Added SuSE Support

lib/facter/ipv6.rb

@@ -1,14 +0,0 @@
-#  ipv6 support
-#  returns a true/false to see if the kernel has ipv6 support 
-#  installed and determine addresses
-
-require 'facter'
-Facter.add("ipv6") do
-    setcode do
-      ipv6_exists = 'unknown'
-      if Facter.value('kernel').value?('Linux')
-        ipv6_exists = File.exist?('/proc/net/if_inet6') ? true : false
-      end  
-      ipv6_exists
-    end
-end

manifests/config.pp

@@ -1,23 +1,49 @@
-class nginx::config inherits nginx::params { 
-	
+class nginx::config inherits nginx::params { 	
 	File { 
 		owner => 'root', 
 		group => 'root', 
 		mode => '0644',
 	}
 	
-	file { '/etc/nginx/sites-enabled':
+	file { "${nginx::params::nx_conf_dir}":
 		ensure => directory,
 	}
 	
+	file { "${nginx::params::nx_conf_dir}/conf.d":
+		ensure => directory,
+	}
+	
+	file { "${nginx::config::nx_run_dir}":
+		ensure => directory,
+	}
+	
+	file { "${nginx::config::nx_client_body_temp_path}":  
+		ensure => directory,
+		owner  => $nginx::params::nx_daemon_user,
+	}
+	
+	file {"${nginx::config::nx_proxy_temp_path}":        
+		ensure => directory,
+		owner  => $nginx::params::nx_daemon_user,
+	}
+	
 	file { '/etc/nginx/sites-enabled/default':
 		ensure => absent,
 	}
 	
-	file { '/etc/nginx/nginx.conf':
+	file { "${nginx::params::nx_conf_dir}/nginx.conf":
 		ensure  => file,
-		owner   => 'root',
-		group   => 'root',
-		content => template('nginx/nginx.conf.erb'),
+		content => template('nginx/conf.d/nginx.conf.erb'),
+	}
+	
+	file { "${nginx::params::nx_conf_dir}/conf.d/proxy.conf":
+	    ensure  => file,
+	    content => template('nginx/conf.d/proxy.conf.erb'),
+	}
+	
+	file { "${nginx::config::nx_temp_dir}/nginx.d":
+		ensure  => directory,
+		purge   => true,
+		recurse => true,
 	}
 }

manifests/init.pp

@@ -1,16 +1,3 @@
-# Class: nginx
-#
-# This module manages nginx
-#
-# Parameters:
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
-#
-# [Remember: No empty lines between comments and class definition]
 class nginx {
 	include nginx::package
 	include nginx::config

manifests/package.pp

@@ -5,6 +5,9 @@ class nginx::package {
     }
     debian,ubuntu: {
 	  include nginx::package::debian
-    }	
+    }
+    opensuse,suse: {
+	  include nginx::package::suse
+    }
   }
 }

manifests/package/suse.pp

@@ -0,0 +1,56 @@
+class nginx::package::suse {
+	package { 'nginx-0.8':
+		ensure => present,
+	}
+	package { 'apache2':
+		ensure => present,
+	}
+	package { 'apache2-itk':
+		ensure => present,
+	}
+	package { 'apache2-utils':
+		ensure => present,
+	}
+	package { 'gd':
+		ensure => present,
+	}
+	package { "libapr1":
+		ensure => installed,
+	}
+	package { "libapr-util1":
+		ensure => installed,
+	}
+	package { "libjpeg62":
+		ensure => installed,
+	}
+	package { "libpng14-14":
+		ensure => installed,
+	}
+	package { "libxslt":
+		ensure => installed,
+	}
+	package { "rubygem-daemon_controller":
+		ensure => installed,
+	}
+	package { "rubygem-fastthread":
+		ensure => installed,
+	}
+	package { "rubygem-file-tail":
+		ensure => installed,
+	}
+	package { "rubygem-passenger":
+		ensure => installed,
+	}
+	package { "rubygem-passenger-nginx":
+		ensure => installed,
+	}
+	package { "rubygem-rack":
+		ensure => installed,
+	}
+	package { "rubygem-rake":
+		ensure => installed,
+	}
+	package { "rubygem-spruz":
+		ensure => installed,
+	}
+}

