Merge pull request voxpupuli#120 from abraham1901/dev

Aggregated some PR & tested & simple bug fix & add new option
cegeka · Sep 16, 2013 · 65622a9 · 65622a9
2 parents 7945539 + 98c0920
commit 65622a9
Show file tree

Hide file tree

Showing 8 changed files with 133 additions and 51 deletions.
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -30,6 +30,8 @@
   $client_max_body_size   = $nginx::params::nx_client_max_body_size,
   $proxy_buffers          = $nginx::params::nx_proxy_buffers,
   $http_cfg_append        = $nginx::params::nx_http_cfg_append,
+  $nginx_error_log        = $nginx::params::nx_nginx_error_log,
+  $http_access_log        = $nginx::params::nx_http_access_log,
   $proxy_buffer_size      = $nginx::params::nx_proxy_buffer_size,
 ) inherits nginx::params {
   File {

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -48,6 +48,8 @@
   $proxy_buffers          = $nginx::params::nx_proxy_buffers,
   $proxy_buffer_size      = $nginx::params::nx_proxy_buffer_size,
   $http_cfg_append        = $nginx::params::nx_http_cfg_append,
+  $nginx_error_log        = $nginx::params::nx_nginx_error_log,
+  $http_access_log        = $nginx::params::nx_http_access_log,
   $nginx_vhosts           = {},
   $nginx_upstreams        = {},
   $nginx_locations        = {},
@@ -75,6 +77,8 @@
     proxy_buffers         => $proxy_buffers,
     proxy_buffer_size     => $proxy_buffer_size,
     http_cfg_append       => $http_cfg_append,
+    nginx_error_log       => $nginx_error_log,
+    http_access_log       => $http_access_log,
     require               => Class['nginx::package'],
     notify                => Class['nginx::service'],
   }

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -85,6 +85,8 @@
 
   $nx_http_cfg_append = false
 
-  $package_ensure = 'present'
+  $nx_nginx_error_log = "${nx_logdir}/error.log"
+  $nx_http_access_log = "${nx_logdir}/access.log"
 
+  $package_ensure = 'present'
 }
diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp
@@ -3,27 +3,44 @@
 # This definition creates a new location entry within a virtual host
 #
 # Parameters:
-#   [*ensure*]               - Enables or disables the specified location (present|absent)
-#   [*vhost*]                - Defines the default vHost for this location entry to include with
-#   [*location*]             - Specifies the URI associated with this location entry
-#   [*location_allow*]      - Array: Locations to allow connections from.
-#   [*location_deny*]       - Array: Locations to deny connections from.
-#   [*www_root*]             - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
-#   [*index_files*]          - Default index files for NGINX to read when traversing a directory
-#   [*proxy*]                - Proxy server(s) for a location to connect to. Accepts a single value, can be used in conjunction
-#                              with nginx::resource::upstream
-#   [*proxy_read_timeout*]   - Override the default the proxy read timeout value of 90 seconds
+#   [*ensure*]               - Enables or disables the specified location
+#     (present|absent)
+#   [*vhost*]                - Defines the default vHost for this location
+#     entry to include with
+#   [*location*]             - Specifies the URI associated with this location
