diff --git a/manifests/init.pp b/manifests/init.pp index a5f8d853b..40419d281 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -16,7 +16,6 @@ # # stdlib # - puppetlabs-stdlib module >= 0.1.6 -# - plugin sync enabled to obtain the anchor type # # Sample Usage: # @@ -27,157 +26,146 @@ # } class nginx ( ### START Nginx Configuration ### - $client_body_temp_path = $::nginx::params::client_body_temp_path, - Boolean $confd_only = false, - Boolean $confd_purge = false, - $conf_dir = $::nginx::params::conf_dir, - Optional[Enum['on', 'off']] $daemon = undef, - $daemon_user = $::nginx::params::daemon_user, - $global_owner = $::nginx::params::global_owner, - $global_group = $::nginx::params::global_group, - $global_mode = $::nginx::params::global_mode, - $log_dir = $::nginx::params::log_dir, - $log_group = $::nginx::params::log_group, - $log_mode = '0750', - Variant[String, Array[String]] $http_access_log = "${log_dir}/${::nginx::params::http_access_log_file}", - $http_format_log = undef, - Variant[String, Array[String]] $nginx_error_log = "${log_dir}/${::nginx::params::nginx_error_log_file}", - Enum['debug','info','notice','warn','error','crit','alert','emerg'] $nginx_error_log_severity = 'error', - $pid = $::nginx::params::pid, - $proxy_temp_path = $::nginx::params::proxy_temp_path, - $root_group = $::nginx::params::root_group, - $run_dir = $::nginx::params::run_dir, - $sites_available_owner = $::nginx::params::sites_available_owner, - $sites_available_group = $::nginx::params::sites_available_group, - $sites_available_mode = $::nginx::params::sites_available_mode, - Boolean $super_user = $::nginx::params::super_user, - $temp_dir = $::nginx::params::temp_dir, - Boolean $server_purge = false, + $client_body_temp_path = $::nginx::params::client_body_temp_path, + Boolean $confd_only = false, + Boolean $confd_purge = false, + $conf_dir = $::nginx::params::conf_dir, + Optional[Enum['on', 'off']] $daemon = undef, + $daemon_user = $::nginx::params::daemon_user, + $global_owner = $::nginx::params::global_owner, + $global_group = $::nginx::params::global_group, + $global_mode = $::nginx::params::global_mode, + $log_dir = $::nginx::params::log_dir, + $log_group = $::nginx::params::log_group, + $log_mode = '0750', + Variant[String, Array[String]] $http_access_log = "${log_dir}/${::nginx::params::http_access_log_file}", + $http_format_log = undef, + Variant[String, Array[String]] $nginx_error_log = "${log_dir}/${::nginx::params::nginx_error_log_file}", + Nginx::ErrorLogSeverity $nginx_error_log_severity = 'error', + $pid = $::nginx::params::pid, + $proxy_temp_path = $::nginx::params::proxy_temp_path, + $root_group = $::nginx::params::root_group, + $run_dir = $::nginx::params::run_dir, + $sites_available_owner = $::nginx::params::sites_available_owner, + $sites_available_group = $::nginx::params::sites_available_group, + $sites_available_mode = $::nginx::params::sites_available_mode, + Boolean $super_user = $::nginx::params::super_user, + $temp_dir = $::nginx::params::temp_dir, + Boolean $server_purge = false, # Primary Templates - $conf_template = 'nginx/conf.d/nginx.conf.erb', + $conf_template = 'nginx/conf.d/nginx.conf.erb', ### START Nginx Configuration ### - $accept_mutex = 'on', - $accept_mutex_delay = '500ms', - $client_body_buffer_size = '128k', - String $client_max_body_size = '10m', - $client_body_timeout = '60', - $send_timeout = '60', - $lingering_timeout = '5', - Optional[String] $events_use = undef, - String $fastcgi_cache_inactive = '20m', - Optional[String] $fastcgi_cache_key = undef, - String $fastcgi_cache_keys_zone = 'd3:100m', - String $fastcgi_cache_levels = '1', - String $fastcgi_cache_max_size = '500m', - Optional[String] $fastcgi_cache_path = undef, - Optional[String] $fastcgi_cache_use_stale = undef, - $gzip = 'on', - $gzip_buffers = undef, - $gzip_comp_level = 1, - $gzip_disable = 'msie6', - $gzip_min_length = 20, - $gzip_http_version = 1.1, - $gzip_proxied = 'off', - $gzip_types = undef, - $gzip_vary = 'off', - Optional[Variant[Hash, Array]] $http_cfg_prepend = undef, - Optional[Variant[Hash, Array]] $http_cfg_append = undef, - $http_tcp_nodelay = 'on', - $http_tcp_nopush = 'off', - $keepalive_timeout = '65', - $keepalive_requests = '100', - $log_format = {}, - Boolean $mail = false, - Boolean $stream = false, - String $multi_accept = 'off', - Integer $names_hash_bucket_size = 64, - Integer $names_hash_max_size = 512, - $nginx_cfg_prepend = false, - String $proxy_buffers = '32 4k', - String $proxy_buffer_size = '8k', - String $proxy_cache_inactive = '20m', - String $proxy_cache_keys_zone = 'd2:100m', - String $proxy_cache_levels = '1', - String $proxy_cache_max_size = '500m', - Optional[Variant[Hash, String]] $proxy_cache_path = undef, - Optional[Integer] $proxy_cache_loader_files = undef, - Optional[String] $proxy_cache_loader_sleep = undef, - Optional[String] $proxy_cache_loader_threshold = undef, - Optional[Enum['on', 'off']] $proxy_use_temp_path = undef, - $proxy_connect_timeout = '90', - Integer $proxy_headers_hash_bucket_size = 64, - Optional[String] $proxy_http_version = undef, - $proxy_read_timeout = '90', - $proxy_redirect = undef, - $proxy_send_timeout = '90', - Array $proxy_set_header = [ + $accept_mutex = 'on', + $accept_mutex_delay = '500ms', + $client_body_buffer_size = '128k', + String $client_max_body_size = '10m', + $client_body_timeout = '60', + $send_timeout = '60', + $lingering_timeout = '5', + Optional[String] $events_use = undef, + String $fastcgi_cache_inactive = '20m', + Optional[String] $fastcgi_cache_key = undef, + String $fastcgi_cache_keys_zone = 'd3:100m', + String $fastcgi_cache_levels = '1', + String $fastcgi_cache_max_size = '500m', + Optional[String] $fastcgi_cache_path = undef, + Optional[String] $fastcgi_cache_use_stale = undef, + $gzip = 'on', + $gzip_buffers = undef, + $gzip_comp_level = 1, + $gzip_disable = 'msie6', + $gzip_min_length = 20, + $gzip_http_version = 1.1, + $gzip_proxied = 'off', + $gzip_types = undef, + $gzip_vary = 'off', + Optional[Variant[Hash, Array]] $http_cfg_prepend = undef, + Optional[Variant[Hash, Array]] $http_cfg_append = undef, + $http_tcp_nodelay = 'on', + $http_tcp_nopush = 'off', + $keepalive_timeout = '65', + $keepalive_requests = '100', + $log_format = {}, + Boolean $mail = false, + Boolean $stream = false, + String $multi_accept = 'off', + Integer $names_hash_bucket_size = 64, + Integer $names_hash_max_size = 512, + $nginx_cfg_prepend = false, + String $proxy_buffers = '32 4k', + String $proxy_buffer_size = '8k', + String $proxy_cache_inactive = '20m', + String $proxy_cache_keys_zone = 'd2:100m', + String $proxy_cache_levels = '1', + String $proxy_cache_max_size = '500m', + Optional[Variant[Hash, String]] $proxy_cache_path = undef, + Optional[Integer] $proxy_cache_loader_files = undef, + Optional[String] $proxy_cache_loader_sleep = undef, + Optional[String] $proxy_cache_loader_threshold = undef, + Optional[Enum['on', 'off']] $proxy_use_temp_path = undef, + $proxy_connect_timeout = '90', + Integer $proxy_headers_hash_bucket_size = 64, + Optional[String] $proxy_http_version = undef, + $proxy_read_timeout = '90', + $proxy_redirect = undef, + $proxy_send_timeout = '90', + Array $proxy_set_header = [ 'Host $host', 'X-Real-IP $remote_addr', 'X-Forwarded-For $proxy_add_x_forwarded_for', 'Proxy ""', ], - Array $proxy_hide_header = [], - Array $proxy_pass_header = [], - $sendfile = 'on', - String $server_tokens = 'on', - $spdy = 'off', - $http2 = 'off', - $ssl_stapling = 'off', - $types_hash_bucket_size = '512', - $types_hash_max_size = '1024', - Integer $worker_connections = 1024, - Variant[Integer, Enum['auto']] $worker_processes = 1, - Integer $worker_rlimit_nofile = 1024, - Enum['on', 'off'] $ssl_prefer_server_ciphers = 'on', - $ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2', - $ssl_ciphers = 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS', + Array $proxy_hide_header = [], + Array $proxy_pass_header = [], + $sendfile = 'on', + String $server_tokens = 'on', + $spdy = 'off', + $http2 = 'off', + $ssl_stapling = 'off', + $types_hash_bucket_size = '512', + $types_hash_max_size = '1024', + Integer $worker_connections = 1024, + Enum['on', 'off'] $ssl_prefer_server_ciphers = 'on', + Variant[Integer, Enum['auto']] $worker_processes = 1, + Integer $worker_rlimit_nofile = 1024, + $ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2', + $ssl_ciphers = 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS', ### START Package Configuration ### - $package_ensure = present, - $package_name = $::nginx::params::package_name, - $package_source = 'nginx', - $package_flavor = undef, - $manage_repo = $::nginx::params::manage_repo, - $passenger_package_ensure = 'present', + $package_ensure = present, + $package_name = $::nginx::params::package_name, + $package_source = 'nginx', + $package_flavor = undef, + $manage_repo = $::nginx::params::manage_repo, + $passenger_package_ensure = 'present', ### END Package Configuration ### ### START Service Configuation ### - $service_ensure = running, - $service_flags = undef, - $service_restart = undef, - $service_name = undef, - $service_manage = true, + $service_ensure = running, + $service_flags = undef, + $service_restart = undef, + $service_name = undef, + $service_manage = true, ### END Service Configuration ### ### START Hiera Lookups ### - $geo_mappings = {}, - $string_mappings = {}, - $nginx_locations = {}, - $nginx_mailhosts = {}, - $nginx_mailhosts_defaults = {}, - $nginx_streamhosts = {}, - $nginx_upstreams = {}, - $nginx_servers = {}, - $nginx_servers_defaults = {}, + $geo_mappings = {}, + $string_mappings = {}, + $nginx_locations = {}, + $nginx_mailhosts = {}, + $nginx_mailhosts_defaults = {}, + $nginx_streamhosts = {}, + $nginx_upstreams = {}, + $nginx_servers = {}, + $nginx_servers_defaults = {}, ### END Hiera Lookups ### ) inherits ::nginx::params { - class { '::nginx::package': - package_name => $package_name, - package_source => $package_source, - package_ensure => $package_ensure, - package_flavor => $package_flavor, - passenger_package_ensure => $passenger_package_ensure, - notify => Class['::nginx::service'], - manage_repo => $manage_repo, - } - - include '::nginx::config' - include '::nginx::service' - - Class['::nginx::package'] -> Class['::nginx::config'] ~> Class['::nginx::service'] + contain '::nginx::package' + contain '::nginx::config' + contain '::nginx::service' create_resources('nginx::resource::upstream', $nginx_upstreams) create_resources('nginx::resource::server', $nginx_servers, $nginx_servers_defaults) @@ -190,11 +178,6 @@ # Allow the end user to establish relationships to the "main" class # and preserve the relationship to the implementation classes through # a transitive relationship to the composite class. - anchor{ 'nginx::begin': - before => Class['::nginx::package'], - notify => Class['::nginx::service'], - } - anchor { 'nginx::end': - require => Class['::nginx::service'], - } + Class['::nginx::package'] -> Class['::nginx::config'] ~> Class['::nginx::service'] + Class['::nginx::package'] ~> Class['::nginx::service'] } diff --git a/manifests/package.pp b/manifests/package.pp index ae896d8de..ac062697f 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -13,42 +13,23 @@ # Sample Usage: # # This class file is not called directly -class nginx::package( - $package_name = $::nginx::params::package_name, - $package_source = 'nginx', - $package_ensure = 'present', - $package_flavor = undef, - $passenger_package_ensure = 'present', - $manage_repo = $::nginx::params::manage_repo, -) { +class nginx::package { - assert_private() + $package_name = $::nginx::package_name + $package_source = $::nginx::package_source + $package_ensure = $::nginx::package_ensure + $package_flavor = $::nginx::package_flavor + $passenger_package_ensure = $::nginx::passenger_package_ensure + $manage_repo = $::nginx::manage_repo - anchor { 'nginx::package::begin': } - anchor { 'nginx::package::end': } + assert_private() case $::osfamily { 'redhat': { - class { '::nginx::package::redhat': - manage_repo => $manage_repo, - package_source => $package_source, - package_ensure => $package_ensure, - passenger_package_ensure => $passenger_package_ensure, - package_name => $package_name, - require => Anchor['nginx::package::begin'], - before => Anchor['nginx::package::end'], - } + contain ::nginx::package::redhat } 'debian': { - class { '::nginx::package::debian': - package_name => $package_name, - package_source => $package_source, - package_ensure => $package_ensure, - passenger_package_ensure => $passenger_package_ensure, - manage_repo => $manage_repo, - require => Anchor['nginx::package::begin'], - before => Anchor['nginx::package::end'], - } + contain ::nginx::package::debian } 'Solaris': { # $package_name needs to be specified. SFEnginx,CSWnginx depending on diff --git a/manifests/package/debian.pp b/manifests/package/debian.pp index 08e074a14..f8d8f6ca2 100644 --- a/manifests/package/debian.pp +++ b/manifests/package/debian.pp @@ -13,13 +13,14 @@ # Sample Usage: # # This class file is not called directly -class nginx::package::debian ( - $manage_repo = true, - $package_name = 'nginx', - $package_source = 'nginx', - $package_ensure = 'present', - $passenger_package_ensure = 'present' - ) { +class nginx::package::debian { + + $package_name = $::nginx::package_name + $package_source = $::nginx::package_source + $package_ensure = $::nginx::package_ensure + $package_flavor = $::nginx::package_flavor + $passenger_package_ensure = $::nginx::passenger_package_ensure + $manage_repo = $::nginx::manage_repo $distro = downcase($::operatingsystem) diff --git a/manifests/package/redhat.pp b/manifests/package/redhat.pp index 5cb4a20fd..5b33a1d34 100644 --- a/manifests/package/redhat.pp +++ b/manifests/package/redhat.pp @@ -13,21 +13,21 @@ # Sample Usage: # # This class file is not called directly -class nginx::package::redhat ( - $manage_repo = true, - $package_ensure = 'present', - $package_name = 'nginx', - $package_source = 'nginx-stable', - $passenger_package_ensure = 'present', -) { +class nginx::package::redhat { + + $package_name = $::nginx::package_name + $package_source = $::nginx::package_source + $package_ensure = $::nginx::package_ensure + $package_flavor = $::nginx::package_flavor + $passenger_package_ensure = $::nginx::passenger_package_ensure + $manage_repo = $::nginx::manage_repo #Install the CentOS-specific packages on that OS, otherwise assume it's a RHEL #clone and provide the Red Hat-specific package. This comes into play when not #on RHEL or CentOS and $manage_repo is set manually to 'true'. - if $::operatingsystem == 'centos' { - $_os = 'centos' - } else { - $_os = 'rhel' + $_os = $::operatingsystem? { + 'centos' => 'centos', + default => 'rhel' } if $manage_repo { diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb index 4cb2c1204..a7c48a30a 100644 --- a/spec/classes/nginx_spec.rb +++ b/spec/classes/nginx_spec.rb @@ -22,13 +22,9 @@ describe 'with defaults' do it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('nginx') } - it { is_expected.to contain_anchor('nginx::begin') } - it { is_expected.to contain_class('nginx::package').that_requires('Anchor[nginx::begin]') } it { is_expected.to contain_class('nginx::config').that_requires('Class[nginx::package]') } - it { is_expected.to contain_class('nginx::service').that_subscribes_to('Anchor[nginx::begin]') } it { is_expected.to contain_class('nginx::service').that_subscribes_to('Class[nginx::package]') } it { is_expected.to contain_class('nginx::service').that_subscribes_to('Class[nginx::config]') } - it { is_expected.to contain_anchor('nginx::end').that_requires('Class[nginx::service]') } it { is_expected.to contain_nginx__resource__upstream('upstream1') } it { is_expected.to contain_nginx__resource__server('test2.local') } it { is_expected.to