|
class nginx::config {
include nginx::config::iptables
group { "nginx":
ensure => present,
before => USER["nginx"],
}
user { "nginx":
ensure => present,
groups => 'nginx',
shell => '/sbin/nologin',
}
file { '/etc/nginx/nginx.conf':
ensure => file,
owner => root,
group => root,
mode => 400,
content => template("nginx/nginx.conf.erb"),
require => Class['nginx::install'],
}
case $nginx_conf {
pub: {
file { '/etc/nginx/conf.d':
ensure => directory,
source => 'puppet:///modules/nginx/conf.d/DeployPub',
ignore => '.svn',
owner => root,
group => root,
mode => '0640',
recurse => remote,
require => Class['nginx::install'],
}
}
test: {
file { '/etc/nginx/conf.d':
ensure => directory,
source => 'puppet:///modules/nginx/conf.d/DeployTest',
ignore => '.svn',
owner => root,
group => root,
mode => '0640',
recurse => remote,
require => Class['nginx::install'],
}
}
}
file { 'nginxd':
path => '/etc/rc.d/init.d/nginxd',
ensure => file,
owner => root,
group => root,
mode => 755,
content => template("nginx/nginxd.erb"),
require => Class['nginx::install'],
}
}
class nginx::config::iptables {
Exec{ path => ['/usr/bin','/usr/sbin','/bin','/sbin'] }
exec { 'open_port_80':
command => 'iptables -I INPUT -p tcp --dport 80 -j ACCEPT',
unless => 'grep "tcp --dport 80" /etc/sysconfig/iptables 2>/dev/null',
notify => Exec['save_port_80'],
}
exec { 'save_port_80':
command => 'service iptables save',
refreshonly => true,
}
} |
|
|