Drop run_dir and make client_body_temp_path/proxy_temp_path optional #1478
Conversation
nginx::config is a classthat may have no external impact to Forge modules. nginx is a classthat may have no external impact to Forge modules. nginx::params is a classthat may have no external impact to Forge modules. This module is declared in 9 of 578 indexed public
|
…tional The [general description of `/run/`](https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s15.html) is fairly vague and not in the original spec however my high level reading is that it relates more to small files which are used for service orchestration and not data (temporary or otherwise) which is specific to the programs operations for the later /var/lib which states the following seems more appropriate: > Furthermore, this hierarchy holds state information pertaining to an application .... State information is data that programs modify while they run, and that pertains to one specific host. https://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/Linux-Filesystem-Hierarchy.html#var And as we see from the [debian packages](https://salsa.debian.org/nginx-team/nginx/-/blob/master/debian/rules#L61-63) this is the route they have gone (and likely don't consider this a bug). although it is worth noting they only override this only for the full package, the light package keeps the default which ends up being `--prefix` and thus `/usr/share/nginx/client_temp/`. Of course there is a performance argument to make that says theses files should be in a ramdisk, however its also possible that this dir could become very large and putting it in a ramdisk could cause swapping or other system issues as such i think this decision should be left to the operator with sane defaults provided by the package maintain As run_dir is only ever used for setting `proxy_temp_path` and `client_body_temp_path` i suggest that we completely drop run_dir and make `client_body_temp_path` and `proxy_temp_path` optional, thus ensuring the configuration uses the distro configured defaults. if we don't want to use the package defaults then we should ensure we ensure things work correctly annd in this case i think using the systemd dropin would make the most senses This CR also adds resources to manage the creation of proxy_cache_path and fastcgi_cache_path directories Fixes #1372
| @@ -216,7 +216,7 @@ http { | |||
| <% end -%> | |||
| <% if @proxy_cache_path.is_a?(Hash) -%> | |||
| <% @proxy_cache_path.sort_by{|k,v| k}.each do |key,value| -%> | |||
| proxy_cache_path <%= key %> keys_zone=<%= value %> levels=<%= @proxy_cache_levels %> max_size=<%= @proxy_cache_max_size %> inactive=<%= @proxy_cache_inactive -%> | |||
| proxy_cache_path <%= key %> levels=<%= @proxy_cache_levels %> keys_zone=<%= value %> max_size=<%= @proxy_cache_max_size %> inactive=<%= @proxy_cache_inactive -%> | |||
There was a problem hiding this comment.
Is this change intended? Looks like it doesn't change anything.
There was a problem hiding this comment.
this was changed to match the same output when proxy_cache_path is a string. it makes it easier to script the rpsec matching
|
This would be considered backwards incompatible, right? |
yes |
| is_expected.to contain_file(param[:value]).with_ensure('directory') | ||
| end | ||
| end | ||
|
|
There was a problem hiding this comment.
theses tests identified that we never manage fastcgi_cache_path or proxy_cache_path perhaps that is interventional if so i can refactor
| mode => '0700', | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
Just wanted to explicitly highlight this. This was identified by the rspec additions on line 1079 (comment also there). I can more this to a separate PR if desired or drop it entirely?
There was a problem hiding this comment.
@ekohl just want to make sure you also saw theses as im not sure they where present when you did your first pass. thanks
There was a problem hiding this comment.
I did. I don't have a strong opinion on these but I wonder how we can make it clear in the changelog. It's backwards incompatible, so it'd be OK to deal with for users (they may manage the directories themselves leading to duplicate resource declarations) but it'd be great if they can find out prior to updating.
|
Hi all Is there anything outstanding on this one? didn't want to self merge as im not a user of this module, thx |
|
I think it LGTM |
smortex
changed the title
The general description of
/run/is fairly vague and not in the original spec however my high level reading is that it relates more to small files which are used for service orchestration and not data (temporary or otherwise) which is specific to the programs operations for the later /var/lib which states the following seems more appropriate:https://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/Linux-Filesystem-Hierarchy.html#var
And as we see from the debian packages this is the route they have gone (and likely don't consider this a bug). although it is worth noting they only override this only for the full package, the light package keeps the default which ends up being
--prefixand thus/usr/share/nginx/client_temp/.Of course there is a performance argument to make that says theses files should be in a ramdisk, however its also possible that this dir could become very large and putting it in a ramdisk could cause swapping or other system issues as such i think this decision should be left to the operator with sane defaults provided by the package maintain
As run_dir is only ever used for setting
proxy_temp_pathandclient_body_temp_pathi suggest that we completely drop run_dir and makeclient_body_temp_pathandproxy_temp_pathoptional, thus ensuring the configuration uses the distro configured defaults. if we don't want to use the package defaults then we should ensure we ensure things work correctly annd in this case i think using the systemd dropin would make the most sensesFixes #1372