Closed ponyfleisch closed 6 years ago
Looks like the geoip-files at maxmind.com have changed. I suggest you manually download them, get the updated checksums and overwrite the attribute(s).
See:
https://github.com/miketheman/nginx/blob/master/attributes/geoip.rb#L24-L31
Maxmind doesn't offer "versioned" files, but it looks like they are offering to download the files using https
- so we may get rid of the checksums.
I think we should now swap over to doing https for the downloads and remove the need for checksums, this issue causes our deployment to randomly break whenever they update the files.
Having something like this hanging around in our chef deployment feels like it breaks some of the main concepts of using chef for deployment. So much so that even if they didn't support https urls I would vote for removing the checksum check on these files completely and make it optional for people who want that extra security.
:+1: would you accept a PR that remove checksum checks @miketheman ?
I am reluctant to spend any further time on the 2.7.x branch. https://github.com/miketheman/nginx/tree/2.7.x#read-this-first
To that end, the nginx cookbook will no longer be responsible for downloading & compiling a binary on every production server. That procedure should happen outside of a given Chef run.
@miketheman Thanks for the prompt reply and happy holidays!
So if nginx cookbook is not responsible of installing nginx, who is? I use Chef to make sure all of my machines have all dependencies/softwares I need before deployment, I don't see why I should install nginx outside chef?
Thanks!
@allaire Happy holidays to you as well!
I think there's a distinction between "installing" and "downloading [from source, injecting modules] & compiling" - and that's the point I want to make clear.
The nginx cookbook had become a complex compiler - resulting in pull requests like these - where modules need to be compiled into the binary, and then supporting files need to be placed somewhere, and configs updated, etc.
Building & packaging a desired nginx binary should be outside the scope of installing & configuring nginx on a production-level system - that is something that one might use a project like fpm-cookery.
For example, here's a custom build of nginx (with installation instructions via Chef!): https://packagecloud.io/darron/nginx/install#chef built from this definition: https://github.com/darron/nginx-build/blob/master/fpm-recipes/nginx/recipe.rb
So the software is "built once, deploy many".
Supporting files like GeoIP.dat are remote_file
resources, and since the hashes change frequently, these are better supported on the end-user's side - where you can control what versions you want, how often to update, instead of waiting for an upstream maintainer to do so.
Does that make sense?
Yes makes sense, I understand the decision, nginx cookbook is by far the most complex one in my chef's stack. Will have to dig deeper in fpm and base images.
Thanks again!
The GeoIP file checksums have been updated with #422, but they will soon become out of date again as those files are constantly updated and not versioned. You should really pull a known working file to a host somewhere in your environment and set the URL and checksum attributes.
This particular issue has been pulled into the chef_nginx cookbook 2.8.0 release. The chef_nginx cookbook is a fork of this cookbook with many of the outstanding issues in the 2.7.6 release resolved. The release is backwards compatible with this cookbook outside of the name change, which obviously requires updating runlist and and metadata dependencies. I'd highly suggest giving it a try to see if this resolves you nginx cookbook woes.
https://github.com/chef-cookbooks/chef_nginx https://supermarket.chef.io/cookbooks/chef_nginx#changelog
Thanks for opening this issue. Just today we merged the changes from the chef_nginx fork of this cookbook back to master here. It’s a pretty huge change set and includes over a year of active development that resulted in several major releases. I think there’s a very high chance that this issue has been resolved with that work and at this point I’m going to close this issue out. I’d encourage you to checkout the master branch and please open this issue back up if you’re still having the problem there.
Here’s the changes that were just merged in: https://github.com/chef-cookbooks/nginx/pull/435
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
I'm using chef 12.2 and the nginx cookbook version 2.7.6. This is the error i'm getting: