saltstack-formulas / nginx-formula

Nginx Salt Formula
http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
Other
163 stars 419 forks source link

Nginx package installed but service is dead #130

Closed NiteshSaxena closed 8 years ago

NiteshSaxena commented 8 years ago

I am trying to install Nginx on one of my salt-minion using salt-master when I used the command below everything seems to be installed fine but Nginx service looks dead. sudo salt 'envdev' state.apply

This command returns:

----------
          ID: nginx
    Function: service.running
      Result: False
     Comment: Service nginx is already enabled, and is dead
     Started: 07:31:00.671874
    Duration: 80.319 ms
     Changes:

Summary for envdev
-------------
Succeeded: 38 (changed=1)
Failed:     1
-------------
Total states run:     39
Total run time:    1.471 s
[DEBUG   ] jid 20160922073057008717 found all minions set(['envdev'])
ERROR: Minions returned with non-zero exit code

When I checked nginx version on my minion.

vagrant@envdev:~$ nginx -v
nginx version: nginx/1.10.1

When I tried to restart nginx service, it shows unrecognized service:

vagrant@envdev:~$ sudo service nginx restart
nginx: unrecognized service

Also, the Nginx configuration file is not present at location /etc/nginx/sites-enabled/default

Below is /srv/pillar/nginx.sls file:

nginx:
  install_from_source: True
  use_upstart: True
  use_sysvinit: False
  user_auth_enabled: True
  with_luajit: False
  with_openresty: True
  #repo_version: stable  # Must be using ppa install by setting `repo_source = ppa`
  set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled
    from_ips:
      - 10.10.10.0/24
    real_ip_header: X-Forwarded-For
  modules:
    headers-more:
      source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21
      source_hash: sha1=9146cb314cd3510d5fb7ac08e2027d1f24c924a0
  ng:
    # PPA install
    install_from_ppa: False
    # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx )
    ppa_version: 'stable'

    # Source install
    source_version: '1.10.1'
    source_hash: ''

    # These are usually set by grains in map.jinja
    lookup:
      package: nginx-custom
      service: nginx
      webuser: www-data
      conf_file: /etc/nginx/nginx.conf
      vhost_available: /etc/nginx/sites-available
      vhost_enabled: /etc/nginx/sites-enabled
      vhost_use_symlink: True
      # This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever
      rh_os_releasever: '6'
      # Currently it can be used on rhel/centos/suse when installing from repo
      gpg_check: True

    # Source compilation is not currently a part of nginx.ng
    from_source: False

    source:
      opts: {}

    package:
      opts: {} # this partially exposes parameters of pkg.installed

    service:
      enable: True # Whether or not the service will be enabled/running or dead
      opts: {} # this partially exposes parameters of service.running / service.dead

    server:
      opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file

      # nginx.conf (main server) declarations
      # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values
      config: 
        worker_processes: 4
        pid: /run/nginx.pid
        events:
          worker_connections: 768
        http:
          sendfile: 'on'
          include:
            - /etc/nginx/mime.types
            - /etc/nginx/conf.d/*.conf
            - /etc/nginx/sites-enabled/*

    vhosts:
      disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling
      symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites
      rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites
      managed_opts: {} # partially exposes file.managed params for managed vhost files
      dir_opts: {} # partially exposes file.directory params for site available/enabled dirs

      # vhost declarations
      # vhosts will default to being placed in vhost_available
      managed:
        mysite: # relative pathname of the vhost file
          # may be True, False, or None where True is enabled, False, disabled, and None indicates no action
          available_dir: /tmp/sites-available # an alternate directory (not sites-available) where this vhost may be found
          enabled_dir: /tmp/sites-enabled # an alternate directory (not sites-enabled) where this vhost may be found
          disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking
          enabled: True
          overwrite: True # overwrite an existing vhost file or not

          # May be a list of config options or None, if None, no vhost file will be managed/templated
          # Take server directives as lists of dictionaries. If the dictionary value is another list of
          # dictionaries a block {} will be started with the dictionary key name
          config:
            - server:
              - server_name: localhost
              - listen: 
                - 80
                - default_server
              - index:
                - index.html
                - index.htm
              - location ~ .htm:
                - try_files:
                  - $uri
                  - $uri/ =404
                - test: something else

