Skip to content

Commit

Permalink
refactor: replace old nginx with nginx.ng
Browse files Browse the repository at this point in the history
BREAKING CHANGE: all previous `nginx` based configurations must be reviewed;
`nginx.ng` usage must be promoted to `nginx` and any uses of the original
`nginx` will have to be converted.
  • Loading branch information
daks authored and myii committed May 12, 2019
1 parent 90d2601 commit 0fc5070
Show file tree
Hide file tree
Showing 35 changed files with 586 additions and 1,780 deletions.
69 changes: 10 additions & 59 deletions docs/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -17,99 +17,50 @@ Available states
:local:

``nginx``
---------

Runs the states to install nginx, configure the common files, and the users.

``nginx.common``
----------------

Ensures standard nginx files are in place, and configures enabled sites.

``nginx.luajit2``
-----------------

Installs luajit.

``nginx.openresty``
-------------------

Installs openresty.

``nginx.package``
-----------------

Installs the nginx package via package manager.

``nginx.source``
----------------

Installs nginx via the source files.

``nginx.users``
---------------

Installs apache utils, and configures nginx users specified in the pillar.
This requires `basicauth <https://github.com/saltstack/salt-contrib/blob/master/modules/basicauth.py>`_
from `salt-contrib <https://github.com/saltstack/salt-contrib/>`_ (either add it to your salt or ship
this single file in your `_modules` directory see `Dynamic Module Distribution
<https://docs.saltstack.com/en/latest/ref/file_server/dynamic-modules.html>`_

Next-generation, alternate approach
===================================

The following states provide an alternate approach to managing Nginx and Nginx
servers, as well as code organization. Please provide feedback by filing issues,
discussing in ``#salt`` in Freenode and the mailing list as normal.

.. contents::
:local:

``nginx.ng``
------------

Meta-state for inclusion of all ng states.
Meta-state for inclusion of all states.

**Note:** nginx.ng requires the merge parameter of salt.modules.pillar.get(),
**Note:** nginx requires the merge parameter of salt.modules.pillar.get(),
first available in the Helium release.

``nginx.ng.pkg``
``nginx.pkg``
--------------------

Installs nginx from package, from the distribution repositories, the official nginx repo or the ppa from Launchpad.

``nginx.ng.src``
``nginx.src``
--------------------

Builds and installs nginx from source.

``nginx.ng.certificates``
``nginx.certificates``
-------------------

Manages the deployment of nginx certificates.

``nginx.ng.config``
``nginx.config``
-------------------

Manages the nginx main server configuration file.

``nginx.ng.service``
``nginx.service``
--------------------

Manages the startup and running state of the nginx service.

``nginx.ng.servers_config``
``nginx.servers_config``
--------------------------

Manages virtual host files. This state only manages the content of the files
and does not bind them to service calls.

``nginx.ng.servers``
``nginx.servers``
-------------------

Manages nginx virtual hosts files and binds them to service calls.

``nginx.ng.passenger``
``nginx.passenger``
----------------------

Installs and configures Phusion Passenger module for nginx. You need to enable
Expand Down
2 changes: 1 addition & 1 deletion docs/TOFS_pattern.rst
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ Using SaltStack is a simple and effective way to implement configuration managem

To avoid this situation we can use the `pillar mechanism <http://docs.saltstack.com/en/latest/topics/pillar/>`_, which is designed to provide controlled access to data from the minions based on some selection rules. As pillar data could be easily integrated in the `Jinja <http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html>`_ templates, it is a good mechanism to store values to be used in the final rendering of state files and templates.

There are a variety of approaches on the usage of pillar and templates as seen in the `saltstack-formulas <https://github.com/saltstack-formulas>`_' repositories. `Some <https://github.com/saltstack-formulas/nginx-formula/pull/18>`_ `developments <https://github.com/saltstack-formulas/php-formula/pull/14>`_ stress the initial purpose of pillar data into a storage for most of the possible variables for a determined system configuration. This, in my opinion, is shifting too much load from the original template files approach. Adding up some `non-trivial Jinja <https://github.com/spsoit/nginx-formula/blob/81de880fe0276dd9488ffa15bc78944c0fc2b919/nginx/ng/files/nginx.conf>`_ code as essential part of composing the state file definitely makes SaltStack state files (hence formulas) more difficult to read. The extreme of this approach is that we could end up with a new render mechanism, implemented in Jinja, storing everything needed in pillar data to compose configurations. Additionally, we are establishing a strong dependency with the Jinja renderer.
There are a variety of approaches on the usage of pillar and templates as seen in the `saltstack-formulas <https://github.com/saltstack-formulas>`_' repositories. `Some <https://github.com/saltstack-formulas/nginx-formula/pull/18>`_ `developments <https://github.com/saltstack-formulas/php-formula/pull/14>`_ stress the initial purpose of pillar data into a storage for most of the possible variables for a determined system configuration. This, in my opinion, is shifting too much load from the original template files approach. Adding up some `non-trivial Jinja <https://github.com/spsoit/nginx-formula/blob/81de880fe0276dd9488ffa15bc78944c0fc2b919/nginx/files/nginx.conf>`_ code as essential part of composing the state file definitely makes SaltStack state files (hence formulas) more difficult to read. The extreme of this approach is that we could end up with a new render mechanism, implemented in Jinja, storing everything needed in pillar data to compose configurations. Additionally, we are establishing a strong dependency with the Jinja renderer.