+#     entry
+#   [*location_allow*]       - Array: Locations to allow connections from.
+#   [*location_deny*]        - Array: Locations to deny connections from.
+#   [*www_root*]             - Specifies the location on disk for files to be
+#     read from. Cannot be set in conjunction with $proxy
+#   [*index_files*]          - Default index files for NGINX to read when
+#     traversing a directory
+#   [*proxy*]                - Proxy server(s) for a location to connect to.
+#     Accepts a single value, can be used in conjunction with
+#     nginx::resource::upstream
+#   [*proxy_read_timeout*]   - Override the default the proxy read timeout
+#     value of 90 seconds
 #   [*fastcgi*]              - location of fastcgi (host:port)
 #   [*fastcgi_params*]       - optional alternative fastcgi_params file to use
 #   [*fastcgi_script*]       - optional SCRIPT_FILE parameter
-#   [*fastcgi_split_path*]   - Allows settings of fastcgi_split_path_info so that you can split the script_name and path_info via regex
-#   [*ssl*]                  - Indicates whether to setup SSL bindings for this location.
-#   [*ssl_only*]             - Required if the SSL and normal vHost have the same port.
-#   [*location_alias*]       - Path to be used as basis for serving requests for this location
-#   [*stub_status*]          - If true it will point configure module stub_status to provide nginx stats on location
-#   [*location_custom_cfg*]  - Expects a hash with custom directives, cannot be used with other location types (proxy, fastcgi, root, or stub_status)
-#   [*location_cfg_prepend*] - Expects a hash with extra directives to put before anything else inside location (used with all other types except custom_cfg)
-#   [*location_cfg_append*]  - Expects a hash with extra directives to put after everything else inside location (used with all other types except custom_cfg)
+#   [*fastcgi_split_path*]   - Allows settings of fastcgi_split_path_info so
+#     that you can split the script_name and path_info via regex
+#   [*ssl*]                  - Indicates whether to setup SSL bindings for
+#     this location.
+#   [*ssl_only*]             - Required if the SSL and normal vHost have the
+#     same port.
+#   [*location_alias*]       - Path to be used as basis for serving requests
+#     for this location
+#   [*stub_status*]          - If true it will point configure module
+#     stub_status to provide nginx stats on location
+#   [*location_custom_cfg*]  - Expects a hash with custom directives, cannot
+#     be used with other location types (proxy, fastcgi, root, or stub_status)
+#   [*location_cfg_prepend*] - Expects a hash with extra directives to put
+#     before anything else inside location (used with all other types except
+#     custom_cfg)
+#   [*location_cfg_append*]  - Expects a hash with extra directives to put
+#     after everything else inside location (used with all other types except
+#     custom_cfg)
 #   [*try_files*]            - An array of file locations to try
 #   [*option*]               - Reserved for future use
 #   [*proxy_cache*]           - This directive sets name of zone for caching.
@@ -137,7 +154,7 @@
     $content_real = template('nginx/vhost/vhost_location_empty.erb')
   }
 
