Saltstack Official Nginx Formula

205 lines
6.1KB

  1. # nginx.pkg
  2. #
  3. # Manages installation of nginx from pkg.
  4. {#- Get the `tplroot` from `tpldir` #}
  5. {%- set tplroot = tpldir.split('/')[0] %}
  6. {%- from tplroot ~ "/map.jinja" import nginx, sls_block with context %}
  7. {%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
  8. {%- if nginx.install_from_repo %}
  9. {% set from_official = true %}
  10. {% set from_ppa = false %}
  11. {% set from_phusionpassenger = false %}
  12. {% set from_opensuse_devel = false %}
  13. {% elif nginx.install_from_ppa %}
  14. {% set from_official = false %}
  15. {% set from_ppa = true %}
  16. {% set from_phusionpassenger = false %}
  17. {% set from_opensuse_devel = false %}
  18. {% elif nginx.install_from_phusionpassenger %}
  19. {% set from_official = false %}
  20. {% set from_ppa = false %}
  21. {% set from_phusionpassenger = true %}
  22. {% set from_opensuse_devel = false %}
  23. {% elif nginx.install_from_opensuse_devel %}
  24. {% set from_official = false %}
  25. {% set from_ppa = false %}
  26. {% set from_phusionpassenger = false %}
  27. {% set from_opensuse_devel = true %}
  28. {% else %}
  29. {% set from_official = false %}
  30. {% set from_ppa = false %}
  31. {% set from_phusionpassenger = false %}
  32. {% set from_opensuse_devel = false %}
  33. {%- endif %}
  34. {%- set resource_repo_managed = 'file' if grains.os_family == 'Debian' else 'pkgrepo' %}
  35. nginx_install:
  36. pkg.installed:
  37. {{ sls_block(nginx.package.opts) }}
  38. {% if nginx.lookup.package is iterable and nginx.lookup.package is not string %}
  39. - pkgs:
  40. {% for pkg in nginx.lookup.package %}
  41. - {{ pkg }}
  42. {% endfor %}
  43. {% else %}
  44. - name: {{ nginx.lookup.package }}
  45. {% endif %}
  46. {% if grains.os_family == 'Debian' %}
  47. {%- if from_official %}
  48. nginx_official_repo_keyring:
  49. file.managed:
  50. - name: {{ nginx.lookup.package_repo_keyring }}
  51. - source: {{ files_switch(['nginx-archive-keyring.gpg'],
  52. lookup='nginx_official_repo_keyring'
  53. )
  54. }}
  55. - require_in:
  56. - {{ resource_repo_managed }}: nginx_official_repo
  57. {%- endif %}
  58. nginx_official_repo:
  59. file:
  60. {%- if from_official %}
  61. - managed
  62. {%- else %}
  63. - absent
  64. {%- endif %}
  65. - name: /etc/apt/sources.list.d/nginx-official-{{ grains.oscodename }}.list
  66. - contents: >
  67. deb [signed-by={{ nginx.lookup.package_repo_keyring }}]
  68. http://nginx.org/packages/{{ grains.os | lower }}/ {{ grains.oscodename }} nginx
  69. - require_in:
  70. - pkg: nginx_install
  71. - watch_in:
  72. - pkg: nginx_install
  73. {%- if from_phusionpassenger %}
  74. nginx_phusionpassenger_repo_keyring:
  75. file.managed:
  76. - name: /usr/share/keyrings/phusionpassenger-archive-keyring.gpg
  77. - source: {{ files_switch(['phusionpassenger-archive-keyring.gpg'],
  78. lookup='nginx_phusionpassenger_repo_keyring'
  79. )
  80. }}
  81. - require_in:
  82. - {{ resource_repo_managed }}: nginx_phusionpassenger_repo
  83. # Remove the old repo file
  84. nginx_phusionpassenger_repo_remove:
  85. pkgrepo.absent:
  86. - name: deb http://nginx.org/packages/{{ grains.os |lower }}/ {{ grains.oscodename }} nginx
  87. - keyid: 561F9B9CAC40B2F7
  88. - require_in:
  89. - {{ resource_repo_managed }}: nginx_phusionpassenger_repo