manifests/params.pp

@@ -1,22 +1,26 @@
-# Defines a default install from package. Update as appropriate for base install.
-#######################################################################
-#
-# This is the main Nginx configuration file.  
-#
-# More information about the configuration options is available on 
-#   * the English wiki - http://wiki.nginx.org/Main
-#   * the Russian documentation - http://sysoev.ru/nginx/
-#
-#######################################################################
-
 class nginx::params {
-	$nx_worker_processes = 1
-	$nx_worker_connections = 1024
-	$nx_multi_accept = off
-	$nx_sendfile = on
-	$nx_keepalive_timeout = 65
-	$nx_tcp_nodelay = on
-	$nx_gzip = on
+	$nx_temp_dir               = '/tmp'
+	$nx_run_dir                = '/var/nginx'
+
+	$nx_conf_dir               = '/etc/nginx'
+	$nx_worker_processes   	   = 1
+	$nx_worker_connections     = 1024
+	$nx_multi_accept           = off
+	$nx_sendfile               = on
+	$nx_keepalive_timeout      = 65
+	$nx_tcp_nodelay            = on
+	$nx_gzip                   = on
+	
+	$nx_proxy_redirect             = off
+	$nx_proxy_set_header           = ['Host $host', 'X-Real-IP $remote_addr', 'X-Forwarded-For $proxy_add_x_forwarded_for']
+	$nx_client_body_temp_path      = "${nx_run_dir}/client_body_temp"
+	$nx_client_body_buffer_size    = '128k'
+	$nx_client_max_body_size       = '10m'
+	$nx_proxy_temp_path    	       = "${nx_run_dir}/proxy_temp"
+	$nx_proxy_connect_timeout      = '90'
+	$nx_proxy_send_timeout         = '90'
+	$nx_proxy_read_timeout         = '90'
+	$nx_proxy_buffers              = '32 4k'
 	
 	$nx_logdir = $kernel ? {
 		/(?i-mx:linux)/ => '/var/log/nginx',
@@ -27,7 +31,7 @@ class nginx::params {
 	}
 	
 	$nx_daemon_user = $operatingsystem ? {
-		/(?i-mx:debian|ubuntu)/ 	   => 'www-data',
-		/(?i-mx:fedora|rhel|centos)/ => 'nginx',
+		/(?i-mx:debian|ubuntu)/                    => 'www-data',
+		/(?i-mx:fedora|rhel|centos|suse|opensuse)/ => 'nginx',
 	}
 }

manifests/resource/location.pp

@@ -0,0 +1,56 @@
+define nginx::resource::location( 
+	$ensure         = 'present',
+    $vhost          = undef,
+    $location,
+	$www_root       = undef,
+	$index_files    = ['index.html', 'index.htm', 'index.php'],
+	$proxy          = undef,
+	$ssl		    = 'false',
+    $option	        = undef
+){
+	File { 
+		owner  => 'root', 
+		group  => 'root', 
+		mode   => '0644', 
+		notify => Class['nginx::service'],
+	}
+	
+	## Shared Variables
+	$ensure_real = $ensure ? {
+		'absent' => absent,
+		default	 => 'file',
+	}
+	
+	# Use proxy template if $proxy is defined, otherwise use directory template.  
+	if ($proxy != undef) {
+		$content_real = template('nginx/vhost/vhost_location_proxy.erb')
+	} else {
+		$content_real = template('nginx/vhost/vhost_location_directory.erb')
+	}
+	
+	## Check for various error condtiions
+	if ($vhost == undef) {
+		fail('Cannot create a location reference without attaching to a virtual host')
+	}
+	if (($www_root == undef) and ($proxy == undef)) {
+		fail('Cannot create a location reference without a www_root or proxy defined')
+	}
+	if (($www_root != undef) and ($proxy != undef)) {
+		fail('Cannot define both directory and proxy in a virtual host')
+	}
+	
+	
+	## Create stubs for vHost File Fragment Pattern 
+	file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}":
+		ensure  => $ensure_real,
+		content => $content_real,
+	}
+	
+	## Only create SSL Specific locations if $ssl is true. 
+	if ($ssl == 'true') {
+	  file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-800-${name}-ssl":
+		  ensure  => $ensure_real,
+		  content => $content_re,
+	  }
+    }
+}

