diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
new file mode 100644
index 00000000..42a5375f
--- /dev/null
+++ b/.github/workflows/commitlint.yml
@@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+name: Commitlint
+'on': [pull_request]
+
+jobs:
+ lint:
+ runs-on: ubuntu-latest
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ steps:
+ - uses: actions/checkout@v2
+ with:
+ fetch-depth: 0
+ - uses: wagoid/commitlint-github-action@v1
diff --git a/.github/workflows/kitchen.vagrant.yml b/.github/workflows/kitchen.vagrant.yml
new file mode 100644
index 00000000..ee67a32c
--- /dev/null
+++ b/.github/workflows/kitchen.vagrant.yml
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+name: 'Kitchen Vagrant (FreeBSD)'
+'on': ['push', 'pull_request']
+
+env:
+ KITCHEN_LOCAL_YAML: 'kitchen.vagrant.yml'
+
+jobs:
+ test:
+ runs-on: 'macos-10.15'
+ strategy:
+ fail-fast: false
+ matrix:
+ instance:
+ - default-freebsd-130-master-py3
+ # - freebsd-130-master-py3
+ - default-freebsd-123-master-py3
+ # - freebsd-123-master-py3
+ # - default-freebsd-130-3004-0-py3
+ # - default-freebsd-123-3004-0-py3
+ steps:
+ - name: 'Check out code'
+ uses: 'actions/checkout@v2'
+ - name: 'Set up Bundler cache'
+ uses: 'actions/cache@v1'
+ with:
+ path: 'vendor/bundle'
+ key: "${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}"
+ restore-keys: "${{ runner.os }}-gems-"
+ - name: 'Run Bundler'
+ run: |
+ ruby --version
+ bundle config path vendor/bundle
+ bundle install --jobs 4 --retry 3
+ - name: 'Run Test Kitchen'
+ run: 'bundle exec kitchen verify ${{ matrix.instance }}'
diff --git a/.gitignore b/.gitignore
index 0ab33928..39752a7a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -47,6 +47,8 @@ coverage.xml
.hypothesis/
.kitchen
.kitchen.local.yml
+kitchen.local.yml
+junit-*.xml
# Translations
*.mo
@@ -89,6 +91,9 @@ celerybeat-schedule
venv/
ENV/
+# visual studio
+.vs/
+
# Spyder project settings
.spyderproject
.spyproject
@@ -102,8 +107,28 @@ ENV/
# mypy
.mypy_cache/
+# Bundler
+.bundle/
+
# copied `.md` files used for conversion to `.rst` using `m2r`
docs/*.md
-# Ruby
-Gemfile.lock
+# Vim
+*.sw?
+
+## Collected when centralising formulas (check and sort)
+# `collectd-formula`
+.pytest_cache/
+/.idea/
+Dockerfile.*_*
+ignore/
+tmp/
+
+# `salt-formula` -- Vagrant Specific files
+.vagrant
+top.sls
+!test/salt/pillar/top.sls
+
+# `suricata-formula` -- Platform binaries
+*.rpm
+*.deb
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 00000000..b0632ffb
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,243 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+###############################################################################
+# Define all YAML node anchors
+###############################################################################
+.node_anchors:
+ # `only` (also used for `except` where applicable)
+ only_branch_master_parent_repo: &only_branch_master_parent_repo
+ - 'master@saltstack-formulas/nginx-formula'
+ # `stage`
+ stage_lint: &stage_lint 'lint'
+ stage_release: &stage_release 'release'
+ stage_test: &stage_test 'test'
+ # `image`
+ image_commitlint: &image_commitlint 'myii/ssf-commitlint:11'
+ image_dindruby: &image_dindruby 'myii/ssf-dind-ruby:2.7.1-r3'
+ image_precommit: &image_precommit
+ name: 'myii/ssf-pre-commit:2.9.2'
+ entrypoint: ['/bin/bash', '-c']
+ image_rubocop: &image_rubocop 'pipelinecomponents/rubocop:latest'
+ image_semantic-release: &image_semanticrelease 'myii/ssf-semantic-release:15.14'
+ # `services`
+ services_docker_dind: &services_docker_dind
+ - 'docker:dind'
+ # `variables`
+ # https://forum.gitlab.com/t/gitlab-com-ci-caching-rubygems/5627/3
+ # https://bundler.io/v1.16/bundle_config.html
+ variables_bundler: &variables_bundler
+ BUNDLE_CACHE_PATH: '${CI_PROJECT_DIR}/.cache/bundler'
+ BUNDLE_WITHOUT: 'production'
+ # `cache`
+ cache_bundler: &cache_bundler
+ key: '${CI_JOB_STAGE}'
+ paths:
+ - '${BUNDLE_CACHE_PATH}'
+
+###############################################################################
+# Define stages and global variables
+###############################################################################
+stages:
+ - *stage_lint
+ - *stage_test
+ - *stage_release
+variables:
+ DOCKER_DRIVER: 'overlay2'
+
+###############################################################################
+# `lint` stage: `commitlint`, `pre-commit` & `rubocop` (latest, failure allowed)
+###############################################################################
+commitlint:
+ stage: *stage_lint
+ image: *image_commitlint
+ script:
+ # Add `upstream` remote to get access to `upstream/master`
+ - 'git remote add upstream
+ https://gitlab.com/saltstack-formulas/nginx-formula.git'
+ - 'git fetch --all'
+ # Set default commit hashes for `--from` and `--to`
+ - 'export COMMITLINT_FROM="$(git merge-base upstream/master HEAD)"'
+ - 'export COMMITLINT_TO="${CI_COMMIT_SHA}"'
+ # `coqbot` adds a merge commit to test PRs on top of the latest commit in
+ # the repo; amend this merge commit message to avoid failure
+ - |
+ if [ "${GITLAB_USER_LOGIN}" = "coqbot" ] \
+ && [ "${CI_COMMIT_BRANCH}" != "master" ]; then
+ git commit --amend -m \
+ 'chore: reword coqbot merge commit message for commitlint'
+ export COMMITLINT_TO=HEAD
+ fi
+ # Run `commitlint`
+ - 'commitlint --from "${COMMITLINT_FROM}"
+ --to "${COMMITLINT_TO}"
+ --verbose'
+
+pre-commit:
+ stage: *stage_lint
+ image: *image_precommit
+ # https://pre-commit.com/#gitlab-ci-example
+ variables:
+ PRE_COMMIT_HOME: '${CI_PROJECT_DIR}/.cache/pre-commit'
+ cache:
+ key: '${CI_JOB_NAME}'
+ paths:
+ - '${PRE_COMMIT_HOME}'
+ script:
+ - 'pre-commit run --all-files --color always --verbose'
+
+# Use a separate job for `rubocop` other than the one potentially run by `pre-commit`
+# - The `pre-commit` check will only be available for formulas that pass the default
+# `rubocop` check -- and must continue to do so
+# - This job is allowed to fail, so can be used for all formulas
+# - Furthermore, this job uses all of the latest `rubocop` features & cops,
+# which will help when upgrading the `rubocop` linter used in `pre-commit`
+rubocop:
+ allow_failure: true
+ stage: *stage_lint
+ image: *image_rubocop
+ script:
+ - 'rubocop -d -P -S --enable-pending-cops'
+
+###############################################################################
+# Define `test` template
+###############################################################################
+.test_instance: &test_instance
+ stage: *stage_test
+ image: *image_dindruby
+ services: *services_docker_dind
+ variables: *variables_bundler
+ cache: *cache_bundler
+ before_script:
+ # TODO: This should work from the env vars above automatically
+ - 'bundle config set path "${BUNDLE_CACHE_PATH}"'
+ - 'bundle config set without "${BUNDLE_WITHOUT}"'
+ - 'bundle install'
+ script:
+ # Alternative value to consider: `${CI_JOB_NAME}`
+ - 'bin/kitchen verify "${DOCKER_ENV_CI_JOB_NAME}"'
+
+###############################################################################
+# Define `test` template (`allow_failure: true`)
+###############################################################################
+.test_instance_failure_permitted:
+ <<: *test_instance
+ allow_failure: true
+
+###############################################################################
+# `test` stage: each instance below uses the `test` template above
+###############################################################################
+## Define the rest of the matrix based on Kitchen testing
+# Make sure the instances listed below match up with
+# the `platforms` defined in `kitchen.yml`
+# yamllint disable rule:line-length
+# default-debian-11-tiamat-py3: {extends: '.test_instance'}
+# default-debian-10-tiamat-py3: {extends: '.test_instance'}
+# default-debian-9-tiamat-py3: {extends: '.test_instance'}
+# default-ubuntu-2204-tiamat-py3: {extends: '.test_instance_failure_permitted'}
+# default-ubuntu-2004-tiamat-py3: {extends: '.test_instance'}
+# default-ubuntu-1804-tiamat-py3: {extends: '.test_instance'}
+# default-centos-stream8-tiamat-py3: {extends: '.test_instance_failure_permitted'}
+# default-centos-7-tiamat-py3: {extends: '.test_instance'}
+# default-amazonlinux-2-tiamat-py3: {extends: '.test_instance'}
+# default-oraclelinux-8-tiamat-py3: {extends: '.test_instance'}
+# default-oraclelinux-7-tiamat-py3: {extends: '.test_instance'}
+# default-almalinux-8-tiamat-py3: {extends: '.test_instance'}
+# default-rockylinux-8-tiamat-py3: {extends: '.test_instance'}
+# default-debian-11-master-py3: {extends: '.test_instance'}
+# passenger-debian-11-master-py3: {extends: '.test_instance'}
+debian-11-master-py3: {extends: '.test_instance_failure_permitted'}
+# default-debian-10-master-py3: {extends: '.test_instance'}
+# passenger-debian-10-master-py3: {extends: '.test_instance'}
+debian-10-master-py3: {extends: '.test_instance'}
+# default-debian-9-master-py3: {extends: '.test_instance'}
+# passenger-debian-9-master-py3: {extends: '.test_instance'}
+debian-9-master-py3: {extends: '.test_instance'}
+# default-ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'}
+# passenger-ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'}
+ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'}
+# default-ubuntu-2004-master-py3: {extends: '.test_instance'}
+# passenger-ubuntu-2004-master-py3: {extends: '.test_instance'}
+ubuntu-2004-master-py3: {extends: '.test_instance'}
+# default-ubuntu-1804-master-py3: {extends: '.test_instance'}
+# passenger-ubuntu-1804-master-py3: {extends: '.test_instance'}
+ubuntu-1804-master-py3: {extends: '.test_instance'}
+# default-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
+# passenger-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
+centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
+# default-centos-7-master-py3: {extends: '.test_instance'}
+# passenger-centos-7-master-py3: {extends: '.test_instance'}
+centos-7-master-py3: {extends: '.test_instance'}
+default-fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
+# fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
+default-fedora-35-master-py3: {extends: '.test_instance'}
+# fedora-35-master-py3: {extends: '.test_instance'}
+default-opensuse-leap-153-master-py3: {extends: '.test_instance'}
+# opensuse-leap-153-master-py3: {extends: '.test_instance'}
+default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
+# opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
+default-amazonlinux-2-master-py3: {extends: '.test_instance'}
+# amazonlinux-2-master-py3: {extends: '.test_instance'}
+# default-oraclelinux-8-master-py3: {extends: '.test_instance'}
+# passenger-oraclelinux-8-master-py3: {extends: '.test_instance'}
+oraclelinux-8-master-py3: {extends: '.test_instance'}
+default-oraclelinux-7-master-py3: {extends: '.test_instance'}
+# oraclelinux-7-master-py3: {extends: '.test_instance'}
+default-arch-base-latest-master-py3: {extends: '.test_instance'}
+# arch-base-latest-master-py3: {extends: '.test_instance'}
+# default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
+# gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
+default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
+# gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
+# default-almalinux-8-master-py3: {extends: '.test_instance'}
+# passenger-almalinux-8-master-py3: {extends: '.test_instance'}
+almalinux-8-master-py3: {extends: '.test_instance'}
+# default-rockylinux-8-master-py3: {extends: '.test_instance'}
+# passenger-rockylinux-8-master-py3: {extends: '.test_instance'}
+rockylinux-8-master-py3: {extends: '.test_instance'}
+# default-debian-11-3004-1-py3: {extends: '.test_instance'}
+# default-debian-10-3004-1-py3: {extends: '.test_instance'}
+# default-debian-9-3004-1-py3: {extends: '.test_instance'}
+# default-ubuntu-2204-3004-1-py3: {extends: '.test_instance_failure_permitted'}
+# default-ubuntu-2004-3004-1-py3: {extends: '.test_instance'}
+# default-ubuntu-1804-3004-1-py3: {extends: '.test_instance'}
+# default-centos-stream8-3004-1-py3: {extends: '.test_instance_failure_permitted'}
+# default-centos-7-3004-1-py3: {extends: '.test_instance'}
+# default-fedora-36-3004-1-py3: {extends: '.test_instance_failure_permitted'}
+# default-fedora-35-3004-1-py3: {extends: '.test_instance'}
+# default-amazonlinux-2-3004-1-py3: {extends: '.test_instance'}
+# default-oraclelinux-8-3004-1-py3: {extends: '.test_instance'}
+# default-oraclelinux-7-3004-1-py3: {extends: '.test_instance'}
+# default-arch-base-latest-3004-1-py3: {extends: '.test_instance'}
+# default-gentoo-stage3-latest-3004-1-py3: {extends: '.test_instance'}
+# default-gentoo-stage3-systemd-3004-1-py3: {extends: '.test_instance'}
+# default-almalinux-8-3004-1-py3: {extends: '.test_instance'}
+# default-rockylinux-8-3004-1-py3: {extends: '.test_instance'}
+# default-opensuse-leap-153-3004-0-py3: {extends: '.test_instance'}
+# default-opensuse-tmbl-latest-3004-0-py3: {extends: '.test_instance_failure_permitted'}
+# default-debian-10-3003-4-py3: {extends: '.test_instance'}
+# default-debian-9-3003-4-py3: {extends: '.test_instance'}
+# default-ubuntu-2004-3003-4-py3: {extends: '.test_instance'}
+# default-ubuntu-1804-3003-4-py3: {extends: '.test_instance'}
+# default-centos-stream8-3003-4-py3: {extends: '.test_instance_failure_permitted'}
+# default-centos-7-3003-4-py3: {extends: '.test_instance'}
+# default-amazonlinux-2-3003-4-py3: {extends: '.test_instance'}
+# default-oraclelinux-8-3003-4-py3: {extends: '.test_instance'}
+# default-oraclelinux-7-3003-4-py3: {extends: '.test_instance'}
+# default-almalinux-8-3003-4-py3: {extends: '.test_instance'}
+# yamllint enable rule:line-length
+
+###############################################################################
+# `release` stage: `semantic-release`
+###############################################################################
+semantic-release:
+ only: *only_branch_master_parent_repo
+ stage: *stage_release
+ image: *image_semanticrelease
+ variables:
+ MAINTAINER_TOKEN: '${GH_TOKEN}'
+ script:
+ # Update `AUTHORS.md`
+ - '${HOME}/go/bin/maintainer contributor'
+ # Run `semantic-release`
+ - 'semantic-release'
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 00000000..dc04b69f
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,77 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+ci:
+ autofix_commit_msg: |
+ ci(pre-commit.ci): apply auto fixes from pre-commit.com hooks
+
+ For more information, see https://pre-commit.ci
+ autofix_prs: true
+ autoupdate_branch: ''
+ autoupdate_commit_msg: |
+ ci(pre-commit.ci): perform `pre-commit` autoupdate
+ autoupdate_schedule: quarterly
+ skip: []
+ submodules: false
+default_stages: [commit]
+repos:
+ - repo: https://github.com/dafyddj/commitlint-pre-commit-hook
+ rev: v2.3.0
+ hooks:
+ - id: commitlint
+ name: Check commit message using commitlint
+ description: Lint commit message against @commitlint/config-conventional rules
+ stages: [commit-msg]
+ additional_dependencies: ['@commitlint/config-conventional@8.3.4']
+ - id: commitlint-travis
+ stages: [manual]
+ additional_dependencies: ['@commitlint/config-conventional@8.3.4']
+ always_run: true
+ - repo: https://github.com/rubocop-hq/rubocop
+ rev: v1.56.4
+ hooks:
+ - id: rubocop
+ name: Check Ruby files with rubocop
+ args: [--debug]
+ always_run: true
+ pass_filenames: false
+ - repo: https://github.com/shellcheck-py/shellcheck-py
+ rev: v0.9.0.6
+ hooks:
+ - id: shellcheck
+ name: Check shell scripts with shellcheck
+ files: ^.*\.(sh|bash|ksh)$
+ types: []
+ - repo: https://github.com/adrienverge/yamllint
+ rev: v1.32.0
+ hooks:
+ - id: yamllint
+ name: Check YAML syntax with yamllint
+ args: [--strict, '.']
