Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Delta Between Two Patch Sets: modules/nginx/manifests/init.pp

Issue 29321355: Issue 2600 - Normalize ownership and priviliges for Nginx logs (Closed)
Left Patch Set: Approach using two execs and find Created July 6, 2015, 4:14 p.m.
Right Patch Set: Apply 80 character line length formatting Created July 13, 2015, 1:23 p.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « no previous file | no next file » | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 class nginx ( 1 class nginx (
2 $worker_processes = $nginx::params::worker_processes, 2 $worker_processes = $nginx::params::worker_processes,
3 $worker_connections = $nginx::params::worker_connections, 3 $worker_connections = $nginx::params::worker_connections,
4 $ssl_session_cache = $nginx::params::ssl_session_cache 4 $ssl_session_cache = $nginx::params::ssl_session_cache
5 ) inherits nginx::params { 5 ) inherits nginx::params {
6 6
7 apt::source {'nginx': 7 apt::source {'nginx':
8 location => "http://nginx.org/packages/ubuntu", 8 location => "http://nginx.org/packages/ubuntu",
9 repos => "nginx", 9 repos => "nginx",
10 key => "7BD9BF62", 10 key => "7BD9BF62",
11 key_source => "http://nginx.org/keys/nginx_signing.key" 11 key_source => "http://nginx.org/keys/nginx_signing.key"
12 } 12 }
13 13
14 # Ensures that nginx is not installed from the Ubuntu sources 14 # Ensures that nginx is not installed from the Ubuntu sources
15 package {'nginx-common': 15 package {'nginx-common':
16 ensure => purged, 16 ensure => purged,
17 before => Package['nginx'] 17 before => Package['nginx']
18 } 18 }
19 19
20 package {'nginx': 20 package {'nginx':
21 ensure => '1.8.0-1~precise', 21 ensure => '1.8.0-1~precise',
22 require => Apt::Source['nginx'] 22 require => Apt::Source['nginx']
23 } 23 }
24 24
25 File { 25 File {
26 owner => root, 26 owner => root,
27 group => root, 27 group => root,
28 mode => 0644, 28 mode => 0644,
29 } 29 }
30
31 Exec {
32 path => '/usr/bin:/bin',
33 logoutput => 'on_failure',
34 }
35
30 36
31 file {'/etc/nginx/nginx.conf': 37 file {'/etc/nginx/nginx.conf':
32 content => template('nginx/nginx.conf.erb'), 38 content => template('nginx/nginx.conf.erb'),
33 require => Package['nginx'], 39 require => Package['nginx'],
34 notify => Service['nginx'] 40 notify => Service['nginx']
35 } 41 }
36 42
37 file {'/etc/nginx/sites-available': 43 file {'/etc/nginx/sites-available':
38 ensure => directory, 44 ensure => directory,
39 require => Package['nginx'] 45 require => Package['nginx']
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after
112 require => File["/etc/nginx/sites-available/${domain}"], 118 require => File["/etc/nginx/sites-available/${domain}"],
113 content => template('nginx/logrotate.erb') 119 content => template('nginx/logrotate.erb')
114 } 120 }
115 } 121 }
116 122
117 file {'/etc/logrotate.d/nginx': 123 file {'/etc/logrotate.d/nginx':
118 source => 'puppet:///modules/nginx/logrotate', 124 source => 'puppet:///modules/nginx/logrotate',
119 require => Package['nginx'] 125 require => Package['nginx']
120 } 126 }
121 127
122 $log_path = '/var/log/nginx' 128 $find_cmd_base = [
129 'find', '/var/log/nginx',
130 '-mindepth', '1', '-maxdepth', '1', '-type', 'f',
131 ]
123 132
124 $user_quoted = shellquote($nginx::params::user) 133 # Kill the find process to force an exit status != 0 by finding the parent pid
125 $chown_find_cmd_base = "find ${log_path} -mindepth 1 -maxdepth 1 -type f \( \! -user ${user_quoted} -o \! -group adm \)" 134 # of the exec's sh process
126 $chown_cmd = "$chown_find_cmd_base -ls -exec chown ${user_quoted}.adm {} \;" 135 $find_kill_exec = [
127 $chown_onlyif_cmd = "test $(${chown_find_cmd_base} -print |wc -l) -gt 0" 136 '-exec', 'sh', '-c',
137 'ps -p $$ -o ppid= | xargs kill -TERM',
138 ';',
139 ]
140
141 $find_chown_base = [
142 $find_cmd_base,
143 '-not', '(', '-user', $nginx::params::user, '-and', '-group', 'adm', ')',
144 ]
145 $find_chown_exec = [
146 '-ls', '-exec', 'chown',
147 "${nginx::params::user}.adm", '{}', ';',
148 ]
149
128 exec {"set_logfiles_owner": 150 exec {"set_logfiles_owner":
129 command => $chown_cmd, 151 command => shellquote($find_chown_base, $find_chown_exec),
130 onlyif => $chown_onlyif_cmd, 152 unless => shellquote($find_chown_base, $find_kill_exec),
131 path => '/bin:/usr/bin', 153 subscribe => Service['nginx'],
mathias 2015/07/09 14:28:47 Please use "/usr/bin:/bin".
132 require => Package['nginx'],
133 } 154 }
134 155
135 $chmod_find_cmd_base = "find ${log_path} -mindepth 1 -maxdepth 1 -type f \! -p erm 0640" 156 $find_chmod_base = [$find_cmd_base, '-not', '-perm', '0640']
136 $chmod_cmd = "$chmod_find_cmd_base -ls -exec chmod 0640 {} \;" 157 $find_chmod_exec = ['-ls', '-exec', 'chmod', '0640', '{}', ';']
137 $chmod_onlyif_cmd = "test $(${chmod_find_cmd_base} -print |wc -l) -gt 0" 158
138 exec {"set_logfiles_permissions": 159 exec {"set_logfiles_permissions":
139 command => $chmod_cmd, 160 command => shellquote($find_chmod_base, $find_chmod_exec),
140 onlyif => $chmod_onlyif_cmd, 161 unless => shellquote($find_chmod_base, $find_kill_exec),
141 path => '/bin:/usr/bin', 162 subscribe => Service['nginx'],
mathias 2015/07/09 14:28:47 It may actually be easier to use a class-wide `Exe
142 require => Package['nginx'],
143 } 163 }
144 164
145 service {'nginx': 165 service {'nginx':
146 ensure => running, 166 ensure => running,
147 enable => true, 167 enable => true,
148 restart => '/etc/init.d/nginx reload', 168 restart => '/etc/init.d/nginx reload',
149 hasstatus => true, 169 hasstatus => true,
150 require => File['/etc/nginx/nginx.conf'] 170 require => File['/etc/nginx/nginx.conf']
151 } 171 }
152 } 172 }
LEFTRIGHT
« no previous file | no next file » | Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Toggle Comments ('s')

Powered by Google App Engine
This is Rietveld