From fe3e409c9cd8a7dc3176283ba121d4bdd8a67d06 Mon Sep 17 00:00:00 2001 From: James Fryman Date: Thu, 2 Jun 2011 14:49:39 -0500 Subject: [PATCH] Added vhost support --- .gitignore | 3 ++ ChangeLog | 17 +++++++ Modulefile | 12 ++--- files/centos/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL | 30 ----------- manifests/config.pp | 35 +++++-------- manifests/init.pp | 7 ++- manifests/install.pp | 12 ----- manifests/package.pp | 23 +++++++++ manifests/params.pp | 31 +++++++----- manifests/service.pp | 4 +- manifests/vhost.pp | 50 +++++++++++-------- metadata.json | 12 ----- templates/nginx.conf.erb | 37 +++++++------- templates/{vhost.pp => vhost.erb} | 12 ++--- 14 files changed, 141 insertions(+), 144 deletions(-) create mode 100644 .gitignore create mode 100644 ChangeLog delete mode 100644 files/centos/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL delete mode 100644 manifests/install.pp create mode 100644 manifests/package.pp delete mode 100644 metadata.json rename templates/{vhost.pp => vhost.erb} (58%) diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..84bfbda --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +files/server_test.crt +files/server_test.pem +pkg/ diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..f676af4 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,17 @@ +2011-05-24 James Fryman + + * LICENSE, Modulefile, README, files/README.markdown, + files/centos/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL, lib/facter/README.markdown, + lib/puppet/parser/functions/README.markdown, + lib/puppet/provider/README.markdown, lib/puppet/type/README.markdown, + manifests/README.markdown, manifests/config.pp, manifests/init.pp, + manifests/install.pp, manifests/params.pp, manifests/service.pp, + manifests/vhost.pp, metadata.json, spec/README.markdown, spec/spec.opts, + spec/spec_helper.rb, spec/unit/puppet/provider/README.markdown, + spec/unit/puppet/type/README.markdown, templates/README.markdown, + templates/nginx.conf.erb, templates/vhost.pp, tests/init.pp, tests/vhost.pp: + 20110524 Work Snapshot + +2011-05-23 James Fryman + + * : Initial Repository Initilization diff --git a/Modulefile b/Modulefile index 48ceb86..b0131e9 100644 --- a/Modulefile +++ b/Modulefile @@ -1,11 +1,11 @@ name 'jfryman-nginx' version '0.0.1' -source 'UNKNOWN' -author 'jfryman' -license 'UNKNOWN' -summary 'UNKNOWN' -description 'UNKNOWN' -project_page 'UNKNOWN' +source 'http://github.com/jfryman/puppet-nginx' +author 'James Fryman' +license 'Apache 2' +summary 'Puppet NGinX management module' +description 'This module can be used for basic NGINX Management' +project_page 'http://github.com/jfryman/puppet-nginx' ## Add dependencies, if any: # dependency 'username/name', '>= 1.2.0' diff --git a/files/centos/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL b/files/centos/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL deleted file mode 100644 index fa87c79..0000000 --- a/files/centos/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.2.6 (GNU/Linux) - -mQGiBEXopTIRBACZDBMOoFOakAjaxw1LXjeSvh/kmE35fU1rXfM7T0AV31NATCLF -l5CQiNDA4oWreDThg2Bf6+LIVTsGQb1V+XXuLak4Em5yTYwMTVB//4/nMxQEbpl/ -QB2XwlJ7EQ0vW+kiPDz/7pHJz1p1jADzd9sQQicMtzysS4qT2i5A23j0VwCg1PB/ -lpYqo0ZhWTrevxKMa1n34FcD/REavj0hSLQFTaKNLHRotRTF8V0BajjSaTkUT4uk -/RTaZ8Kr1mTosVtosqmdIAA2XHxi8ZLiVPPSezJjfElsSqOAxEKPL0djfpp2wrTm -l/1iVnX+PZH5DRKCbjdCMLDJhYap7YUhcPsMGSeUKrwmBCBJUPc6DhjFvyhA9IMl -1T0+A/9SKTv94ToP/JYoCTHTgnG5MoVNafisfe0wojP2mWU4gRk8X4dNGKMj6lic -vM6gne3hESyjcqZSmr7yELPPGhI9MNauJ6Ob8cTR2T12Fmv9w03DD3MnBstR6vhP -QcqZKhc5SJYYY7oVfxlSOfF4xfwcHQKoD5TOKwIAQ6T8jyFpKbQkRmVkb3JhIEVQ -RUwgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iGQEExECACQFAkXopTICGwMFCRLM -AwAGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQEZzANiF1IfabmQCgzvE60MnHSOBa -ZXXF7uU2Vzu8EOkAoKg9h+j0NuNom6WUYZyJQt4zc5seuQINBEXopTYQCADapnR/ -blrJ8FhlgNPl0X9S3JE/kygPbNXIqne4XBVYisVp0uzNCRUxNZq30MpY027JCs2J -nL2fMpwvx33f0phU029vrIZKA3CmnnwVsjcWfMJOVPBmVN7m5bGU68F+PdRIcDsl -PMOWRLkTBZOGolLgIbM4719fqA8etewILrX6uPvRDwywV7/sPCFpRcfNNBUY+Zx3 -5bf4fnkaCKxgXgQS3AT+hGYhlzIqQVTkGNveHTnt4SSzgAqR9sSwQwqvEfVtYNeS -w5rDguLG41HQm1Hojv59HNYjH6F/S1rClZi21bLgZbKpCFX76qPt8CTw+iQLBPPd -yoOGHfzyp7nsfhUrAAMFB/9/H9Gpk822ZpBexQW4y3LGFo9ZSnmu+ueOZPU3SqDA -DW1ovZdYzGuJTGGM9oMl6bL8eZrcUBBOFaWge5wZczIE3hx2exEOkDdvq+MUDVD1 -axmN45q/7h1NYRp5GQL2ZsoV4g9U2gMdzHOFtZCER6PP9ErVlfJpgBUCdSL93V4H -Sgpkk7znmTOklbCM6l/G/A6q4sCRqfzHwVSTiruyTBiU9lfROsAl8fjIq2OzWJ2T -P9sadBe1llUYaow7txYSUxssW+89avct35gIyrBbof5M+CBXyAOUaSWmpM2eub24 -0qbqiSr/Y6Om0t6vSzR8gRk7g+1H6IE0Tt1IJCvCAMimiE8EGBECAA8FAkXopTYC -GwwFCRLMAwAACgkQEZzANiF1IfZQYgCgiZHCv4xb+sTHCn/otc1Ovvi/OgMAnRXY -bbsLFWOfmzAnNIGvFRWy+YHi -=MMNL ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/manifests/config.pp b/manifests/config.pp index 36125b6..cf8368d 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,32 +1,23 @@ -class nginx::config { - $daemon_user = $operatingsystem ? { - /(debian|ubuntu)/ => 'www-data', - /(fedora|rhel|centos)/ => 'nginx', +class nginx::config inherits nginx::params { + + File { + owner => 'root', + group => 'root', + mode => '0644', } - user { $daemon_user: - ensure => present, + + file { '/etc/nginx/sites-enabled': + ensure => directory, } - group { $daemon_user: - ensure => present, + + file { '/etc/nginx/sites-enabled/default': + ensure => absent, } + file { '/etc/nginx/nginx.conf': ensure => file, owner => 'root', group => 'root', content => template('nginx/nginx.conf.erb'), - require => Class['nginx::install'], - notify => Class['nginx::service'], - } - file { '/etc/nginx/sites-available': - ensure => directory, - owner => 'root', - group => 'root', - require => Class['nginx::install'], - } - file { '/etc/nginx/sites-enabled': - ensure => directory, - owner => 'root', - group => 'root', - require => Class['nginx::install'], } } \ No newline at end of file diff --git a/manifests/init.pp b/manifests/init.pp index f07ab16..1459043 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -12,5 +12,10 @@ # # [Remember: No empty lines between comments and class definition] class nginx { - include nginx::service, nginx::install, nginx::config, + include nginx::package + include nginx::config + include nginx::service + + Class['nginx::package'] -> Class['nginx::config'] ~> Class['nginx::service'] + } diff --git a/manifests/install.pp b/manifests/install.pp deleted file mode 100644 index c8d2654..0000000 --- a/manifests/install.pp +++ /dev/null @@ -1,12 +0,0 @@ -class nginix::install { - - # prepopulating a potential install for non-Linux distros. - $package = $operatingsystem ? { - /(ubuntu|debian|centos|fedora|rhel)/ => 'nginx' - } - - package { $package: - name => 'nginx', - ensure => installed, - } -} \ No newline at end of file diff --git a/manifests/package.pp b/manifests/package.pp new file mode 100644 index 0000000..3e744d4 --- /dev/null +++ b/manifests/package.pp @@ -0,0 +1,23 @@ +class nginx::package { + + package { 'nginx': + ensure => present, + } + + case $operatingsystem { + rhel,centos,oel: { + package { 'GeoIP': + ensure => present, + } + package { 'gd': + ensure => present, + } + package { 'libXpm': + ensure => present, + } + package { 'libxslt': + ensure => present, + } + } + } +} \ No newline at end of file diff --git a/manifests/params.pp b/manifests/params.pp index 1bf7c6d..d4eef0c 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -10,19 +10,24 @@ ####################################################################### class nginx::params { - $worker_processes = 1 - $worker_connections = 1024 - $multi_accept = off - $sendfile = on - $keepalive_timeout = 65 - $tcp_nodelay = on - $gzip = on + $nx_worker_processes = 1 + $nx_worker_connections = 1024 + $nx_multi_accept = off + $nx_sendfile = on + $nx_keepalive_timeout = 65 + $nx_tcp_nodelay = on + $nx_gzip = on - # Setup OS Specific Logging Directories and PID files. - case $kernel { - default { - $log_dir = '/var/log/nginx' - $pid = '/var/run/nginx.pid' - } + $nx_logdir = $kernel ? { + /(?i-mx:linux)/ => '/var/log/nginx', + } + + $nx_pid = $kernel ? { + /(?i-mx:linux)/ => '/var/run/nginx.pid', + } + + $nx_daemon_user = $operatingsystem ? { + /(?i-mx:debian|ubuntu)/ => 'www-data', + /(?i-mx:fedora|rhel|centos)/ => 'nginx', } } \ No newline at end of file diff --git a/manifests/service.pp b/manifests/service.pp index 623b576..f97eb8f 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -1,9 +1,9 @@ -class nginix::service { +class nginx::service { service { "nginx": ensure => running, enable => true, hasstatus => true, hasrestart => true, - require => Class['nginx::install'], + subscribe => Class['nginx'], } } \ No newline at end of file diff --git a/manifests/vhost.pp b/manifests/vhost.pp index aa6b4e5..46b0d67 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -1,25 +1,35 @@ define nginx::vhost( - $listen = '*', - $listen_port, - $www_root, - $ssl = 'off', - $ssl_cert, - $ssl_key, - $location, - $state = 'enable', + $ensure = 'enable', + $listen_ip = '*', + $listen_port = '80', + $ipv6_enable = 'false', + $ipv6_listen_ip = '::', + $ipv6_listen_port = '80', + $ssl = 'false', + $ssl_cert = undef, + $ssl_key = undef, + $index_files = ['index.html', 'index.htm', 'index.php'], + $www_root ) { - file { "/etc/nginx/sites-available/${name}": - ensure => file, - owner => 'root', - group => 'root', - mode => '0644', - content => template('nginx/vhost.erb') - } - file { "/etc/nginx/sites-enabled/${name}": - ensure => $state ? { - 'disable' => absent, - default => 'symlink', + + # Check to see if SSL Certificates are properly defined + if ($ssl == 'true') { + if ($ssl_cert == undef) { + fail('SSL Certificate (ssl_cert) must be defined and exist on the target system(s)') + } elsif ($ssl_key == undef) { + fail('SSL Private Key (ssl_key) must be defined and exist on the target system(s)') } - target => "/etc/nginx/sites-available/${name}", + } + + file { "/etc/nginx/sites-enabled/${name}": + ensure => $ensure ? { + 'absent' => absent, + default => 'file', + }, + owner => 'root', + group => 'root', + mode => '0644', + content => template('nginx/vhost.erb'), + notify => Class['nginx::service'], } } \ No newline at end of file diff --git a/metadata.json b/metadata.json deleted file mode 100644 index 8ce7797..0000000 --- a/metadata.json +++ /dev/null @@ -1,12 +0,0 @@ -/* -+-----------------------------------------------------------------------+ -| | -| ==> DO NOT EDIT THIS FILE! <== | -| | -| You should edit the `Modulefile` and run `puppet-module build` | -| to generate the `metadata.json` file for your releases. | -| | -+-----------------------------------------------------------------------+ -*/ - -{} diff --git a/templates/nginx.conf.erb b/templates/nginx.conf.erb index 08c92a2..3588416 100644 --- a/templates/nginx.conf.erb +++ b/templates/nginx.conf.erb @@ -1,32 +1,31 @@ -user <%= scope.lookupvar('nginx::config::daemon_user') %>; -worker_processes <%= scope.lookupvar('nginx::params::worker_processes')%>; +user <%= scope.lookupvar('nginx::config::nx_daemon_user') %>; +worker_processes <%= scope.lookupvar('nginx::params::nx_worker_processes')%>; -error_log <%= scope.lookupvar('nginx::params::log_dir')%>/error.log; -pid <%= scope.lookupvar('nginx::params::pid')%>; +error_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/error.log; +pid <%= scope.lookupvar('nginx::params::nx_pid')%>; events { - worker_connections <%= scope.lookupvar('nginx::params::worker_connections') %>; - <% if scope.lookupvar('nginx::params::multi_accept' == 'on') %> - multi_accept on; - <% end %> + worker_connections <%= scope.lookupvar('nginx::params::nx_worker_connections') %>; + <% if scope.lookupvar('nginx::params::nx_multi_accept' == 'on') %>multi_accept on;<% end %> } http { include /etc/nginx/mime.types; - default_type application/octet-stream; + default_type application/octet-stream; - access_log <%= scope.lookupvar('nginx::params::log_dir')%>/access.log; + access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/access.log; - sendfile <%= scope.lookupvar('nginx::params::sendfile')%>; - <% if scope.lookupvar('nginx::params::tcp_nopush' == 'on') %> - tcp_nopush on; - <% end %> - - keepalive_timeout <%= scope.lookupvar('nginx::params::keepalive_timeout')%>; - tcp_nodelay <%= scope.lookupvar('nginx::params::tcp_nodelay')%>; + sendfile <%= scope.lookupvar('nginx::params::nx_sendfile')%>; - <% if scope.lookupvar('nginx::params::gzip' == 'on') %> - gzip on; + <% if scope.lookupvar('nginx::params::nx_tcp_nopush' == 'on') %> + tcp_nopush on; + <% end %> + + keepalive_timeout <%= scope.lookupvar('nginx::params::nx_keepalive_timeout')%>; + tcp_nodelay <%= scope.lookupvar('nginx::params::nx_tcp_nodelay')%>; + + <% if scope.lookupvar('nginx::params::nx_gzip' == 'on') %> + gzip on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; <% end %> diff --git a/templates/vhost.pp b/templates/vhost.erb similarity index 58% rename from templates/vhost.pp rename to templates/vhost.erb index 0f37925..3ecbdc8 100644 --- a/templates/vhost.pp +++ b/templates/vhost.erb @@ -1,19 +1,17 @@ server { - - listen <%= listen %>; ## listen for ipv4 - listen [::]:80 default ipv6only=on; ## listen for ipv6 - + listen <%= listen_ip %>; + <% if ipv6_enable == 'true' %>listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> default ipv6only=on;<% end %> server_name <%= name %>; - access_log <%= scope.lookupvar('nginx::params::log_dir')%>/<%= name %>.access.log; + access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= name %>.access.log; location / { root <%= www_root %>; - index index.html index.htm; + index <% index_files.each do |i| %> <%= i %> <% end %>; } } -<% if ssl == 'on' %> +<% if ssl == 'true' %> server { listen 443; server_name <%= name %>;