In opposition to the *put the code in file_roots and the data in pillars* approach, there is the *pillar as a store for a set of key-values* approach. A full-blown configuration file abstracted in pillar and jinja is complicated to develop, understand and maintain. I think a better and simpler approach is to keep a configuration file templated using just a basic (non-extensive but extensible) set of pillar values.

Expand Down
2 changes: 1 addition & 1 deletion kitchen.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ provisioner:
state_top:
base:
'*':
- nginx.ng
- nginx
pillars:
top.sls:
base:
Expand Down
26 changes: 13 additions & 13 deletions nginx/ng/certificates.sls → nginx/certificates.sls
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
{% from 'nginx/ng/map.jinja' import nginx with context %}
{% from 'nginx/map.jinja' import nginx with context %}
include:
- nginx.ng.service
- nginx.service
{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}
{% set certificates_path = salt['pillar.get']('nginx:certificates_path', '/etc/nginx/ssl') %}
{%- for dh_param, value in salt['pillar.get']('nginx:ng:dh_param', {}).items() %}
{%- for dh_param, value in salt['pillar.get']('nginx:dh_param', {}).items() %}
{%- if value is string %}
create_nginx_dhparam_{{ dh_param }}_key:
file.managed:
- name: {{ certificates_path }}/{{ dh_param }}
- contents_pillar: nginx:ng:dh_param:{{ dh_param }}
- contents_pillar: nginx:dh_param:{{ dh_param }}
- makedirs: True
- watch_in:
- service: nginx_service
Expand All @@ -30,30 +30,30 @@ generate_nginx_dhparam_{{ dh_param }}_key:
{%- endif %}
{%- endfor %}
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}
{%- for domain in salt['pillar.get']('nginx:certificates', {}).keys() %}
nginx_{{ domain }}_ssl_certificate:
file.managed:
- name: {{ certificates_path }}/{{ domain }}.crt
- makedirs: True
{% if salt['pillar.get']("nginx:ng:certificates:{}:public_cert_pillar".format(domain)) %}
- contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:public_cert_pillar'.format(domain))}}
{% if salt['pillar.get']("nginx:certificates:{}:public_cert_pillar".format(domain)) %}
- contents_pillar: {{salt['pillar.get']('nginx:certificates:{}:public_cert_pillar'.format(domain))}}
{% else %}
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
- contents_pillar: nginx:certificates:{{ domain }}:public_cert
{% endif %}
- watch_in:
- service: nginx_service
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain))%}
{% if salt['pillar.get']("nginx:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain))%}
nginx_{{ domain }}_ssl_key:
file.managed:
- name: {{ certificates_path }}/{{ domain }}.key
- mode: 600
- makedirs: True
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain)) %}
- contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:private_key_pillar'.format(domain))}}
{% if salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}
- contents_pillar: {{salt['pillar.get']('nginx:certificates:{}:private_key_pillar'.format(domain))}}
{% else %}
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
- contents_pillar: nginx:certificates:{{ domain }}:private_key
{% endif %}
- watch_in:
- service: nginx_service
Expand Down
58 changes: 0 additions & 58 deletions nginx/common.sls

This file was deleted.

6 changes: 3 additions & 3 deletions nginx/ng/config.sls → nginx/config.sls
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# nginx.ng.config
# nginx.config
#
# Manages the main nginx server configuration file.

{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %}
{% from 'nginx/map.jinja' import nginx, sls_block with context %}
{% if nginx.install_from_source %}
nginx_log_dir:
Expand All @@ -15,7 +15,7 @@ nginx_log_dir:
{% if 'source_path' in nginx.server.config %}
{% set source_path = nginx.server.config.source_path %}
{% else %}
{% set source_path = 'salt://nginx/ng/files/nginx.conf' %}
{% set source_path = 'salt://nginx/files/nginx.conf' %}
{% endif %}
nginx_config:
file.managed:
Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
42 changes: 27 additions & 15 deletions nginx/init.sls
Original file line number Diff line number Diff line change
@@ -1,18 +1,30 @@
{% from "nginx/map.jinja" import nginx as nginx_map with context %}
# nginx
#
# Meta-state to fully install nginx.

{% from 'nginx/map.jinja' import nginx, sls_block with context %}
include:
- nginx.common
{% if salt['pillar.get']('nginx:use_upstart', nginx_map['use_upstart']) %}
- nginx.upstart
{% elif salt['pillar.get']('nginx:use_sysvinit', nginx_map['use_sysvinit']) %}
- nginx.sysvinit
{% endif %}
{% if pillar.get('nginx', {}).get('user_auth_enabled', true) %}
- nginx.users
{% endif %}
{% if pillar.get('nginx', {}).get('install_from_source', false) %}
- nginx.source
{% else %}
- nginx.package
{% endif -%}
- nginx.config
- nginx.service
{% if nginx.snippets is defined %}
- nginx.snippets
{% endif %}
- nginx.servers
- nginx.certificates
extend:
nginx_service:
service:
- listen:
- file: nginx_config
- require:
- file: nginx_config
nginx_config:
file:
- require:
{% if nginx.install_from_source %}
- cmd: nginx_install
{% else %}
- pkg: nginx_install
{% endif %}
16 changes: 0 additions & 16 deletions nginx/luajit2.sls

This file was deleted.

Loading

0 comments on commit 0fc5070

Please sign in to comment.