manifests/resource/upstream.pp

@@ -0,0 +1,18 @@
+define nginx::resource::upstream (
+	$ensure 	= 'present',
+	$members
+){
+	File { 
+		owner => 'root', 
+		group => 'root', 
+		mode  => '0644', 
+	}
+	file { "/etc/nginx/conf.d/${name}-upstream.conf": 
+		ensure => $ensure ? {
+			'absent' => absent,
+			default	 => 'file',
+		},
+		content => template('nginx/conf.d/upstream.erb'),
+		notify => Class['nginx::service'],
+	}
+}

manifests/resource/vhost.pp

@@ -0,0 +1,86 @@
+define nginx::resource::vhost(
+	$ensure           = 'enable',
+	$listen_ip        = '*',
+	$listen_port      = '80',
+	$ipv6_enable      = 'false',
+	$ipv6_listen_ip   = '::',
+	$ipv6_listen_port = '80',
+	$ssl              = 'false',
+	$ssl_cert         = undef,
+	$ssl_key          = undef,
+    $proxy            = undef,
+	$index_files      = ['index.html', 'index.htm', 'index.php'],
+	$www_root         = undef
+) {
+	
+	File { 
+		owner => 'root', 
+		group => 'root', 
+		mode  => '0644', 
+	}
+	
+	# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled 
+	# and support does not exist for it in the kernel. 
+	if ($ipv6_enable == 'true') and ($ipaddress6)  {
+		warning('nginx: IPv6 support is not enabled or configured properly')
+	}
+		
+	# Check to see if SSL Certificates are properly defined. 
+	if ($ssl == 'true') {
+		if ($ssl_cert == undef) or ($ssl_key == undef) {
+			fail('nginx: SSL certificate/key (ssl_cert/ssl_cert) and/or SSL Private must be defined and exist on the target system(s)')
+		} 
+	} 
+	
+	# Use the File Fragment Pattern to construct the configuration files.
+	# Create the base configuration file reference. 
+	file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-001":
+		ensure => $ensure ? {
+			'absent' => absent,
+			default	 => 'file',
+		},
+		content => template('nginx/vhost/vhost_header.erb'),
+		notify => Class['nginx::service'],
+	}
+	
+	# Create the default location reference for the vHost
+	nginx::resource::location {"${name}-default":
+		ensure	     => $ensure,
+		vhost        => $name,
+		ssl          => $ssl,
+		location	 => '/', 	
+		proxy		 => $proxy,
+		www_root	 => $www_root,
+		notify		 => Class['nginx::service'],
+	}
+	
+	# Create a proper file close stub.
+	file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699":
+		ensure => $ensure ? {
+			'absent' => absent,
+			default	 => 'file',
+		},
+		content => template('nginx/vhost/vhost_footer.erb'),
+		notify => Class['nginx::service'],
+	}
+	
+	# Create SSL File Stubs if SSL is enabled
+	if ($ssl == 'true') {
+		file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-700-ssl":
+			ensure => $ensure ? {
+				'absent' => absent,
+				default	 => 'file',
+			},
+			content => template('nginx/vhost/vhost_ssl_header.erb'),
+			notify => Class['nginx::service'],
+		}
+		file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-999-ssl":
+			ensure => $ensure ? {
+				'absent' => absent,
+				default	 => 'file',
+			},
+			content => template('nginx/vhost/vhost_footer.erb'),
+			notify => Class['nginx::service'],
+		}
+	}	
+}

manifests/service.pp

@@ -1,4 +1,9 @@
 class nginx::service {
+  exec { 'rebuild-nginx-vhosts':
+    command     => "/bin/cat ${nginx::params::nx_temp_dir}/nginx.d/* > ${nginx::params::nx_conf_dir}/conf.d/vhost_autogen.conf",
+    refreshonly => true,
+    subscribe   => File["${nginx::params::nx_temp_dir}/nginx.d"],
+  }
   service { "nginx":
     ensure     => running,
 	enable	   => true,
@@ -6,4 +11,6 @@ class nginx::service {
 	hasrestart => true,
 	subscribe  => Class['nginx'],
   }
+
+  Exec['rebuild-nginx-vhosts'] ~> Service['nginx']
 }

