Switch to using concat{} instead of lots of file{} magic. #167
Conversation
|
So is this going to get merged? |
|
👍 looks good. any progress on this? |
|
Going to take a pass at this now that we have some spec coverage. There are a bunch of things I want to make sure pass before going forward. @apenney can you rebase one more time? I'm going to attack this during the Thanksgiving Holiday |
|
Oh this is my branch, I took @apenney's work from #136 and rebased with a couple of changes. I'll rebase later today or tomorrow and update the specs. To test this properly you'd need coverage from rspec-system or similar. I might look into that for this since I want to use it for some of my own work, so it'll teach me a lot (like writing the rspec tests did). I think a lot of the rspec tests could be reused, and it could check the full file rather than the fragments. Two questions:
|
|
@3flex I don't think your first question should even be a question. If you do not separate them that way then we won't be able to define proper configurations. I ran into this problem myself as currently the files are not separated. (ex: try with the current module to properly set up a reverse proxy). |
|
@CtrlC-Root I agree, it was just when I rebased the old PR I didn't want to make any functional changes, but just get it in a state to be merged. I'll add that then, and try to model off the way puppetlabs-apache does it for some level of consistency unless there are any objections. |
|
|
I'd appreciate a review at this point. I've added the sites-available/enabled pattern similar to the puppetlabs-apache module, and removed the files/directories the module created under /tmp. |
It messes with rspec-system builds and isn't really relevant for code that's running directly on Puppet
required to work around puppetlabs-toy-chest/rspec-system-serverspec#6
Doesn't work with current rspec-system-puppet gem (no puppet_install helper support)
See http://docs.puppetlabs.com/man/apply.html puppet_apply from rspec-system-puppet runs with --detailed-exitcodes
nginx won't start if it can't get OpenSSL to validate the key/cert combo
|
Ping @jfryman. I think I've fixed up all the issues, and I've run the rspec-system tests successfully on Ubuntu 12.04, CentOS 6.4 and Fedora 18. I couldn't add many scenarios since rspec-system is slow and it's hard to iterate but nginx starts and responds to requests on each system. cc @CtrlC-Root @deric in case you have feedback |
Also uses sites-available/enabled pattern for config files
Don't generate it anymore, and remove any existing file from people's systems
| @@ -294,4 +310,12 @@ | |||
| source => $ssl_key, | |||
| }) | |||
| } | |||
|
|
|||
| file{ "${name}.conf symlink": | |||
There was a problem hiding this comment.
I'm a little confused by this here. I know that this pull incorporates the sites-available and sites-enabled pattern. I like how that's laid out, but I want to say that if I define it in code, that it should be in sites-enabled.
Thoughts?
There was a problem hiding this comment.
Are you suggesting this module just put the vhost file in sites-enabled directly, with no symlink to sites-available? puppetlabs-apache puts the generated config file in sites-available then symlinks from sites-enabled if the vhost is enabled, and removes both the file and symlink if absent. See https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/vhost.pp#L426.
Also if there's no symlink there'll be no way to remove a site from sites-enabled since puppetlabs-concat doesn't have $ensure support yet so it'll be impossible to remove the file concat generated.
|
Muy bueno. A few comments, but otherwise 👍 |
|
I'll remove the Let me know about the symlink. My preference is to leave it as is. |
|
I'd really like to get rid of the symlink. I don't see how it provides value other than sticking with the old debian way of filtering out what is available and what is enabled. This certainly isn't closed, but I'd like to understand why this helps. Otherwise, I think it should come out. |
|
@jfryman It follows the principle of least surprise. For whatever reason, common web servers are configured this way. Maybe it's a holdover from the past or maybe there's a really clever reason for it, but whatever the reason may be it's the defacto standard. This helps because:
|
|
I was going to say "consistency" but like @CtrlC-Root's explanation. I could add comments to the header in the vhost templates saying both the file and the symlink in Also without the symlink there's no way to remove the vhost from the nginx config if the file goes directly in nginx::resource::vhost { 'test':
ensure => 'present',
}
#vhost added to sites-enabledbut say I want to remove my test vhost: nginx::resource::vhost { 'test':
ensure => 'absent',
}The vhost config will remain in |
|
I would also vote for keeping the symlinks, at least for Debian. If other distributions choose different pattern, then Puppet module should respected the convention for each of them. It could be quite frustrating when nginx configuration doesn't look like the one from the distribution. |
|
I'd need to know the layouts for RH/Fedora and Suse if they're going to differ. But it's easy to add support. |
|
@3flex They don't. Here's the module I'm currently using in production on my RHEL6.4 machines: https://github.com/CtrlC-Root/puppet-nginx. You can look at it for reference if it helps. |
|
I know the current setup will work as is on other distros, I was only wondering if they had different conventions for laying out their nginx vhosts and if so what they are so they can be supported as well as Debian based distros. |
|
@3flex sorry for the confusion, I misunderstood your question. I do believe the conventions are the same on RHEL. I remember reading the NGINX documentation when I wrote my module, and I think it's the same layout on all platforms. Of course, this could be changed by supplying a different default config file with packaged versions but this is not the case on RHEL. |
|
All good points. Thanks @CtrlC-Root @3flex. Okay, here we go! |
Switch to using concat{} instead of lots of file{} magic.
|
I'm going to let this bake with folks not using the Puppet Forge module for a few days, and cut a release at the end of week. Any folks that wanna give this a go and report back with issues (if any) would be greatly appreciated. |
Taken from #136 and rebased. I removed the formatting changes to make things a bit easier to read.
Note this question from the previous PR was left outstanding, if anyone has an opinion please let me know.
Resolves #135
Resolves #136
Resolves #159
Still to do:
conf.mail.d/vhost_autogen.confconf.d/vhost_autogen.confGive the mail config a different filename to avoid clashes with vhost configs (using the same host name for both would affect the same file and compilation would fail)Instead, have excluded mailhosts from sites-available/enabled pattern since mail config is separate from http config