diff --git a/nginx/certificates.sls b/nginx/certificates.sls index 2a8330b5..bf93449d 100644 --- a/nginx/certificates.sls +++ b/nginx/certificates.sls @@ -1,20 +1,20 @@ -{% from 'nginx/map.jinja' import nginx with context %} +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ '/map.jinja' import nginx, pillar_namespace with context %} include: - - nginx.service + - .service -{% set certificates_path = salt['pillar.get']('nginx:certificates_path', '/etc/nginx/ssl') %} prepare_certificates_path_dir: file.directory: - - name: {{ certificates_path }} + - name: {{ nginx.certificates_path }} - makedirs: True -{%- for dh_param, value in salt['pillar.get']('nginx:dh_param', {}).items() %} +{%- for dh_param, value in nginx.dh_param.items() %} {%- if value is string %} create_nginx_dhparam_{{ dh_param }}_key: file.managed: - - name: {{ certificates_path }}/{{ dh_param }} - - contents_pillar: nginx:dh_param:{{ dh_param }} + - name: {{ nginx.certificates_path }}/{{ dh_param }} + - contents_pillar: {{ pillar_namespace }}:dh_param:{{ dh_param }} - makedirs: True - require: - file: prepare_certificates_path_dir @@ -26,8 +26,8 @@ generate_nginx_dhparam_{{ dh_param }}_key: - name: {{ nginx.lookup.openssl_package }} cmd.run: - name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }} - - cwd: {{ certificates_path }} - - creates: {{ certificates_path }}/{{ dh_param }} + - cwd: {{ nginx.certificates_path }} + - creates: {{ nginx.certificates_path }}/{{ dh_param }} - require: - file: prepare_certificates_path_dir - watch_in: @@ -35,30 +35,30 @@ generate_nginx_dhparam_{{ dh_param }}_key: {%- endif %} {%- endfor %} -{%- for domain in salt['pillar.get']('nginx:certificates', {}).keys() %} +{%- for domain in nginx.certificates.keys() %} nginx_{{ domain }}_ssl_certificate: file.managed: - - name: {{ certificates_path }}/{{ domain }}.crt + - name: {{ nginx.certificates_path }}/{{ domain }}.crt - makedirs: True -{% if salt['pillar.get']("nginx:certificates:{}:public_cert_pillar".format(domain)) %} - - contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:public_cert_pillar'.format(domain)) }} +{% if domain in nginx.certificates and 'public_cert_pillar' in nginx.certificates[domain] %} + - contents_pillar: {{ nginx.certificates[domain].public_cert_pillar }} {% else %} - - contents_pillar: nginx:certificates:{{ domain }}:public_cert + - contents_pillar: {{ pillar_namespace }}:certificates:{{ domain }}:public_cert {% endif %} - watch_in: - service: nginx_service -{% if salt['pillar.get']("nginx:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %} +{% if 'private_key' in nginx.certificates[domain] or 'private_key_pillar' in nginx.certificates[domain] %} nginx_{{ domain }}_ssl_key: file.managed: - - name: {{ certificates_path }}/{{ domain }}.key + - name: {{ nginx.certificates_path }}/{{ domain }}.key - mode: 600 - makedirs: True -{% if salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %} - - contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:private_key_pillar'.format(domain)) }} +{% if 'private_key_pillar' in nginx.certificates[domain] %} + - contents_pillar: {{ nginx.certificates[domain].private_key_pillar }} {% else %} - - contents_pillar: nginx:certificates:{{ domain }}:private_key + - contents_pillar: {{ pillar_namespace }}:certificates:{{ domain }}:private_key {% endif %} - watch_in: - service: nginx_service diff --git a/nginx/common.sls b/nginx/common.sls index 1999cba1..25f1b36e 100644 --- a/nginx/common.sls +++ b/nginx/common.