manifests/vhost.pp

@@ -1,36 +0,0 @@
-define nginx::vhost(
-	$ensure 			= 'enable',
-	$listen_ip 			= '*',
-	$listen_port 		= '80',
-	$ipv6_enable 		= 'false',
-	$ipv6_listen_ip 	= '::',
-	$ipv6_listen_port 	= '80',
-	$ssl 				= 'false',
-	$ssl_cert 			= undef,
-	$ssl_key 			= undef,
-	$index_files		= ['index.html', 'index.htm', 'index.php'],
-	$www_root
-) {
-	
-	# Check to see if SSL Certificates are properly defined
-	if ($ssl == 'true') {
-		if ($ssl_cert == undef) {
-			fail('SSL Certificate (ssl_cert) must be defined and exist on the target system(s)')
-		} 
-		if ($ssl_key == undef) {
-			fail('SSL Private Key (ssl_key) must be defined and exist on the target system(s)')
-		}
-	} 
-	
-	file { "/etc/nginx/sites-enabled/${name}":
-		ensure => $ensure ? {
-			'absent' => absent,
-			default	 => 'file',
-		},
-		owner   => 'root',
-		group   => 'root',
-		mode    => '0644',
-		content => template('nginx/vhost.erb'),
-		notify => Class['nginx::service'],
-	}
-}

templates/conf.d/nginx.conf.erb

@@ -0,0 +1,33 @@
+user <%= scope.lookupvar('nginx::config::nx_daemon_user') %>;
+worker_processes <%= scope.lookupvar('nginx::params::nx_worker_processes')%>;
+
+error_log  <%= scope.lookupvar('nginx::params::nx_logdir')%>/error.log;
+pid        <%= scope.lookupvar('nginx::params::nx_pid')%>;
+
+events {
+  worker_connections <%= scope.lookupvar('nginx::params::nx_worker_connections') %>;
+  <% if scope.lookupvar('nginx::params::nx_multi_accept' == 'on') %>multi_accept on;<% end %>
+}
+
+http {
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+
+  access_log  <%= scope.lookupvar('nginx::params::nx_logdir')%>/access.log;
+
+  sendfile    <%= scope.lookupvar('nginx::params::nx_sendfile')%>;
+
+  <% if scope.lookupvar('nginx::params::nx_tcp_nopush' == 'on') %>
+  tcp_nopush  on;
+  <% end %>
+
+  keepalive_timeout  <%= scope.lookupvar('nginx::params::nx_keepalive_timeout')%>;
+  tcp_nodelay        <%= scope.lookupvar('nginx::params::nx_tcp_nodelay')%>;
+
+  <% if scope.lookupvar('nginx::params::nx_gzip' == 'on') %> 
+  gzip         on;
+  gzip_disable "MSIE [1-6]\.(?!.*SV1)";
+  <% end %>
+
+  include /etc/nginx/conf.d/*.conf;
+}

templates/conf.d/proxy.conf.erb

@@ -0,0 +1,10 @@
+proxy_redirect          <%= scope.lookupvar('nginx::params::nx_proxy_redirect') %>;
+client_max_body_size    <%= scope.lookupvar('nginx::params::nx_client_max_body_size') %>;
+client_body_buffer_size <%= scope.lookupvar('nginx::params::nx_client_body_buffer_size') %>;
+proxy_connect_timeout   <%= scope.lookupvar('nginx::params::nx_proxy_connect_timeout') %>;
+proxy_send_timeout      <%= scope.lookupvar('nginx::params::nx_proxy_send_timeout') %>;
+proxy_read_timeout      <%= scope.lookupvar('nginx::params::nx_proxy_read_timeout') %>;
+proxy_buffers           <%= scope.lookupvar('nginx::params::nx_proxy_buffers') %>;
+<% scope.lookupvar('nginx::params::nx_proxy_set_header').each do |header| %>
+proxy_set_header        <%= header %>;
+<% end %>

