Saltstack Official Nginx Formula

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273
  1. {% from "nginx/map.jinja" import nginx as nginx_map with context %}
  2. {% set nginx = pillar.get('nginx', {}) -%}
  3. {% set use_sysvinit = nginx.get('use_sysvinit', nginx_map['use_sysvinit']) %}
  4. {% set version = nginx.get('version', '1.6.2') -%}
  5. {% set tarball_url = nginx.get('tarball_url', 'http://nginx.org/download/nginx-' + version + '.tar.gz') -%}
  6. {% set checksum = nginx.get('checksum', 'sha256=b5608c2959d3e7ad09b20fc8f9e5bd4bc87b3bc8ba5936a513c04ed8f1391a18') -%}
  7. {% set home = nginx.get('home', nginx_map['home']) -%}
  8. {% set base_temp_dir = nginx.get('base_temp_dir', '/tmp') -%}
  9. {% set source = nginx.get('source_root', '/usr/local/src') -%}
  10. {% set conf_dir = nginx.get('conf_dir', nginx_map['conf_dir']) -%}
  11. {% set conf_only = nginx.get('conf_only', false) -%}
  12. {% set log_dir = nginx.get('log_dir', nginx_map['log_dir']) -%}
  13. {% set pid_path = nginx.get('pid_path', nginx_map['pid_path']) -%}
  14. {% set lock_path = nginx.get('lock_path', '/var/lock/nginx.lock') -%}
  15. {% set sbin_dir = nginx.get('sbin_dir', nginx_map['sbin_dir']) -%}
  16. {% set install_prefix = nginx.get('install_prefix', nginx_map['install_prefix']) -%}
  17. {% set with_items = nginx.get('with', ['debug', 'http_dav_module', 'http_stub_status_module', 'pcre', 'ipv6']) -%}
  18. {% set without_items = nginx.get('without', []) -%}
  19. {% set make_flags = nginx.get('make_flags', nginx_map['make_flags']) -%}
  20. {% set service_name = nginx.get('service_name', 'nginx') %}
  21. {% set service_enable = nginx.get('service_enable', True) %}
  22. {% set nginx_package = source + '/nginx-' + version + '.tar.gz' -%}
  23. {% set nginx_source = source + "/nginx-" + version -%}
  24. {% set nginx_modules_dir = source + "/nginx-modules" -%}
  25. include:
  26. - nginx.common
  27. {% if nginx.get('with_luajit', false) %}
  28. - nginx.luajit2
  29. {% endif -%}
  30. {% if nginx.get('with_openresty', false) %}
  31. - nginx.openresty
  32. {% endif -%}
  33. nginx_group:
  34. group.present:
  35. - name: {{ nginx_map.default_group }}
  36. nginx_user:
  37. file.directory:
  38. - name: {{ home }}
  39. - user: {{ nginx_map.default_user }}
  40. - group: {{ nginx_map.default_group }}
  41. - mode: 0755
  42. - require:
  43. - user: nginx_user
  44. - group: nginx_group
  45. user.present:
  46. - name: {{ nginx_map.default_user }}
  47. - home: {{ home }}
  48. - groups:
  49. - {{ nginx_map.default_group }}
  50. - require:
  51. - group: nginx_group
  52. {{ nginx_modules_dir }}:
  53. file:
  54. - directory
  55. - makedirs: True
  56. get-build-tools:
  57. {% if grains['saltversion'] < '2015.8.0' and grains['os_family'] == 'RedHat' %}
  58. module.run:
  59. - name: pkg.group_install
  60. - m_name: {{ nginx_map.group_pkg }}
  61. {% else %}
  62. {{ nginx_map.group_action }}:
  63. - name: {{ nginx_map.group_pkg }}
  64. {% endif %}
  65. get-nginx:
  66. pkg.installed:
  67. - names:
  68. - {{ nginx_map.libpcre_dev }}
  69. - {{ nginx_map.libssl_dev }}
  70. file.managed:
  71. - name: {{ nginx_package }}
  72. - source: {{ tarball_url }}
  73. - source_hash: {{ checksum }}
  74. - require:
  75. - file: {{ nginx_modules_dir }}
  76. cmd.wait:
  77. - cwd: {{ source }}
  78. - name: tar --transform "s,^$(tar --list -zf nginx-{{ version }}.tar.gz | head -n 1),nginx-{{ version }}/," -zxf {{ nginx_package }}
  79. - require:
  80. - pkg: get-nginx
  81. - file: get-nginx
  82. - watch:
  83. - file: get-nginx
  84. {% for name, module in nginx.get('modules', {}).items() -%}
  85. get-nginx-{{name}}:
  86. file.managed:
  87. - name: {{ nginx_modules_dir }}/{{name}}.tar.gz
  88. - source: {{ module['source'] }}
  89. - source_hash: {{ module['source_hash'] }}
  90. cmd.wait:
  91. - cwd: {{ nginx_modules_dir }}
  92. - names:
  93. - tar --transform "s,^$(tar --list -zf {{name}}.tar.gz | head -n 1),{{name}}/," -zxf {{name}}.tar.gz
  94. - watch:
  95. - file: get-nginx-{{name}}
  96. - require_in:
  97. - cmd: nginx
  98. {% endfor -%}
  99. {% if nginx.get('ngx_devel_kit', true) -%}
  100. get-ngx_devel_kit:
  101. file.managed:
  102. - name: {{ source }}/ngx_devel_kit.tar.gz
  103. - source: https://github.com/simpl/ngx_devel_kit/archive/v0.2.18.tar.gz
  104. - source_hash: sha1=e21ba642f26047661ada678b21eef001ee2121d8
  105. cmd.wait:
  106. - cwd: {{ source }}
  107. - name: tar -zxf {{ source }}/ngx_devel_kit.tar.gz -C {{ source }}
  108. - watch:
  109. - file: get-ngx_devel_kit
  110. {% endif %}
  111. is-nginx-source-modified:
  112. cmd.run:
  113. - cwd: {{ source }}
  114. - stateful: True
  115. - names:
  116. - if [ ! -d "nginx-{{ version }}" ]; then
  117. echo "changed=yes comment='Tarball has not yet been extracted'";
  118. exit 0;
  119. fi;
  120. cd "nginx-{{ version }}";
  121. m=$(find . \! -name "build.*" -newer {{ sbin_dir }}/nginx -print -quit);
  122. r=$?;
  123. if [ x$r != x0 ]; then
  124. echo "changed=yes comment='binary file does not exist or other find error'";
  125. exit 0;
  126. fi;
  127. if [ x$m != "x" ]; then
  128. echo "changed=yes comment='source files are newer than binary'";
  129. exit 0;
  130. fi;
  131. echo "changed=no comment='source files are older than binary'"
  132. {% for name, module in nginx.get('modules', {}).items() -%}
  133. is-nginx-module-modified-{{name}}:
  134. cmd.run:
  135. - cwd: {{ nginx_modules_dir }}/{{name}}
  136. - stateful: True
  137. - names:
  138. - m=$(find . \! -name "build.*" -newer {{ sbin_dir }}/nginx -print -quit);
  139. r=$?;
  140. if [ x$r != x0 ]; then
  141. echo "changed=yes comment='binary file does not exist or other find error'";
  142. exit 0;
  143. fi;
  144. if [ x$m != "x" ]; then
  145. echo "changed=yes comment='module source files are newer than binary'";
  146. exit 0;
  147. fi;
  148. echo "changed=no comment='module source files are older than binary'"
  149. {% endfor -%}
  150. nginx:
  151. cmd.wait:
  152. - cwd: {{ nginx_source }}
  153. - names:
  154. - (
  155. ./configure --conf-path={{ conf_dir }}/nginx.conf
  156. --sbin-path={{ sbin_dir }}/nginx
  157. --user={{ nginx_map.default_user }}
  158. --group={{ nginx_map.default_group }}