-  if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) { 
+  if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) {
     file { '/etc/nginx/fastcgi_params':
       ensure  => present,
       mode    => '0770',

diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
@@ -3,36 +3,56 @@
 # This definition creates a virtual host
 #
 # Parameters:
-#   [*ensure*]              - Enables or disables the specified vhost (present|absent)
-#   [*listen_ip*]           - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*)
-#   [*listen_port*]         - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80
-#   [*listen_options*]      - Extra options for listen directive like 'default' to catchall. Undef by default.
+#   [*ensure*]              - Enables or disables the specified vhost
+#     (present|absent)
+#   [*listen_ip*]           - Default IP Address for NGINX to listen with this
+#     vHost on. Defaults to all interfaces (*)
+#   [*listen_port*]         - Default IP Port for NGINX to listen with this
+#     vHost on. Defaults to TCP 80
+#   [*listen_options*]      - Extra options for listen directive like
+#     'default' to catchall. Undef by default.
 #   [*location_allow*]      - Array: Locations to allow connections from.
 #   [*location_deny*]       - Array: Locations to deny connections from.
-#   [*ipv6_enable*]         - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6
-#                             support exists on your system before enabling.
-#   [*ipv6_listen_ip*]      - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::)
-#   [*ipv6_listen_port*]    - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80
-#   [*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on.
-#                             While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'.
-#   [*index_files*]         - Default index files for NGINX to read when traversing a directory
-#   [*proxy*]               - Proxy server(s) for the root location to connect to.  Accepts a single value, can be used in
-#                             conjunction with nginx::resource::upstream
-#   [*proxy_read_timeout*]  - Override the default the proxy read timeout value of 90 seconds
+#   [*ipv6_enable*]         - BOOL value to enable/disable IPv6 support
+#     (false|true). Module will check to see if IPv6 support exists on your
+#     system before enabling.
+#   [*ipv6_listen_ip*]      - Default IPv6 Address for NGINX to listen with
+#     this vHost on. Defaults to all interfaces (::)
+#   [*ipv6_listen_port*]    - Default IPv6 Port for NGINX to listen with this
+#     vHost on. Defaults to TCP 80
+#   [*ipv6_listen_options*] - Extra options for listen directive like 'default'
+#     to catchall. Template will allways add ipv6only=on. While issue
+#     jfryman/puppet-nginx#30 is discussed, default value is 'default'.
+#   [*index_files*]         - Default index files for NGINX to read when
+#     traversing a directory
+#   [*proxy*]               - Proxy server(s) for the root location to connect
+#     to.  Accepts a single value, can be used in conjunction with
+#     nginx::resource::upstream
+#   [*proxy_read_timeout*]  - Override the default the proxy read timeout value
+#     of 90 seconds
 #   [*fastcgi*]             - location of fastcgi (host:port)
 #   [*fastcgi_params*]      - optional alternative fastcgi_params file to use
 #   [*fastcgi_script*]      - optional SCRIPT_FILE parameter
-#   [*ssl*]                 - Indicates whether to setup SSL bindings for this vhost.
-#   [*ssl_cert*]            - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
-#   [*ssl_key*]             - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
-#   [*ssl_port*]            - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
-#   [*ssl_protocols*]       - SSL protocols enabled. Defaults to 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'.
-#   [*ssl_ciphers*]         - SSL ciphers enabled. Defaults to 'HIGH:!aNULL:!MD5'.
+#   [*ssl*]                 - Indicates whether to setup SSL bindings for this
+#     vhost.
+#   [*ssl_cert*]            - Pre-generated SSL Certificate file to reference
+#     for SSL Support. This is not generated by this module.
+#   [*ssl_key*]             - Pre-generated SSL Key file to reference for SSL
+#     Support. This is not generated by this module.
+#   [*ssl_port*]            - Default IP Port for NGINX to listen with this SSL
+#     vHost on. Defaults to TCP 443
+#   [*ssl_protocols*]       - SSL protocols enabled. Defaults to 'SSLv3 TLSv1
+#     TLSv1.1 TLSv1.2'.
+#   [*ssl_ciphers*]         - SSL ciphers enabled. Defaults to
+#     'HIGH:!aNULL:!MD5'.
 #   [*spdy*]                - Toggles SPDY protocol.
-#   [*server_name*]         - List of vhostnames for which this vhost will respond. Default [$name].
-#   [*www_root*]            - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
+#   [*server_name*]         - List of vhostnames for which this vhost will
+#     respond. Default [$name].
+#   [*www_root*]            - Specifies the location on disk for files to be
+#     read from. Cannot be set in conjunction with $proxy
 #   [*rewrite_www_to_non_www*]  - Adds a server directive and rewrite rule to
-#     rewrite www.domain.com to domain.com in order to avoid duplicate content (SEO);
+#     rewrite www.domain.com to domain.com in order to avoid duplicate
+#     content (SEO);
 #   [*try_files*]               - Specifies the locations for files to be
 #     checked as an array. Cannot be used in conjuction with $proxy.
 #   [*proxy_cache*]             - This directive sets name of zone for caching.
@@ -45,9 +65,15 @@
 #     the authentication realm.
 #   [*vhost_cfg_append*]        - It expects a hash with custom directives to
 #     put after everything else inside vhost
+#   [*vhost_cfg_prepend*]       - It expects a hash with custom directives to
+#     put before everything else inside vhost
 #   [*rewrite_to_https*]        - Adds a server directive and rewrite rule to
 #      rewrite to ssl
 #   [*include_files*]           - Adds include files to vhost
+#   [*access_log*]              - Where to write access log. May add additional
+#      options like log format to the end.
+#   [*error_log*]               - Where to write error log. May add additional
+#      options like error level to the end.
 #
 # Actions:
 #
@@ -101,8 +127,11 @@
   $try_files              = undef,
   $auth_basic             = undef,
   $auth_basic_user_file   = undef,
+  $vhost_cfg_prepend      = undef,
   $vhost_cfg_append       = undef,
-  $include_files          = undef
+  $include_files          = undef,
+  $access_log             = undef,
+  $error_log              = undef,
 ) {
 