templates/conf.d/upstream.erb

@@ -0,0 +1,5 @@
+upstream <%= name %> {
+  <% members.each do |i| %>
+  server <%= i %>;
+  <% end %>
+}

templates/nginx.conf.erb

@@ -1,34 +0,0 @@
-user <%= scope.lookupvar('nginx::config::nx_daemon_user') %>;
-worker_processes <%= scope.lookupvar('nginx::params::nx_worker_processes')%>;
-
-error_log  <%= scope.lookupvar('nginx::params::nx_logdir')%>/error.log;
-pid        <%= scope.lookupvar('nginx::params::nx_pid')%>;
-
-events {
-    worker_connections <%= scope.lookupvar('nginx::params::nx_worker_connections') %>;
-    <% if scope.lookupvar('nginx::params::nx_multi_accept' == 'on') %>multi_accept on;<% end %>
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    access_log  <%= scope.lookupvar('nginx::params::nx_logdir')%>/access.log;
-
-    sendfile    <%= scope.lookupvar('nginx::params::nx_sendfile')%>;
-
-    <% if scope.lookupvar('nginx::params::nx_tcp_nopush' == 'on') %>
-    tcp_nopush  on;
-    <% end %>
-
-    keepalive_timeout  <%= scope.lookupvar('nginx::params::nx_keepalive_timeout')%>;
-    tcp_nodelay        <%= scope.lookupvar('nginx::params::nx_tcp_nodelay')%>;
-
-    <% if scope.lookupvar('nginx::params::nx_gzip' == 'on') %> 
-    gzip         on;
-    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
-	<% end %>
-
-    include /etc/nginx/conf.d/*.conf;
-    include /etc/nginx/sites-enabled/*;
-}

templates/vhost.erb

@@ -1,34 +0,0 @@
-server {
-	listen <%= listen_ip %>; 
-	<% if ipv6_enable == 'true' %>listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> default ipv6only=on;<% end %>
-	server_name <%= name %>;
-
-	access_log  <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= name %>.access.log;
-
-	location / {
-		root   <%= www_root %>;
-		index <% index_files.each do |i| %> <%= i %> <% end %>; 
-	}
-}
-
-<% if ssl == 'true' %>
-server {
-	listen       443;
-	server_name  <%= name %>;
-
-	ssl on;
-	ssl_certificate      <%= ssl_cert %>;
-	ssl_certificate_key  <%= ssl_key %>;
-
-	ssl_session_timeout  5m;
-
-	ssl_protocols  SSLv3 TLSv1;
-	ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
-	ssl_prefer_server_ciphers   on;
-
-	location / {
-		root   <%= www_root %>;
-		index  index.html index.htm;
-	}
-}
-<% end %>

templates/vhost/vhost_footer.erb

@@ -0,0 +1 @@
+}

templates/vhost/vhost_header.erb

@@ -0,0 +1,6 @@
+server {
+  listen <%= listen_ip %>; 
+  <% # check to see if ipv6 support exists in the kernel before applying %>
+  <% if ipv6_enable == 'true' && (defined? ipaddress6) %>listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> default ipv6only=on;<% end %>
+  server_name <%= name %>;
+  access_log  <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= name %>.access.log;

templates/vhost/vhost_location_directory.erb

@@ -0,0 +1,4 @@
+  location <%= location %> {
+    root  <%= www_root %>;
+    index <% index_files.each do |i| %> <%= i %> <% end %>; 
+  }

templates/vhost/vhost_location_proxy.erb

@@ -0,0 +1,4 @@
+  location <%= location %> {
+    proxy_pass <%= proxy %>;
+  }
+

templates/vhost/vhost_ssl_header.erb

@@ -0,0 +1,14 @@
+server {
+  listen       443;
+  <% if ipv6_enable == 'true' && (defined? ipaddress6) %>listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> default ipv6only=on;<% end %>
+  server_name  <%= name %>;
+
+  ssl on;
+  ssl_certificate      <%= ssl_cert %>;
+  ssl_certificate_key  <%= ssl_key %>;
+
+  ssl_session_timeout  5m;
+
+  ssl_protocols  SSLv3 TLSv1;
+  ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
+  ssl_prefer_server_ciphers   on;