them toward docs on how to transition. + ### + ### Once we hit 1.0, this whole block goes away. + ### + ### Please note: as a contributor to this module, no Pulls will be accepted + ### that do add additional parameters to this class. Get on this puppet-module-data + ### level! - if (!is_string($worker_processes)) and (!is_integer($worker_processes)) { - fail('$worker_processes must be an integer or have value "auto".') - } - if (!is_integer($worker_connections)) { - fail('$worker_connections must be an integer.') - } - if (!is_integer($worker_rlimit_nofile)) { - fail('$worker_rlimit_nofile must be an integer.') - } - if (!is_string($events_use)) and ($events_use != false) { - fail('$events_use must be a string or false.') - } - validate_string($multi_accept) - validate_string($package_name) - validate_string($package_ensure) - validate_string($package_source) - validate_array($proxy_set_header) - validate_string($proxy_http_version) - validate_bool($confd_purge) - validate_bool($vhost_purge) - if ($proxy_cache_path != false) { - validate_string($proxy_cache_path) - } - validate_re($proxy_cache_levels, '^[12](:[12])*$') - validate_string($proxy_cache_keys_zone) - validate_string($proxy_cache_max_size) - validate_string($proxy_cache_inactive) + ### This block makes me sad, but what can you do.... we need to do this + ### migration the Right Way(tm) -- JDF - if ($fastcgi_cache_path != false) { - validate_string($fastcgi_cache_path) - } - validate_re($fastcgi_cache_levels, '^[12](:[12])*$') - validate_string($fastcgi_cache_keys_zone) - validate_string($fastcgi_cache_max_size) - validate_string($fastcgi_cache_inactive) - if ($fastcgi_cache_key != false) { - validate_string($fastcgi_cache_key) - } - if ($fastcgi_cache_use_stale != false) { - validate_string($fastcgi_cache_use_stale) - } + if $client_body_buffer_size or + $client_body_temp_path or + $client_max_body_size or + $confd_purge or + $configtest_enable or + $conf_dir or + $conf_template or + $daemon_user or + $events_use or + $fastcgi_cache_inactive or + $fastcgi_cache_key or + $fastcgi_cache_keys_zone or + $fastcgi_cache_levels or + $fastcgi_cache_max_size or + $fastcgi_cache_path or + $fastcgi_cache_use_stale or + $gzip or + $http_access_log or + $http_cfg_append or + $http_tcp_nodelay or + $http_tcp_nopush or + $keepalive_timeout or + $logdir or + $mail or + $manage_repo or + $multi_accept or + $names_hash_bucket_size or + $names_hash_max_size or + $nginx_error_log or + $package_ensure or + $package_name or + $package_source or + $pid or + $proxy_buffers or + $proxy_buffer_size or + $proxy_cache_inactive or + $proxy_cache_keys_zone or + $proxy_cache_levels or + $proxy_cache_max_size or + $proxy_cache_path or + $proxy_conf_template or + $proxy_connect_timeout or + $proxy_headers_hash_bucket_size or + $proxy_http_version or + $proxy_read_timeout or + $proxy_redirect or + $proxy_send_timeout or + $proxy_set_header or + $proxy_temp_path or + $run_dir or + $sendfile or + $server_tokens or + $service_ensure or + $service_restart or + $spdy or + $super_user or + $temp_dir or + $types_hash_bucket_size or + $types_hash_max_size or + $vhost_purge or + $worker_connections or + $worker_processes or + $worker_rlimit_nofile or + $global_owner or + $global_group or + $global_mode or + $sites_available_owner or + $sites_available_group or + $sites_available_mode { + + include nginx::notice::puppet_module_data + } - validate_bool($configtest_enable) - validate_string($service_restart) - validate_bool($mail) - validate_string($server_tokens) - validate_string($client_max_body_size) - if (!is_integer($names_hash_bucket_size)) { - fail('$names_hash_bucket_size must be an integer.') - } - if (!is_integer($names_hash_max_size)) { - fail('$names_hash_max_size must be an integer.') - } - validate_string($proxy_buffers) - validate_string($proxy_buffer_size) - if ($http_cfg_append != false) { - if !