+ always_run: true
+ pass_filenames: false
+ - repo: https://github.com/warpnet/salt-lint
+ rev: v0.9.2
+ hooks:
+ - id: salt-lint
+ name: Check Salt files using salt-lint
+ files: ^.*\.(sls|jinja|j2|tmpl|tst)$
+ - repo: https://github.com/myint/rstcheck
+ rev: 3f929574
+ hooks:
+ - id: rstcheck
+ name: Check reST files using rstcheck
+ exclude: 'docs/CHANGELOG.rst'
+ - repo: https://github.com/saltstack-formulas/mirrors-rst-lint
+ rev: v1.3.2
+ hooks:
+ - id: rst-lint
+ name: Check reST files using rst-lint
+ exclude: |
+ (?x)^(
+ docs/CHANGELOG.rst|
+ docs/TOFS_pattern.rst|
+ )$
+ additional_dependencies: [pygments==2.9.0]
diff --git a/.rstcheck.cfg b/.rstcheck.cfg
new file mode 100644
index 00000000..5383623e
--- /dev/null
+++ b/.rstcheck.cfg
@@ -0,0 +1,4 @@
+[rstcheck]
+report=info
+ignore_language=rst
+ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$)
diff --git a/.rubocop.yml b/.rubocop.yml
new file mode 100644
index 00000000..bf4d107f
--- /dev/null
+++ b/.rubocop.yml
@@ -0,0 +1,23 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+# General overrides used across formulas in the org
+Layout/LineLength:
+ # Increase from default of `80`
+ # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
+ Max: 88
+Metrics/BlockLength:
+ IgnoredMethods:
+ - control
+ - describe
+ # Increase from default of `25`
+ Max: 30
+Security/YAMLLoad:
+ Exclude:
+ - test/integration/**/_mapdata.rb
+
+# General settings across all cops in this formula
+AllCops:
+ NewCops: enable
+
+# Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config`
diff --git a/.salt-lint b/.salt-lint
new file mode 100644
index 00000000..3715677b
--- /dev/null
+++ b/.salt-lint
@@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+exclude_paths: []
+rules: {}
+skip_list:
+ # Using `salt-lint` for linting other files as well, such as Jinja macros/templates
+ - 205 # Use ".sls" as a Salt State file extension
+ # Skipping `207` and `208` because `210` is sufficient, at least for the time-being
+ # I.e. Allows 3-digit unquoted codes to still be used, such as `644` and `755`
+ - 207 # File modes should always be encapsulated in quotation marks
+ - 208 # File modes should always contain a leading zero
+tags: []
+verbosity: 1
diff --git a/.travis.yml b/.travis.yml
index b0b0917c..9c16d688 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,53 +1,190 @@
-stages:
- - test
- - commitlint
- - name: release
- if: branch = master AND type != pull_request
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+################################################################################
+# NOTE: This file is UNMAINTAINED; it is provided for references purposes only.
+# No guarantees are tendered that this structure will work after 2020.
+################################################################################
+# * https://en.wikipedia.org/wiki/Travis_CI:
+# - "... free open-source plans were removed in [sic] the end of 2020"
+# - https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing
+# - https://ropensci.org/technotes/2020/11/19/moving-away-travis/
+################################################################################
+## Machine config
+os: 'linux'
+arch: 'amd64'
+dist: 'bionic'
+version: '~> 1.0'
-sudo: required
-cache: bundler
-language: ruby
+## Language and cache config
+language: 'ruby'
+cache: 'bundler'
+## Services config
services:
- docker
-before_install:
- - bundle install
-
-# Make sure the instances listed below match up with
-# the `platforms` defined in `kitchen.yml`
-env:
- matrix:
- - INSTANCE: default-debian-9-2019-2-py3
- - INSTANCE: default-ubuntu-1804-2019-2-py3
- - INSTANCE: default-centos-7-2019-2-py2
- - INSTANCE: default-fedora-29-2019-2-py2
- - INSTANCE: default-opensuse-423-2018-3-py2
- - INSTANCE: default-debian-8-2018-3-py2
- - INSTANCE: default-ubuntu-1604-2018-3-py2
- - INSTANCE: default-fedora-28-2018-3-py2
- - INSTANCE: default-debian-8-2017-7-py2
- - INSTANCE: default-ubuntu-1604-2017-7-py2
-
+## Script to run for the test stage
script:
- - bundle exec kitchen verify ${INSTANCE}
+ - bin/kitchen verify "${INSTANCE}"
+## Stages and jobs matrix
+stages:
+ - test
+ # # As part of the switch away from Travis CI, ensure that the `release` stage
+ # # is not run inadvertently
+ # - name: 'release'
+ # if: 'branch = master AND type != pull_request'
jobs:
include:
- # Define the commitlint stage
- - stage: commitlint
- language: node_js
- node_js: lts/*
- before_install: skip
+ ## Define the test stage that runs the linters (and testing matrix, if applicable)
+
+ # Run all of the linters in a single job
+ - language: 'node_js'
+ node_js: 'lts/*'
+ env: 'Lint'
+ name: 'Lint: salt-lint, yamllint, rubocop, shellcheck & commitlint'
+ before_install: 'skip'
script:
- - npm install @commitlint/config-conventional -D
- - npm install @commitlint/travis-cli -D
+ # Install and run `salt-lint`
+ - pip install --user salt-lint
+ - git ls-files -- '*.sls' '*.jinja' '*.j2' '*.tmpl' '*.tst'
+ | xargs salt-lint
+ # Install and run `yamllint`
+ # Need at least `v1.17.0` for the `yaml-files` setting
+ - pip install --user yamllint>=1.17.0
+ - yamllint -s .
+ # Install and run `rubocop`
+ - gem install rubocop
+ - rubocop -d
+ # Run `shellcheck` (already pre-installed in Travis)
+ - shellcheck --version
+ - git ls-files -- '*.sh' '*.bash' '*.ksh'
+ | xargs shellcheck
+ # Install and run `commitlint`
+ - npm i -D @commitlint/config-conventional
+ @commitlint/travis-cli
- commitlint-travis
- # Define the release stage that runs semantic-release
- - stage: release
- language: node_js
- node_js: lts/*
- before_install: skip
+
+ # Run `pre-commit` linters in a single job
+ - language: 'python'
+ env: 'Lint_pre-commit'
+ name: 'Lint: pre-commit'
+ before_install: 'skip'
+ cache:
+ directories:
+ - $HOME/.cache/pre-commit
+ script:
+ # Install and run `pre-commit`
+ - pip install pre-commit==2.7.1
+ - pre-commit run --all-files --color always --verbose
+ - pre-commit run --color always --hook-stage manual --verbose commitlint-travis
+
+ ## Define the rest of the matrix based on Kitchen testing
+ # Make sure the instances listed below match up with
+ # the `platforms` defined in `kitchen.yml`
+ # - env: INSTANCE=default-debian-11-tiamat-py3
+ # - env: INSTANCE=default-debian-10-tiamat-py3
+ # - env: INSTANCE=default-debian-9-tiamat-py3
+ # - env: INSTANCE=default-ubuntu-2204-tiamat-py3
+ # - env: INSTANCE=default-ubuntu-2004-tiamat-py3
+ # - env: INSTANCE=default-ubuntu-1804-tiamat-py3
+ # - env: INSTANCE=default-centos-stream8-tiamat-py3
+ # - env: INSTANCE=default-centos-7-tiamat-py3
+ # - env: INSTANCE=default-amazonlinux-2-tiamat-py3
+ # - env: INSTANCE=default-oraclelinux-8-tiamat-py3
+ # - env: INSTANCE=default-oraclelinux-7-tiamat-py3
+ # - env: INSTANCE=default-almalinux-8-tiamat-py3
+ # - env: INSTANCE=default-rockylinux-8-tiamat-py3
+ # - env: INSTANCE=default-debian-11-master-py3
+ # - env: INSTANCE=passenger-debian-11-master-py3
+ - env: INSTANCE=debian-11-master-py3
+ # - env: INSTANCE=default-debian-10-master-py3
+ # - env: INSTANCE=passenger-debian-10-master-py3
+ - env: INSTANCE=debian-10-master-py3
+ # - env: INSTANCE=default-debian-9-master-py3
+ # - env: INSTANCE=passenger-debian-9-master-py3
+ - env: INSTANCE=debian-9-master-py3
+ # - env: INSTANCE=default-ubuntu-2204-master-py3
+ # - env: INSTANCE=passenger-ubuntu-2204-master-py3
+ - env: INSTANCE=ubuntu-2204-master-py3
+ # - env: INSTANCE=default-ubuntu-2004-master-py3
+ # - env: INSTANCE=passenger-ubuntu-2004-master-py3
+ - env: INSTANCE=ubuntu-2004-master-py3
+ # - env: INSTANCE=default-ubuntu-1804-master-py3
+ # - env: INSTANCE=passenger-ubuntu-1804-master-py3
+ - env: INSTANCE=ubuntu-1804-master-py3
+ # - env: INSTANCE=default-centos-stream8-master-py3
+ # - env: INSTANCE=passenger-centos-stream8-master-py3
+ - env: INSTANCE=centos-stream8-master-py3
+ # - env: INSTANCE=default-centos-7-master-py3
+ # - env: INSTANCE=passenger-centos-7-master-py3
+ - env: INSTANCE=centos-7-master-py3
+ - env: INSTANCE=default-fedora-36-master-py3
+ # - env: INSTANCE=fedora-36-master-py3
+ - env: INSTANCE=default-fedora-35-master-py3
+ # - env: INSTANCE=fedora-35-master-py3
+ - env: INSTANCE=default-opensuse-leap-153-master-py3
+ # - env: INSTANCE=opensuse-leap-153-master-py3
+ - env: INSTANCE=default-opensuse-tmbl-latest-master-py3
+ # - env: INSTANCE=opensuse-tmbl-latest-master-py3
+ - env: INSTANCE=default-amazonlinux-2-master-py3
+ # - env: INSTANCE=amazonlinux-2-master-py3
+ # - env: INSTANCE=default-oraclelinux-8-master-py3
+ # - env: INSTANCE=passenger-oraclelinux-8-master-py3
+ - env: INSTANCE=oraclelinux-8-master-py3
+ - env: INSTANCE=default-oraclelinux-7-master-py3
+ # - env: INSTANCE=oraclelinux-7-master-py3
+ - env: INSTANCE=default-arch-base-latest-master-py3
+ # - env: INSTANCE=arch-base-latest-master-py3
+ # - env: INSTANCE=default-gentoo-stage3-latest-master-py3
+ # - env: INSTANCE=gentoo-stage3-latest-master-py3
+ - env: INSTANCE=default-gentoo-stage3-systemd-master-py3
+ # - env: INSTANCE=gentoo-stage3-systemd-master-py3
+ # - env: INSTANCE=default-almalinux-8-master-py3
+ # - env: INSTANCE=passenger-almalinux-8-master-py3
+ - env: INSTANCE=almalinux-8-master-py3
+ # - env: INSTANCE=default-rockylinux-8-master-py3
+ # - env: INSTANCE=passenger-rockylinux-8-master-py3
+ - env: INSTANCE=rockylinux-8-master-py3
+ # - env: INSTANCE=default-debian-11-3004-1-py3
+ # - env: INSTANCE=default-debian-10-3004-1-py3
+ # - env: INSTANCE=default-debian-9-3004-1-py3
+ # - env: INSTANCE=default-ubuntu-2204-3004-1-py3
+ # - env: INSTANCE=default-ubuntu-2004-3004-1-py3
+ # - env: INSTANCE=default-ubuntu-1804-3004-1-py3
+ # - env: INSTANCE=default-centos-stream8-3004-1-py3
+ # - env: INSTANCE=default-centos-7-3004-1-py3
+ # - env: INSTANCE=default-fedora-36-3004-1-py3
+ # - env: INSTANCE=default-fedora-35-3004-1-py3
+ # - env: INSTANCE=default-amazonlinux-2-3004-1-py3
+ # - env: INSTANCE=default-oraclelinux-8-3004-1-py3
+ # - env: INSTANCE=default-oraclelinux-7-3004-1-py3
+ # - env: INSTANCE=default-arch-base-latest-3004-1-py3
+ # - env: INSTANCE=default-gentoo-stage3-latest-3004-1-py3
+ # - env: INSTANCE=default-gentoo-stage3-systemd-3004-1-py3
+ # - env: INSTANCE=default-almalinux-8-3004-1-py3
+ # - env: INSTANCE=default-rockylinux-8-3004-1-py3
+ # - env: INSTANCE=default-opensuse-leap-153-3004-0-py3
+ # - env: INSTANCE=default-opensuse-tmbl-latest-3004-0-py3
+ # - env: INSTANCE=default-debian-10-3003-4-py3
+ # - env: INSTANCE=default-debian-9-3003-4-py3
+ # - env: INSTANCE=default-ubuntu-2004-3003-4-py3
+ # - env: INSTANCE=default-ubuntu-1804-3003-4-py3
+ # - env: INSTANCE=default-centos-stream8-3003-4-py3
+ # - env: INSTANCE=default-centos-7-3003-4-py3
+ # - env: INSTANCE=default-amazonlinux-2-3003-4-py3
+ # - env: INSTANCE=default-oraclelinux-8-3003-4-py3
+ # - env: INSTANCE=default-oraclelinux-7-3003-4-py3
+ # - env: INSTANCE=default-almalinux-8-3003-4-py3
+
+ ## Define the release stage that runs `semantic-release`
+ - stage: 'release'
+ language: 'node_js'
+ node_js: 'lts/*'
+ env: 'Release'
+ name: 'Run semantic-release inc. file updates to AUTHORS, CHANGELOG & FORMULA'
+ before_install: 'skip'
script:
# Update `AUTHORS.md`
- export MAINTAINER_TOKEN=${GH_TOKEN}
@@ -55,13 +192,26 @@ jobs:
- maintainer contributor
# Install all dependencies required for `semantic-release`
- - npm install @semantic-release/changelog@3 -D
- - npm install @semantic-release/exec@3 -D
- - npm install @semantic-release/git@7 -D
+ - npm i -D @semantic-release/changelog@3
+ @semantic-release/exec@3
+ @semantic-release/git@7
deploy:
- provider: script
- skip_cleanup: true
- script:
- # Run `semantic-release`
- - npx semantic-release@15
+ provider: 'script'
+ # Opt-in to `dpl v2` to complete the Travis build config validation (beta)
+ # * https://docs.travis-ci.com/user/build-config-validation
+ # Deprecated `skip_cleanup` can now be avoided, `cleanup: false` is by default
+ edge: true
+ # Run `semantic-release`
+ script: 'npx semantic-release@15.14'
+# Notification options: `always`, `never` or `change`
+notifications:
+ webhooks:
+ if: 'repo = saltstack-formulas/nginx-formula'
+ urls:
+ - https://saltstack-formulas.zulipchat.com/api/v1/external/travis?api_key=HsIq3o5QmLxdnVCKF9is0FUIpkpAY79P&stream=CI&topic=saltstack-formulas%2Fnginx-formula&ignore_pull_requests=true
+ on_success: always # default: always
+ on_failure: always # default: always
+ on_start: always # default: never
+ on_cancel: always # default: always
+ on_error: always # default: always
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 00000000..08644861
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,45 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+# Extend the `default` configuration provided by `yamllint`
+extends: 'default'
+
+# Files to ignore completely
+# 1. All YAML files under directory `.bundle/`, introduced if gems are installed locally
+# 2. All YAML files under directory `.cache/`, introduced during the CI run
+# 3. All YAML files under directory `.git/`
+# 4. All YAML files under directory `node_modules/`, introduced during the CI run
+# 5. Any SLS files under directory `test/`, which are actually state files
+# 6. Any YAML files under directory `.kitchen/`, introduced during local testing
+# 7. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax
+ignore: |
+ .bundle/
+ .cache/
+ .git/
+ node_modules/
+ test/**/states/**/*.sls
+ .kitchen/
+ kitchen.vagrant.yml
+ test/salt/passenger/pillar/nginx.sls
+
+yaml-files:
+ # Default settings
+ - '*.yaml'
+ - '*.yml'
+ - .salt-lint
+ - .yamllint
+ # SaltStack Formulas additional settings
+ - '*.example'
+ - test/**/*.sls
+
+rules:
+ empty-values:
+ forbid-in-block-mappings: true
+ forbid-in-flow-mappings: true
+ line-length:
+ # Increase from default of `80`
+ # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
+ max: 88
+ octal-values:
+ forbid-implicit-octal: true
+ forbid-explicit-octal: true
diff --git a/AUTHORS.md b/AUTHORS.md
index 3a94d52b..7b56f653 100644
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -4,76 +4,82 @@ This list is sorted by the number of commits per contributor in _descending_ ord
Avatar|Contributor|Contributions
:-:|---|:-:
-
|[@aboe76](https://github.com/aboe76)|37
-
|[@gravyboat](https://github.com/gravyboat)|27
-
|[@nmadhok](https://github.com/nmadhok)|24
-
|[@whiteinge](https://github.com/whiteinge)|17
-
|[@noelmcloughlin](https://github.com/noelmcloughlin)|16
-
|[@ross-p](https://github.com/ross-p)|13
-
|[@daks](https://github.com/daks)|10
-
|[@techhat](https://github.com/techhat)|10
-
|[@javierbertoli](https://github.com/javierbertoli)|9
-
|[@myii](https://github.com/myii)|9
-
|[@arthurlogilab](https://github.com/arthurlogilab)|8
-
|[@cheuschober](https://github.com/cheuschober)|8
-
|[@dseira](https://github.com/dseira)|8
-
|[@amontalban](https://github.com/amontalban)|7
-
|[@puneetk](https://github.com/puneetk)|7
-
|[@TaiSHiNet](https://github.com/TaiSHiNet)|6
-
|[@EvaSDK](https://github.com/EvaSDK)|6
-
|[@cackovic](https://github.com/cackovic)|5
-
|[@auser](https://github.com/auser)|5
-
|[@stp-ip](https://github.com/stp-ip)|5
-
|[@ahmadsherif](https://github.com/ahmadsherif)|4
-
|[@teepark](https://github.com/teepark)|4
-
|[@alinefr](https://github.com/alinefr)|3
-
|[@devaos](https://github.com/devaos)|3
-
|[@bmwiedemann](https://github.com/bmwiedemann)|3
-
