Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Offer a template for nginx config files #4654

Draft
wants to merge 11 commits into
base: main
Choose a base branch
from
Draft

Offer a template for nginx config files #4654

wants to merge 11 commits into from

Conversation

acozine
Copy link
Contributor

@acozine acozine commented Feb 9, 2024
edited
Loading

Closes #4349.

Supersedes #4397.

  • Adds a template for our "bog standard" nginx config, making it easier to propagate changes across multiple sites
  • Makes a backup of the entire config directory so we can roll back quickly when changes fail
  • Puts nginx config files into two subdirectories of /etc/nginx/conf.d
    • /static for static config files (stored as .conf in the nginx role) - we will likely always have static config files for complicated sites
    • /dynamic for dynamic config files (built from a template and variables in the nginx role)
  • Checks for obsolete files in both directories and removes them - this makes it easy to migrate sites from static to dynamic config and avoids the step of deleting the entire config directory
  • Loads the two new subdirectories in the main nginx config
  • Adds a custom failure message when nginx -t fails
  • Moves three sites from static to dynamic config:
    • abid_staging
    • allsearch-api_prod
    • allsearch-api_staging

This was referenced Feb 9, 2024
Merged
Closed
@acozine acozine marked this pull request as ready for review February 9, 2024 22:03
@acozine
Copy link
Contributor Author

acozine commented Feb 9, 2024

I don't think we've sanitized the SSL certificate directory names - some of them don't match the config file names. Before we merge this PR, we may want to:

  • add a check that the SSL certificate directory matches the variable name used for the config (this should make nginx -t fail if it's wrong, but . . . belt and suspenders)
  • update the cert-generation playbook to use the vars from the nginx role
  • pre-check existing certs and regenerate any that don't match

@acozine
Copy link
Contributor Author

acozine commented Mar 5, 2024

Current failure is:

   ERROR! Unable to retrieve file contents
  Could not find or access '/home/runner/work/princeton_ansible/princeton_ansible/roles/byzantine/molecule/default/conf/cleanup-config.yml' on the Ansible Controller.

@sandbergja
Copy link
Member

@acozine , @carolyncole, @regineheberlein , and I looked into the test failure. It is an accurate failure: it is complaining about a missing file, and the file is indeed missing from this branch. cleanup-config.yml was the file that was destroying all the nginx configs, so we are pretty sure that we should remove the import_tasks, but we'd like to do this with care to confirm that it doesn't harm anything.

@acozine acozine mentioned this pull request Mar 6, 2024
Closed
acozine and others added 11 commits April 16, 2024 11:47
@acozine @christinach
@kayiwa @sandbergja @rladdusaw @VickieKarasic
templated nginx config work so far
894dd42 
Co-authored-by: Christina Chortaria <christinach@users.noreply.github.com>
Co-authored-by: Francis Kayiwa <kayiwa@users.noreply.github.com>
Co-authored-by: Jane Sandberg <sandbergja@users.noreply.github.com>
Co-authored-by: Ryan Laddusaw <rladdusaw@users.noreply.github.com>
Co-authored-by: Vickie Karasic <vickiekarasic@users.noreply.github.com>
@acozine
do not make backups of static config files
aec0a95
@acozine
make a backup of all config
48f34ab
@acozine @carolyncole
@christinach @kayiwa @rladdusaw
make the config validation run when testing templatized configs
85ef215 
Co-authored-by: Carolyn Cole <carolyncole@users.noreply.github.com>
Co-authored-by: Christina Chortaria <christinach@users.noreply.github.com>
Co-authored-by: Francis Kayiwa <kayiwa@users.noreply.github.com>
Co-authored-by: Ryan Laddusaw <rladdusaw@users.noreply.github.com>
@acozine @sandbergja
handle 'nginx -t' failures with custom message
11c2347 
Co-authored-by: Jane Sandberg <sandbergja@users.noreply.github.com>
@acozine
make backup dir a variable
ac3eca0
@acozine
creates static subdir for nginx config files, loads static and dynami…
30067b4 
…c dirs in main config
@acozine
turn on removing obsolete static files, make var names clearer
13b4188
@acozine
removes task that deleted all nginx config
cf28802
@acozine
remove tag for testing template work
07e825f
@acozine @carolyncole
@sandbergja @regineheberlein
removes import task for deleted tasks file, we do config removal diff…
7020a5a 
…erently now

Co-authored-by: Carolyn Cole <carolyncole@users.noreply.github.com>
Co-authored-by: Jane Sandberg <sandbergja@users.noreply.github.com>
Co-authored-by: regineheberlein <regineheberlein@users.noreply.github.com>
@carolyncole
Copy link
Member

During Ansible open house we tried to run this PR in it's current state. It did not create the static directory and skipped the steps for some reason. @acozine will add in the command we ran after she returns tomorrow.

@VickieKarasic
Copy link
Contributor

Discussed in Ansible Open Hours: This seems like it's ripe for testing on the dev loadbalancer now that we have it.

@acozine acozine marked this pull request as draft November 18, 2024 17:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create nginx config using a template, not files
4 participants
@acozine @sandbergja @carolyncole @VickieKarasic