Puppet模块(七):nginx模块
class nginx::config {include nginx::config::iptables
group { "nginx":
ensure => present,
before => USER["nginx"],
}
user { "nginx":
ensure => present,
groups => 'nginx',
shell=> '/sbin/nologin',
}
file { '/etc/nginx/nginx.conf':
ensure=> file,
owner => root,
group => root,
mode => 400,
content => template("nginx/nginx.conf.erb"),
require => Class['nginx::install'],
}
case $nginx_conf{
pub: {
file { '/etc/nginx/conf.d':
ensure=> directory,
source=> 'puppet:///modules/nginx/conf.d/DeployPub',
ignore=> '.svn',
owner => root,
group => root,
mode => '0640',
recurse => remote,
require => Class['nginx::install'],
}
}
test: {
file { '/etc/nginx/conf.d':
ensure=> directory,
source=> 'puppet:///modules/nginx/conf.d/DeployTest',
ignore=> '.svn',
owner => root,
group => root,
mode => '0640',
recurse => remote,
require => Class['nginx::install'],
}
}
}
file { 'nginxd':
path => '/etc/rc.d/init.d/nginxd',
ensure=> file,
owner => root,
group => root,
mode => 755,
content => template("nginx/nginxd.erb"),
require => Class['nginx::install'],
}
}
class nginx::config::iptables {
Exec{path => ['/usr/bin','/usr/sbin','/bin','/sbin'] }
exec { 'open_port_80':
command => 'iptables -I INPUT -p tcp --dport 80 -j ACCEPT',
unless=> 'grep "tcp --dport 80" /etc/sysconfig/iptables 2>/dev/null',
notify=> Exec['save_port_80'],
}
exec { 'save_port_80':
command => 'service iptables save',
refreshonly => true,
}
}
页:
[1]