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/defaults.yaml b/nginx/defaults.yaml new file mode 100644 index 00000000..9fcc5ae6 --- /dev/null +++ b/nginx/defaults.yaml @@ -0,0 +1,60 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +nginx: + lookup: + package: nginx + service: nginx + conf_file: /etc/nginx/nginx.conf + snippets_dir: /etc/nginx/snippets + install_from_source: false + install_from_ppa: false + install_from_repo: false + install_from_phusionpassenger: false + ppa_version: stable + source_version: 1.10.0 + source_hash: 8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d + source: + opts: {} + package: + opts: {} + service: + enable: true + opts: {} + certificates_path: /etc/nginx/ssl + dh_param: {} + certificates: {} + server: + opts: {} + config: + worker_processes: auto + events: + worker_connections: 512 + http: + sendfile: 'on' + tcp_nopush: 'on' + tcp_nodelay: 'on' + keepalive_timeout: 65 + types_hash_max_size: 2048 + default_type: application/octet-stream + access_log: /var/log/nginx/access.log + error_log: /var/log/nginx/error.log + gzip: 'off' + gzip_disable: '"msie6"' + include: + - mime.types + - conf.d/*.conf + - sites-enabled/* + servers: + disabled_postfix: .disabled + symlink_opts: {} + rename_opts: {} + managed_opts: + makedirs: true + dir_opts: + makedirs: true + managed: {} + purge_servers_config: false + passenger: + passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini + passenger_ruby: /usr/bin/ruby diff --git a/nginx/init.sls b/nginx/init.sls index 7ad31bd2..57f889e4 100644 --- a/nginx/init.sls +++ b/nginx/init.sls @@ -2,19 +2,20 @@ # # Meta-state to fully install nginx. -{%- from 'nginx/map.jinja' import nginx, sls_block with context %} +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ '/map.jinja' import nginx with context %} include: {%- if nginx.ng is defined %} - - nginx.deprecated + - .deprecated {%- endif %} - - nginx.config - - nginx.service + - .config + - .service {%- if nginx.snippets is defined %} - - nginx.snippets + - .snippets {%- endif %} - - nginx.servers - - nginx.certificates + - .servers + - .certificates extend: nginx_service: diff --git a/nginx/luajit2.sls b/nginx/luajit2.sls index 1999cba1..25f1b36e 100644 --- a/nginx/luajit2.sls +++ b/nginx/luajit2.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/map.jinja b/nginx/map.jinja index c2733492..455167a6 100644 --- a/nginx/map.jinja +++ b/nginx/map.jinja @@ -4,171 +4,16 @@ {% endfor %} {% endmacro %} -{% set nginx = salt['pillar.get']('nginx', { - 'lookup': salt['grains.filter_by']({ - 'Debian': { - 'package': 'nginx', - 'passenger_package': 'passenger', - 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf', - 'service': 'nginx', - 'webuser': 'www-data', - 'conf_file': '/etc/nginx/nginx.conf', - 'server_available': '/etc/nginx/sites-available', - 'server_enabled': '/etc/nginx/sites-enabled', - 'snippets_dir': '/etc/nginx/snippets', - 'server_use_symlink': True, - 'pid_file': '/run/nginx.pid', - 'openssl_package': 'openssl', - }, - 'CentOS': { - 'package': 'nginx', - 'passenger_package': 'passenger', - 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf', - 'service': 'nginx', - 'webuser': 'nginx', - 'conf_file': '/etc/nginx/nginx.conf', - 'server_available': '/etc/nginx/conf.d', - 'server_enabled': '/etc/nginx/conf.d', - 'snippets_dir': '/etc/nginx/snippets', - 'server_use_symlink': False, - 'pid_file': '/run/nginx.pid', - 'rh_os_releasever': '$releasever', - 'gpg_check': False, - 'gpg_key': 'http://nginx.org/keys/nginx_signing.key', - 'openssl_package': 'openssl', - }, - 'RedHat': { - 'package': 'nginx', - 'passenger_package': 'passenger', - 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf', - 'service': 'nginx', - 'webuser': 'nginx', - 'conf_file': '/etc/nginx/nginx.conf', - 'server_available': '/etc/nginx/conf.d', - 'server_enabled': '/etc/nginx/conf.d', - 'snippets_dir': '/etc/nginx/snippets', - 'server_use_symlink': False, - 'pid_file': '/run/nginx.pid', - 'rh_os_releasever': '$releasever', - 'gpg_check': False, - 'gpg_key': 'http://nginx.org/keys/nginx_signing.key', - 'passenger': { - 'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini', - 