  90. file.absent:
  91. - name: /etc/apt/sources.list.d/nginx-phusionpassenger-{{ grains.oscodename }}.list
  92. - require_in:
  93. - {{ resource_repo_managed }}: nginx_phusionpassenger_repo
  94. {%- endif %}
  95. nginx_phusionpassenger_repo:
  96. file:
  97. {%- if from_phusionpassenger %}
  98. - managed
  99. {%- else %}
  100. - absent
  101. {%- endif %}
  102. - name: /etc/apt/sources.list.d/phusionpassenger-official-{{ grains.oscodename }}.list
  103. - contents: >
  104. deb [signed-by={{ nginx.lookup.passenger_package_repo_keyring }}]
  105. https://oss-binaries.phusionpassenger.com/apt/passenger {{ grains.oscodename }} main
  106. - require_in:
  107. - pkg: nginx_install
  108. - watch_in:
  109. - pkg: nginx_install
  110. {% endif %}
  111. {% if grains.os_family == 'Suse' or grains.os == 'SUSE' %}
  112. nginx_zypp_repo:
  113. pkgrepo:
  114. - name: server_http
  115. {%- if from_opensuse_devel %}
  116. - managed
  117. - humanname: server_http
  118. - baseurl: 'http://download.opensuse.org/repositories/server:/http/{{ grains.osrelease }}/'
  119. - enabled: True
  120. - autorefresh: True
  121. - gpgcheck: {{ nginx.lookup.gpg_check }}
  122. - gpgkey: {{ nginx.lookup.gpg_key }}
  123. - gpgautoimport: {{ nginx.lookup.gpg_autoimport }}
  124. {%- else %}
  125. - absent
  126. {%- endif %}
  127. - require_in:
  128. - pkg: nginx_install
  129. - watch_in:
  130. - pkg: nginx_install
  131. {% endif %}
  132. {% if grains.os_family == 'RedHat' %}
  133. {% if grains.get('osfinger', '') == 'Amazon Linux-2' %}
  134. nginx_epel_repo:
  135. pkgrepo.managed:
  136. - name: epel
  137. - humanname: Extra Packages for Enterprise Linux 7 - $basearch
  138. - mirrorlist: https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
  139. - enabled: 1
  140. - gpgcheck: 1
  141. - gpgkey: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
  142. - failovermethod: priority
  143. - require_in:
  144. - pkg: nginx_install
  145. - watch_in:
  146. - pkg: nginx_install
  147. {% endif %}
  148. nginx_yum_repo:
  149. pkgrepo:
  150. {%- if from_official %}
  151. - managed
  152. {%- else %}
  153. - absent
  154. {%- endif %}
  155. - name: nginx
  156. - humanname: nginx repo
  157. {%- if grains.os == 'CentOS' %}
  158. - baseurl: 'http://nginx.org/packages/centos/$releasever/$basearch/'
  159. {%- else %}
  160. - baseurl: 'http://nginx.org/packages/rhel/{{ nginx.lookup.rh_os_releasever }}/$basearch/'
  161. {%- endif %}
  162. - gpgcheck: {{ nginx.lookup.gpg_check }}
  163. - gpgkey: {{ nginx.lookup.gpg_key }}
  164. - enabled: True
  165. - require_in:
  166. - pkg: nginx_install
  167. - watch_in:
  168. - pkg: nginx_install
  169. nginx_phusionpassenger_yum_repo:
  170. pkgrepo:
  171. {%- if from_phusionpassenger %}
  172. - managed
  173. {%- else %}
  174. - absent
  175. {%- endif %}
  176. - name: passenger
  177. - humanname: nginx phusionpassenger repo
  178. - baseurl: 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch'
  179. - repo_gpgcheck: 1
  180. - gpgcheck: 0
  181. - gpgkey: 'https://oss-binaries.phusionpassenger.com/yum/definitions/RPM-GPG-KEY.asc'
  182. - enabled: True
  183. - sslverify: 1
  184. - sslcacert: /etc/pki/tls/certs/ca-bundle.crt
  185. - require_in:
  186. - pkg: nginx_install
  187. - watch_in:
  188. - pkg: nginx_install
  189. {% endif %}