-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable EPEL repository when installing NGINX #11
Conversation
Recent patch releases of nginx show difference in the default configuration folder between NGINX and EPEL repositories. Since the previous task deal with the installation of the stable NGINX repository, this ensures this repository is used.
For reference, the following commands yum install -y epel-release
yum install -y https://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install -y --disablerepo=epel nginx
cp /etc/nginx/nginx.conf /tmp/nginx-1.20.1-1.el7.conf
yum remove -y nginx
yum install -y nginx
diff /tmp/nginx-1.20.1-1.el7.conf /etc/nginx/nginx.conf expose the diff in the NGINX configuration files [root@b6ef96a3dc61 /]# diff /tmp/nginx-1.20.1-1.el7.conf /etc/nginx/nginx.conf
0a1,8
> # For more information on configuration, see:
> # * Official English Documentation: http://nginx.org/en/docs/
> # * Official Russian Documentation: http://nginx.org/ru/docs/
>
> user nginx;
> worker_processes auto;
> error_log /var/log/nginx/error.log;
> pid /run/nginx.pid;
2,7c10,11
< user nginx;
< worker_processes auto;
<
< error_log /var/log/nginx/error.log notice;
< pid /var/run/nginx.pid;
<
---
> # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
> include /usr/share/nginx/modules/*.conf;
10c14
< worker_connections 1024;
---
> worker_connections 1024;
13d16
<
15,17d17
< include /etc/nginx/mime.types;
< default_type application/octet-stream;
<
24,27c24,36
< sendfile on;
< #tcp_nopush on;
<
< keepalive_timeout 65;
---
> sendfile on;
> tcp_nopush on;
> tcp_nodelay on;
> keepalive_timeout 65;
> types_hash_max_size 4096;
>
> include /etc/nginx/mime.types;
> default_type application/octet-stream;
>
> # Load modular configuration files from the /etc/nginx/conf.d directory.
> # See http://nginx.org/en/docs/ngx_core_module.html#include
> # for more information.
> include /etc/nginx/conf.d/*.conf;
29c38,81
< #gzip on;
---
> server {
> listen 80;
> listen [::]:80;
> server_name _;
> root /usr/share/nginx/html;
>
> # Load configuration files for the default server block.
> include /etc/nginx/default.d/*.conf;
>
> error_page 404 /404.html;
> location = /404.html {
> }
>
> error_page 500 502 503 504 /50x.html;
> location = /50x.html {
> }
> }
>
> # Settings for a TLS enabled server.
> #
> # server {
> # listen 443 ssl http2;
> # listen [::]:443 ssl http2;
> # server_name _;
> # root /usr/share/nginx/html;
> #
> # ssl_certificate "/etc/pki/nginx/server.crt";
> # ssl_certificate_key "/etc/pki/nginx/private/server.key";
> # ssl_session_cache shared:SSL:1m;
> # ssl_session_timeout 10m;
> # ssl_ciphers HIGH:!aNULL:!MD5;
> # ssl_prefer_server_ciphers on;
> #
> # # Load configuration files for the default server block.
> # include /etc/nginx/default.d/*.conf;
> #
> # error_page 404 /404.html;
> # location = /40x.html {
> # }
> #
> # error_page 500 502 503 504 /50x.html;
> # location = /50x.html {
> # }
> # }
31d82
< include /etc/nginx/conf.d/*.conf;
32a84
> |
21eacd5 includes a new Molecule test for the issue fixed in this PR. Without the fixes, #12 and https://github.com/ome/ansible-role-nginx/pull/12/checks?check_run_id=2950556354 demonstrate it is failing
With 4373dfd, an additional tasks checks whether EPEL is installed and disables it conditionally. The Molecule tests are now passing on this PR and IDR/deployment#337 tests the fix in a more advanced Ansible playbook context. |
Raised at OME standup this morning. No objection raised. Merging, releasing and updating the downstream playbooks |
Recent patch releases of nginx show difference in the default configuration folder between NGINX and EPEL repositories
Since the previous task deal with the installation of the stable NGINX repository, this ensures this repository is used.
This is a similar issue to the one dealt with in ome/devspace#183. In the case of our Ansible playbooks, this was discovered in the context of a pilot IDR server with Nginx 1.20.1-2el7 always serving the default page. The content of
/etc/nginx/nginx.conf
shipped by the EPEL rpm now includes a defaultserver
section and no longer works out-of-the box with the nginx configuration created by https://github.com/ome/ansible-role-omero-web/blob/d6fa479790aa272f8ebca048dfaf3ba4cca4a07e/tasks/web-nginx.yml#L20-L26. This does not affect advanced playbooks e.g. usingome.nginx_proxy
or manually overwritingnginx.conf
This PR makes the minimal change to ensure the existing playbooks keep working as expected.
Proposed tag:
2.1.2