Archive for » February, 2010 «

Friday, February 26th, 2010 | Author:

kermitOn my Solaris machines at $WORK I use iMil‘s pkgin to install additional software. But until today, I add to do it by hand, on every machine… Not really what I like to do after a little more than a year using puppet. So I wrote a provider to manage packages with pkgin. It was very informative on puppet internals and I learned more about my favorite config management system.

Enough talking, here is the file : pkgin.rb

Example of use in a manifest :

class foo {
    package { "bla":
        ensure => installed,
        provider => pkgin
    }
}
Monday, February 22nd, 2010 | Author:

Absolut_nginxAt $WORK I started using Nginx a while ago, first as a front end to my mongrel instances for puppet. Recently I began to use it for one of its most know features : reverse proxy (and caching too). Of course this work had to be puppetized !

This is a summary of what I’ve done :

  • Basic setup
  • Automatic setup of the status page, exploited by a munin plugin
  • An “include” directory, can be specific to a host through the usual $fqdn source selection system (as well as the nginx.conf file).
  • A “reverse proxy” specific class that uses a template embedding some ruby (see the previous post). My cache dir is under tmpfs, to speed up the whole thing.

This setup is mostly inspired by this post. I use a local dnsmasq setup to resolve both internal & external requests. This way I can manage vhosts being accessible from inside ou outside our network. It’s incredibly flexible and allows you to get the most from your infrastructure.

The puppet class :

# @name : nginx
# @desc : classe de base pour nginx
# @info : nil
class nginx
{
 package { "nginx":
 ensure => installed
 }
 
 service { "nginx":
 ensure => running
 }
 
 file { "nginx.conf":
 name => "/etc/nginx/nginx.conf",
 owner => root,
 group => root,
 source => [ "puppet://$fileserver/files/apps/nginx/$fqdn/nginx-rp-secure.conf", "puppet://$fileserver/files/apps/nginx/nginx-rp-secure.conf"],
 ensure => present,
 notify => Service["nginx"]
 }
 
 # status is installed on all nginx boxens
 file { "nginx-status":
 name => "/etc/nginx/sites-enabled/nginx-status",
 owner => root,
 group => root,
 source => [ "puppet://$fileserver/files/apps/nginx/nginx-status", "puppet://$fileserver/files/apps/nginx/$fqdn/nginx-status"],
 ensure => present,
 notify => Service["nginx"]
 }
 
 # include dir, get the freshness here
 file { "include_dir":
 name => "/etc/nginx/includes",
 owner => root,
 group => root,
 source => [ "puppet://$fileserver/files/apps/nginx/includes.$fqdn", "puppet://$fileserver/files/apps/nginx/includes"],
 ensure => directory,
 recurse => true,
 notify => Service["nginx"],
 ignore => ".svn*"
 }
 
 # files managed by hand, no matter if it breaks
 file { "sites-managed":
 name => "/etc/nginx/sites-managed",
 owner => root,
 group => root,
 ensure => directory
 }
}
 
# @name : nginx::reverseproxy
# @desc : config nginx pour reverse proxy
# @info : utilisée en conjonction avec dnsmasq local
class nginx::reverseproxy
{
 include nginx
 include dnsmasq::reverseproxy
 
 # Vars used by the template below
 $mysqldatabase=extlookup("mysqldatabase")
 $mysqllogin=extlookup("mysqllogin")
 $mysqlpassword=extlookup("mysqlpassword")
 $mysqlserver=extlookup("mysqlserver")
 
 file { "nginx-cachedir":
 name => "/dev/shm/nginx-cache",
 owner => www-data,
 group => www-data,
 ensure => directory
 }
 
 file { "site_reverse-proxy":
 name => "/etc/nginx/sites-enabled/reverse-proxy",
 owner => root,
 group => root,
 content => template("nginx/$fqdn/reverse-proxy.erb"),
 ensure => present,
 notify => Service["nginx"],
 require => File["nginx-cachedir"]
 }
 
}

This is the munin plugins that are automatically distributed with the box.

One of the generated graphs :

nginx_requests-day

Category: BOFH Life, Puppet, SysAdmin  | Tags: , , ,  | One Comment