'passenger_instance_registry_dir': ' /var/run/passenger-instreg', - 'passenger_ruby': '/usr/bin/ruby', - }, - 'openssl_package': 'openssl', - }, - 'Suse': { - 'package': 'nginx', - 'service': 'nginx', - 'webuser': 'nginx', - 'conf_file': '/etc/nginx/nginx.conf', - 'server_available': '/etc/nginx/vhosts.d', - 'server_enabled': '/etc/nginx/vhosts.d', - 'snippets_dir': '/etc/nginx/snippets', - 'server_use_symlink': False, - 'pid_file': '/run/nginx.pid', - 'gpg_check': True, - 'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_{{ grains.osrelease }}/repodata/repomd.xml.key', - 'openssl_package': 'openssl', - }, - 'Arch': { - 'package': 'nginx', - 'service': 'nginx', - 'webuser': 'http', - 'conf_file': '/etc/nginx/nginx.conf', - 'server_available': '/etc/nginx/sites-available', - 'server_enabled': '/etc/nginx/sites-enabled', - 'snippets_dir': '/etc/nginx/snippets', - 'server_use_symlink': True, - 'openssl_package': 'openssl', - }, - 'Gentoo': { - 'package': 'www-servers/nginx', - 'service': 'nginx', - 'webuser': 'nginx', - 'conf_file': '/etc/nginx/nginx.conf', - 'server_available': '/etc/nginx/sites-available', - 'server_enabled': '/etc/nginx/sites-enabled', - 'snippets_dir': '/etc/nginx/snippets', - 'server_use_symlink': True, - 'openssl_package': 'dev-libs/openssl', - }, - 'FreeBSD': { - 'package': 'nginx', - 'passenger_package': 'passenger', - 'service': 'nginx', - 'webuser': 'www', - 'conf_file': '/usr/local/etc/nginx/nginx.conf', - 'server_available': '/usr/local/etc/nginx/sites-available', - 'server_enabled': '/usr/local/etc/nginx/sites-enabled', - 'snippets_dir': '/usr/local/etc/nginx/snippets', - 'server_use_symlink': True, - 'pid_file': '/var/run/nginx.pid', - }, - }, default='Debian' ), - 'install_from_source': False, - 'install_from_ppa': False, - 'install_from_repo': False, - 'install_from_phusionpassenger': False, - 'ppa_version': 'stable', - 'source_version': '1.10.0', - 'source_hash': '8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d', - 'source': { - 'opts': {}, - }, - 'package': { - 'opts': {}, - }, - 'service': { - 'enable': True, - 'opts': {}, - }, - 'server': { - 'opts': {}, - 'config': { - 'worker_processes': 'auto', - 'events': { - 'worker_connections': 512, - }, - 'http': { - 'sendfile': 'on', - 'tcp_nopush': 'on', - 'tcp_nodelay': 'on', - 'keepalive_timeout': '65', - 'types_hash_max_size': '2048', - 'default_type': 'application/octet-stream', - 'access_log': '/var/log/nginx/access.log', - 'error_log': '/var/log/nginx/error.log', - 'gzip': 'off', - 'gzip_disable': '"msie6"', - 'include': [ - 'mime.types', - 'conf.d/*.conf', - 'sites-enabled/*', - ], - }, - }, - }, - 'servers': { - 'disabled_postfix': '.disabled', - 'symlink_opts': {}, - 'rename_opts': {}, - 'managed_opts': { - 'makedirs': True, - }, - 'dir_opts': { - 'makedirs': True, - }, - 'managed': {}, - 'purge_servers_config': False, - }, - 'passenger': { - 'passenger_root': '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', - 'passenger_ruby': '/usr/bin/ruby', - }, -}, merge=True) %} +{%- set tplroot = tpldir.split('/')[0] %} +{% set pillar_namespace = salt['pillar.get']('{}:pillar:namespace'.format(tplroot), tplroot) %} + +{% import_yaml tplroot ~ "/defaults.yaml" as defaults %} +{% import_yaml tplroot ~ "/osfamilymap.yaml" as osfamilymap %} + +{% set osfamily = salt['grains.filter_by'](osfamilymap, grain='os_family') or {} %} +{% do salt['defaults.merge'](defaults.nginx, osfamily) %} + +{% set nginx = salt['pillar.get'](pillar_namespace, default=defaults.nginx, merge=True) %} {% if 'user' not in nginx.server.config %} {% do nginx.server.config.update({ diff --git a/nginx/ng/certificates.sls b/nginx/ng/certificates.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/certificates.sls +++ b/nginx/ng/certificates.