|[@terminalmage](https://github.com/terminalmage)|3
-
|[@imran1008](https://github.com/imran1008)|3
-
|[@morsik](https://github.com/morsik)|3
-
|[@msciciel](https://github.com/msciciel)|3
-
|[@rfairburn](https://github.com/rfairburn)|3
-
|[@westurner](https://github.com/westurner)|3
-
|[@chris-sanders](https://github.com/chris-sanders)|2
-
|[@UtahDave](https://github.com/UtahDave)|2
-
|[@ghtyrant](https://github.com/ghtyrant)|2
-
|[@pprkut](https://github.com/pprkut)|2
-
|[@jstrunk](https://github.com/jstrunk)|2
-
|[@johnkeates](https://github.com/johnkeates)|2
-
|[@kmshultz](https://github.com/kmshultz)|2
-
|[@malept](https://github.com/malept)|2
-
|[@meganlkm](https://github.com/meganlkm)|2
-
|[@n-rodriguez](https://github.com/n-rodriguez)|2
-
|[@garrettw](https://github.com/garrettw)|2
-
|[@myoung34](https://github.com/myoung34)|2
-
|[@bebosudo](https://github.com/bebosudo)|1
-
|[@aanriot](https://github.com/aanriot)|1
-
|[@andrew-vant](https://github.com/andrew-vant)|1
-
|[@bemosior](https://github.com/bemosior)|1
-
|[@SuperTux88](https://github.com/SuperTux88)|1
-
|[@bogdanr](https://github.com/bogdanr)|1
-
|[@blbradley](https://github.com/blbradley)|1
-
|[@CorwinTanner](https://github.com/CorwinTanner)|1
-
|[@fayetted](https://github.com/fayetted)|1
-
|[@czarneckid](https://github.com/czarneckid)|1
-
|[@statik](https://github.com/statik)|1
-
|[@ekristen](https://github.com/ekristen)|1
-
|[@jeduardo](https://github.com/jeduardo)|1
-
|[@stromnet](https://github.com/stromnet)|1
-
|[@bsdlp](https://github.com/bsdlp)|1
-
|[@MEschenbacher](https://github.com/MEschenbacher)|1
-
|[@renich](https://github.com/renich)|1
-
|[@outime](https://github.com/outime)|1
-
|[@scub](https://github.com/scub)|1
-
|[@thatch45](https://github.com/thatch45)|1
-
|[@blarghmatey](https://github.com/blarghmatey)|1
-
|[@babilen5](https://github.com/babilen5)|1
-
|[@abednarik](https://github.com/abednarik)|1
-
|[@francesco-a](https://github.com/francesco-a)|1
-
|[@oboyle](https://github.com/oboyle)|1
-
|[@bersace](https://github.com/bersace)|1
+
|[@myii](https://github.com/myii)|155
+
|[@aboe76](https://github.com/aboe76)|46
+
|[@javierbertoli](https://github.com/javierbertoli)|29
+
|[@gravyboat](https://github.com/gravyboat)|27
+
|[@nmadhok](https://github.com/nmadhok)|24
+
|[@noelmcloughlin](https://github.com/noelmcloughlin)|19
+
|[@whiteinge](https://github.com/whiteinge)|17
+
|[@ross-p](https://github.com/ross-p)|13
+
|[@daks](https://github.com/daks)|11
+
|[@techhat](https://github.com/techhat)|10
+
|[@arthurlogilab](https://github.com/arthurlogilab)|8
+
|[@cheuschober](https://github.com/cheuschober)|8
+
|[@dseira](https://github.com/dseira)|8
+
|[@amontalban](https://github.com/amontalban)|7
+
|[@puneetk](https://github.com/puneetk)|7
+
|[@TaiSHiNet](https://github.com/TaiSHiNet)|6
+
|[@EvaSDK](https://github.com/EvaSDK)|6
+
|[@cackovic](https://github.com/cackovic)|5
+
|[@auser](https://github.com/auser)|5
+
|[@stp-ip](https://github.com/stp-ip)|5
+
|[@ahmadsherif](https://github.com/ahmadsherif)|4
+
|[@n-rodriguez](https://github.com/n-rodriguez)|4
+
|[@teepark](https://github.com/teepark)|4
+
|[@alinefr](https://github.com/alinefr)|3
+
|[@devaos](https://github.com/devaos)|3
+
|[@bmwiedemann](https://github.com/bmwiedemann)|3
+
|[@dafyddj](https://github.com/dafyddj)|3
+
|[@terminalmage](https://github.com/terminalmage)|3
+
|[@imran1008](https://github.com/imran1008)|3
+
|[@morsik](https://github.com/morsik)|3
+
|[@msciciel](https://github.com/msciciel)|3
+
|[@rfairburn](https://github.com/rfairburn)|3
+
|[@westurner](https://github.com/westurner)|3
+
|[@toanju](https://github.com/toanju)|3
+
|[@chris-sanders](https://github.com/chris-sanders)|2
+
|[@UtahDave](https://github.com/UtahDave)|2
+
|[@ghtyrant](https://github.com/ghtyrant)|2
+
|[@pprkut](https://github.com/pprkut)|2
+
|[@jstrunk](https://github.com/jstrunk)|2
+
|[@johnkeates](https://github.com/johnkeates)|2
+
|[@kmshultz](https://github.com/kmshultz)|2
+
|[@malept](https://github.com/malept)|2
+
|[@meganlkm](https://github.com/meganlkm)|2
+
|[@ErisDS](https://github.com/ErisDS)|2
+
|[@myoung34](https://github.com/myoung34)|2
+
|[@sticky-note](https://github.com/sticky-note)|2
+
|[@bebosudo](https://github.com/bebosudo)|1
+
|[@aanriot](https://github.com/aanriot)|1
+
|[@andrew-vant](https://github.com/andrew-vant)|1
+
|[@bemosior](https://github.com/bemosior)|1
+
|[@SuperTux88](https://github.com/SuperTux88)|1
+
|[@bogdanr](https://github.com/bogdanr)|1
+
|[@blbradley](https://github.com/blbradley)|1
+
|[@CorwinTanner](https://github.com/CorwinTanner)|1
+
|[@fayetted](https://github.com/fayetted)|1
+
|[@baby-gnu](https://github.com/baby-gnu)|1
+
|[@czarneckid](https://github.com/czarneckid)|1
+
|[@statik](https://github.com/statik)|1
+
|[@ekristen](https://github.com/ekristen)|1
+
|[@garrettw](https://github.com/garrettw)|1
+
|[@jeduardo](https://github.com/jeduardo)|1
+
|[@stromnet](https://github.com/stromnet)|1
+
|[@bsdlp](https://github.com/bsdlp)|1
+
|[@anderbubble](https://github.com/anderbubble)|1
+
|[@MEschenbacher](https://github.com/MEschenbacher)|1
+
|[@renich](https://github.com/renich)|1
+
|[@outime](https://github.com/outime)|1
+
|[@scub](https://github.com/scub)|1
+
|[@thatch45](https://github.com/thatch45)|1
+
|[@blarghmatey](https://github.com/blarghmatey)|1
+
|[@babilen](https://github.com/babilen)|1
+
|[@abednarik](https://github.com/abednarik)|1
+
|[@francesco-a](https://github.com/francesco-a)|1
+
|[@oboyle](https://github.com/oboyle)|1
+
|[@bersace](https://github.com/bersace)|1
---
-Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2019-06-19.
+Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2022-03-02.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 53b51a73..e3c2c5cc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,368 @@
# Changelog
+## [2.8.1](https://github.com/saltstack-formulas/nginx-formula/compare/v2.8.0...v2.8.1) (2022-03-02)
+
+
+### Bug Fixes
+
+* **debian:** avoid adding repositories entries multiple times ([d1d3e55](https://github.com/saltstack-formulas/nginx-formula/commit/d1d3e552adf3bc17265ffcc1c27920d4b9a09c6d)), closes [/github.com/saltstack/salt/issues/59785#issuecomment-826590482](https://github.com//github.com/saltstack/salt/issues/59785/issues/issuecomment-826590482)
+
+
+### Continuous Integration
+
+* update linters to latest versions [skip ci] ([512fe00](https://github.com/saltstack-formulas/nginx-formula/commit/512fe00a069f2fcabed119c36f9444c2a65e179c))
+
+
+### Tests
+
+* **repository:** use `system.platform[:codename]` [skip ci] ([0e51694](https://github.com/saltstack-formulas/nginx-formula/commit/0e51694c2a59b975be0fe4972c525b73f556a6db))
+* **system:** add `build_platform_codename` [skip ci] ([5f1a289](https://github.com/saltstack-formulas/nginx-formula/commit/5f1a289f11cdcbb2dac6021109cfc390068134d4))
+
+# [2.8.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.5...v2.8.0) (2022-02-03)
+
+
+### Code Refactoring
+
+* **pkgs:** readbility ([b76e8cc](https://github.com/saltstack-formulas/nginx-formula/commit/b76e8cc6640943d97bc778948555ae3f45a71552))
+
+
+### Continuous Integration
+
+* **kitchen+gitlab:** update for new pre-salted images [skip ci] ([7fcb960](https://github.com/saltstack-formulas/nginx-formula/commit/7fcb9608cd838469e7c1faf2126ea8d5673d0481))
+
+
+### Features
+
+* **debian:** use keyrings instead of key_ids ([037c13a](https://github.com/saltstack-formulas/nginx-formula/commit/037c13a674d9e2850a808bcb0fe8600e4ec8b177))
+
+
+### Reverts
+
+* **pkg:** use grains.osfinger in a format suitable for all platforms ([8fee9f0](https://github.com/saltstack-formulas/nginx-formula/commit/8fee9f05bd86c549a050a5b4c555fa0d532493d3))
+
+
+### Styles
+
+* **map.jinja:** remove empty line ([ae52641](https://github.com/saltstack-formulas/nginx-formula/commit/ae52641cfc87ad576f22f0675eff436ebccf3d34))
+
+
+### Tests
+
+* **repository:** favor `platform` over `os` ([c16ecf8](https://github.com/saltstack-formulas/nginx-formula/commit/c16ecf82f52b0236a8b54b5ad984c08902b79534))
+
+## [2.7.5](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.4...v2.7.5) (2022-02-02)
+
+
+### Bug Fixes
+
+* **snippets:** make sure they're deployed before being used ([9dfc1c1](https://github.com/saltstack-formulas/nginx-formula/commit/9dfc1c1b2f4a0cd17221b303c95af1d7a9aba781))
+
+
+### Continuous Integration
+
+* **3003.1:** update inc. AlmaLinux, Rocky & `rst-lint` [skip ci] ([6a42a9b](https://github.com/saltstack-formulas/nginx-formula/commit/6a42a9bdf84e764cb4b3313ad2b6d95688517dec))
+* **freebsd:** update with latest pre-salted Vagrant boxes [skip ci] ([860fabe](https://github.com/saltstack-formulas/nginx-formula/commit/860fabe327cfa9512152b0f278897311f35449bf))
+* **gemfile:** allow rubygems proxy to be provided as an env var [skip ci] ([1557473](https://github.com/saltstack-formulas/nginx-formula/commit/155747346c5b0fe7e1af5214734581e992832b45))
+* **gemfile+lock:** use `ssf` customised `inspec` repo [skip ci] ([a11da83](https://github.com/saltstack-formulas/nginx-formula/commit/a11da83d03fad1c50a93ba06c1c5af21f1c79e7a))
+* **gitlab-ci:** enable instance after upstream issue resolved [skip ci] ([79499e8](https://github.com/saltstack-formulas/nginx-formula/commit/79499e841be74162dd5ec869de267366b6048af1))
+* **kitchen:** move `provisioner` block & update `run_command` [skip ci] ([6b65017](https://github.com/saltstack-formulas/nginx-formula/commit/6b650177aaa9800151f2e7f628551856f0c28c54))
+* **kitchen+ci:** update with `3004` pre-salted images/boxes [skip ci] ([30f87cc](https://github.com/saltstack-formulas/nginx-formula/commit/30f87cc84b2991c7f0ed1f0066f9241a3754e8df))
+* **kitchen+ci:** update with latest `3003.2` pre-salted images [skip ci] ([70a1f31](https://github.com/saltstack-formulas/nginx-formula/commit/70a1f3135ccfde09f6016a46eee3fc55b2ca9840))
+* **kitchen+ci:** update with latest CVE pre-salted images [skip ci] ([e041418](https://github.com/saltstack-formulas/nginx-formula/commit/e0414181a724076176cb37f6402f013f4e498109))
+* **vagrant:** replace FreeBSD 12.2 with 12.3 [skip ci] ([7deb74f](https://github.com/saltstack-formulas/nginx-formula/commit/7deb74fdbccad7e8590b9ddf7d0630e9a2ba56e1))
+* add Debian 11 Bullseye & update `yamllint` configuration [skip ci] ([fa8a5db](https://github.com/saltstack-formulas/nginx-formula/commit/fa8a5db5079b1e41eeac5d4ee25c06d976a24f3e))
+* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] ([d15f3de](https://github.com/saltstack-formulas/nginx-formula/commit/d15f3decb3fb1d8d1d04934c8d909913380d53f1))
+
+## [2.7.4](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.3...v2.7.4) (2021-06-15)
+
+
+### Bug Fixes
+
+* **servers:** include main config file watch in extend ([00387e7](https://github.com/saltstack-formulas/nginx-formula/commit/00387e7cbd90ceb5496df5cf9bce8f7dae25b056))
+
+## [2.7.3](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.2...v2.7.3) (2021-06-14)
+
+
+### Tests
+
+* **snippets:** add tests for snippets includes ([1c83b6d](https://github.com/saltstack-formulas/nginx-formula/commit/1c83b6d5fa93079476ca9e8baa1ccd9d44e5237f)), closes [#275](https://github.com/saltstack-formulas/nginx-formula/issues/275) [#274](https://github.com/saltstack-formulas/nginx-formula/issues/274)
+
+## [2.7.2](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.1...v2.7.2) (2021-06-14)
+
+
+### Bug Fixes
+
+* **certificates:** ensure `openssl` installed before `cmd.run` ([0cd7c7b](https://github.com/saltstack-formulas/nginx-formula/commit/0cd7c7b20528ce9fbd4f8991a365415a3093546d)), closes [/gitlab.com/saltstack-formulas/nginx-formula/-/jobs/1345325819#L2830](https://github.com//gitlab.com/saltstack-formulas/nginx-formula/-/jobs/1345325819/issues/L2830)
+* **snippets:** ignore servers or snippets when undefined ([6cb486d](https://github.com/saltstack-formulas/nginx-formula/commit/6cb486dbd290c91bbdbf00fd0061efaedbef4dea)), closes [#274](https://github.com/saltstack-formulas/nginx-formula/issues/274)
+
+## [2.7.1](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.0...v2.7.1) (2021-05-12)
+
+
+### Bug Fixes
+
+* **servers:** wrong conditional specification ([494b2fb](https://github.com/saltstack-formulas/nginx-formula/commit/494b2fbea490fded02cecd4d3e3e0372476548fb))
+
+
+### Continuous Integration
+
+* add `arch-master` to matrix and update `.travis.yml` [skip ci] ([4697152](https://github.com/saltstack-formulas/nginx-formula/commit/46971528d7a7e23241564da146ee8d28b7d2eecc))
+
+# [2.7.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.6.3...v2.7.0) (2021-04-28)
+
+
+### Continuous Integration
+
+* **kitchen+gitlab:** adjust matrix to add `3003` [skip ci] ([46faf4e](https://github.com/saltstack-formulas/nginx-formula/commit/46faf4e24b39f7d4fd138126dbe5eb6a06eb5b67))
+* **vagrant:** add FreeBSD 13.0 [skip ci] ([b41062e](https://github.com/saltstack-formulas/nginx-formula/commit/b41062e3b19c4c109198bd95c53158d871bbff85))
+* **vagrant:** use pre-salted boxes & conditional local settings [skip ci] ([b9e9cd3](https://github.com/saltstack-formulas/nginx-formula/commit/b9e9cd38e6d29b7eb4cd8ae74a1bdf901959dee3))
+
+
+### Documentation
+
+* **readme:** add `Testing with Vagrant` section [skip ci] ([5727848](https://github.com/saltstack-formulas/nginx-formula/commit/57278481de489441a5c04aee544962212e91c5af))
+
+
+### Features
+
+* **servers_config:** add require statement to manage dependencies ([622d22f](https://github.com/saltstack-formulas/nginx-formula/commit/622d22f9711085aeca19f3907e22e87c6b21b8d0))
+
+
+### Tests
+
+* **requires:** verify dependencies in vhosts ([6478143](https://github.com/saltstack-formulas/nginx-formula/commit/64781431b9187d392f56ce5461c3b1a9c2944f90))
+
+## [2.6.3](https://github.com/saltstack-formulas/nginx-formula/compare/v2.6.2...v2.6.3) (2021-04-03)
+
+
+### Bug Fixes
+
+* **freebsd:** add `openssl` pkg and update all `default` tests ([4cd351a](https://github.com/saltstack-formulas/nginx-formula/commit/4cd351adbc184b938b0d0cf587419bab5b39a7d3))
+
+
+### Continuous Integration
+
+* enable Vagrant-based testing using GitHub Actions ([c79ce9a](https://github.com/saltstack-formulas/nginx-formula/commit/c79ce9a9ae30e889ab925bb0398008b434bc9b0a))
+
+## [2.6.2](https://github.com/saltstack-formulas/nginx-formula/compare/v2.6.1...v2.6.2) (2021-03-30)
+
+
+### Bug Fixes
+
+* **servers_config:** fixup 05994e1 ([c03729a](https://github.com/saltstack-formulas/nginx-formula/commit/c03729ae326876a20cb22c346f9d4cd96418af9a))
+
+## [2.6.1](https://github.com/saltstack-formulas/nginx-formula/compare/v2.6.0...v2.6.1) (2021-03-29)
+
+
+### Bug Fixes
+
+* **servers_config:** remove service depedency ([05994e1](https://github.com/saltstack-formulas/nginx-formula/commit/05994e1b174ccdf3ff4a444f81314ad925fa478d))
+
+
+### Code Refactoring
+
+* **servers_config:** remove unused loop ([3825557](https://github.com/saltstack-formulas/nginx-formula/commit/3825557070a18db4828cc634dd036a428f8a9836))
+
+
+### Continuous Integration
+
+* **kitchen+ci:** include `passenger` suite [skip ci] ([0bbe686](https://github.com/saltstack-formulas/nginx-formula/commit/0bbe68619fdf3791e6202ce3f17ca03efc4441c1))
+
+
+### Tests
+
+* standardise use of `share` suite & `_mapdata` state [skip ci] ([8ea3c82](https://github.com/saltstack-formulas/nginx-formula/commit/8ea3c82be3fccb2bad8bac566f210454549d141e))
+
