Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More flexible & generic config #267

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

More flexible & generic config #267

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
4edd99f
refactor(import): uniformize map.jinja imports
faudebert Jun 29, 2020
591919e
refactor(certs): use jinja.map to get pillars
faudebert Jul 1, 2020
01a0c96
refactor(meta-state): use relative includes
faudebert Jun 29, 2020
1df077b
refactor(pillar): namespace defaults to meta-state name
faudebert Jun 29, 2020
1317fb5
refactor(pillar): store defaults into yaml files
faudebert Jul 2, 2020
5d1addc
refactor(pillar): factorize some defaults
faudebert Jul 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 19 additions & 19 deletions nginx/certificates.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
{% from 'nginx/map.jinja' import nginx with context %}
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ '/map.jinja' import nginx, pillar_namespace with context %}

include:
- nginx.service
- .service

{% set certificates_path = salt['pillar.get']('nginx:certificates_path', '/etc/nginx/ssl') %}
prepare_certificates_path_dir:
file.directory:
- name: {{ certificates_path }}
- name: {{ nginx.certificates_path }}
- makedirs: True

{%- for dh_param, value in salt['pillar.get']('nginx:dh_param', {}).items() %}
{%- for dh_param, value in nginx.dh_param.items() %}
noelmcloughlin marked this conversation as resolved.
Show resolved Hide resolved
{%- if value is string %}
create_nginx_dhparam_{{ dh_param }}_key:
file.managed:
- name: {{ certificates_path }}/{{ dh_param }}
- contents_pillar: nginx:dh_param:{{ dh_param }}
- name: {{ nginx.certificates_path }}/{{ dh_param }}
- contents_pillar: {{ pillar_namespace }}:dh_param:{{ dh_param }}
- makedirs: True
- require:
- file: prepare_certificates_path_dir
Expand All @@ -26,39 +26,39 @@ generate_nginx_dhparam_{{ dh_param }}_key:
- name: {{ nginx.lookup.openssl_package }}
cmd.run:
- name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }}
- cwd: {{ certificates_path }}
- creates: {{ certificates_path }}/{{ dh_param }}
- cwd: {{ nginx.certificates_path }}
- creates: {{ nginx.certificates_path }}/{{ dh_param }}
- require:
- file: prepare_certificates_path_dir
- watch_in:
- service: nginx_service
{%- endif %}
{%- endfor %}

{%- for domain in salt['pillar.get']('nginx:certificates', {}).keys() %}
{%- for domain in nginx.certificates.keys() %}

nginx_{{ domain }}_ssl_certificate:
file.managed:
- name: {{ certificates_path }}/{{ domain }}.crt
- name: {{ nginx.certificates_path }}/{{ domain }}.crt
- makedirs: True
{% if salt['pillar.get']("nginx:certificates:{}:public_cert_pillar".format(domain)) %}
- contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:public_cert_pillar'.format(domain)) }}
{% if domain in nginx.certificates and 'public_cert_pillar' in nginx.certificates[domain] %}
- contents_pillar: {{ nginx.certificates[domain].public_cert_pillar }}
{% else %}
- contents_pillar: nginx:certificates:{{ domain }}:public_cert
- contents_pillar: {{ pillar_namespace }}:certificates:{{ domain }}:public_cert
{% endif %}
- watch_in:
- service: nginx_service