contain_nginx__resource__server('test2.local').with_listen_options('default_server') } @@ -60,8 +56,6 @@ end it { is_expected.to contain_yumrepo('nginx-release').that_comes_before('Package[nginx]') } it { is_expected.to contain_yumrepo('passenger').that_comes_before('Package[nginx]') } - it { is_expected.to contain_anchor('nginx::package::begin').that_comes_before('Class[nginx::package::redhat]') } - it { is_expected.to contain_anchor('nginx::package::end').that_requires('Class[nginx::package::redhat]') } end context 'package_source => nginx-mainline' do @@ -164,8 +158,6 @@ 'key' => { 'id' => '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62' } ) end - it { is_expected.to contain_anchor('nginx::package::begin').that_comes_before('Class[nginx::package::debian]') } - it { is_expected.to contain_anchor('nginx::package::end').that_requires('Class[nginx::package::debian]') } end context 'package_source => nginx-mainline' do diff --git a/templates/mailhost/mailhost.erb b/templates/mailhost/mailhost.erb index 116052d44..d0599032c 100644 --- a/templates/mailhost/mailhost.erb +++ b/templates/mailhost/mailhost.erb @@ -26,6 +26,7 @@ server { listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%# check to see if ipv6 support exists in the kernel before applying -%> +<%# FIXME this logic is duplicated all over the place -%> <%- if @ipv6_enable && (defined? @ipaddress6) -%> <%- if @ipv6_listen_ip.is_a?(Array) then -%> <%- @ipv6_listen_ip.each do |ipv6| -%> diff --git a/templates/mailhost/mailhost_ssl.erb b/templates/mailhost/mailhost_ssl.erb index 09e066240..edf90a4c2 100644 --- a/templates/mailhost/mailhost_ssl.erb +++ b/templates/mailhost/mailhost_ssl.erb @@ -26,6 +26,7 @@ server { listen <%= @listen_ip %>:<%= @ssl_port %>; <%- end -%> <%# check to see if ipv6 support exists in the kernel before applying -%> +<%# FIXME this logic is duplicated all over the place -%> <%- if @ipv6_enable && (defined? @ipaddress6) -%> <%- if @ipv6_listen_ip.is_a?(Array) then -%> <%- @ipv6_listen_ip.each do |ipv6| -%> diff --git a/templates/server/server_header.erb b/templates/server/server_header.erb index 6fda39e78..88af03f5e 100644 --- a/templates/server/server_header.erb +++ b/templates/server/server_header.erb @@ -19,6 +19,7 @@ server { <%- end -%> <%- end -%> <%# check to see if ipv6 support exists in the kernel before applying -%> +<%# FIXME this logic is duplicated all over the place -%> <%- if @ipv6_enable && (defined? @ipaddress6) -%> <%- if @ipv6_listen_ip.is_a?(Array) then -%> <%- @ipv6_listen_ip.each do |ipv6| -%> diff --git a/templates/server/server_ssl_header.erb b/templates/server/server_ssl_header.erb index 4bdb17885..e02838689 100644 --- a/templates/server/server_ssl_header.erb +++ b/templates/server/server_ssl_header.erb @@ -10,6 +10,7 @@ server { listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%# check to see if ipv6 support exists in the kernel before applying -%> +<%# FIXME this logic is duplicated all over the place -%> <%- if @ipv6_enable && (defined? @ipaddress6) -%> <%- if @ipv6_listen_ip.is_a?(Array) then -%> <%- @ipv6_listen_ip.each do |ipv6| -%> diff --git a/templates/streamhost/streamhost.erb b/templates/streamhost/streamhost.erb index b91c2317c..a8ce85bd9 100644 --- a/templates/streamhost/streamhost.erb +++ b/templates/streamhost/streamhost.erb @@ -8,6 +8,7 @@ server { listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%# check to see if ipv6 support exists in the kernel before applying -%> +<%# FIXME this logic is duplicated all over the place -%> <%- if @ipv6_enable && (defined? @ipaddress6) -%> <%- if @ipv6_listen_ip.is_a?(Array) then -%> <%- @ipv6_listen_ip.each do |ipv6| -%> diff --git a/types/errorlogseverity.pp b/types/errorlogseverity.pp new file mode 100644 index 000000000..6ab08e8ea --- /dev/null +++ b/types/errorlogseverity.pp @@ -0,0 +1 @@ +type Nginx::ErrorLogSeverity = Enum['debug','info','notice','warn','error','crit','alert','emerg']