modules/nginx/manifests/init.pp - Issue 29321355: Issue 2600 - Normalize ownership and priviliges for Nginx logs

Delta Between Two Patch Sets: modules/nginx/manifests/init.pp

Issue 29321355: Issue 2600 - Normalize ownership and priviliges for Nginx logs (Closed)

Left Patch Set: Approach using two execs and find Created July 6, 2015, 4:14 p.m.

Right Patch Set: Apply 80 character line length formatting Created July 13, 2015, 1:23 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 class nginx (	1 class nginx (

2 $worker_processes = $nginx::params::worker_processes,	2 $worker_processes = $nginx::params::worker_processes,

3 $worker_connections = $nginx::params::worker_connections,	3 $worker_connections = $nginx::params::worker_connections,

4 $ssl_session_cache = $nginx::params::ssl_session_cache	4 $ssl_session_cache = $nginx::params::ssl_session_cache

5 ) inherits nginx::params {	5 ) inherits nginx::params {

6	6

7 apt::source {'nginx':	7 apt::source {'nginx':

8 location => "http://nginx.org/packages/ubuntu",	8 location => "http://nginx.org/packages/ubuntu",

9 repos => "nginx",	9 repos => "nginx",

10 key => "7BD9BF62",	10 key => "7BD9BF62",

11 key_source => "http://nginx.org/keys/nginx_signing.key"	11 key_source => "http://nginx.org/keys/nginx_signing.key"

12 }	12 }

13	13

14 # Ensures that nginx is not installed from the Ubuntu sources	14 # Ensures that nginx is not installed from the Ubuntu sources

15 package {'nginx-common':	15 package {'nginx-common':

16 ensure => purged,	16 ensure => purged,

17 before => Package['nginx']	17 before => Package['nginx']

18 }	18 }

19	19

20 package {'nginx':	20 package {'nginx':

21 ensure => '1.8.0-1~precise',	21 ensure => '1.8.0-1~precise',

22 require => Apt::Source['nginx']	22 require => Apt::Source['nginx']

23 }	23 }

24	24

25 File {	25 File {

26 owner => root,	26 owner => root,

27 group => root,	27 group => root,

28 mode => 0644,	28 mode => 0644,

29 }	29 }

	30

	31 Exec {

	32 path => '/usr/bin:/bin',

	33 logoutput => 'on_failure',

	34 }

	35

30	36

31 file {'/etc/nginx/nginx.conf':	37 file {'/etc/nginx/nginx.conf':

32 content => template('nginx/nginx.conf.erb'),	38 content => template('nginx/nginx.conf.erb'),

33 require => Package['nginx'],	39 require => Package['nginx'],

34 notify => Service['nginx']	40 notify => Service['nginx']

35 }	41 }

36	42

37 file {'/etc/nginx/sites-available':	43 file {'/etc/nginx/sites-available':

38 ensure => directory,	44 ensure => directory,

39 require => Package['nginx']	45 require => Package['nginx']

(...skipping 72 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
112 require => File["/etc/nginx/sites-available/${domain}"],	118 require => File["/etc/nginx/sites-available/${domain}"],

113 content => template('nginx/logrotate.erb')	119 content => template('nginx/logrotate.erb')

114 }	120 }

115 }	121 }

116	122

117 file {'/etc/logrotate.d/nginx':	123 file {'/etc/logrotate.d/nginx':

118 source => 'puppet:///modules/nginx/logrotate',	124 source => 'puppet:///modules/nginx/logrotate',

119 require => Package['nginx']	125 require => Package['nginx']

120 }	126 }

121	127

122 $log_path = '/var/log/nginx'	128 $find_cmd_base = [

	129 'find', '/var/log/nginx',

	130 '-mindepth', '1', '-maxdepth', '1', '-type', 'f',

	131 ]

123	132

124 $user_quoted = shellquote($nginx::params::user)	133 # Kill the find process to force an exit status != 0 by finding the parent pid

125 $chown_find_cmd_base = "find ${log_path} -mindepth 1 -maxdepth 1 -type f $ \! -user ${user_quoted} -o \! -group adm $"	134 # of the exec's sh process

126 $chown_cmd = "$chown_find_cmd_base -ls -exec chown ${user_quoted}.adm {} \;"	135 $find_kill_exec = [

127 $chown_onlyif_cmd = "test $(${chown_find_cmd_base} -print \|wc -l) -gt 0"	136 '-exec', 'sh', '-c',

	137 'ps -p $$ -o ppid= \| xargs kill -TERM',

	138 ';',

	139 ]

	140

	141 $find_chown_base = [

	142 $find_cmd_base,

	143 '-not', '(', '-user', $nginx::params::user, '-and', '-group', 'adm', ')',

	144 ]

	145 $find_chown_exec = [

	146 '-ls', '-exec', 'chown',

	147 "${nginx::params::user}.adm", '{}', ';',

	148 ]

	149

128 exec {"set_logfiles_owner":	150 exec {"set_logfiles_owner":

129 command => $chown_cmd,	151 command => shellquote($find_chown_base, $find_chown_exec),

130 onlyif => $chown_onlyif_cmd,	152 unless => shellquote($find_chown_base, $find_kill_exec),

131 path => '/bin:/usr/bin',	153 subscribe => Service['nginx'],
mathias 2015/07/09 14:28:47 Please use "/usr/bin:/bin". Please use "/usr/bin:/bin".
132 require => Package['nginx'],

133 }	154 }

134	155

135 $chmod_find_cmd_base = "find ${log_path} -mindepth 1 -maxdepth 1 -type f \! -p erm 0640"	156 $find_chmod_base = [$find_cmd_base, '-not', '-perm', '0640']

136 $chmod_cmd = "$chmod_find_cmd_base -ls -exec chmod 0640 {} \;"	157 $find_chmod_exec = ['-ls', '-exec', 'chmod', '0640', '{}', ';']

137 $chmod_onlyif_cmd = "test $(${chmod_find_cmd_base} -print \|wc -l) -gt 0"	158

138 exec {"set_logfiles_permissions":	159 exec {"set_logfiles_permissions":

139 command => $chmod_cmd,	160 command => shellquote($find_chmod_base, $find_chmod_exec),

140 onlyif => $chmod_onlyif_cmd,	161 unless => shellquote($find_chmod_base, $find_kill_exec),

141 path => '/bin:/usr/bin',	162 subscribe => Service['nginx'],
mathias 2015/07/09 14:28:47 It may actually be easier to use a class-wide `Exe It may actually be easier to use a class-wide `Exec { path => "..." }` instead of applying the aforementioned change twice.
142 require => Package['nginx'],

143 }	163 }

144	164

145 service {'nginx':	165 service {'nginx':

146 ensure => running,	166 ensure => running,

147 enable => true,	167 enable => true,

148 restart => '/etc/init.d/nginx reload',	168 restart => '/etc/init.d/nginx reload',

149 hasstatus => true,	169 hasstatus => true,

150 require => File['/etc/nginx/nginx.conf']	170 require => File['/etc/nginx/nginx.conf']

151 }	171 }

152 }	172 }

LEFT	RIGHT