Issue 10590026: Install Nginx 1.4.1 from the official repository

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 10590026: Install Nginx 1.4.1 from the official repository (Closed)

Created:
May 17, 2013, 11:04 a.m. by Felix Dahlke

Modified:
Nov. 12, 2013, 10:10 a.m.

Reviewers:
Wladimir Palant

Visibility:
Public.

Description

Nginx 1.4.1 is not available in the Ubuntu repository yet, so this switches to the official repository. I had to remove the apt update from the pre stage and add a dependency chain with Package instead, which is the cleaner solution anyway. With apt update running in the pre stage, we couldn't add additional sources using the apt package. Also changed the server configuration of Discourse to make sure we listen on port 80 for ipv4.

Patch Set 1 #

Total comments: 2

Created: May 17, 2013, 11:04 a.m.

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+27 lines, -5 lines)			Patch
M	modules/base/manifests/init.pp	View	1 chunk	+5 lines, -4 lines	0 comments	Download
M	modules/discourse/files/intraforum.adblockplus.org	View	1 chunk	+1 line, -0 lines	0 comments	Download
M	modules/nginx/manifests/init.pp	View	2 chunks	+21 lines, -1 line	2 comments	Download

Messages

Total messages: 3

Expand All Messages | Collapse All Messages

Wladimir Palant

LGTM but I have a question below. http://codereview.adblockplus.org/10590026/diff/1/modules/nginx/manifests/init.pp File modules/nginx/manifests/init.pp (right): http://codereview.adblockplus.org/10590026/diff/1/modules/nginx/manifests/init.pp#newcode17 modules/nginx/manifests/init.pp:17: ensure => ...

May 18, 2013, 9:52 a.m. (2013-05-18 09:52:32 UTC) #2

Felix Dahlke

May 21, 2013, 5:40 a.m. (2013-05-21 05:40:57 UTC) #3

http://codereview.adblockplus.org/10590026/diff/1/modules/nginx/manifests/ini...
File modules/nginx/manifests/init.pp (right):

http://codereview.adblockplus.org/10590026/diff/1/modules/nginx/manifests/ini...
modules/nginx/manifests/init.pp:17: ensure => '1.4.1-1~precise',
On 2013/05/18 09:52:32, Wladimir Palant wrote:
> Will that also allow for newer versions?

No, this will install exactly this version. I've thought a bit about how we can
handle security upgrades, and I see three options:

1) Use "ensure => present" and use something like apt-cron to automatically
install security updates
2) Use "ensure => latest" to make Puppet automatically install the newest
available version
3) Use "ensure => $version" to install the exact version we want.

I thought option 1 was our way to go, but in the case of the latest Nginx
update, we would have broken it on all servers, that's something I'd love to
avoid.

Option 2 is similar to option 1, except that we'll at least install the update
during the puppet update, i.e. we're more likely to notice issues. In a way,
it's more dangerous than option 1 though, since these are all upgrades, not just
security upgrades.

Option 3 seems like the best bet. When a new version of Nginx is released, we
have control over when we upgrade, and should thus be able to avoid issues.

Expand All Messages | Collapse All Messages