+# [2.6.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.5.0...v2.6.0) (2021-03-11)
+
+
+### Bug Fixes
+
+* **passenger:** various fixes ([7271c9d](https://github.com/saltstack-formulas/nginx-formula/commit/7271c9d16c8218244ae5ef0b188b7f9f4a414074))
+* **pkg:** add inline EPEL repo configuration for Amazon Linux 2 ([ae6375c](https://github.com/saltstack-formulas/nginx-formula/commit/ae6375ccccd56a506ee28babbeabf351112a06de))
+
+
+### Continuous Integration
+
+* **gemfile+lock:** use `ssf` customised `kitchen-docker` repo [skip ci] ([123d13e](https://github.com/saltstack-formulas/nginx-formula/commit/123d13e2f483c203cbfc1366b36a30e1732603e1))
+* **kitchen+ci:** make rubocop happy [skip ci] ([eedfc56](https://github.com/saltstack-formulas/nginx-formula/commit/eedfc56b41b673e196029274048670e89e55a694))
+* **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] ([63d32a4](https://github.com/saltstack-formulas/nginx-formula/commit/63d32a40b13ca2c77bb83cceba620218617aab6a))
+* **kitchen+gitlab-ci:** use latest pre-salted images [skip ci] ([b4411c6](https://github.com/saltstack-formulas/nginx-formula/commit/b4411c61d3352ecb9775197f991f5f33996730dc))
+* **pre-commit:** update hook for `rubocop` [skip ci] ([2a23743](https://github.com/saltstack-formulas/nginx-formula/commit/2a23743fca8fd54b2a18dc2a07d0daa8142c0289))
+
+
+### Features
+
+* **config:** validate config before applying ([b396b24](https://github.com/saltstack-formulas/nginx-formula/commit/b396b24fe456de7001b2cc013814ada189351e6f))
+
+
+### Tests
+
+* **config:** fix for Amazon Linux 2 & Oracle Linux 7/8 ([ab39c8f](https://github.com/saltstack-formulas/nginx-formula/commit/ab39c8f7c3c9bf5dbd4436cad8ccce21263fe646))
+
+# [2.5.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.4.1...v2.5.0) (2021-01-04)
+
+
+### Continuous Integration
+
+* **commitlint:** ensure `upstream/master` uses main repo URL [skip ci] ([0ecd767](https://github.com/saltstack-formulas/nginx-formula/commit/0ecd767e8691ba14b8c3ab7311fa7ae78e71d575))
+* **gitlab-ci:** add `rubocop` linter (with `allow_failure`) [skip ci] ([5c9f6d4](https://github.com/saltstack-formulas/nginx-formula/commit/5c9f6d4d7144452145d06b95643a34f7fde3d35e))
+
+
+### Features
+
+* **context:** pass `nginx` to snippets and server_config contexts ([8641f0d](https://github.com/saltstack-formulas/nginx-formula/commit/8641f0d79a073b870a386ba9b494339c8e53b255))
+
+## [2.4.1](https://github.com/saltstack-formulas/nginx-formula/compare/v2.4.0...v2.4.1) (2020-12-16)
+
+
+### Continuous Integration
+
+* **gemfile.lock:** add to repo with updated `Gemfile` [skip ci] ([bcd67a6](https://github.com/saltstack-formulas/nginx-formula/commit/bcd67a6d462ac7b33e0e8638f0da9a2e762076b2))
+* **gitlab-ci:** use GitLab CI as Travis CI replacement ([f988e6d](https://github.com/saltstack-formulas/nginx-formula/commit/f988e6d8f5eb8bb9f8a99d6b2075883797040600))
+* **kitchen:** use `saltimages` Docker Hub where available [skip ci] ([a45ffb6](https://github.com/saltstack-formulas/nginx-formula/commit/a45ffb66aef246504794a82fddc71b5351f667e5))
+* **kitchen+travis:** remove `master-py2-arch-base-latest` [skip ci] ([86f0a57](https://github.com/saltstack-formulas/nginx-formula/commit/86f0a5705afd745fa9982e22c762d37b0f94345a))
+* **pre-commit:** add to formula [skip ci] ([cb98ed0](https://github.com/saltstack-formulas/nginx-formula/commit/cb98ed05c69af62c32e4b780498421cf4bdd2856))
+* **pre-commit:** enable/disable `rstcheck` as relevant [skip ci] ([093c38e](https://github.com/saltstack-formulas/nginx-formula/commit/093c38eae748a457644d9b0e802e10ebfef16bdb))
+* **pre-commit:** finalise `rstcheck` configuration [skip ci] ([33ce43d](https://github.com/saltstack-formulas/nginx-formula/commit/33ce43dcec7e5daef07c246b826848b0fe10662a))
+* **travis:** add notifications => zulip [skip ci] ([a288342](https://github.com/saltstack-formulas/nginx-formula/commit/a28834207074d7b7796822a83765bec9b799a9f0))
+* **workflows/commitlint:** add to repo [skip ci] ([437b28a](https://github.com/saltstack-formulas/nginx-formula/commit/437b28af257a657192ea8452365c2a843e3a4b94))
+
+
+### Styles
+
+* **libtofs.jinja:** use Black-inspired Jinja formatting [skip ci] ([66f4ea7](https://github.com/saltstack-formulas/nginx-formula/commit/66f4ea7ed9dd1aa10474c064a10f103b32f2b60f))
+
+# [2.4.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.3.3...v2.4.0) (2020-03-31)
+
+
+### Bug Fixes
+
+* **libtofs:** “files_switch” mess up the variable exported by “map.jinja” [skip ci] ([10b446e](https://github.com/saltstack-formulas/nginx-formula/commit/10b446ed1ed295e5bf75fcb437953df61b39ba9e))
+
+
+### Continuous Integration
+
+* **kitchen:** avoid using bootstrap for `master` instances [skip ci] ([efebb0a](https://github.com/saltstack-formulas/nginx-formula/commit/efebb0af6b4cda41a75d571fe5adc869b32febb7))
+
+
+### Features
+
+* **add purge option:** purge sites option ([a373bda](https://github.com/saltstack-formulas/nginx-formula/commit/a373bdab79e854c43c61de7edd65d460c73f0477))
+
+## [2.3.3](https://github.com/saltstack-formulas/nginx-formula/compare/v2.3.2...v2.3.3) (2019-12-22)
+
+
+### Bug Fixes
+
+* **map.jinja:** use upstream default for `worker_connections` ([49caf8c](https://github.com/saltstack-formulas/nginx-formula/commit/49caf8cd69be49bd7773949c9f29e147732140a5)), closes [#261](https://github.com/saltstack-formulas/nginx-formula/issues/261)
+
+
+### Continuous Integration
+
+* **gemfile:** restrict `train` gem version until upstream fix [skip ci] ([09be54d](https://github.com/saltstack-formulas/nginx-formula/commit/09be54d05fb3ce7cff039aa74633a3b29dcbbcee))
+* **travis:** quote pathspecs used with `git ls-files` [skip ci] ([091c614](https://github.com/saltstack-formulas/nginx-formula/commit/091c61448dd068e2734869caeb91cedb6f4264e2))
+* **travis:** run `shellcheck` during lint job [skip ci] ([ccf64d9](https://github.com/saltstack-formulas/nginx-formula/commit/ccf64d9be2f0aa07dfb72ed25352197081e9e388))
+* **travis:** use `major.minor` for `semantic-release` version [skip ci] ([facbaa1](https://github.com/saltstack-formulas/nginx-formula/commit/facbaa1e392de9238cf494964e57af73e1bf709a))
+
+## [2.3.2](https://github.com/saltstack-formulas/nginx-formula/compare/v2.3.1...v2.3.2) (2019-11-25)
+
+
+### Bug Fixes
+
+* **certificates.sls:** prepare `certificates_path` dir separately ([297e3ac](https://github.com/saltstack-formulas/nginx-formula/commit/297e3ac400707cdd8f396da4c23ba30fc719a2cd)), closes [#241](https://github.com/saltstack-formulas/nginx-formula/issues/241)
+* **release.config.js:** use full commit hash in commit link [skip ci] ([b13ec85](https://github.com/saltstack-formulas/nginx-formula/commit/b13ec85433d85b8ca87c3798db9cab3e297b81cf))
+
+
+### Continuous Integration
+
+* **kitchen:** use `debian-10-master-py3` instead of `develop` [skip ci] ([0665878](https://github.com/saltstack-formulas/nginx-formula/commit/066587829c5a40967b0e7926f12202b07b51ab3c))
+* **kitchen:** use `develop` image until `master` is ready (`amazonlinux`) [skip ci] ([e8ed39a](https://github.com/saltstack-formulas/nginx-formula/commit/e8ed39a62cd40fe43af2aae67a3e2347d02b6b6a))
+* **kitchen+travis:** upgrade matrix after `2019.2.2` release [skip ci] ([faefcab](https://github.com/saltstack-formulas/nginx-formula/commit/faefcabd654e5323b6ca146fb0046dd636ed5f68))
+* **travis:** apply changes from build config validation [skip ci] ([4125887](https://github.com/saltstack-formulas/nginx-formula/commit/41258874a52df3da7a9f036b5378eb12b7a1a537))
+* **travis:** opt-in to `dpl v2` to complete build config validation [skip ci] ([dbeb2da](https://github.com/saltstack-formulas/nginx-formula/commit/dbeb2da3e43aa13f162b1ac4c6203ecff60e0102))
+* **travis:** update `salt-lint` config for `v0.0.10` [skip ci] ([a8382b5](https://github.com/saltstack-formulas/nginx-formula/commit/a8382b51a028ed5f069ff0168127ef3c8a4337da))
+* **travis:** use build config validation (beta) [skip ci] ([bbf91c9](https://github.com/saltstack-formulas/nginx-formula/commit/bbf91c9f1432118a9eafde507de9ffa7b3ff5093))
+* merge travis matrix, add `salt-lint` & `rubocop` to `lint` job ([567c08c](https://github.com/saltstack-formulas/nginx-formula/commit/567c08c9adf752eb95627b0e914804645015ee20))
+
+
+### Documentation
+
+* **contributing:** remove to use org-level file instead [skip ci] ([2e58d63](https://github.com/saltstack-formulas/nginx-formula/commit/2e58d636aaa8a66ec9540238b2f4e267172e10c2))
+* **readme:** update link to `CONTRIBUTING` [skip ci] ([3ff6692](https://github.com/saltstack-formulas/nginx-formula/commit/3ff6692590932e7cc7609fdc0f52fc261228f290))
+
+
+### Performance Improvements
+
+* **travis:** improve `salt-lint` invocation [skip ci] ([e586fbe](https://github.com/saltstack-formulas/nginx-formula/commit/e586fbeebc758cdfd6d381a6ef9ad72231523dea))
+
+
+### Tests
+
+* **pillar/nginx.sls:** add reprodicible snippet based on issue [#241](https://github.com/saltstack-formulas/nginx-formula/issues/241) ([4ba3524](https://github.com/saltstack-formulas/nginx-formula/commit/4ba35247ed742393367968db34ff61a6b07f6695))
+
+## [2.3.1](https://github.com/saltstack-formulas/nginx-formula/compare/v2.3.0...v2.3.1) (2019-10-10)
+
+
+### Bug Fixes
+
+* **certificates.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/nginx-formula/commit/bedc1b6))
+* **map.jinja:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/nginx-formula/commit/0772d8a))
+* **pkg.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/nginx-formula/commit/06d055e))
+
+
+### Continuous Integration
+
+* **kitchen:** change `log_level` to `debug` instead of `info` ([](https://github.com/saltstack-formulas/nginx-formula/commit/671a4ce))
+* **kitchen:** install required packages to bootstrapped `opensuse` [skip ci] ([](https://github.com/saltstack-formulas/nginx-formula/commit/17291a0))
+* **kitchen:** use bootstrapped `opensuse` images until `2019.2.2` [skip ci] ([](https://github.com/saltstack-formulas/nginx-formula/commit/a39e124))
+* **platform:** add `arch-base-latest` ([](https://github.com/saltstack-formulas/nginx-formula/commit/c921086))
+* **yamllint:** add rule `empty-values` & use new `yaml-files` setting ([](https://github.com/saltstack-formulas/nginx-formula/commit/3d48b1b))
+* merge travis matrix, add `salt-lint` & `rubocop` to `lint` job ([](https://github.com/saltstack-formulas/nginx-formula/commit/08ce3ed))
+* use `dist: bionic` & apply `opensuse-leap-15` SCP error workaround ([](https://github.com/saltstack-formulas/nginx-formula/commit/8ddb921))
+
+
+### Documentation
+
+* **pillar.example:** fix TOFS comment to explain the default path [skip ci] ([](https://github.com/saltstack-formulas/nginx-formula/commit/714f547)), closes [/github.com/saltstack-formulas/libvirt-formula/pull/60#issuecomment-537965254](https://github.com//github.com/saltstack-formulas/libvirt-formula/pull/60/issues/issuecomment-537965254) [/github.com/saltstack-formulas/libvirt-formula/pull/60#issuecomment-537988138](https://github.com//github.com/saltstack-formulas/libvirt-formula/pull/60/issues/issuecomment-537988138)
+
+# [2.3.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.2.1...v2.3.0) (2019-09-01)
+
+
+### Continuous Integration
+
+* **kitchen+travis:** replace EOL pre-salted images ([70e1426](https://github.com/saltstack-formulas/nginx-formula/commit/70e1426))
+
+
+### Features
+
+* **passenger:** inc config, snippets, servers, etc ([e07b558](https://github.com/saltstack-formulas/nginx-formula/commit/e07b558))
+
+## [2.2.1](https://github.com/saltstack-formulas/nginx-formula/compare/v2.2.0...v2.2.1) (2019-08-25)
+
+
+### Documentation
+
+* **readme:** update testing section ([182f216](https://github.com/saltstack-formulas/nginx-formula/commit/182f216))
+
+# [2.2.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.1.0...v2.2.0) (2019-08-12)
+
+
+### Features
+
+* **yamllint:** include for this repo and apply rules throughout ([6b7d1fe](https://github.com/saltstack-formulas/nginx-formula/commit/6b7d1fe))
+
+# [2.1.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.0.0...v2.1.0) (2019-08-04)
+
+
+### Continuous Integration
+
+* **kitchen+travis:** modify matrix to include `develop` platform ([f6b357d](https://github.com/saltstack-formulas/nginx-formula/commit/f6b357d))
+
+
+### Features
+
+* **linux:** archlinux support (no osfinger grain) ([ab6148c](https://github.com/saltstack-formulas/nginx-formula/commit/ab6148c))
+
# [2.0.0](https://github.com/saltstack-formulas/nginx-formula/compare/v1.1.0...v2.0.0) (2019-06-19)
diff --git a/CODEOWNERS b/CODEOWNERS
new file mode 100644
index 00000000..a3076444
--- /dev/null
+++ b/CODEOWNERS
@@ -0,0 +1,50 @@
+# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
+
+# SECTION: Owner(s) for everything in the repo, unless a later match takes precedence
+# FILE PATTERN OWNER(S)
+* @sticky-note
+
+# SECTION: Owner(s) for specific directories
+# FILE PATTERN OWNER(S)
+
+# SECTION: Owner(s) for files/directories related to `semantic-release`
+# FILE PATTERN OWNER(S)
+/.github/workflows/ @saltstack-formulas/ssf
+/bin/install-hooks @saltstack-formulas/ssf
+/bin/kitchen @saltstack-formulas/ssf
+/docs/AUTHORS.rst @saltstack-formulas/ssf
+/docs/CHANGELOG.rst @saltstack-formulas/ssf
+/docs/TOFS_pattern.rst @saltstack-formulas/ssf
+/*/_mapdata/ @saltstack-formulas/ssf
+/*/libsaltcli.jinja @saltstack-formulas/ssf
+/*/libtofs.jinja @saltstack-formulas/ssf
+/test/integration/**/_mapdata.rb @saltstack-formulas/ssf
+/test/integration/**/libraries/system.rb @saltstack-formulas/ssf
+/test/integration/**/inspec.yml @saltstack-formulas/ssf
+/test/integration/**/README.md @saltstack-formulas/ssf
+/test/salt/pillar/top.sls @saltstack-formulas/ssf
+/.gitignore @saltstack-formulas/ssf
+/.cirrus.yml @saltstack-formulas/ssf
+/.gitlab-ci.yml @saltstack-formulas/ssf
+/.pre-commit-config.yaml @saltstack-formulas/ssf
+/.rstcheck.cfg @saltstack-formulas/ssf
+/.rubocop.yml @saltstack-formulas/ssf
+/.salt-lint @saltstack-formulas/ssf
+/.travis.yml @saltstack-formulas/ssf
+/.yamllint @saltstack-formulas/ssf
+/AUTHORS.md @saltstack-formulas/ssf
+/CHANGELOG.md @saltstack-formulas/ssf
+/CODEOWNERS @saltstack-formulas/ssf
+/commitlint.config.js @saltstack-formulas/ssf
+/FORMULA @saltstack-formulas/ssf
+/Gemfile @saltstack-formulas/ssf
+/Gemfile.lock @saltstack-formulas/ssf
+/kitchen.yml @saltstack-formulas/ssf
+/kitchen.vagrant.yml @saltstack-formulas/ssf
+/kitchen.windows.yml @saltstack-formulas/ssf
+/pre-commit_semantic-release.sh @saltstack-formulas/ssf
+/release-rules.js @saltstack-formulas/ssf
+/release.config.js @saltstack-formulas/ssf
+
+# SECTION: Owner(s) for specific files
+# FILE PATTERN OWNER(S)
diff --git a/FORMULA b/FORMULA
index 249b14f9..f10cee26 100644
--- a/FORMULA
+++ b/FORMULA
@@ -1,7 +1,7 @@
name: nginx
os: Debian, Ubuntu, RedHat, Fedora, CentOS, Suse, openSUSE
os_family: Debian, RedHat, Suse
-version: 2.0.0
+version: 2.8.1
release: 1
minimum_version: 2017.3
summary: nginx formula
diff --git a/Gemfile b/Gemfile
index 3b36de32..f4192913 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,6 +1,23 @@
-source "https://rubygems.org"
+# frozen_string_literal: true
-gem 'kitchen-docker', '>= 2.9'
-gem 'kitchen-salt', '>= 0.6.0'
-gem 'kitchen-inspec', '>= 1.1'
+source ENV.fetch('PROXY_RUBYGEMSORG', 'https://rubygems.org')
+# Install the `inspec` gem using `git` because versions after `4.22.22`
+# suppress diff output; this version fixes this for our uses.