          # The above outputs:
          # server {
          #    server_name localhost;
          #    listen 80 default_server;
          #    index index.html index.htm;
          #    location ~ .htm {
          #        try_files $uri $uri/ =404;
          #        test something else;
          #    }
          # }         

    # If you're doing SSL termination, you can deploy certificates this way.
    # The private one(s) should go in a separate pillar file not in version
    # control (or use encrypted pillar data).
    certificates:
      'www.example.com':
        public_cert: |
          -----BEGIN CERTIFICATE-----
          (Your Primary SSL certificate: www.example.com.crt)
          -----END CERTIFICATE-----
          -----BEGIN CERTIFICATE-----
          (Your Intermediate certificate: ExampleCA.crt)
          -----END CERTIFICATE-----
          -----BEGIN CERTIFICATE-----
          (Your Root certificate: TrustedRoot.crt)
          -----END CERTIFICATE-----
        private_key: |
          -----BEGIN RSA PRIVATE KEY-----
          (Your Private Key: www.example.com.key)
          -----END RSA PRIVATE KEY-----

Can anyone help me with this. I am running ubuntu/trusty64 box on virtualbox using vagrant with salt-master and salt-minion on two seperate VM.

gravyboat commented 8 years ago

Did you mean to install from source? I would recommend not doing that unless you need to compile some other things in. It looks like you didn't remove most of the pillar to only do what you needed for a basic setup.

NiteshSaxena commented 8 years ago

@gravyboat , Thanks for the quick reply but this is my first attempt to use nginx and saltstack so I am not sure how the pillar should look like, can you give me some more detail about it. My primary requirement is to configure nginx using saltstack so I can change the directory from where nginx gets the files to serve.

javierbertoli commented 8 years ago

Hi @NiteshSaxena, from what I saw when I used it, the nginx formula has TWO different ways to manage nginx, the 'old way' (states named nginx.*) and the Next Generation (states named nginx.ng.*). I used the latter ones.

Also, I'd recommend setting just the values you need in your pillar, and not copying the whole pillar.example, as many things there won't just work (pillar.example is usually a reference of valid parameters, and not a working example).

This is a working example of a nginx pillar, using nginx.ng (please note that many values in the pillar makes sense for my use case, change them or remove them as needed):

base:
  '*':
    - nginx.ng
    - nginx.ng.config
    - nginx.ng.service
nginx:
  ng:
    from_source: False
    service:
      enable: true
    server:
      config:
        user: 'www-data'
        worker_processes: '20'
        error_log: '/var/log/nginx/error.log'
        pid: '/run/nginx.pid'
        events:
          worker_connections: '1024'
          multi_accept: 'on'
        http:
          log_format: 'request_time "$remote_addr [$time_local] ''$request'' $http_host $status $body_bytes_sent $request_time"'
          access_log: '/var/log/nginx/access.log'
          sendfile: 'on'
          keepalive_timeout: '65'
          default_type: 'application/octet-stream'
          types_hash_max_size: '2048'
          tcp_nodelay: 'on'
          gzip: 'on'
          gzip_disable: 'msie6'
          include:
            - '/etc/nginx/mime.types'
            - '/etc/nginx/conf.d/*.conf'
            - '/etc/nginx/sites-enabled/*'

    vhosts:
      managed:
        ### DEFAULT NGINX SITE
        default:
          enabled: false
          config: null

        ###  MY DEFAULT SITE
        example.com:
          enabled: true
            config:
            - client_max_body_size: '20m'
            - location /:
              - root:
                - '/var/www/html'
            - location /someother:
              - include: '/path/to/some/include'

Hope this helps.

NiteshSaxena commented 8 years ago

Thank you @javierbertoli , I really appreciate your help. I tried what you specified but I am still not getting hang of it. I am getting these errors when running state now.