  159. --prefix={{ install_prefix }}
  160. --http-log-path={{ log_dir }}/access.log
  161. --error-log-path={{ log_dir }}/error.log
  162. --pid-path={{ pid_path }}
  163. --lock-path={{ lock_path }}
  164. --http-client-body-temp-path={{ base_temp_dir }}/body
  165. --http-proxy-temp-path={{ base_temp_dir }}/proxy
  166. --http-fastcgi-temp-path={{ base_temp_dir }}/fastcgi
  167. --http-uwsgi-temp-path={{ base_temp_dir }}/temp_uwsgi
  168. --http-scgi-temp-path={{ base_temp_dir }}/temp_scgi
  169. {%- for name, module in nginx.get('modules', {}).items() %}
  170. --add-module={{nginx_modules_dir}}/{{name}}
  171. {%- endfor %}
  172. {%- for name in with_items %}
  173. --with-{{ name }}
  174. {%- endfor %}
  175. {%- for name in without_items %}
  176. --without-{{ name }}
  177. {%- endfor %}
  178. && make {{ make_flags }}
  179. && make install
  180. )
  181. {#- If they want to silence the compiler output, then save it to file so we can reference it later if needed #}
  182. {%- if nginx.get('silence_compiler', true) %}
  183. > {{ nginx_source }}/build.out 2> {{ nginx_source }}/build.err;
  184. {#- If the build process failed, write stderr to stderr and exit with the error code #}
  185. r=$?;
  186. if [ x$r != x0 ]; then
  187. cat {{ nginx_source }}/build.err 1>&2; {#- copy err output to stderr #}
  188. exit $r;
  189. fi;
  190. {% endif %}
  191. - watch:
  192. - cmd: get-nginx
  193. - cmd: is-nginx-source-modified
  194. {% for name, module in nginx.get('modules', {}).items() -%}
  195. - cmd: is-nginx-module-modified-{{name}}
  196. - file: get-nginx-{{name}}
  197. {% endfor %}
  198. {% if use_sysvinit %}
  199. - watch_in:
  200. {% set logger_types = ('access', 'error') %}
  201. {% for log_type in logger_types %}
  202. - service: nginx-logger-{{ log_type }}
  203. {% endfor %}
  204. {% endif %}
  205. - require:
  206. - cmd: get-nginx
  207. {% for name, module in nginx.get('modules', {}).items() -%}
  208. - file: get-nginx-{{name}}
  209. {% endfor %}
  210. {% if use_sysvinit %}
  211. file:
  212. - managed
  213. - template: jinja
  214. - name: /etc/init.d/{{ service_name }}
  215. - source: salt://nginx/templates/nginx.init.jinja
  216. - user: root
  217. - group: root
  218. - mode: 0755
  219. - context:
  220. service_name: {{ service_name }}
  221. sbin_dir: {{ sbin_dir }}
  222. pid_path: {{ pid_path }}
  223. {% endif %}
  224. service:
  225. {% if service_enable %}
  226. - running
  227. - enable: True
  228. - restart: True
  229. {% else %}
  230. - dead
  231. - enable: False
  232. {% endif %}
  233. - name: {{ service_name }}
  234. - watch:
  235. - cmd: nginx
  236. - file: {{ conf_dir }}/nginx.conf
  237. - require:
  238. - cmd: nginx
  239. - file: {{ conf_dir }}/nginx.conf
  240. {% for file in nginx.get('delete_confs', []) %}
  241. {{ conf_dir }}/{{ file }}:
  242. file:
  243. - absent
  244. - require_in:
  245. - service: nginx
  246. {% endfor %}
  247. {% for file in nginx.get('delete_htdocs', []) %}
  248. {{ install_prefix }}/html/{{ file }}:
  249. file:
  250. - absent
  251. - require_in:
  252. - service: nginx
  253. {% endfor %}