{% if salt['pillar.get']("nginx:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}
{% if 'private_key' in nginx.certificates[domain] or 'private_key_pillar' in nginx.certificates[domain] %}
nginx_{{ domain }}_ssl_key:
file.managed:
- name: {{ certificates_path }}/{{ domain }}.key
- name: {{ nginx.certificates_path }}/{{ domain }}.key
- mode: 600
- makedirs: True
{% if salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}
- contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:private_key_pillar'.format(domain)) }}
{% if 'private_key_pillar' in nginx.certificates[domain] %}
- contents_pillar: {{ nginx.certificates[domain].private_key_pillar }}
{% else %}
- contents_pillar: nginx:certificates:{{ domain }}:private_key
- contents_pillar: {{ pillar_namespace }}:certificates:{{ domain }}:private_key
{% endif %}
- watch_in:
- service: nginx_service
Expand Down
2 changes: 1 addition & 1 deletion nginx/common.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
include:
- nginx.deprecated
- .deprecated
60 changes: 60 additions & 0 deletions nginx/defaults.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
nginx:
lookup:
package: nginx
service: nginx
conf_file: /etc/nginx/nginx.conf
snippets_dir: /etc/nginx/snippets
install_from_source: false
install_from_ppa: false
install_from_repo: false
install_from_phusionpassenger: false
ppa_version: stable
source_version: 1.10.0
source_hash: 8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d
source:
opts: {}
package:
opts: {}
service:
enable: true
opts: {}
certificates_path: /etc/nginx/ssl
dh_param: {}
certificates: {}
server:
opts: {}
config:
worker_processes: auto
events:
worker_connections: 512
http:
sendfile: 'on'
tcp_nopush: 'on'
tcp_nodelay: 'on'
keepalive_timeout: 65
types_hash_max_size: 2048
default_type: application/octet-stream
access_log: /var/log/nginx/access.log
error_log: /var/log/nginx/error.log
gzip: 'off'
gzip_disable: '"msie6"'
include:
- mime.types
- conf.d/*.conf
- sites-enabled/*
servers:
disabled_postfix: .disabled
symlink_opts: {}
rename_opts: {}
managed_opts:
makedirs: true
dir_opts:
makedirs: true
managed: {}
purge_servers_config: false
passenger:
passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
passenger_ruby: /usr/bin/ruby
15 changes: 8 additions & 7 deletions nginx/init.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,20 @@
#
# Meta-state to fully install nginx.

{%- from 'nginx/map.jinja' import nginx, sls_block with context %}
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ '/map.jinja' import nginx with context %}

include:
{%- if nginx.ng is defined %}
- nginx.deprecated
- .deprecated
{%- endif %}
- nginx.config
- nginx.service
- .config
- .service
{%- if nginx.snippets is defined %}
- nginx.snippets
- .snippets
{%- endif %}
- nginx.servers
- nginx.certificates
- .servers
- .certificates

extend:
nginx_service:
Expand Down
2 changes: 1 addition & 1 deletion nginx/luajit2.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
include:
- nginx.deprecated
- .deprecated
175 changes: 10 additions & 165 deletions nginx/map.jinja
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,171 +4,16 @@
{% endfor %}
{% endmacro %}