+# rubocop:disable Layout/LineLength
+gem 'inspec', git: 'https://gitlab.com/saltstack-formulas/infrastructure/inspec', branch: 'ssf'
+# rubocop:enable Layout/LineLength
+
+# Install the `kitchen-docker` gem using `git` in order to gain a performance
+# improvement: avoid package installations which are already covered by the
+# `salt-image-builder` (i.e. the pre-salted images that we're using)
+# rubocop:disable Layout/LineLength
+gem 'kitchen-docker', git: 'https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker', branch: 'ssf'
+# rubocop:enable Layout/LineLength
+
+gem 'kitchen-inspec', '>= 2.5.0'
+gem 'kitchen-salt', '>= 0.7.2'
+
+group :vagrant do
+ gem 'kitchen-vagrant'
+end
diff --git a/Gemfile.lock b/Gemfile.lock
new file mode 100644
index 00000000..79083eba
--- /dev/null
+++ b/Gemfile.lock
@@ -0,0 +1,678 @@
+GIT
+ remote: https://gitlab.com/saltstack-formulas/infrastructure/inspec
+ revision: aaef842906a5666f0fc0b4f186b4dd3498f5b28c
+ branch: ssf
+ specs:
+ inspec (5.18.15)
+ cookstyle
+ faraday_middleware (>= 0.12.2, < 1.1)
+ inspec-core (= 5.18.15)
+ mongo (= 2.13.2)
+ progress_bar (~> 1.3.3)
+ rake
+ train (~> 3.10)
+ train-aws (~> 0.2)
+ train-habitat (~> 0.1)
+ train-winrm (~> 0.2)
+ inspec-core (5.18.15)
+ addressable (~> 2.4)
+ chef-telemetry (~> 1.0, >= 1.0.8)
+ faraday (>= 0.9.0, < 1.5)
+ faraday_middleware (~> 1.0)
+ hashie (>= 3.4, < 5.0)
+ license-acceptance (>= 0.2.13, < 3.0)
+ method_source (>= 0.8, < 2.0)
+ mixlib-log (~> 3.0)
+ multipart-post (~> 2.0)
+ parallel (~> 1.9)
+ parslet (>= 1.5, < 2.0)
+ pry (~> 0.13)
+ rspec (>= 3.9, <= 3.11)
+ rspec-its (~> 1.2)
+ rubyzip (>= 1.2.2, < 3.0)
+ semverse (~> 3.0)
+ sslshake (~> 1.2)
+ thor (>= 0.20, < 2.0)
+ tomlrb (>= 1.2, < 2.1)
+ train-core (~> 3.10)
+ tty-prompt (~> 0.17)
+ tty-table (~> 0.10)
+
+GIT
+ remote: https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker
+ revision: 9a09bc1e571e25f3ccabf4725ca2048d970fff82
+ branch: ssf
+ specs:
+ kitchen-docker (2.12.0)
+ test-kitchen (>= 1.0.0)
+
+GEM
+ remote: https://rubygems.org/
+ specs:
+ activesupport (7.0.3.1)
+ concurrent-ruby (~> 1.0, >= 1.0.2)
+ i18n (>= 1.6, < 2)
+ minitest (>= 5.1)
+ tzinfo (~> 2.0)
+ addressable (2.8.0)
+ public_suffix (>= 2.0.2, < 5.0)
+ ast (2.4.2)
+ aws-eventstream (1.2.0)
+ aws-partitions (1.607.0)
+ aws-sdk-alexaforbusiness (1.56.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-amplify (1.32.0)
+ aws-sdk-core (~> 3, >= 3.120.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-apigateway (1.78.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-apigatewayv2 (1.42.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-applicationautoscaling (1.51.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-athena (1.55.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-autoscaling (1.63.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-batch (1.47.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-budgets (1.50.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-cloudformation (1.70.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-cloudfront (1.65.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-cloudhsm (1.39.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-cloudhsmv2 (1.42.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-cloudtrail (1.49.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-cloudwatch (1.64.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-cloudwatchevents (1.46.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-cloudwatchlogs (1.53.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-codecommit (1.51.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-codedeploy (1.49.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-codepipeline (1.53.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-cognitoidentity (1.31.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-cognitoidentityprovider (1.53.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-configservice (1.79.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-core (3.131.2)
+ aws-eventstream (~> 1, >= 1.0.2)
+ aws-partitions (~> 1, >= 1.525.0)
+ aws-sigv4 (~> 1.1)
+ jmespath (~> 1, >= 1.6.1)
+ aws-sdk-costandusagereportservice (1.40.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-databasemigrationservice (1.53.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-dynamodb (1.75.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-ec2 (1.322.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-ecr (1.56.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-ecrpublic (1.12.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-ecs (1.100.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-efs (1.54.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-eks (1.75.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-elasticache (1.78.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-elasticbeanstalk (1.51.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-elasticloadbalancing (1.40.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-elasticloadbalancingv2 (1.78.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-elasticsearchservice (1.65.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-emr (1.53.0)
+ aws-sdk-core (~> 3, >= 3.121.2)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-eventbridge (1.24.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-firehose (1.48.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-glue (1.88.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-guardduty (1.58.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-iam (1.69.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-kafka (1.50.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-kinesis (1.41.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-kms (1.57.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-lambda (1.84.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-mq (1.40.0)
+ aws-sdk-core (~> 3, >= 3.120.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-networkfirewall (1.17.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-networkmanager (1.24.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-organizations (1.59.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-ram (1.26.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-rds (1.148.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-redshift (1.84.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-route53 (1.63.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-route53domains (1.40.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-route53resolver (1.37.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-s3 (1.114.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sdk-kms (~> 1)
+ aws-sigv4 (~> 1.4)
+ aws-sdk-s3control (1.43.0)
+ aws-sdk-core (~> 3, >= 3.122.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-secretsmanager (1.46.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-securityhub (1.67.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-servicecatalog (1.60.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-ses (1.41.0)
+ aws-sdk-core (~> 3, >= 3.120.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-shield (1.48.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-signer (1.32.0)
+ aws-sdk-core (~> 3, >= 3.120.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-simpledb (1.29.0)
+ aws-sdk-core (~> 3, >= 3.120.0)
+ aws-sigv2 (~> 1.0)
+ aws-sdk-sms (1.40.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-sns (1.53.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-sqs (1.51.1)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-ssm (1.137.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-states (1.39.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-synthetics (1.19.0)
+ aws-sdk-core (~> 3, >= 3.121.2)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-transfer (1.34.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-waf (1.43.0)
+ aws-sdk-core (~> 3, >= 3.122.0)
+ aws-sigv4 (~> 1.1)
+ aws-sigv2 (1.1.0)
+ aws-sigv4 (1.5.0)
+ aws-eventstream (~> 1, >= 1.0.2)
+ azure_graph_rbac (0.17.2)
+ ms_rest_azure (~> 0.12.0)
+ azure_mgmt_key_vault (0.17.7)
+ ms_rest_azure (~> 0.12.0)
+ azure_mgmt_resources (0.18.2)
+ ms_rest_azure (~> 0.12.0)
+ azure_mgmt_security (0.19.0)
+ ms_rest_azure (~> 0.12.0)
+ azure_mgmt_storage (0.23.0)
+ ms_rest_azure (~> 0.12.0)
+ bcrypt_pbkdf (1.1.0)
+ bson (4.15.0)
+ builder (3.2.4)
+ chef-config (17.10.0)
+ addressable
+ chef-utils (= 17.10.0)
+ fuzzyurl
+ mixlib-config (>= 2.2.12, < 4.0)
+ mixlib-shellout (>= 2.0, < 4.0)
+ tomlrb (~> 1.2)
+ chef-telemetry (1.1.1)
+ chef-config
+ concurrent-ruby (~> 1.0)
+ chef-utils (17.10.0)
+ concurrent-ruby
+ coderay (1.1.3)
+ concurrent-ruby (1.1.10)
+ cookstyle (7.32.1)
+ rubocop (= 1.25.1)
+ declarative (0.0.20)
+ diff-lcs (1.5.0)
+ docker-api (2.2.0)
+ excon (>= 0.47.0)
+ multi_json
+ domain_name (0.5.20190701)
+ unf (>= 0.0.5, < 1.0.0)
+ ed25519 (1.3.0)
+ erubi (1.10.0)
+ excon (0.92.3)
+ faraday (1.4.3)
+ faraday-em_http (~> 1.0)
+ faraday-em_synchrony (~> 1.0)
+ faraday-excon (~> 1.1)
+ faraday-net_http (~> 1.0)
+ faraday-net_http_persistent (~> 1.1)
+ multipart-post (>= 1.2, < 3)
+ ruby2_keywords (>= 0.0.4)
+ faraday-cookie_jar (0.0.7)
+ faraday (>= 0.8.0)
+ http-cookie (~> 1.0.0)
+ faraday-em_http (1.0.0)
+ faraday-em_synchrony (1.0.0)
+ faraday-excon (1.1.0)
+ faraday-net_http (1.0.1)
+ faraday-net_http_persistent (1.2.0)
+ faraday_middleware (1.0.0)
+ faraday (~> 1.0)
+ ffi (1.15.5)
+ fuzzyurl (0.9.0)
+ google-api-client (0.52.0)
+ addressable (~> 2.5, >= 2.5.1)
+ googleauth (~> 0.9)
+ httpclient (>= 2.8.1, < 3.0)
+ mini_mime (~> 1.0)
+ representable (~> 3.0)
+ retriable (>= 2.0, < 4.0)
+ rexml
+ signet (~> 0.12)
+ googleauth (0.14.0)
+ faraday (>= 0.17.3, < 2.0)
+ jwt (>= 1.4, < 3.0)
+ memoist (~> 0.16)
+ multi_json (~> 1.11)
+ os (>= 0.9, < 2.0)
+ signet (~> 0.14)
+ gssapi (1.3.1)
+ ffi (>= 1.0.1)
+ gyoku (1.4.0)
+ builder (>= 2.1.2)
+ rexml (~> 3.0)
+ hashie (4.1.0)
+ highline (2.0.3)
+ http-cookie (1.0.5)
+ domain_name (~> 0.5)
+ httpclient (2.8.3)
+ i18n (1.12.0)
+ concurrent-ruby (~> 1.0)
+ inifile (3.0.0)
+ jmespath (1.6.1)
+ json (2.6.2)
+ jwt (2.4.1)
+ kitchen-inspec (2.6.1)
+ hashie (>= 3.4, <= 5.0)
+ inspec (>= 2.2.64, < 7.0)
+ test-kitchen (>= 2.7, < 4)
+ kitchen-salt (0.7.2)
+ hashie (>= 3.5)
+ test-kitchen (>= 1.4)
+ kitchen-vagrant (1.12.0)
+ test-kitchen (>= 1.4, < 4)
+ license-acceptance (2.1.13)
+ pastel (~> 0.7)
+ tomlrb (>= 1.2, < 3.0)
+ tty-box (~> 0.6)
+ tty-prompt (~> 0.20)
+ little-plugger (1.1.4)
+ logging (2.3.1)
+ little-plugger (~> 1.1)
+ multi_json (~> 1.14)
+ memoist (0.16.2)
+ method_source (1.0.0)
+ mini_mime (1.1.2)
+ minitest (5.16.2)
+ mixlib-config (3.0.27)
+ tomlrb
+ mixlib-install (3.12.19)
+ mixlib-shellout
+ mixlib-versioning
+ thor
+ mixlib-log (3.0.9)
+ mixlib-shellout (3.2.7)
+ chef-utils
+ mixlib-versioning (1.2.12)
+ mongo (2.13.2)
+ bson (>= 4.8.2, < 5.0.0)
+ ms_rest (0.7.6)
+ concurrent-ruby (~> 1.0)
+ faraday (>= 0.9, < 2.0.0)
+ timeliness (~> 0.3.10)
+ ms_rest_azure (0.12.0)
+ concurrent-ruby (~> 1.0)
+ faraday (>= 0.9, < 2.0.0)
+ faraday-cookie_jar (~> 0.0.6)
+ ms_rest (~> 0.7.6)
+ multi_json (1.15.0)
+ multipart-post (2.2.3)
+ net-scp (3.0.0)
+ net-ssh (>= 2.6.5, < 7.0.0)
+ net-ssh (6.1.0)
+ net-ssh-gateway (2.0.0)
+ net-ssh (>= 4.0.0)
+ nori (2.6.0)
+ options (2.3.2)
+ os (1.1.4)
+ parallel (1.22.1)
+ parser (3.1.2.0)
+ ast (~> 2.4.1)
+ parslet (1.8.2)
+ pastel (0.8.0)
+ tty-color (~> 0.5)
+ progress_bar (1.3.3)
+ highline (>= 1.6, < 3)
+ options (~> 2.3.0)
+ pry (0.14.1)
+ coderay (~> 1.1)
+ method_source (~> 1.0)
+ public_suffix (4.0.7)
+ rainbow (3.1.1)
+ rake (13.0.6)
+ regexp_parser (2.5.0)
+ representable (3.2.0)
+ declarative (< 0.1.0)
+ trailblazer-option (>= 0.1.1, < 0.2.0)
+ uber (< 0.2.0)
+ retriable (3.1.2)
+ rexml (3.2.5)
+ rspec (3.11.0)
+ rspec-core (~> 3.11.0)
+ rspec-expectations (~> 3.11.0)
+ rspec-mocks (~> 3.11.0)
+ rspec-core (3.11.0)
+ rspec-support (~> 3.11.0)
+ rspec-expectations (3.11.0)
+ diff-lcs (>= 1.2.0, < 2.0)
+ rspec-support (~> 3.11.0)
+ rspec-its (1.3.0)
+ rspec-core (>= 3.0.0)
+ rspec-expectations (>= 3.0.0)
+ rspec-mocks (3.11.1)
+ diff-lcs (>= 1.2.0, < 2.0)
+ rspec-support (~> 3.11.0)
+ rspec-support (3.11.0)
+ rubocop (1.25.1)
+ parallel (~> 1.10)
+ parser (>= 3.1.0.0)
+ rainbow (>= 2.2.2, < 4.0)
+ regexp_parser (>= 1.8, < 3.0)
+ rexml
+ rubocop-ast (>= 1.15.1, < 2.0)
+ ruby-progressbar (~> 1.7)
+ unicode-display_width (>= 1.4.0, < 3.0)
+ rubocop-ast (1.19.1)
+ parser (>= 3.1.1.0)
+ ruby-progressbar (1.11.0)
+ ruby2_keywords (0.0.5)
+ rubyntlm (0.6.3)
+ rubyzip (2.3.2)
+ semverse (3.0.2)
+ signet (0.17.0)
+ addressable (~> 2.8)
+ faraday (>= 0.17.5, < 3.a)
+ jwt (>= 1.5, < 3.0)
+ multi_json (~> 1.10)
+ sslshake (1.3.1)
+ strings (0.2.1)
+ strings-ansi (~> 0.2)
+ unicode-display_width (>= 1.5, < 3.0)
+ unicode_utils (~> 1.4)
+ strings-ansi (0.2.0)
+ test-kitchen (3.3.1)
+ bcrypt_pbkdf (~> 1.0)
+ chef-utils (>= 16.4.35)
+ ed25519 (~> 1.2)
+ license-acceptance (>= 1.0.11, < 3.0)
+ mixlib-install (~> 3.6)
+ mixlib-shellout (>= 1.2, < 4.0)
+ net-scp (>= 1.1, < 4.0)
+ net-ssh (>= 2.9, < 7.0)
+ net-ssh-gateway (>= 1.2, < 3.0)
+ thor (>= 0.19, < 2.0)
+ winrm (~> 2.0)
+ winrm-elevated (~> 1.0)
+ winrm-fs (~> 1.1)
+ thor (1.2.1)
+ timeliness (0.3.10)
+ tomlrb (1.3.0)
+ trailblazer-option (0.1.2)
+ train (3.10.1)
+ activesupport (>= 6.0.3.1)
+ azure_graph_rbac (~> 0.16)
+ azure_mgmt_key_vault (~> 0.17)
+ azure_mgmt_resources (~> 0.15)
+ azure_mgmt_security (~> 0.18)
+ azure_mgmt_storage (~> 0.18)
+ docker-api (>= 1.26, < 3.0)
+ google-api-client (>= 0.23.9, <= 0.52.0)
+ googleauth (>= 0.6.6, <= 0.14.0)
+ inifile (~> 3.0)
+ train-core (= 3.10.1)
+ train-winrm (~> 0.2)
+ train-aws (0.2.24)
+ aws-sdk-alexaforbusiness (~> 1.0)
+ aws-sdk-amplify (~> 1.32.0)
+ aws-sdk-apigateway (~> 1.0)
+ aws-sdk-apigatewayv2 (~> 1.0)
+ aws-sdk-applicationautoscaling (>= 1.46, < 1.52)
+ aws-sdk-athena (~> 1.0)
+ aws-sdk-autoscaling (>= 1.22, < 1.64)
+ aws-sdk-batch (>= 1.36, < 1.48)
+ aws-sdk-budgets (~> 1.0)
+ aws-sdk-cloudformation (~> 1.0)
+ aws-sdk-cloudfront (~> 1.0)
+ aws-sdk-cloudhsm (~> 1.0)
+ aws-sdk-cloudhsmv2 (~> 1.0)
+ aws-sdk-cloudtrail (~> 1.8)
+ aws-sdk-cloudwatch (~> 1.13)
+ aws-sdk-cloudwatchevents (>= 1.36, < 1.47)
+ aws-sdk-cloudwatchlogs (~> 1.13)
+ aws-sdk-codecommit (~> 1.0)
+ aws-sdk-codedeploy (~> 1.0)
+ aws-sdk-codepipeline (~> 1.0)
+ aws-sdk-cognitoidentity (>= 1.26, < 1.32)
+ aws-sdk-cognitoidentityprovider (>= 1.46, < 1.54)
+ aws-sdk-configservice (~> 1.21)
+ aws-sdk-core (~> 3.0)
+ aws-sdk-costandusagereportservice (~> 1.6)
+ aws-sdk-databasemigrationservice (>= 1.42, < 1.54)
+ aws-sdk-dynamodb (~> 1.31)
+ aws-sdk-ec2 (~> 1.70)
+ aws-sdk-ecr (~> 1.18)
+ aws-sdk-ecrpublic (~> 1.3)
+ aws-sdk-ecs (~> 1.30)
+ aws-sdk-efs (~> 1.0)
+ aws-sdk-eks (~> 1.9)
+ aws-sdk-elasticache (~> 1.0)
+ aws-sdk-elasticbeanstalk (~> 1.0)
+ aws-sdk-elasticloadbalancing (~> 1.8)
+ aws-sdk-elasticloadbalancingv2 (~> 1.0)
+ aws-sdk-elasticsearchservice (~> 1.0)
+ aws-sdk-emr (~> 1.53.0)
+ aws-sdk-eventbridge (~> 1.24.0)
+ aws-sdk-firehose (~> 1.0)
+ aws-sdk-glue (>= 1.71, < 1.89)
+ aws-sdk-guardduty (~> 1.31)
+ aws-sdk-iam (~> 1.13)
+ aws-sdk-kafka (~> 1.0)
+ aws-sdk-kinesis (~> 1.0)
+ aws-sdk-kms (~> 1.13)
+ aws-sdk-lambda (~> 1.0)
+ aws-sdk-mq (~> 1.40.0)
+ aws-sdk-networkfirewall (>= 1.6.0)
+ aws-sdk-networkmanager (>= 1.13.0)
+ aws-sdk-organizations (>= 1.17, < 1.60)
+ aws-sdk-ram (>= 1.21, < 1.27)
+ aws-sdk-rds (~> 1.43)
+ aws-sdk-redshift (~> 1.0)
+ aws-sdk-route53 (~> 1.0)
+ aws-sdk-route53domains (~> 1.0)
+ aws-sdk-route53resolver (~> 1.0)
+ aws-sdk-s3 (~> 1.30)