   validate_array($location_allow)
@@ -132,6 +161,19 @@
     }
   }
 
+  # This was a lot to add up in parameter list so add it down here
+  # Also opted to add more logic here and keep template cleaner which
+  # unfortunately means resorting to the $varname_real thing
+  $domain_log_name = regsubst($name, ' ', '_', 'G')
+  $access_log_real = $access_log ? {
+    undef   => "${nginx::params::nx_logdir}/${domain_log_name}.access.log",
+    default => $access_log,
+  }
+  $error_log_real = $error_log ? {
+    undef   => "${nginx::params::nx_logdir}/${domain_log_name}.error.log",
+    default => $error_log,
+  }
+
   # Use the File Fragment Pattern to construct the configuration files.
   # Create the base configuration file reference.
   if ($listen_port != $ssl_port) {
@@ -183,7 +225,7 @@
       location_cfg_append => $location_cfg_append }
   }
 
-  if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) { 
+  if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) {
     file { '/etc/nginx/fastcgi_params':
       ensure  => present,
       mode    => '0770',
@@ -198,6 +240,15 @@
 
   # Create SSL File Stubs if SSL is enabled
   if ($ssl == true) {
+    # Access and error logs are named differently in ssl template
+    $ssl_access_log = $access_log ? {
+      undef   => "${nginx::params::nx_logdir}/ssl-${domain_log_name}.access.log",
+      default => $access_log,
+    }
+    $ssl_error_log = $error_log ? {
+      undef   => "${nginx::params::nx_logdir}/ssl-${domain_log_name}.error.log",
+      default => $error_log,
+    }
     file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-700-ssl":
       ensure  => $ensure ? {
         'absent' => absent,

diff --git a/templates/conf.d/nginx.conf.erb b/templates/conf.d/nginx.conf.erb
@@ -1,7 +1,7 @@
 user <%= scope.lookupvar('nginx::config::nx_daemon_user') %>;
 worker_processes <%= @worker_processes %>;
 
-error_log  <%= scope.lookupvar('nginx::params::nx_logdir')%>/error.log;
+error_log  <%= @nginx_error_log %>;
 pid        <%= scope.lookupvar('nginx::params::nx_pid')%>;
 
 events {
@@ -14,7 +14,7 @@ http {
   include       /etc/nginx/mime.types;
   default_type  application/octet-stream;
 
-  access_log  <%= scope.lookupvar('nginx::params::nx_logdir')%>/access.log;
+  access_log  <%= @http_access_log %>;
 
   sendfile    <%= scope.lookupvar('nginx::params::nx_sendfile')%>;
 

diff --git a/templates/vhost/vhost_header.erb b/templates/vhost/vhost_header.erb
@@ -11,6 +11,12 @@ server {
 <% if defined? @auth_basic_user_file -%>
   auth_basic_user_file <%= @auth_basic_user_file %>;
 <% end -%>
+<%# make sure that allow comes before deny by forcing the allow key (if it -%>
+<%# exists) to be first in the output order.  The hash keys also need to be -%>
+<%# sorted so that the ordering is stable. -%>
+<% if @vhost_cfg_prepend -%><% vhost_cfg_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
+  <%= key %> <%= value %>;
+<% end -%><% end -%>
 <% @proxy_set_header.each do |header| -%>
   proxy_set_header        <%= header %>;
 <% end -%>
@@ -20,6 +26,6 @@ server {
   }
 <% end -%>
 
-  access_log            <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= @name.gsub(' ', '_') %>.access.log;
-  error_log             <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= @name.gsub(' ', '_') %>.error.log;
+  access_log            <%= @access_log_real %>;
+  error_log             <%= @error_log_real %>;
 
diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb
@@ -21,5 +21,5 @@ server {
   auth_basic_user_file      "<%= @auth_basic_user_file %>";
 <% end -%>
 
-  access_log            <%= scope.lookupvar('nginx::params::nx_logdir')%>/ssl-<%= @name.gsub(' ', '_') %>.access.log;
-  error_log             <%= scope.lookupvar('nginx::params::nx_logdir')%>/ssl-<%= @name.gsub(' ', '_') %>.error.log;
+  access_log            <%= @ssl_access_log %>;
+  error_log             <%= @ssl_error_log %>;