(is_hash($http_cfg_append) or is_array($http_cfg_append)) { - fail('$http_cfg_append must be either a hash or array') - } - } - - validate_string($nginx_error_log) - validate_string($http_access_log) - validate_hash($nginx_upstreams) - validate_hash($nginx_vhosts) - validate_hash($nginx_vhosts_defaults) - validate_hash($nginx_locations) - validate_hash($nginx_mailhosts) - validate_bool($manage_repo) - validate_string($proxy_headers_hash_bucket_size) - validate_bool($super_user) - - validate_hash($string_mappings) - validate_hash($geo_mappings) + ### END DEPRECATION WARNING ### class { 'nginx::package': package_name => $package_name, @@ -259,8 +272,7 @@ class nginx ( notify => Class['nginx::service'], } - class { 'nginx::service': - } + class { 'nginx::service': } create_resources('nginx::resource::upstream', $nginx_upstreams) create_resources('nginx::resource::vhost', $nginx_vhosts, $nginx_vhosts_defaults) diff --git a/manifests/notice/puppet_module_data.pp b/manifests/notice/puppet_module_data.pp new file mode 100644 index 0000000..f7b2689 --- /dev/null +++ b/manifests/notice/puppet_module_data.pp @@ -0,0 +1,5 @@ +class nginx::notice::puppet_module_data { + $message = "[nginx] *** DEPRECATION WARNING***: HI! I notice that you're declaring some attributes in Class[nginx]. We are in the process of moving all of these attributes to Hiera with puppet-module-tool. Please check out https://github.com/jfryman/puppet-nginx/blob/master/docs/hiera.md for more information." + + notify { $message: } +} \ No newline at end of file diff --git a/manifests/params.pp b/manifests/params.pp deleted file mode 100644 index 3acd4b3..0000000 --- a/manifests/params.pp +++ /dev/null @@ -1,161 +0,0 @@ -# Class: nginx::param -# -# This module manages NGINX paramaters -# -# Parameters: -# -# There are no default parameters for this class. -# -# Actions: -# -# Requires: -# -# Sample Usage: -# -# This class file is not called directly -class nginx::params { - - $nx_temp_dir = '/tmp' - $nx_run_dir = '/var/nginx' - - $nx_conf_template = 'nginx/conf.d/nginx.conf.erb' - $nx_proxy_conf_template = 'nginx/conf.d/proxy.conf.erb' - $nx_confd_purge = false - $nx_vhost_purge = false - $nx_worker_processes = 1 - $nx_worker_connections = 1024 - $nx_worker_rlimit_nofile = 1024 - $nx_types_hash_max_size = 1024 - $nx_types_hash_bucket_size = 512 - $nx_names_hash_bucket_size = 64 - $nx_names_hash_max_size = 512 - $nx_multi_accept = off - # One of [kqueue|rtsig|epoll|/dev/poll|select|poll|eventport] - # or false to use OS default - $nx_events_use = false - $nx_sendfile = on - $nx_keepalive_timeout = 65 - $nx_http_tcp_nodelay = on - $nx_http_tcp_nopush = off - $nx_gzip = on - $nx_server_tokens = on - $nx_spdy = off - $nx_ssl_stapling = off - - $nx_proxy_redirect = off - $nx_proxy_set_header = [ - 'Host $host', - 'X-Real-IP $remote_addr', - 'X-Forwarded-For $proxy_add_x_forwarded_for', - ] - $nx_proxy_cache_path = false - $nx_proxy_cache_levels = '1' - $nx_proxy_cache_keys_zone = 'd2:100m' - $nx_proxy_cache_max_size = '500m' - $nx_proxy_cache_inactive = '20m' - - $nx_fastcgi_cache_path = false - $nx_fastcgi_cache_levels = '1' - $nx_fastcgi_cache_keys_zone = 'd3:100m' - $nx_fastcgi_cache_max_size = '500m' - $nx_fastcgi_cache_inactive = '20m' - $nx_fastcgi_cache_key = false - $nx_fastcgi_cache_use_stale = false - - $nx_client_body_temp_path = "${nx_run_dir}/client_body_temp" - $nx_client_body_buffer_size = '128k' - $nx_client_max_body_size = '10m' - $nx_proxy_temp_path = "${nx_run_dir}/proxy_temp" - $nx_proxy_connect_timeout = '90' - $nx_proxy_send_timeout = '90' - $nx_proxy_read_timeout = '90' - $nx_proxy_buffers = '32 4k' - $nx_proxy_http_version = '1.0' - $nx_proxy_buffer_size = '8k' - $nx_proxy_headers_hash_bucket_size = '64' - - $nx_logdir = '/var/log/nginx' - - $nx_pid = $::kernel ? { - /(?i-mx:linux)/ => $::osfamily ? { - # archlinux has hardcoded pid in service file to /run/nginx.pid, setting - # it will prevent nginx from starting - /(?i-mx:archlinux)/ => false, - default => '/var/run/nginx.pid', - }, - /(?i-mx:sunos)/ => '/var/run/nginx.pid', - /(?i-mx:freebsd)/ => '/var/run/nginx.pid', - } - - $nx_conf_dir = $::kernelversion ? { - /(?i-mx:joyent)/ => '/opt/local/etc/nginx', - default => $::kernel ? { - /(?i-mx:freebsd)/ => '/usr/local/etc/nginx', - default => '/etc/nginx', - } - } - - if $::osfamily { - $solaris_nx_daemon_user = $::kernelversion ? { - /(?i-mx:joyent)/ => 'www', - default => 'webservd', - } - $nx_daemon_user = $::osfamily ? { - /(?i-mx:archlinux)/ => 'http', - /(?i-mx:redhat|suse|gentoo|linux)/ => 'nginx', - /(?i-mx:debian)/ => 'www-data', - /(?i-mx:solaris)/ => $solaris_nx_daemon_user, - /(?i-mx:freebsd)/ => 'www', - } - } else { - warning('$::osfamily not defined. Support for $::operatingsystem is deprecated') - warning("Please upgrade from facter ${::facterversion} to >= 1.7.2") - $nx_daemon_user = $::operatingsystem ? { - /(?i-mx:archlinux)/ => 'http', - /(?i-mx:debian|ubuntu)/ => 'www-data', - /(?i-mx:fedora|rhel|redhat|centos|scientific|suse|opensuse|amazon|gentoo|oraclelinux)/ => 'nginx', - /(?i-mx:solaris)/ => 'webservd', - /(?i-mx:freebsd)/ => 'www', - } - } - - $root_group = $::operatingsystem ? { - 'FreeBSD' => 'wheel', - default => 'root', - } - - # Nginx is default launched as root if not change this parameter - $nx_super_user = true - - # Service restart after Nginx 0.7.53 could also be just - # "/path/to/nginx/bin -s HUP" Some init scripts do a configtest, some don't. - # If configtest_enable it's true then service restart will take - # $nx_service_restart value, forcing configtest. - - $nx_configtest_enable = false - $nx_service_restart = '/etc/init.d/nginx configtest && /etc/init.d/nginx restart' - $nx_service_ensure = running - - $nx_mail = false - - $nx_http_cfg_append = false - - $nx_nginx_error_log = "${nx_logdir}/error.log" - $nx_http_access_log = "${nx_logdir}/access.log" - - # package name depends on distribution, e.g. for Debian nginx-full | nginx-light - $package_name = 'nginx' - $package_ensure = 'present' - $package_source = 'nginx' - $manage_repo = true - - # Specific owner for sites-available directory - $sites_available_owner = 'root' - $sites_available_group = $root_group - $sites_available_mode = '0644' - - # Owner for all other files - $global_owner = 'root' - $global_group = $root_group - $global_mode = '0644' -} diff --git a/metadata.json b/metadata.json index ba205d7..a392e28 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "jfryman-nginx", - "version": "0.0.10", + "version": "0.1.0", "author": "James Fryman", "summary": "Puppet NGINX management module", "license": "Apache License Version 2.0", @@ -11,6 +11,7 @@ "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 3.0.0"}, {"name":"puppetlabs/apt","version_requirement":">= 1.0.0"}, - {"name":"puppetlabs/concat","version_requirement":">= 1.1.0"} + {"name":"puppetlabs/concat","version_requirement":">= 1.1.0"}, + {"name":"ripienaar/module_data","version_requirement":">= 0.0.3"} ] }