+ aws-sdk-s3control (~> 1.43.0)
+ aws-sdk-secretsmanager (>= 1.42, < 1.47)
+ aws-sdk-securityhub (~> 1.0)
+ aws-sdk-servicecatalog (>= 1.48, < 1.61)
+ aws-sdk-ses (~> 1.41.0)
+ aws-sdk-shield (~> 1.30)
+ aws-sdk-signer (~> 1.32.0)
+ aws-sdk-simpledb (~> 1.29.0)
+ aws-sdk-sms (~> 1.0)
+ aws-sdk-sns (~> 1.9)
+ aws-sdk-sqs (~> 1.10)
+ aws-sdk-ssm (~> 1.0)
+ aws-sdk-states (>= 1.35, < 1.40)
+ aws-sdk-synthetics (~> 1.19.0)
+ aws-sdk-transfer (>= 1.26, < 1.35)
+ aws-sdk-waf (~> 1.43.0)
+ train-core (3.10.1)
+ addressable (~> 2.5)
+ ffi (!= 1.13.0)
+ json (>= 1.8, < 3.0)
+ mixlib-shellout (>= 2.0, < 4.0)
+ net-scp (>= 1.2, < 4.0)
+ net-ssh (>= 2.9, < 7.0)
+ train-habitat (0.2.22)
+ train-winrm (0.2.13)
+ winrm (>= 2.3.6, < 3.0)
+ winrm-elevated (~> 1.2.2)
+ winrm-fs (~> 1.0)
+ tty-box (0.7.0)
+ pastel (~> 0.8)
+ strings (~> 0.2.0)
+ tty-cursor (~> 0.7)
+ tty-color (0.6.0)
+ tty-cursor (0.7.1)
+ tty-prompt (0.23.1)
+ pastel (~> 0.8)
+ tty-reader (~> 0.8)
+ tty-reader (0.9.0)
+ tty-cursor (~> 0.7)
+ tty-screen (~> 0.8)
+ wisper (~> 2.0)
+ tty-screen (0.8.1)
+ tty-table (0.12.0)
+ pastel (~> 0.8)
+ strings (~> 0.2.0)
+ tty-screen (~> 0.8)
+ tzinfo (2.0.4)
+ concurrent-ruby (~> 1.0)
+ uber (0.1.0)
+ unf (0.1.4)
+ unf_ext
+ unf_ext (0.0.8.2)
+ unicode-display_width (2.2.0)
+ unicode_utils (1.4.0)
+ winrm (2.3.6)
+ builder (>= 2.1.2)
+ erubi (~> 1.8)
+ gssapi (~> 1.2)
+ gyoku (~> 1.0)
+ httpclient (~> 2.2, >= 2.2.0.2)
+ logging (>= 1.6.1, < 3.0)
+ nori (~> 2.0)
+ rubyntlm (~> 0.6.0, >= 0.6.3)
+ winrm-elevated (1.2.3)
+ erubi (~> 1.8)
+ winrm (~> 2.0)
+ winrm-fs (~> 1.0)
+ winrm-fs (1.3.5)
+ erubi (~> 1.8)
+ logging (>= 1.6.1, < 3.0)
+ rubyzip (~> 2.0)
+ winrm (~> 2.0)
+ wisper (2.0.1)
+
+PLATFORMS
+ ruby
+
+DEPENDENCIES
+ inspec!
+ kitchen-docker!
+ kitchen-inspec (>= 2.5.0)
+ kitchen-salt (>= 0.7.2)
+ kitchen-vagrant
+
+BUNDLED WITH
+ 2.1.2
diff --git a/bin/install-hooks b/bin/install-hooks
new file mode 100755
index 00000000..840bb6c5
--- /dev/null
+++ b/bin/install-hooks
@@ -0,0 +1,16 @@
+#!/usr/bin/env sh
+set -o nounset # Treat unset variables as an error and immediately exit
+set -o errexit # If a command fails exit the whole script
+
+if [ "${DEBUG:-false}" = "true" ]; then
+ set -x # Run the entire script in debug mode
+fi
+
+if ! command -v pre-commit >/dev/null 2>&1; then
+ echo "pre-commit not found: please install or check your PATH" >&2
+ echo "See https://pre-commit.com/#installation" >&2
+ exit 1
+fi
+
+pre-commit install --install-hooks
+pre-commit install --hook-type commit-msg --install-hooks
diff --git a/bin/kitchen b/bin/kitchen
new file mode 100755
index 00000000..5d5663e2
--- /dev/null
+++ b/bin/kitchen
@@ -0,0 +1,32 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'kitchen' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile',
+ Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path('bundle', __dir__)
+
+if File.file?(bundle_binstub)
+ if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+ load(bundle_binstub)
+ else
+ abort(
+ 'Your `bin/bundle` was not generated by Bundler, ' \
+ 'so this binstub cannot run. Replace `bin/bundle` by running ' \
+ '`bundle binstubs bundler --force`, then run this command again.'
+ )
+ end
+end
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('test-kitchen', 'kitchen')
diff --git a/commitlint.config.js b/commitlint.config.js
index 2f9d1aa0..4eb37f40 100644
--- a/commitlint.config.js
+++ b/commitlint.config.js
@@ -1,3 +1,8 @@
module.exports = {
extends: ['@commitlint/config-conventional'],
+ rules: {
+ 'body-max-line-length': [2, 'always', 120],
+ 'footer-max-line-length': [2, 'always', 120],
+ 'header-max-length': [2, 'always', 72],
+ },
};
diff --git a/docs/AUTHORS.rst b/docs/AUTHORS.rst
index 306f87a1..230b1f22 100644
--- a/docs/AUTHORS.rst
+++ b/docs/AUTHORS.rst
@@ -13,215 +13,233 @@ This list is sorted by the number of commits per contributor in *descending* ord
* - Avatar
- Contributor
- Contributions
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@myii `_
+ - 155
+ * - :raw-html-m2r:``
- `@aboe76 `_
- - 37
- * - :raw-html-m2r:``
+ - 46
+ * - :raw-html-m2r:``
+ - `@javierbertoli `_
+ - 29
+ * - :raw-html-m2r:``
- `@gravyboat `_
- 27
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@nmadhok `_
- 24
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@noelmcloughlin `_
+ - 19
+ * - :raw-html-m2r:``
- `@whiteinge `_
- 17
- * - :raw-html-m2r:``
- - `@noelmcloughlin `_
- - 16
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@ross-p `_
- 13
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@daks `_
- - 10
- * - :raw-html-m2r:``
+ - 11
+ * - :raw-html-m2r:``
- `@techhat `_
- 10
- * - :raw-html-m2r:``
- - `@javierbertoli `_
- - 9
- * - :raw-html-m2r:``
- - `@myii `_
- - 9
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@arthurlogilab `_
- 8
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@cheuschober `_
- 8
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@dseira `_
- 8
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@amontalban `_
- 7
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@puneetk `_
- 7
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@TaiSHiNet `_
- 6
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@EvaSDK `_
- 6
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@cackovic `_
- 5
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@auser `_
- 5
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@stp-ip `_
- 5
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@ahmadsherif `_
- 4
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@n-rodriguez `_
+ - 4
+ * - :raw-html-m2r:``
- `@teepark `_
- 4
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@alinefr `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@devaos `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@bmwiedemann `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@dafyddj `_
+ - 3
+ * - :raw-html-m2r:``
- `@terminalmage `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@imran1008 `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@morsik `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@msciciel `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@rfairburn `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@westurner `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@toanju `_
+ - 3
+ * - :raw-html-m2r:``
- `@chris-sanders `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@UtahDave `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@ghtyrant `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@pprkut `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@jstrunk `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@johnkeates `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@kmshultz `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@malept `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@meganlkm `_
- 2
- * - :raw-html-m2r:``
- - `@n-rodriguez `_
+ * - :raw-html-m2r:``
+ - `@ErisDS `_
- 2
- * - :raw-html-m2r:``
- - `@garrettw `_
- - 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@myoung34 `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@sticky-note `_
+ - 2
+ * - :raw-html-m2r:``
- `@bebosudo `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@aanriot `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@andrew-vant `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@bemosior `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@SuperTux88 `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@bogdanr `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@blbradley `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@CorwinTanner `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@fayetted `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@baby-gnu `_
+ - 1
+ * - :raw-html-m2r:``
- `@czarneckid `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@statik `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@ekristen `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@garrettw `_
+ - 1
+ * - :raw-html-m2r:``
- `@jeduardo `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@stromnet `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@bsdlp `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@anderbubble `_
+ - 1
+ * - :raw-html-m2r:``
- `@MEschenbacher `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@renich `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@outime `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@scub `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@thatch45 `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@blarghmatey `_
- 1
- * - :raw-html-m2r:``
- - `@babilen5 `_
+ * - :raw-html-m2r:``
+ - `@babilen `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@abednarik `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@francesco-a `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@oboyle `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@bersace `_
- 1
----
-Auto-generated by a `forked version `_ of `gaocegege/maintainer `_ on 2019-06-19.
+Auto-generated by a `forked version `_ of `gaocegege/maintainer `_ on 2022-03-02.
diff --git a/docs/CHANGELOG.rst b/docs/CHANGELOG.rst
index 6b777fed..be410c05 100644
--- a/docs/CHANGELOG.rst
+++ b/docs/CHANGELOG.rst
@@ -2,6 +2,445 @@
Changelog
=========
+`2.8.1 `_ (2022-03-02)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **debian:** avoid adding repositories entries multiple times (\ `d1d3e55 `_\ ), closes `/github.com/saltstack/salt/issues/59785#issuecomment-826590482 `_
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* update linters to latest versions [skip ci] (\ `512fe00 `_\ )
+
+Tests
+^^^^^
+
+
+* **repository:** use ``system.platform[:codename]`` [skip ci] (\ `0e51694 `_\ )
+* **system:** add ``build_platform_codename`` [skip ci] (\ `5f1a289 `_\ )
+
+`2.8.0 `_ (2022-02-03)
+-------------------------------------------------------------------------------------------------------
+
+Code Refactoring
+^^^^^^^^^^^^^^^^
+
+
+* **pkgs:** readbility (\ `b76e8cc `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **kitchen+gitlab:** update for new pre-salted images [skip ci] (\ `7fcb960 `_\ )
+
+Features
+^^^^^^^^
+
+
+* **debian:** use keyrings instead of key_ids (\ `037c13a `_\ )
+
+Reverts
+^^^^^^^
+
+
+* **pkg:** use grains.osfinger in a format suitable for all platforms (\ `8fee9f0 `_\ )
+
+Styles
+^^^^^^
+
+
+* **map.jinja:** remove empty line (\ `ae52641 `_\ )
+
+Tests
+^^^^^
+
+
+* **repository:** favor ``platform`` over ``os`` (\ `c16ecf8 `_\ )
+
+`2.7.5 `_ (2022-02-02)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **snippets:** make sure they're deployed before being used (\ `9dfc1c1 `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **3003.1:** update inc. AlmaLinux, Rocky & ``rst-lint`` [skip ci] (\ `6a42a9b `_\ )
+* **freebsd:** update with latest pre-salted Vagrant boxes [skip ci] (\ `860fabe `_\ )
+* **gemfile:** allow rubygems proxy to be provided as an env var [skip ci] (\ `1557473 `_\ )
+* **gemfile+lock:** use ``ssf`` customised ``inspec`` repo [skip ci] (\ `a11da83 `_\ )
+* **gitlab-ci:** enable instance after upstream issue resolved [skip ci] (\ `79499e8 `_\ )
+* **kitchen:** move ``provisioner`` block & update ``run_command`` [skip ci] (\ `6b65017 `_\ )
+* **kitchen+ci:** update with ``3004`` pre-salted images/boxes [skip ci] (\ `30f87cc `_\ )
+* **kitchen+ci:** update with latest ``3003.2`` pre-salted images [skip ci] (\ `70a1f31 `_\ )
+* **kitchen+ci:** update with latest CVE pre-salted images [skip ci] (\ `e041418 `_\ )
+* **vagrant:** replace FreeBSD 12.2 with 12.3 [skip ci] (\ `7deb74f `_\ )
+* add Debian 11 Bullseye & update ``yamllint`` configuration [skip ci] (\ `fa8a5db `_\ )
+* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] (\ `d15f3de `_\ )
+
+`2.7.4 `_ (2021-06-15)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **servers:** include main config file watch in extend (\ `00387e7 `_\ )
+
+`2.7.3 `_ (2021-06-14)
+-------------------------------------------------------------------------------------------------------
+
+Tests
+^^^^^
+
+
+* **snippets:** add tests for snippets includes (\ `1c83b6d `_\ ), closes `#275 `_ `#274 `_
+
+`2.7.2 `_ (2021-06-14)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **certificates:** ensure ``openssl`` installed before ``cmd.run`` (\ `0cd7c7b `_\ ), closes `/gitlab.com/saltstack-formulas/nginx-formula/-/jobs/1345325819#L2830 `_
+* **snippets:** ignore servers or snippets when undefined (\ `6cb486d `_\ ), closes `#274 `_
+
+`2.7.1 `_ (2021-05-12)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **servers:** wrong conditional specification (\ `494b2fb `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* add ``arch-master`` to matrix and update ``.travis.yml`` [skip ci] (\ `4697152 `_\ )
+
+`2.7.0 `_ (2021-04-28)
+-------------------------------------------------------------------------------------------------------
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **kitchen+gitlab:** adjust matrix to add ``3003`` [skip ci] (\ `46faf4e `_\ )
+* **vagrant:** add FreeBSD 13.0 [skip ci] (\ `b41062e `_\ )
+* **vagrant:** use pre-salted boxes & conditional local settings [skip ci] (\ `b9e9cd3 `_\ )
+
+Documentation
+^^^^^^^^^^^^^
+
+
+* **readme:** add ``Testing with Vagrant`` section [skip ci] (\ `5727848 `_\ )
+
+Features
+^^^^^^^^
+
+
+* **servers_config:** add require statement to manage dependencies (\ `622d22f `_\ )
+
+Tests
+^^^^^
+
+
+* **requires:** verify dependencies in vhosts (\ `6478143 `_\ )
+
+`2.6.3 `_ (2021-04-03)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **freebsd:** add ``openssl`` pkg and update all ``default`` tests (\ `4cd351a `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* enable Vagrant-based testing using GitHub Actions (\ `c79ce9a `_\ )
+
+`2.6.2 `_ (2021-03-30)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **servers_config:** fixup 05994e1 (\ `c03729a `_\ )
+
+`2.6.1 `_ (2021-03-29)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **servers_config:** remove service depedency (\ `05994e1 `_\ )
+
+Code Refactoring
+^^^^^^^^^^^^^^^^
+
+
+* **servers_config:** remove unused loop (\ `3825557 `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **kitchen+ci:** include ``passenger`` suite [skip ci] (\ `0bbe686 `_\ )
+
+Tests
+^^^^^
+
+
+* standardise use of ``share`` suite & ``_mapdata`` state [skip ci] (\ `8ea3c82 `_\ )
+
+`2.6.0 `_ (2021-03-11)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **passenger:** various fixes (\ `7271c9d `_\ )
+* **pkg:** add inline EPEL repo configuration for Amazon Linux 2 (\ `ae6375c `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **gemfile+lock:** use ``ssf`` customised ``kitchen-docker`` repo [skip ci] (\ `123d13e `_\ )
+* **kitchen+ci:** make rubocop happy [skip ci] (\ `eedfc56 `_\ )
+* **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] (\ `63d32a4 `_\ )
+* **kitchen+gitlab-ci:** use latest pre-salted images [skip ci] (\ `b4411c6 `_\ )
+* **pre-commit:** update hook for ``rubocop`` [skip ci] (\ `2a23743 `_\ )
+
+Features
+^^^^^^^^
+
+
+* **config:** validate config before applying (\ `b396b24 `_\ )
+
+Tests
+^^^^^
+
+
+* **config:** fix for Amazon Linux 2 & Oracle Linux 7/8 (\ `ab39c8f `_\ )
+
+`2.5.0 `_ (2021-01-04)
+-------------------------------------------------------------------------------------------------------
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **commitlint:** ensure ``upstream/master`` uses main repo URL [skip ci] (\ `0ecd767 `_\ )
+* **gitlab-ci:** add ``rubocop`` linter (with ``allow_failure``\ ) [skip ci] (\ `5c9f6d4 `_\ )
+
+Features
+^^^^^^^^
