Saltstack Official Nginx Formula

265 lines
8.5KB

  1. {% from "nginx/map.jinja" import nginx as nginx_map with context %}
  2. # Source currently requires package 'build-essential' which is Debian based.
  3. # Will not work with os_family RedHat!
  4. # TODO- Someone with a RedHat system please update this to work on RedHat
  5. {% set nginx = pillar.get('nginx', {}) -%}
  6. {% set use_sysvinit = nginx.get('use_sysvinit', nginx_map['use_sysvinit']) %}
  7. {% set version = nginx.get('version', '1.6.2') -%}
  8. {% set tarball_url = nginx.get('tarball_url', 'http://nginx.org/download/nginx-' + version + '.tar.gz') -%}
  9. {% set checksum = nginx.get('checksum', 'sha256=b5608c2959d3e7ad09b20fc8f9e5bd4bc87b3bc8ba5936a513c04ed8f1391a18') -%}
  10. {% set home = nginx.get('home', nginx_map['home']) -%}
  11. {% set base_temp_dir = nginx.get('base_temp_dir', '/tmp') -%}
  12. {% set source = nginx.get('source_root', '/usr/local/src') -%}
  13. {% set conf_dir = nginx.get('conf_dir', nginx_map['conf_dir']) -%}
  14. {% set conf_only = nginx.get('conf_only', false) -%}
  15. {% set log_dir = nginx.get('log_dir', nginx_map['log_dir']) -%}
  16. {% set pid_path = nginx.get('pid_path', '/var/run/nginx.pid') -%}
  17. {% set lock_path = nginx.get('lock_path', '/var/lock/nginx.lock') -%}
  18. {% set sbin_dir = nginx.get('sbin_dir', nginx_map['sbin_dir']) -%}
  19. {% set install_prefix = nginx.get('install_prefix', nginx_map['install_prefix']) -%}
  20. {% set with_items = nginx.get('with', ['debug', 'http_dav_module', 'http_stub_status_module', 'pcre', 'ipv6']) -%}
  21. {% set without_items = nginx.get('without', []) -%}
  22. {% set make_flags = nginx.get('make_flags', nginx_map['make_flags']) -%}
  23. {% set service_name = nginx.get('service_name', 'nginx') %}
  24. {% set service_enable = nginx.get('service_enable', True) %}
  25. {% set nginx_package = source + '/nginx-' + version + '.tar.gz' -%}
  26. {% set nginx_source = source + "/nginx-" + version -%}
  27. {% set nginx_modules_dir = source + "/nginx-modules" -%}
  28. include:
  29. - nginx.common
  30. {% if nginx.get('with_luajit', false) %}
  31. - nginx.luajit2
  32. {% endif -%}
  33. {% if nginx.get('with_openresty', false) %}
  34. - nginx.openresty
  35. {% endif -%}
  36. nginx_group:
  37. group.present:
  38. - name: {{ nginx_map.default_group }}
  39. nginx_user:
  40. file.directory:
  41. - name: {{ home }}
  42. - user: {{ nginx_map.default_user }}
  43. - group: {{ nginx_map.default_group }}
  44. - mode: 0755
  45. - require:
  46. - user: nginx_user
  47. - group: nginx_group
  48. user.present:
  49. - name: {{ nginx_map.default_user }}
  50. - home: {{ home }}
  51. - groups:
  52. - {{ nginx_map.default_group }}
  53. - require:
  54. - group: nginx_group
  55. {{ nginx_modules_dir }}:
  56. file:
  57. - directory
  58. - makedirs: True
  59. get-nginx:
  60. pkg.installed:
  61. - names:
  62. - libpcre3-dev
  63. - build-essential
  64. - libssl-dev
  65. file.managed:
  66. - name: {{ nginx_package }}
  67. - source: {{ tarball_url }}
  68. - source_hash: {{ checksum }}
  69. - require:
  70. - file: {{ nginx_modules_dir }}
  71. cmd.wait:
  72. - cwd: {{ source }}
  73. - name: tar --transform "s,^$(tar --list -zf nginx-{{ version }}.tar.gz | head -n 1),nginx-{{ version }}/," -zxf {{ nginx_package }}
  74. - require:
  75. - pkg: get-nginx
  76. - file: get-nginx
  77. - watch:
  78. - file: get-nginx
  79. {% for name, module in nginx.get('modules', {}).items() -%}
  80. get-nginx-{{name}}:
  81. file.managed:
  82. - name: {{ nginx_modules_dir }}/{{name}}.tar.gz
  83. - source: {{ module['source'] }}
  84. - source_hash: {{ module['source_hash'] }}
  85. cmd.wait:
  86. - cwd: {{ nginx_modules_dir }}
  87. - names:
  88. - tar --transform "s,^$(tar --list -zf {{name}}.tar.gz | head -n 1),{{name}}/," -zxf {{name}}.tar.gz
  89. - watch:
  90. - file: get-nginx-{{name}}
  91. - require_in:
  92. - cmd: nginx
  93. {% endfor -%}
  94. {% if nginx.get('ngx_devel_kit', true) -%}
  95. get-ngx_devel_kit:
  96. file.managed:
  97. - name: {{ source }}/ngx_devel_kit.tar.gz
  98. - source: https://github.com/simpl/ngx_devel_kit/archive/v0.2.18.tar.gz
  99. - source_hash: sha1=e21ba642f26047661ada678b21eef001ee2121d8
  100. cmd.wait:
  101. - cwd: {{ source }}
  102. - name: tar -zxf {{ source }}/ngx_devel_kit.tar.gz -C {{ source }}
  103. - watch:
  104. - file: get-ngx_devel_kit
  105. {% endif %}
  106. is-nginx-source-modified:
  107. cmd.run:
  108. - cwd: {{ source }}
  109. - stateful: True
  110. - names:
  111. - if [ ! -d "nginx-{{ version }}" ]; then
