Left: | ||
Right: |
LEFT | RIGHT |
---|---|
1 class nginx ( | 1 class nginx ( |
2 $worker_processes = $nginx::params::worker_processes, | 2 $worker_processes = $nginx::params::worker_processes, |
3 $worker_connections = $nginx::params::worker_connections, | 3 $worker_connections = $nginx::params::worker_connections, |
4 $ssl_session_cache = $nginx::params::ssl_session_cache | 4 $ssl_session_cache = $nginx::params::ssl_session_cache |
5 ) inherits nginx::params { | 5 ) inherits nginx::params { |
6 | 6 |
7 apt::source {'nginx': | 7 apt::source {'nginx': |
8 location => "http://nginx.org/packages/ubuntu", | 8 location => "http://nginx.org/packages/ubuntu", |
9 repos => "nginx", | 9 repos => "nginx", |
10 key => "7BD9BF62", | 10 key => "7BD9BF62", |
11 key_source => "http://nginx.org/keys/nginx_signing.key" | 11 key_source => "http://nginx.org/keys/nginx_signing.key" |
12 } | 12 } |
13 | 13 |
14 # Ensures that nginx is not installed from the Ubuntu sources | 14 # Ensures that nginx is not installed from the Ubuntu sources |
15 package {'nginx-common': | 15 package {'nginx-common': |
16 ensure => purged, | 16 ensure => purged, |
17 before => Package['nginx'] | 17 before => Package['nginx'] |
18 } | 18 } |
19 | 19 |
20 package {'nginx': | 20 package {'nginx': |
21 ensure => '1.8.0-1~precise', | 21 ensure => '1.8.0-1~precise', |
22 require => Apt::Source['nginx'] | 22 require => Apt::Source['nginx'] |
23 } | 23 } |
24 | 24 |
25 File { | 25 File { |
26 owner => root, | 26 owner => root, |
27 group => root, | 27 group => root, |
28 mode => 0644, | 28 mode => 0644, |
29 } | 29 } |
30 | |
31 Exec { | |
32 path => '/usr/bin:/bin', | |
33 logoutput => 'on_failure', | |
34 } | |
35 | |
30 | 36 |
31 file {'/etc/nginx/nginx.conf': | 37 file {'/etc/nginx/nginx.conf': |
32 content => template('nginx/nginx.conf.erb'), | 38 content => template('nginx/nginx.conf.erb'), |
33 require => Package['nginx'], | 39 require => Package['nginx'], |
34 notify => Service['nginx'] | 40 notify => Service['nginx'] |
35 } | 41 } |
36 | 42 |
37 file {'/etc/nginx/sites-available': | 43 file {'/etc/nginx/sites-available': |
38 ensure => directory, | 44 ensure => directory, |
39 require => Package['nginx'] | 45 require => Package['nginx'] |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
112 require => File["/etc/nginx/sites-available/${domain}"], | 118 require => File["/etc/nginx/sites-available/${domain}"], |
113 content => template('nginx/logrotate.erb') | 119 content => template('nginx/logrotate.erb') |
114 } | 120 } |
115 } | 121 } |
116 | 122 |
117 file {'/etc/logrotate.d/nginx': | 123 file {'/etc/logrotate.d/nginx': |
118 source => 'puppet:///modules/nginx/logrotate', | 124 source => 'puppet:///modules/nginx/logrotate', |
119 require => Package['nginx'] | 125 require => Package['nginx'] |
120 } | 126 } |
121 | 127 |
122 $log_path = '/var/log/nginx' | 128 $find_cmd_base = [ |
129 'find', '/var/log/nginx', | |
130 '-mindepth', '1', '-maxdepth', '1', '-type', 'f', | |
131 ] | |
123 | 132 |
124 $user_quoted = shellquote($nginx::params::user) | 133 # Kill the find process to force an exit status != 0 by finding the parent pid |
125 $chown_find_cmd_base = "find ${log_path} -mindepth 1 -maxdepth 1 -type f \( \! -user ${user_quoted} -o \! -group adm \)" | 134 # of the exec's sh process |
126 $chown_cmd = "$chown_find_cmd_base -ls -exec chown ${user_quoted}.adm {} \;" | 135 $find_kill_exec = [ |
127 $chown_onlyif_cmd = "test $(${chown_find_cmd_base} -print |wc -l) -gt 0" | 136 '-exec', 'sh', '-c', |
137 'ps -p $$ -o ppid= | xargs kill -TERM', | |
138 ';', | |
139 ] | |
140 | |
141 $find_chown_base = [ | |
142 $find_cmd_base, | |
143 '-not', '(', '-user', $nginx::params::user, '-and', '-group', 'adm', ')', | |
144 ] | |
145 $find_chown_exec = [ | |
146 '-ls', '-exec', 'chown', | |
147 "${nginx::params::user}.adm", '{}', ';', | |
148 ] | |
149 | |
128 exec {"set_logfiles_owner": | 150 exec {"set_logfiles_owner": |
129 command => $chown_cmd, | 151 command => shellquote($find_chown_base, $find_chown_exec), |
130 onlyif => $chown_onlyif_cmd, | 152 unless => shellquote($find_chown_base, $find_kill_exec), |
131 path => '/bin:/usr/bin', | 153 subscribe => Service['nginx'], |
mathias
2015/07/09 14:28:47
Please use "/usr/bin:/bin".
| |
132 require => Package['nginx'], | |
133 } | 154 } |
134 | 155 |
135 $chmod_find_cmd_base = "find ${log_path} -mindepth 1 -maxdepth 1 -type f \! -p erm 0640" | 156 $find_chmod_base = [$find_cmd_base, '-not', '-perm', '0640'] |
136 $chmod_cmd = "$chmod_find_cmd_base -ls -exec chmod 0640 {} \;" | 157 $find_chmod_exec = ['-ls', '-exec', 'chmod', '0640', '{}', ';'] |
137 $chmod_onlyif_cmd = "test $(${chmod_find_cmd_base} -print |wc -l) -gt 0" | 158 |
138 exec {"set_logfiles_permissions": | 159 exec {"set_logfiles_permissions": |
139 command => $chmod_cmd, | 160 command => shellquote($find_chmod_base, $find_chmod_exec), |
140 onlyif => $chmod_onlyif_cmd, | 161 unless => shellquote($find_chmod_base, $find_kill_exec), |
141 path => '/bin:/usr/bin', | 162 subscribe => Service['nginx'], |
mathias
2015/07/09 14:28:47
It may actually be easier to use a class-wide `Exe
| |
142 require => Package['nginx'], | |
143 } | 163 } |
144 | 164 |
145 service {'nginx': | 165 service {'nginx': |
146 ensure => running, | 166 ensure => running, |
147 enable => true, | 167 enable => true, |
148 restart => '/etc/init.d/nginx reload', | 168 restart => '/etc/init.d/nginx reload', |
149 hasstatus => true, | 169 hasstatus => true, |
150 require => File['/etc/nginx/nginx.conf'] | 170 require => File['/etc/nginx/nginx.conf'] |
151 } | 171 } |
152 } | 172 } |
LEFT | RIGHT |