{% set nginx = salt['pillar.get']('nginx', {
'lookup': salt['grains.filter_by']({
'Debian': {
'package': 'nginx',
'passenger_package': 'passenger',
'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
'service': 'nginx',
'webuser': 'www-data',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/sites-available',
'server_enabled': '/etc/nginx/sites-enabled',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': True,
'pid_file': '/run/nginx.pid',
'openssl_package': 'openssl',
},
'CentOS': {
'package': 'nginx',
'passenger_package': 'passenger',
'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
'service': 'nginx',
'webuser': 'nginx',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/conf.d',
'server_enabled': '/etc/nginx/conf.d',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': False,
'pid_file': '/run/nginx.pid',
'rh_os_releasever': '$releasever',
'gpg_check': False,
'gpg_key': 'http://nginx.org/keys/nginx_signing.key',
'openssl_package': 'openssl',
},
'RedHat': {
'package': 'nginx',
'passenger_package': 'passenger',
'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
'service': 'nginx',
'webuser': 'nginx',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/conf.d',
'server_enabled': '/etc/nginx/conf.d',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': False,
'pid_file': '/run/nginx.pid',
'rh_os_releasever': '$releasever',
'gpg_check': False,
'gpg_key': 'http://nginx.org/keys/nginx_signing.key',
'passenger': {
'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini',
'passenger_instance_registry_dir': ' /var/run/passenger-instreg',
'passenger_ruby': '/usr/bin/ruby',
},
'openssl_package': 'openssl',
},
'Suse': {
'package': 'nginx',
'service': 'nginx',
'webuser': 'nginx',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/vhosts.d',
'server_enabled': '/etc/nginx/vhosts.d',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': False,
'pid_file': '/run/nginx.pid',
'gpg_check': True,
'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_{{ grains.osrelease }}/repodata/repomd.xml.key',
'openssl_package': 'openssl',
},
'Arch': {
'package': 'nginx',
'service': 'nginx',
'webuser': 'http',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/sites-available',
'server_enabled': '/etc/nginx/sites-enabled',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': True,
'openssl_package': 'openssl',
},
'Gentoo': {
'package': 'www-servers/nginx',
'service': 'nginx',
'webuser': 'nginx',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/sites-available',
'server_enabled': '/etc/nginx/sites-enabled',
'snippets_dir': '/etc/nginx/snippets',
'server_use_symlink': True,
'openssl_package': 'dev-libs/openssl',
},
'FreeBSD': {
'package': 'nginx',
'passenger_package': 'passenger',
'service': 'nginx',
'webuser': 'www',
'conf_file': '/usr/local/etc/nginx/nginx.conf',
'server_available': '/usr/local/etc/nginx/sites-available',
'server_enabled': '/usr/local/etc/nginx/sites-enabled',
'snippets_dir': '/usr/local/etc/nginx/snippets',
'server_use_symlink': True,
'pid_file': '/var/run/nginx.pid',
},
}, default='Debian' ),
'install_from_source': False,
'install_from_ppa': False,
'install_from_repo': False,
'install_from_phusionpassenger': False,
'ppa_version': 'stable',
'source_version': '1.10.0',
'source_hash': '8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d',
'source': {
'opts': {},
},
'package': {
'opts': {},
},
'service': {
'enable': True,
'opts': {},
},
'server': {
'opts': {},
'config': {
'worker_processes': 'auto',
'events': {
'worker_connections': 512,
},
'http': {
'sendfile': 'on',
'tcp_nopush': 'on',
'tcp_nodelay': 'on',
'keepalive_timeout': '65',
'types_hash_max_size': '2048',
'default_type': 'application/octet-stream',
'access_log': '/var/log/nginx/access.log',
'error_log': '/var/log/nginx/error.log',
'gzip': 'off',
'gzip_disable': '"msie6"',
'include': [
'mime.types',
'conf.d/*.conf',
'sites-enabled/*',
],
},
},
},
'servers': {
'disabled_postfix': '.disabled',
'symlink_opts': {},
'rename_opts': {},
'managed_opts': {
'makedirs': True,
},
'dir_opts': {
'makedirs': True,
},
'managed': {},
'purge_servers_config': False,
},
'passenger': {
'passenger_root': '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
'passenger_ruby': '/usr/bin/ruby',
},
}, merge=True) %}
{%- set tplroot = tpldir.split('/')[0] %}
{% set pillar_namespace = salt['pillar.get']('{}:pillar:namespace'.format(tplroot), tplroot) %}

{% import_yaml tplroot ~ "/defaults.yaml" as defaults %}
{% import_yaml tplroot ~ "/osfamilymap.yaml" as osfamilymap %}

{% set osfamily = salt['grains.filter_by'](osfamilymap, grain='os_family') or {} %}
{% do salt['defaults.merge'](defaults.nginx, osfamily) %}

{% set nginx = salt['pillar.get'](pillar_namespace, default=defaults.nginx, merge=True) %}

{% if 'user' not in nginx.server.config %}
{% do nginx.server.config.update({
Expand Down
2 changes: 1 addition & 1 deletion nginx/ng/certificates.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
include:
- nginx.deprecated
- ..deprecated
2 changes: 1 addition & 1 deletion nginx/ng/config.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
include:
- nginx.deprecated
- ..deprecated
2 changes: 1 addition & 1 deletion nginx/ng/init.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
include:
- nginx.deprecated
- ..deprecated
2 changes: 1 addition & 1 deletion nginx/ng/passenger.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
include:
- nginx.deprecated
- ..deprecated
2 changes: 1 addition & 1 deletion nginx/ng/pkg.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
include:
- nginx.deprecated
- ..deprecated
2 changes: 1 addition & 1 deletion nginx/ng/servers.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
include:
- nginx.deprecated
- ..deprecated
2 changes: 1 addition & 1 deletion nginx/ng/servers_config.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
include:
- nginx.deprecated
- ..deprecated
2 changes: 1 addition & 1 deletion nginx/ng/service.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
include:
- nginx.deprecated
- ..deprecated
2 changes: 1 addition & 1 deletion nginx/ng/snippets.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
include:
- nginx.deprecated
- ..deprecated
2 changes: 1 addition & 1 deletion nginx/ng/src.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
include:
- nginx.deprecated
- ..deprecated
Loading