+
+
+* **context:** pass ``nginx`` to snippets and server_config contexts (\ `8641f0d `_\ )
+
+`2.4.1 `_ (2020-12-16)
+-------------------------------------------------------------------------------------------------------
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **gemfile.lock:** add to repo with updated ``Gemfile`` [skip ci] (\ `bcd67a6 `_\ )
+* **gitlab-ci:** use GitLab CI as Travis CI replacement (\ `f988e6d `_\ )
+* **kitchen:** use ``saltimages`` Docker Hub where available [skip ci] (\ `a45ffb6 `_\ )
+* **kitchen+travis:** remove ``master-py2-arch-base-latest`` [skip ci] (\ `86f0a57 `_\ )
+* **pre-commit:** add to formula [skip ci] (\ `cb98ed0 `_\ )
+* **pre-commit:** enable/disable ``rstcheck`` as relevant [skip ci] (\ `093c38e `_\ )
+* **pre-commit:** finalise ``rstcheck`` configuration [skip ci] (\ `33ce43d `_\ )
+* **travis:** add notifications => zulip [skip ci] (\ `a288342 `_\ )
+* **workflows/commitlint:** add to repo [skip ci] (\ `437b28a `_\ )
+
+Styles
+^^^^^^
+
+
+* **libtofs.jinja:** use Black-inspired Jinja formatting [skip ci] (\ `66f4ea7 `_\ )
+
+`2.4.0 `_ (2020-03-31)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **libtofs:** “files_switch” mess up the variable exported by “map.jinja” [skip ci] (\ `10b446e `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **kitchen:** avoid using bootstrap for ``master`` instances [skip ci] (\ `efebb0a `_\ )
+
+Features
+^^^^^^^^
+
+
+* **add purge option:** purge sites option (\ `a373bda `_\ )
+
+`2.3.3 `_ (2019-12-22)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **map.jinja:** use upstream default for ``worker_connections`` (\ `49caf8c `_\ ), closes `#261 `_
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **gemfile:** restrict ``train`` gem version until upstream fix [skip ci] (\ `09be54d `_\ )
+* **travis:** quote pathspecs used with ``git ls-files`` [skip ci] (\ `091c614 `_\ )
+* **travis:** run ``shellcheck`` during lint job [skip ci] (\ `ccf64d9 `_\ )
+* **travis:** use ``major.minor`` for ``semantic-release`` version [skip ci] (\ `facbaa1 `_\ )
+
+`2.3.2 `_ (2019-11-25)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **certificates.sls:** prepare ``certificates_path`` dir separately (\ `297e3ac `_\ ), closes `#241 `_
+* **release.config.js:** use full commit hash in commit link [skip ci] (\ `b13ec85 `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **kitchen:** use ``debian-10-master-py3`` instead of ``develop`` [skip ci] (\ `0665878 `_\ )
+* **kitchen:** use ``develop`` image until ``master`` is ready (\ ``amazonlinux``\ ) [skip ci] (\ `e8ed39a `_\ )
+* **kitchen+travis:** upgrade matrix after ``2019.2.2`` release [skip ci] (\ `faefcab `_\ )
+* **travis:** apply changes from build config validation [skip ci] (\ `4125887 `_\ )
+* **travis:** opt-in to ``dpl v2`` to complete build config validation [skip ci] (\ `dbeb2da `_\ )
+* **travis:** update ``salt-lint`` config for ``v0.0.10`` [skip ci] (\ `a8382b5 `_\ )
+* **travis:** use build config validation (beta) [skip ci] (\ `bbf91c9 `_\ )
+* merge travis matrix, add ``salt-lint`` & ``rubocop`` to ``lint`` job (\ `567c08c `_\ )
+
+Documentation
+^^^^^^^^^^^^^
+
+
+* **contributing:** remove to use org-level file instead [skip ci] (\ `2e58d63 `_\ )
+* **readme:** update link to ``CONTRIBUTING`` [skip ci] (\ `3ff6692 `_\ )
+
+Performance Improvements
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **travis:** improve ``salt-lint`` invocation [skip ci] (\ `e586fbe `_\ )
+
+Tests
+^^^^^
+
+
+* **pillar/nginx.sls:** add reprodicible snippet based on issue `#241 `_ (\ `4ba3524 `_\ )
+
+`2.3.1 `_ (2019-10-10)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **certificates.sls:** fix ``salt-lint`` errors (\ ` `_\ )
+* **map.jinja:** fix ``salt-lint`` errors (\ ` `_\ )
+* **pkg.sls:** fix ``salt-lint`` errors (\ ` `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **kitchen:** change ``log_level`` to ``debug`` instead of ``info`` (\ ` `_\ )
+* **kitchen:** install required packages to bootstrapped ``opensuse`` [skip ci] (\ ` `_\ )
+* **kitchen:** use bootstrapped ``opensuse`` images until ``2019.2.2`` [skip ci] (\ ` `_\ )
+* **platform:** add ``arch-base-latest`` (\ ` `_\ )
+* **yamllint:** add rule ``empty-values`` & use new ``yaml-files`` setting (\ ` `_\ )
+* merge travis matrix, add ``salt-lint`` & ``rubocop`` to ``lint`` job (\ ` `_\ )
+* use ``dist: bionic`` & apply ``opensuse-leap-15`` SCP error workaround (\ ` `_\ )
+
+Documentation
+^^^^^^^^^^^^^
+
+
+* **pillar.example:** fix TOFS comment to explain the default path [skip ci] (\ ` `_\ ), closes `/github.com/saltstack-formulas/libvirt-formula/pull/60#issuecomment-537965254 `_ `/github.com/saltstack-formulas/libvirt-formula/pull/60#issuecomment-537988138 `_
+
+`2.3.0 `_ (2019-09-01)
+-------------------------------------------------------------------------------------------------------
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **kitchen+travis:** replace EOL pre-salted images (\ `70e1426 `_\ )
+
+Features
+^^^^^^^^
+
+
+* **passenger:** inc config, snippets, servers, etc (\ `e07b558 `_\ )
+
+`2.2.1 `_ (2019-08-25)
+-------------------------------------------------------------------------------------------------------
+
+Documentation
+^^^^^^^^^^^^^
+
+
+* **readme:** update testing section (\ `182f216 `_\ )
+
+`2.2.0 `_ (2019-08-12)
+-------------------------------------------------------------------------------------------------------
+
+Features
+^^^^^^^^
+
+
+* **yamllint:** include for this repo and apply rules throughout (\ `6b7d1fe `_\ )
+
+`2.1.0 `_ (2019-08-04)
+-------------------------------------------------------------------------------------------------------
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **kitchen+travis:** modify matrix to include ``develop`` platform (\ `f6b357d `_\ )
+
+Features
+^^^^^^^^
+
+
+* **linux:** archlinux support (no osfinger grain) (\ `ab6148c `_\ )
+
`2.0.0 `_ (2019-06-19)
-------------------------------------------------------------------------------------------------------
diff --git a/docs/CONTRIBUTING.rst b/docs/CONTRIBUTING.rst
deleted file mode 100644
index 49ad5b95..00000000
--- a/docs/CONTRIBUTING.rst
+++ /dev/null
@@ -1,160 +0,0 @@
-.. _contributing:
-
-How to contribute
-=================
-
-This document will eventually outline all aspects of guidance to make your contributing experience a fruitful and enjoyable one.
-What it already contains is information about *commit message formatting* and how that directly affects the numerous automated processes that are used for this repo.
-It also covers how to contribute to this *formula's documentation*.
-
-.. contents:: **Table of Contents**
-
-Overview
---------
-
-Submitting a pull request is more than just code!
-To achieve a quality product, the *tests* and *documentation* need to be updated as well.
-An excellent pull request will include these in the changes, wherever relevant.
-
-Commit message formatting
--------------------------
-
-Since every type of change requires making Git commits,
-we will start by covering the importance of ensuring that all of your commit
-messages are in the correct format.
-
-Automation of multiple processes
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-This formula uses `semantic-release `_ for automating numerous processes such as bumping the version number appropriately, creating new tags/releases and updating the changelog.
-The entire process relies on the structure of commit messages to determine the version bump, which is then used for the rest of the automation.
-
-Full details are available in the upstream docs regarding the `Angular Commit Message Conventions `_.
-The key factor is that the first line of the commit message must follow this format:
-
-.. code-block::
-
- type(scope): subject
-
-
-* E.g. ``docs(contributing): add commit message formatting instructions``.
-
-Besides the version bump, the changelog and release notes are formatted accordingly.
-So based on the example above:
-
-..
-
- .. raw:: html
-
- Documentation
-
- * **contributing:** add commit message formatting instructions
-
-
-* The ``type`` translates into a ``Documentation`` sub-heading.
-* The ``(scope):`` will be shown in bold text without the brackets.
-* The ``subject`` follows the ``scope`` as standard text.
-
-Linting commit messages in Travis CI
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-This formula uses `commitlint `_ for checking commit messages during CI testing.
-This ensures that they are in accordance with the ``semantic-release`` settings.
-
-For more details about the default settings, refer back to the ``commitlint`` `reference rules `_.
-
-Relationship between commit type and version bump
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-This formula applies some customisations to the defaults, as outlined in the table below,
-based upon the `type `_ of the commit:
-
-.. list-table::
- :name: commit-type-vs-version-bump
- :header-rows: 1
- :stub-columns: 0
- :widths: 1,2,3,1,1
-
- * - Type
- - Heading
- - Description
- - Bump (default)
- - Bump (custom)
- * - ``build``
- - Build System
- - Changes related to the build system
- - –
- -
- * - ``chore``
- - –
- - Changes to the build process or auxiliary tools and libraries such as
- documentation generation
- - –
- -
- * - ``ci``
- - Continuous Integration
- - Changes to the continuous integration configuration
- - –
- -
- * - ``docs``
- - Documentation
- - Documentation only changes
- - –
- - 0.0.1
- * - ``feat``
- - Features
- - A new feature
- - 0.1.0
- -
- * - ``fix``
- - Bug Fixes
- - A bug fix
- - 0.0.1
- -
- * - ``perf``
- - Performance Improvements
- - A code change that improves performance
- - 0.0.1
- -
- * - ``refactor``
- - Code Refactoring
- - A code change that neither fixes a bug nor adds a feature
- - –
- - 0.0.1
- * - ``revert``
- - Reverts
- - A commit used to revert a previous commit
- - –
- - 0.0.1
- * - ``style``
- - Styles
- - Changes that do not affect the meaning of the code (white-space,
- formatting, missing semi-colons, etc.)
- - –
- - 0.0.1
- * - ``test``
- - Tests
- - Adding missing or correcting existing tests
- - –
- - 0.0.1
-
-Use ``BREAKING CHANGE`` to trigger a ``major`` version change
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Adding ``BREAKING CHANGE`` to the footer of the extended description of the commit message will **always** trigger a ``major`` version change, no matter which type has been used.
-This will be appended to the changelog and release notes as well.
-To preserve good formatting of these notes, the following format is prescribed:
-
-* ``BREAKING CHANGE: .``
-
-An example of that:
-
-.. code-block:: git
-
- ...
-
- BREAKING CHANGE: With the removal of all of the `.sls` files under
- `template package`, this formula no longer supports the installation of
- packages.
-
-
diff --git a/docs/README.apt.keyrings.rst b/docs/README.apt.keyrings.rst
new file mode 100644
index 00000000..7319c96b
--- /dev/null
+++ b/docs/README.apt.keyrings.rst
@@ -0,0 +1,34 @@
+.. _readme_apt_keyrings:
+
+apt repositories' keyrings
+==========================
+
+Debian family of OSes deprecated the use of `apt-key` to manage repositories' keys
+in favor of using `keyring files` which contain a binary OpenPGP format of the key
+(also known as "GPG key public ring")
+
+As nginx and passenger don't provide such key files, we created them following the
+official recomendations in their sites and install the resulting files.
+
+Nginx
+-----
+
+See https://nginx.org/en/linux_packages.html#Debian for details
+
+.. code-block:: bash
+
+ $ curl -s https://nginx.org/keys/nginx_signing.key | \
+ gpg --dearmor --output nginx-archive-keyring.gpg
+
+Phusion-passenger
+-----------------
+
+See https://www.phusionpassenger.com/docs/tutorials/deploy_to_production/installations/oss/ownserver/ruby/nginx/
+for more details.
+
+.. code-block:: bash
+
+ $ gpg --keyserver keyserver.ubuntu.com \
+ --output - \
+ --recv-keys 561F9B9CAC40B2F7 | \
+ gpg --export --output phusionpassenger-archive-keyring.gpg
diff --git a/docs/README.rst b/docs/README.rst
index 713f11f1..78148a44 100644
--- a/docs/README.rst
+++ b/docs/README.rst
@@ -65,7 +65,7 @@ Contributing to this repo
**Commit message formatting is significant!!**
-Please see :ref:`How to contribute ` for more details.
+Please see `How to contribute `_ for more details.
Available states
----------------
@@ -130,27 +130,104 @@ Testing
Linux testing is done with ``kitchen-salt``.
-``kitchen converge``
-^^^^^^^^^^^^^^^^^^^^
+Requirements
+^^^^^^^^^^^^
+
+* Ruby
+* Docker
+
+.. code-block:: bash
+
+ $ gem install bundler
+ $ bundle install
+ $ bin/kitchen test [platform]
+
+Where ``[platform]`` is the platform name defined in ``kitchen.yml``,
+e.g. ``debian-9-2019-2-py3``.
-Creates the docker instance and runs the ``template`` main state, ready for testing.
+``bin/kitchen converge``
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+Creates the docker instance and runs the ``nginx`` main state, ready for testing.
-``kitchen verify``
-^^^^^^^^^^^^^^^^^^
+``bin/kitchen verify``
+^^^^^^^^^^^^^^^^^^^^^^
Runs the ``inspec`` tests on the actual instance.
-``kitchen destroy``
-^^^^^^^^^^^^^^^^^^^
+``bin/kitchen destroy``
+^^^^^^^^^^^^^^^^^^^^^^^
Removes the docker instance.
-``kitchen test``
-^^^^^^^^^^^^^^^^
+``bin/kitchen test``
+^^^^^^^^^^^^^^^^^^^^
Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``.
-``kitchen login``
-^^^^^^^^^^^^^^^^^
+``bin/kitchen login``
+^^^^^^^^^^^^^^^^^^^^^
Gives you SSH access to the instance for manual testing.
+
+Testing with Vagrant
+--------------------
+
+Windows/FreeBSD/OpenBSD testing is done with ``kitchen-salt``.
+
+Requirements
+^^^^^^^^^^^^
+
+* Ruby
+* Virtualbox
+* Vagrant
+
+Setup
+^^^^^
+
+.. code-block:: bash
+
+ $ gem install bundler
+ $ bundle install --with=vagrant
+ $ bin/kitchen test [platform]
+
+Where ``[platform]`` is the platform name defined in ``kitchen.vagrant.yml``,
+e.g. ``windows-81-latest-py3``.
+
+Note
+^^^^
+
+When testing using Vagrant you must set the environment variable ``KITCHEN_LOCAL_YAML`` to ``kitchen.vagrant.yml``. For example:
+
+.. code-block:: bash
+
+ $ KITCHEN_LOCAL_YAML=kitchen.vagrant.yml bin/kitchen test # Alternatively,
+ $ export KITCHEN_LOCAL_YAML=kitchen.vagrant.yml
+ $ bin/kitchen test
+
+Then run the following commands as needed.
+
+``bin/kitchen converge``
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+Creates the Vagrant instance and runs the ``nginx`` main state, ready for testing.
+
+``bin/kitchen verify``
+^^^^^^^^^^^^^^^^^^^^^^
+
+Runs the ``inspec`` tests on the actual instance.
+
+``bin/kitchen destroy``
+^^^^^^^^^^^^^^^^^^^^^^^
+
+Removes the Vagrant instance.
+
+``bin/kitchen test``
+^^^^^^^^^^^^^^^^^^^^
+
+Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``.
+
+``bin/kitchen login``
+^^^^^^^^^^^^^^^^^^^^^
+
+Gives you RDP/SSH access to the instance for manual testing.
diff --git a/docs/TOFS_pattern.rst b/docs/TOFS_pattern.rst
index ec3bede7..dd2c17e5 100644
--- a/docs/TOFS_pattern.rst
+++ b/docs/TOFS_pattern.rst
@@ -64,7 +64,7 @@ Example: NTP before applying TOFS
Let's work with the NTP example. A basic formula that follows the `design guidelines `_ has the following files and directories tree:
-.. code-block::
+.. code-block:: console
/srv/saltstack/salt-formulas/ntp-saltstack-formula/
ntp/
@@ -226,7 +226,7 @@ We can make different templates coexist for different minions, classified by any
If we decide that we want ``os_family`` as switch, then we could provide the formula template variants for both the ``RedHat`` and ``Debian`` families.