ID: nginx_install
    Function: pkg.installed
        Name: nginx-custom
      Result: False
     Comment: An error was encountered while installing package(s): E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem.
     Started: 03:06:07.677978
    Duration: 9868.544 ms
     Changes:
----------
          ID: nginx_config
    Function: file.managed
        Name: /etc/nginx/nginx.conf
      Result: False
     Comment: One or more requisite failed: nginx.ng.pkg.nginx_install
     Started:
    Duration:
     Changes:
----------
          ID: nginx_service
    Function: service.running
        Name: nginx
      Result: False
     Comment: One or more requisite failed: nginx.ng.config.nginx_config, nginx.ng.pkg.nginx_install
     Started:
    Duration:
     Changes:

 ID: nginx_service_reload
    Function: service.running
        Name: nginx
      Result: False
     Comment: One or more requisite failed: nginx.ng.service.nginx_service
     Started:
    Duration:
     Changes:

Summary for envdev
------------
Succeeded: 8 (changed=1)
Failed:    4
------------
Total states run:    12
Total run time:  10.006 s

and my nginx.sls pillar looks like:

nginx:
  ng:
    from_source: False
    install_from_ppa: True
    ppa_version: 'stable'
    service:
      enable: true
    lookup:
      package: nginx-custom
      service: nginx
      webuser: www-data
      conf_file: /etc/nginx/nginx.conf
      vhost_available: /etc/nginx/sites-available
      vhost_enabled: /etc/nginx/sites-enabled
    server:
      config:
        user: 'www-data'
        worker_processes: '20'
        error_log: '/var/log/nginx/error.log'
        pid: '/run/nginx.pid'
        events:
          worker_connections: '1024'
          multi_accept: 'on'
        http:
          log_format: 'request_time "$remote_addr [$time_local] ''$request'' $http_host $status $body_bytes_sent $request_time"'
          access_log: '/var/log/nginx/access.log'
          sendfile: 'on'
          keepalive_timeout: '65'
          default_type: 'application/octet-stream'
          types_hash_max_size: '2048'
          tcp_nodelay: 'on'
          gzip: 'on'
          gzip_disable: 'msie6'
          include:
            - '/etc/nginx/mime.types'
            - '/etc/nginx/conf.d/*.conf'
            - '/etc/nginx/sites-enabled/*'

    vhosts:
      managed:
        ### DEFAULT NGINX SITE
        default:
          enabled: false
          config: null

        ###  MY DEFAULT SITE
        example.com:
          enabled: true
          config:
          - location /:
            - root:
              - '/var/www/html'
javierbertoli commented 8 years ago

I see a couple of issues here (one of them, I'm not that sure because I don't currently use nginx on any Ubuntu machine):

The first one:

Check at the top of your report, you can see this:

ID: nginx_install
    Function: pkg.installed
        Name: nginx-custom
      Result: False
     Comment: An error was encountered while installing package(s): E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem.
     Started: 03:06:07.677978
    Duration: 9868.544 ms
     Changes:

The 'Comment' line says that dpkg was interrupted (Ctrl+c in the minion? System issue in the minion? Low mem in the vm? Many possible things), and therefore you need to manually run dpkg --configure -a in the minion to finish the apt-get transaction.

That's an issue most tools like Salt won't fix on their own, as it means something is really bad in the system you're asking Salt to configure and it requires you to take action and see what's wrong there. So even if your configuration were OK, Salt run is failing on that pkg.installed because of that. And from there on, in all the resources depending on it.

The second issue is that you added all this:

    lookup:
      package: nginx-custom
      service: nginx
      webuser: www-data
      conf_file: /etc/nginx/nginx.conf
      vhost_available: /etc/nginx/sites-available
      vhost_enabled: /etc/nginx/sites-enabled

Which is mostly unneeded (because all those are the default values on any nginx installation) but that it's also requesting to install package nginx-custom. And that's something that I think will fail after you fix the issue 1, because I understand it does not exist any package nginx-custom in any Ubuntu repo.

I'd suggest you first fix your minion's apt-get. After that, try the pilllar I gave you in my previous example and, if all that works, then you'll have a scaffold to start adding options you need

NiteshSaxena commented 8 years ago

@javierbertoli Thanks, that worked.