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/config.sls b/nginx/ng/config.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/config.sls +++ b/nginx/ng/config.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/init.sls b/nginx/ng/init.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/init.sls +++ b/nginx/ng/init.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/passenger.sls b/nginx/ng/passenger.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/passenger.sls +++ b/nginx/ng/passenger.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/pkg.sls b/nginx/ng/pkg.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/pkg.sls +++ b/nginx/ng/pkg.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/servers.sls b/nginx/ng/servers.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/servers.sls +++ b/nginx/ng/servers.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/servers_config.sls b/nginx/ng/servers_config.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/servers_config.sls +++ b/nginx/ng/servers_config.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/service.sls b/nginx/ng/service.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/service.sls +++ b/nginx/ng/service.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/snippets.sls b/nginx/ng/snippets.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/snippets.sls +++ b/nginx/ng/snippets.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/ng/src.sls b/nginx/ng/src.sls index 1999cba1..3e482912 100644 --- a/nginx/ng/src.sls +++ b/nginx/ng/src.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - ..deprecated diff --git a/nginx/openresty.sls b/nginx/openresty.sls index 1999cba1..25f1b36e 100644 --- a/nginx/openresty.sls +++ b/nginx/openresty.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/osfamilymap.yaml b/nginx/osfamilymap.yaml new file mode 100644 index 00000000..f8623d5e --- /dev/null +++ b/nginx/osfamilymap.yaml @@ -0,0 +1,85 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +Debian: + lookup: + passenger_package: passenger + passenger_config_file: /etc/nginx/conf.d/passenger.conf + webuser: www-data + server_available: /etc/nginx/sites-available + server_enabled: /etc/nginx/sites-enabled + server_use_symlink: true + pid_file: /run/nginx.pid + openssl_package: openssl + +CentOS: + lookup: + passenger_package: passenger + passenger_config_file: /etc/nginx/conf.d/passenger.conf + webuser: nginx + server_available: /etc/nginx/conf.d + server_enabled: /etc/nginx/conf.d + server_use_symlink: false + pid_file: /run/nginx.pid + rh_os_releasever: $releasever + gpg_check: false + gpg_key: http://nginx.org/keys/nginx_signing.key + openssl_package: openssl + +RedHat: + lookup: + passenger_package: passenger + passenger_config_file: /etc/nginx/conf.d/passenger.conf + webuser: nginx + server_available: /etc/nginx/conf.d + server_enabled: /etc/nginx/conf.d + server_use_symlink: false + pid_file: /run/nginx.pid + rh_os_releasever: $releasever + gpg_check: false + gpg_key: http://nginx.org/keys/nginx_signing.key + passenger: + passenger_root: /usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini + passenger_instance_registry_dir: /var/run/passenger-instreg + passenger_ruby: /usr/bin/ruby + openssl_package: openssl + +Suse: + lookup: + webuser: nginx + server_available: /etc/nginx/vhosts.d + server_enabled: /etc/nginx/vhosts.d + server_use_symlink: false + pid_file: /run/nginx.pid + gpg_check: true + gpg_key: "http://download.opensuse.org/repositories/server:/http/openSUSE_\ + {{ grains.osrelease }}/repodata/repomd.xml.key" + openssl_package: openssl + +Arch: + lookup: + webuser: http + server_available: /etc/nginx/sites-available + server_enabled: /etc/nginx/sites-enabled + server_use_symlink: true + openssl_package: openssl + +Gentoo: + lookup: + package: www-servers/nginx + webuser: nginx + server_available: /etc/nginx/sites-available + server_enabled: /etc/nginx/sites-enabled + server_use_symlink: true + openssl_package: dev-libs/openssl + +FreeBSD: + lookup: + passenger_package: passenger + webuser: www + conf_file: /usr/local/etc/nginx/nginx.conf + server_available: /usr/local/etc/nginx/sites-available + server_enabled: /usr/local/etc/nginx/sites-enabled + snippets_dir: /usr/local/etc/nginx/snippets + server_use_symlink: true + pid_file: /var/run/nginx.pid diff --git a/nginx/package.sls b/nginx/package.sls index 1999cba1..25f1b36e 100644 --- a/nginx/package.sls +++ b/nginx/package.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/passenger.sls b/nginx/passenger.sls index 91808c0a..f2ec555f 100644 --- a/nginx/passenger.sls +++ b/nginx/passenger.sls @@ -9,14 +9,14 @@ {% if salt['grains.get']('os_family') in ['Debian', 'RedHat'] %} include: - - nginx.pkg - - nginx.config - - nginx.service + - .pkg + - .config + - .service {%- if nginx.snippets is defined %} - - nginx.snippets + - .snippets {%- endif %} - - nginx.servers - - nginx.certificates + - .servers + - .certificates passenger_install: pkg.installed: diff --git a/nginx/pkg.sls b/nginx/pkg.sls index 11d91eca..c8b0feb0 100644 --- a/nginx/pkg.sls +++ b/nginx/pkg.sls @@ -2,7 +2,8 @@ # # Manages installation of nginx from pkg. -{% from 'nginx/map.jinja' import nginx, sls_block with context %} +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ '/map.jinja' import nginx, sls_block with context %} {%- if nginx.install_from_repo %} {% set from_official = true %} {% set from_ppa = false %} diff --git a/nginx/servers.sls b/nginx/servers.sls index f3033bb2..33901d01 100644 --- a/nginx/servers.sls +++ b/nginx/servers.sls @@ -14,8 +14,8 @@ {% endmacro %} include: - - nginx.service - - nginx.servers_config + - .service + - .servers_config {% if server_states|length() > 0 %} nginx_service_reload: diff --git a/nginx/service.sls b/nginx/service.sls index 9cbc5cc8..6d82835a 100644 --- a/nginx/service.sls +++ b/nginx/service.sls @@ -10,9 +10,9 @@ include: {% if nginx.install_from_source %} - - nginx.src + - .src {% else %} - - nginx.pkg + - .pkg {% endif %} {% if nginx.install_from_source %} @@ -32,9 +32,9 @@ nginx_service: - enable: {{ nginx.service.enable }} - require: {% if nginx.install_from_source %} - - sls: nginx.src + - sls: {{ tplroot }}.src {% else %} - - sls: nginx.pkg + - sls: {{ tplroot }}.pkg {% endif %} - listen: {% if nginx.install_from_source %} diff --git a/nginx/source.sls b/nginx/source.sls index 1999cba1..25f1b36e 100644 --- a/nginx/source.sls +++ b/nginx/source.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/src.sls b/nginx/src.sls index b97b8b99..7a04be5d 100644 --- a/nginx/src.sls +++ b/nginx/src.sls @@ -2,7 +2,8 @@ # # Manages installation of nginx from source. -{% from 'nginx/map.jinja' import nginx, sls_block with context %} +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ '/map.jinja' import nginx, sls_block with context %} nginx_deps: pkg.installed: diff --git a/nginx/sysvinit.sls b/nginx/sysvinit.sls index 1999cba1..25f1b36e 100644 --- a/nginx/sysvinit.sls +++ b/nginx/sysvinit.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/upstart.sls b/nginx/upstart.sls index 1999cba1..25f1b36e 100644 --- a/nginx/upstart.sls +++ b/nginx/upstart.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/nginx/users.sls b/nginx/users.sls index 1999cba1..25f1b36e 100644 --- a/nginx/users.sls +++ b/nginx/users.sls @@ -1,2 +1,2 @@ include: - - nginx.deprecated + - .deprecated diff --git a/pillar.example b/pillar.example index 3654979e..a749942b 100644 --- a/pillar.example +++ b/pillar.example @@ -357,3 +357,7 @@ nginx: - alt_nginx.service nginx_snippet_file_managed: - alt_server.conf + + # Configure formula pillar namespace + pillar: + namespace: nginx