  112. echo "changed=yes comment='Tarball has not yet been extracted'";
  113. exit 0;
  114. fi;
  115. cd "nginx-{{ version }}";
  116. m=$(find . \! -name "build.*" -newer {{ sbin_dir }}/nginx -print -quit);
  117. r=$?;
  118. if [ x$r != x0 ]; then
  119. echo "changed=yes comment='binary file does not exist or other find error'";
  120. exit 0;
  121. fi;
  122. if [ x$m != "x" ]; then
  123. echo "changed=yes comment='source files are newer than binary'";
  124. exit 0;
  125. fi;
  126. echo "changed=no comment='source files are older than binary'"
  127. {% for name, module in nginx.get('modules', {}).items() -%}
  128. is-nginx-module-modified-{{name}}:
  129. cmd.run:
  130. - cwd: {{ nginx_modules_dir }}/{{name}}
  131. - stateful: True
  132. - names:
  133. - m=$(find . \! -name "build.*" -newer {{ sbin_dir }}/nginx -print -quit);
  134. r=$?;
  135. if [ x$r != x0 ]; then
  136. echo "changed=yes comment='binary file does not exist or other find error'";
  137. exit 0;
  138. fi;
  139. if [ x$m != "x" ]; then
  140. echo "changed=yes comment='module source files are newer than binary'";
  141. exit 0;
  142. fi;
  143. echo "changed=no comment='module source files are older than binary'"
  144. {% endfor -%}
  145. nginx:
  146. cmd.wait:
  147. - cwd: {{ nginx_source }}
  148. - names:
  149. - (
  150. ./configure --conf-path={{ conf_dir }}/nginx.conf
  151. --sbin-path={{ sbin_dir }}/nginx
  152. --user={{ nginx_map.default_user }}
  153. --group={{ nginx_map.default_group }}
  154. --prefix={{ install_prefix }}
  155. --http-log-path={{ log_dir }}/access.log
  156. --error-log-path={{ log_dir }}/error.log
  157. --pid-path={{ pid_path }}
  158. --lock-path={{ lock_path }}
  159. --http-client-body-temp-path={{ base_temp_dir }}/body
  160. --http-proxy-temp-path={{ base_temp_dir }}/proxy
  161. --http-fastcgi-temp-path={{ base_temp_dir }}/fastcgi
  162. --http-uwsgi-temp-path={{ base_temp_dir }}/temp_uwsgi
  163. --http-scgi-temp-path={{ base_temp_dir }}/temp_scgi
  164. {%- for name, module in nginx.get('modules', {}).items() %}
  165. --add-module={{nginx_modules_dir}}/{{name}}
  166. {%- endfor %}
  167. {%- for name in with_items %}
  168. --with-{{ name }}
  169. {%- endfor %}
  170. {%- for name in without_items %}
  171. --without-{{ name }}
  172. {%- endfor %}
  173. && make {{ make_flags }}
  174. && make install
  175. )
  176. {#- If they want to silence the compiler output, then save it to file so we can reference it later if needed #}
  177. {%- if nginx.get('silence_compiler', true) %}
  178. > {{ nginx_source }}/build.out 2> {{ nginx_source }}/build.err;
  179. {#- If the build process failed, write stderr to stderr and exit with the error code #}
  180. r=$?;
  181. if [ x$r != x0 ]; then
  182. cat {{ nginx_source }}/build.err 1>&2; {#- copy err output to stderr #}
  183. exit $r;
  184. fi;
  185. {% endif %}
  186. - watch:
  187. - cmd: get-nginx
  188. - cmd: is-nginx-source-modified
  189. {% for name, module in nginx.get('modules', {}).items() -%}
  190. - cmd: is-nginx-module-modified-{{name}}
  191. - file: get-nginx-{{name}}
  192. {% endfor %}
  193. {% if use_sysvinit %}
  194. - watch_in:
  195. {% set logger_types = ('access', 'error') %}
  196. {% for log_type in logger_types %}
  197. - service: nginx-logger-{{ log_type }}
  198. {% endfor %}
  199. {% endif %}
  200. - require:
  201. - cmd: get-nginx
  202. {% for name, module in nginx.get('modules', {}).items() -%}
  203. - file: get-nginx-{{name}}
  204. {% endfor %}
  205. file:
  206. - managed
  207. - template: jinja
  208. - name: /etc/init.d/{{ service_name }}
  209. - source: salt://nginx/templates/nginx.init.jinja
  210. - user: root
  211. - group: root
  212. - mode: 0755
  213. - context:
  214. service_name: {{ service_name }}
  215. sbin_dir: {{ sbin_dir }}
  216. pid_path: {{ pid_path }}
  217. service:
  218. {% if service_enable %}
  219. - running
  220. - enable: True
  221. - restart: True
  222. {% else %}
  223. - dead
  224. - enable: False
  225. {% endif %}
  226. - name: {{ service_name }}
  227. - watch:
  228. - cmd: nginx
  229. - file: {{ conf_dir }}/nginx.conf
  230. - require:
  231. - cmd: nginx
  232. - file: {{ conf_dir }}/nginx.conf
  233. {% for file in nginx.get('delete_confs', []) %}
  234. {{ conf_dir }}/{{ file }}:
  235. file:
  236. - absent
  237. - require_in:
  238. - service: nginx
  239. {% endfor %}
  240. {% for file in nginx.get('delete_htdocs', []) %}
  241. {{ install_prefix }}/html/{{ file }}:
  242. file:
  243. - absent
  244. - require_in:
  245. - service: nginx
  246. {% endfor %}