Disable EPEL repository when installing NGINX #11
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Recent patch releases of nginx show difference in the default configuration folder between NGINX and EPEL repositories. Since the previous task deal with the installation of the stable NGINX repository, this ensures this repository is used.
|
For reference, the following commands yum install -y epel-release
yum install -y https://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install -y --disablerepo=epel nginx
cp /etc/nginx/nginx.conf /tmp/nginx-1.20.1-1.el7.conf
yum remove -y nginx
yum install -y nginx
diff /tmp/nginx-1.20.1-1.el7.conf /etc/nginx/nginx.confexpose the diff in the NGINX configuration files [root@b6ef96a3dc61 /]# diff /tmp/nginx-1.20.1-1.el7.conf /etc/nginx/nginx.conf
0a1,8
> # For more information on configuration, see:
> # * Official English Documentation: http://nginx.org/en/docs/
> # * Official Russian Documentation: http://nginx.org/ru/docs/
>
> user nginx;
> worker_processes auto;
> error_log /var/log/nginx/error.log;
> pid /run/nginx.pid;
2,7c10,11
< user nginx;
< worker_processes auto;
<
< error_log /var/log/nginx/error.log notice;
< pid /var/run/nginx.pid;
<
---
> # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
> include /usr/share/nginx/modules/*.conf;
10c14
< worker_connections 1024;
---
> worker_connections 1024;
13d16
<
15,17d17
< include /etc/nginx/mime.types;
< default_type application/octet-stream;
<
24,27c24,36
< sendfile on;
< #tcp_nopush on;
<
< keepalive_timeout 65;
---
> sendfile on;
> tcp_nopush on;
> tcp_nodelay on;
> keepalive_timeout 65;
> types_hash_max_size 4096;
>
> include /etc/nginx/mime.types;
> default_type application/octet-stream;
>
> # Load modular configuration files from the /etc/nginx/conf.d directory.
> # See http://nginx.org/en/docs/ngx_core_module.html#include
> # for more information.
> include /etc/nginx/conf.d/*.conf;
29c38,81
< #gzip on;
---
> server {
> listen 80;
> listen [::]:80;
> server_name _;
> root /usr/share/nginx/html;
>
> # Load configuration files for the default server block.
> include /etc/nginx/default.d/*.conf;
>
> error_page 404 /404.html;
> location = /404.html {
> }
>
> error_page 500 502 503 504 /50x.html;
> location = /50x.html {
> }
> }
>
> # Settings for a TLS enabled server.
> #
> # server {
> # listen 443 ssl http2;
> # listen [::]:443 ssl http2;
> # server_name _;
> # root /usr/share/nginx/html;
> #
> # ssl_certificate "/etc/pki/nginx/server.crt";
> # ssl_certificate_key "/etc/pki/nginx/private/server.key";
> # ssl_session_cache shared:SSL:1m;
> # ssl_session_timeout 10m;
> # ssl_ciphers HIGH:!aNULL:!MD5;
> # ssl_prefer_server_ciphers on;
> #
> # # Load configuration files for the default server block.
> # include /etc/nginx/default.d/*.conf;
> #
> # error_page 404 /404.html;
> # location = /40x.html {
> # }
> #
> # error_page 500 502 503 504 /50x.html;
> # location = /50x.html {
> # }
> # }
31d82
< include /etc/nginx/conf.d/*.conf;
32a84
> |
This was referenced Jun 29, 2021
|
21eacd5 includes a new Molecule test for the issue fixed in this PR. Without the fixes, #12 and https://github.com/ome/ansible-role-nginx/pull/12/checks?check_run_id=2950556354 demonstrate it is failing With 4373dfd, an additional tasks checks whether EPEL is installed and disables it conditionally. The Molecule tests are now passing on this PR and IDR/deployment#337 tests the fix in a more advanced Ansible playbook context. |
|
Raised at OME standup this morning. No objection raised. Merging, releasing and updating the downstream playbooks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Recent patch releases of nginx show difference in the default configuration folder between NGINX and EPEL repositories
Since the previous task deal with the installation of the stable NGINX repository, this ensures this repository is used.
This is a similar issue to the one dealt with in ome/devspace#183. In the case of our Ansible playbooks, this was discovered in the context of a pilot IDR server with Nginx 1.20.1-2el7 always serving the default page. The content of
/etc/nginx/nginx.confshipped by the EPEL rpm now includes a defaultserversection and no longer works out-of-the box with the nginx configuration created by https://github.com/ome/ansible-role-omero-web/blob/d6fa479790aa272f8ebca048dfaf3ba4cca4a07e/tasks/web-nginx.yml#L20-L26. This does not affect advanced playbooks e.g. usingome.nginx_proxyor manually overwritingnginx.confThis PR makes the minimal change to ensure the existing playbooks keep working as expected.
Proposed tag:
2.1.2