-.. code-block::
+.. code-block:: console
/srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/files/
default/
@@ -325,6 +325,7 @@ We can simplify the ``conf.sls`` with the new ``files_switch`` macro to use in t
* This uses ``config.get``, searching for ``ntp:tofs:source_files:Configure NTP`` to determine the list of template files to use.
+* If this returns a result, the default of ``['/etc/ntp.conf.jinja']`` will be appended to it.
* If this does not yield any results, the default of ``['/etc/ntp.conf.jinja']`` will be used.
In ``libtofs.jinja``, we define this new macro ``files_switch``.
@@ -426,7 +427,6 @@ The list of ``source_files`` can be given:
tofs:
source_files:
Configure NTP:
- - '/etc/ntp.conf.jinja'
- '/etc/ntp.conf_alt.jinja'
Resulting in:
@@ -434,10 +434,85 @@ Resulting in:
.. code-block:: sls
- source:
- - salt://ntp/files/theminion/etc/ntp.conf.jinja
- salt://ntp/files/theminion/etc/ntp.conf_alt.jinja
- - salt://ntp/files/Debian/etc/ntp.conf.jinja
+ - salt://ntp/files/theminion/etc/ntp.conf.jinja
- salt://ntp/files/Debian/etc/ntp.conf_alt.jinja
- - salt://ntp/files/default/etc/ntp.conf.jinja
+ - salt://ntp/files/Debian/etc/ntp.conf.jinja
- salt://ntp/files/default/etc/ntp.conf_alt.jinja
+ - salt://ntp/files/default/etc/ntp.conf.jinja
+
+Note: This does *not* override the default value.
+Rather, the value from the pillar/config is prepended to the default.
+Using sub-directories for ``components``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If your formula is composed of several components, you may prefer to provides files under sub-directories, like in the `systemd-formula `_.
+
+.. code-block:: console
+
+ /srv/saltstack/systemd-formula/
+ systemd/
+ init.sls
+ libtofs.jinja
+ map.jinja
+ networkd/
+ init.sls
+ files/
+ default/
+ network/
+ 99-default.link
+ resolved/
+ init.sls
+ files/
+ default/
+ resolved.conf
+ timesyncd/
+ init.sls
+ files/
+ Arch/
+ resolved.conf
+ Debian/
+ resolved.conf
+ default/
+ resolved.conf
+ Ubuntu/
+ resolved.conf
+
+For example, the following ``formula.component.config`` SLS:
+
+.. code-block:: sls
+
+ {%- from "formula/libtofs.jinja" import files_switch with context %}
+
+ formula configuration file:
+ file.managed:
+ - name: /etc/formula.conf
+ - user: root
+ - group: root
+ - mode: 644
+ - template: jinja
+ - source: {{ files_switch(['formula.conf'],
+ lookup='formula',
+ use_subpath=True
+ )
+ }}
+
+will be rendered on a ``Debian`` minion named ``salt-formula.ci.local`` as:
+
+.. code-block:: sls
+
+ formula configuration file:
+ file.managed:
+ - name: /etc/formula.conf
+ - user: root
+ - group: root
+ - mode: 644
+ - template: jinja
+ - source:
+ - salt://formula/component/files/salt-formula.ci.local/formula.conf
+ - salt://formula/component/files/Debian/formula.conf
+ - salt://formula/component/files/default/formula.conf
+ - salt://formula/files/salt-formula.ci.local/formula.conf
+ - salt://formula/files/Debian/formula.conf
+ - salt://formula/files/default/formula.conf
diff --git a/kitchen.vagrant.yml b/kitchen.vagrant.yml
new file mode 100644
index 00000000..347706dc
--- /dev/null
+++ b/kitchen.vagrant.yml
@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+driver:
+ name: vagrant
+ cache_directory: false
+ customize:
+ usbxhci: 'off'
+ gui: false
+ ssh:
+ shell: /bin/sh
+ linked_clone: true
+ <% unless ENV['CI'] %>
+ synced_folders:
+ - - '.kitchen/kitchen-vagrant/%{instance_name}/vagrant'
+ - '/vagrant'
+ - 'create: true, disabled: false'
+ <% end %>
+
+platforms:
+ - name: freebsd-130-master-py3
+ driver:
+ box: myii/freebsd-13.0-master-py3
+ - name: freebsd-123-master-py3
+ driver:
+ box: myii/freebsd-12.3-master-py3
+ - name: freebsd-130-3004-0-py3
+ driver:
+ box: myii/freebsd-13.0-3004.0-py3
+ - name: freebsd-123-3004-0-py3
+ driver:
+ box: myii/freebsd-12.3-3004.0-py3
diff --git a/kitchen.yml b/kitchen.yml
index 2c949cae..b71053b0 100644
--- a/kitchen.yml
+++ b/kitchen.yml
@@ -6,90 +6,344 @@ driver:
name: docker
use_sudo: false
privileged: true
- run_command: /lib/systemd/systemd
+ run_command: /usr/lib/systemd/systemd
+
+provisioner:
+ name: salt_solo
+ log_level: debug
+ salt_install: none
+ require_chef: false
+ formula: nginx
+ salt_copy_filter:
+ - .kitchen
+ - .git
-# Make sure the platforms listed below match up with
-# the `env.matrix` instances defined in `.travis.yml`
platforms:
- ## SALT 2019.2
- - name: debian-9-2019-2-py3
+ ## SALT `tiamat`
+ - name: debian-11-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:debian-11
+ run_command: /lib/systemd/systemd
+ - name: debian-10-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:debian-10
+ run_command: /lib/systemd/systemd
+ - name: debian-9-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:debian-9
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-2204-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:ubuntu-22.04
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-2004-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:ubuntu-20.04
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-1804-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:ubuntu-18.04
+ run_command: /lib/systemd/systemd
+ - name: centos-stream8-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:centos-stream8
+ - name: centos-7-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:centos-7
+ - name: amazonlinux-2-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:amazonlinux-2
+ - name: oraclelinux-8-tiamat-py3
driver:
- image: netmanagers/salt-2019.2-py3:debian-9
- - name: ubuntu-1804-2019-2-py3
+ image: saltimages/salt-tiamat-py3:oraclelinux-8
+ - name: oraclelinux-7-tiamat-py3
driver:
- image: netmanagers/salt-2019.2-py3:ubuntu-1804
- - name: centos-7-2019-2-py2
+ image: saltimages/salt-tiamat-py3:oraclelinux-7
+ - name: almalinux-8-tiamat-py3
driver:
- image: netmanagers/salt-2019.2-py2:centos-7
- - name: fedora-29-2019-2-py2
+ image: saltimages/salt-tiamat-py3:almalinux-8
+ - name: rockylinux-8-tiamat-py3
driver:
- image: netmanagers/salt-2019.2-py2:fedora-29
+ image: saltimages/salt-tiamat-py3:rockylinux-8
- ## SALT 2018.3
- - name: opensuse-423-2018-3-py2
+ ## SALT `master`
+ - name: debian-11-master-py3
driver:
- image: netmanagers/salt-2018.3-py2:opensuse-423
- run_command: /usr/lib/systemd/systemd
- - name: debian-8-2018-3-py2
+ image: saltimages/salt-master-py3:debian-11
+ run_command: /lib/systemd/systemd
+ - name: debian-10-master-py3
driver:
- image: netmanagers/salt-2018.3-py2:debian-8
- - name: ubuntu-1604-2018-3-py2
+ image: saltimages/salt-master-py3:debian-10
+ run_command: /lib/systemd/systemd
+ - name: debian-9-master-py3
driver:
- image: netmanagers/salt-2018.3-py2:ubuntu-1604
- - name: fedora-28-2018-3-py2
+ image: saltimages/salt-master-py3:debian-9
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-2204-master-py3
driver:
- image: netmanagers/salt-2018.3-py2:fedora-28
+ image: saltimages/salt-master-py3:ubuntu-22.04
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-2004-master-py3
+ driver:
+ image: saltimages/salt-master-py3:ubuntu-20.04
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-1804-master-py3
+ driver:
+ image: saltimages/salt-master-py3:ubuntu-18.04
+ run_command: /lib/systemd/systemd
+ - name: centos-stream8-master-py3
+ driver:
+ image: saltimages/salt-master-py3:centos-stream8
+ - name: centos-7-master-py3
+ driver:
+ image: saltimages/salt-master-py3:centos-7
+ - name: fedora-36-master-py3
+ driver:
+ image: saltimages/salt-master-py3:fedora-36
+ - name: fedora-35-master-py3
+ driver:
+ image: saltimages/salt-master-py3:fedora-35
+ - name: opensuse-leap-153-master-py3
+ driver:
+ image: saltimages/salt-master-py3:opensuse-leap-15.3
+ # Workaround to avoid intermittent failures on `opensuse-leap-15.3`:
+ # => SCP did not finish successfully (255): (Net::SCP::Error)
+ transport:
+ max_ssh_sessions: 1
+ - name: opensuse-tmbl-latest-master-py3
+ driver:
+ image: saltimages/salt-master-py3:opensuse-tumbleweed-latest
+ # Workaround to avoid intermittent failures on `opensuse-tumbleweed`:
+ # => SCP did not finish successfully (255): (Net::SCP::Error)
+ transport:
+ max_ssh_sessions: 1
+ - name: amazonlinux-2-master-py3
+ driver:
+ image: saltimages/salt-master-py3:amazonlinux-2
+ - name: oraclelinux-8-master-py3
+ driver:
+ image: saltimages/salt-master-py3:oraclelinux-8
+ - name: oraclelinux-7-master-py3
+ driver:
+ image: saltimages/salt-master-py3:oraclelinux-7
+ - name: arch-base-latest-master-py3
+ driver:
+ image: saltimages/salt-master-py3:arch-base-latest
+ - name: gentoo-stage3-latest-master-py3
+ driver:
+ image: saltimages/salt-master-py3:gentoo-stage3-latest
+ run_command: /sbin/init
+ - name: gentoo-stage3-systemd-master-py3
+ driver:
+ image: saltimages/salt-master-py3:gentoo-stage3-systemd
+ - name: almalinux-8-master-py3
+ driver:
+ image: saltimages/salt-master-py3:almalinux-8
+ - name: rockylinux-8-master-py3
+ driver:
+ image: saltimages/salt-master-py3:rockylinux-8
- # centos-6 guest fails on Debian hosts due to vsyscall issues, see
- # https://hub.docker.com/_/centos, "A note about vsyscall"
- # Disabled for `template-formula` because not `systemd` based
- # - name: centos-6-2018-3
- # driver:
- # image: netmanagers/salt-2018.3-py2:centos-6
- # run_command: /sbin/init
+ ## SALT `3004.1`
+ - name: debian-11-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:debian-11
+ run_command: /lib/systemd/systemd
+ - name: debian-10-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:debian-10
+ run_command: /lib/systemd/systemd
+ - name: debian-9-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:debian-9
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-2204-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:ubuntu-22.04
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-2004-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:ubuntu-20.04
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-1804-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:ubuntu-18.04
+ run_command: /lib/systemd/systemd
+ - name: centos-stream8-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:centos-stream8
+ - name: centos-7-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:centos-7
+ - name: fedora-36-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:fedora-36
+ - name: fedora-35-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:fedora-35
+ - name: amazonlinux-2-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:amazonlinux-2
+ - name: oraclelinux-8-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:oraclelinux-8
+ - name: oraclelinux-7-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:oraclelinux-7
+ - name: arch-base-latest-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:arch-base-latest
+ - name: gentoo-stage3-latest-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:gentoo-stage3-latest
+ run_command: /sbin/init
+ - name: gentoo-stage3-systemd-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:gentoo-stage3-systemd
+ - name: almalinux-8-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:almalinux-8
+ - name: rockylinux-8-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:rockylinux-8
- ##S SALT 2017.7
- - name: debian-8-2017-7-py2
+ ## SALT `3004.0`
+ - name: opensuse-leap-153-3004-0-py3
driver:
- image: netmanagers/salt-2017.7-py2:debian-8
- - name: ubuntu-1604-2017-7-py2
+ image: saltimages/salt-3004.0-py3:opensuse-leap-15.3
+ # Workaround to avoid intermittent failures on `opensuse-leap-15.3`:
+ # => SCP did not finish successfully (255): (Net::SCP::Error)
+ transport:
+ max_ssh_sessions: 1
+ - name: opensuse-tmbl-latest-3004-0-py3
driver:
- image: netmanagers/salt-2017.7-py2:ubuntu-1604
- # - name: centos-6-2017-7
- # driver:
- # image: netmanagers/salt-2017.7-py2:centos-6
- # run_command: /sbin/init
+ image: saltimages/salt-3004.0-py3:opensuse-tumbleweed-latest
+ # Workaround to avoid intermittent failures on `opensuse-tumbleweed`:
+ # => SCP did not finish successfully (255): (Net::SCP::Error)
+ transport:
+ max_ssh_sessions: 1
-provisioner:
- name: salt_solo
- log_level: info
- salt_install: none
- require_chef: false
- formula: nginx
- salt_copy_filter:
- - .kitchen
- - .git
- state_top:
- base:
- '*':
- - nginx
- pillars:
- top.sls:
- base:
- '*':
- - nginx
- pillars_from_files:
- nginx.sls: test/salt/default/pillar/nginx.sls
+ ## SALT `3003.4`
+ - name: debian-10-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:debian-10
+ run_command: /lib/systemd/systemd
+ - name: debian-9-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:debian-9
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-2004-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:ubuntu-20.04
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-1804-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:ubuntu-18.04
+ run_command: /lib/systemd/systemd
+ - name: centos-stream8-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:centos-stream8
+ - name: centos-7-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:centos-7
+ - name: amazonlinux-2-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:amazonlinux-2
+ - name: oraclelinux-8-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:oraclelinux-8
+ - name: oraclelinux-7-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:oraclelinux-7
+ - name: almalinux-8-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:almalinux-8
verifier:
# https://www.inspec.io/
name: inspec
sudo: true
- # cli, documentation, html, progress, json, json-min, json-rspec, junit
reporter:
+ # cli, documentation, html, progress, json, json-min, json-rspec, junit
- cli
- inspec_tests:
- - path: test/integration/default
suites:
- name: default
+ provisioner:
+ dependencies:
+ - name: test_dep
+ path: test/salt/default/states
+ state_top:
+ base:
+ '*':
+ - test_dep.create_dependency_file
+ - nginx._mapdata
+ - nginx
+ pillars:
+ top.sls:
+ base:
+ '*':
+ - nginx
+ pillars_from_files:
+ nginx.sls: test/salt/default/pillar/nginx.sls
+ verifier:
+ inspec_tests:
+ - path: test/integration/default
+ - name: passenger
+ includes:
+ - debian-11-tiamat-py3
+ - debian-10-tiamat-py3
+ - debian-9-tiamat-py3
+ - ubuntu-2204-tiamat-py3
+ - ubuntu-2004-tiamat-py3
+ - ubuntu-1804-tiamat-py3
+ - centos-stream8-tiamat-py3
+ - centos-7-tiamat-py3
+ - oraclelinux-8-tiamat-py3
+ - almalinux-8-tiamat-py3
+ - rockylinux-8-tiamat-py3
+ - debian-11-master-py3
+ - debian-10-master-py3
+ - debian-9-master-py3
+ - ubuntu-2204-master-py3
+ - ubuntu-2004-master-py3
+ - ubuntu-1804-master-py3
+ - centos-stream8-master-py3
+ - centos-7-master-py3
+ - oraclelinux-8-master-py3
+ - almalinux-8-master-py3
+ - rockylinux-8-master-py3
+ - debian-11-3004-1-py3
+ - debian-10-3004-1-py3
+ - debian-9-3004-1-py3
+ - ubuntu-2204-3004-1-py3
+ - ubuntu-2004-3004-1-py3
+ - ubuntu-1804-3004-1-py3
+ - centos-stream8-3004-1-py3
+ - centos-7-3004-1-py3
+ - oraclelinux-8-3004-1-py3
+ - almalinux-8-3004-1-py3
+ - rockylinux-8-3004-1-py3
+ - debian-10-3003-4-py3
+ - debian-9-3003-4-py3
+ - ubuntu-2004-3003-4-py3
+ - ubuntu-1804-3003-4-py3
+ - centos-stream8-3003-4-py3
+ - centos-7-3003-4-py3
+ - oraclelinux-8-3003-4-py3
+ - almalinux-8-3003-4-py3
+ provisioner:
+ state_top:
+ base:
+ '*':
+ - nginx._mapdata
+ - nginx.passenger
+ pillars:
+ top.sls:
+ base:
+ '*':
+ - nginx
+ pillars_from_files:
+ nginx.sls: test/salt/passenger/pillar/nginx.sls
+ verifier:
+ inspec_tests:
+ - path: test/integration/passenger
diff --git a/nginx/_mapdata/_mapdata.jinja b/nginx/_mapdata/_mapdata.jinja
new file mode 100644
index 00000000..aa9649cf
--- /dev/null
+++ b/nginx/_mapdata/_mapdata.jinja
@@ -0,0 +1,13 @@
+# yamllint disable rule:indentation rule:line-length
+# {{ grains.get("osfinger", grains.os) }}
+---
+{#- use salt.slsutil.serialize to avoid encoding errors on some platforms #}
+{{ salt["slsutil.serialize"](
+ "yaml",
+ map,
+ default_flow_style=False,
+ allow_unicode=True,
+ )
+ | regex_replace("^\s+'$", "'", multiline=True)
+ | trim
+}}
diff --git a/nginx/_mapdata/init.sls b/nginx/_mapdata/init.sls
new file mode 100644
index 00000000..650b3e88
--- /dev/null
+++ b/nginx/_mapdata/init.sls
@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+---
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split("/")[0] %}
+{%- from tplroot ~ "/map.jinja" import nginx with context %}
+
+{%- set _mapdata = {
+ "values": nginx,
+ } %}
+{%- do salt["log.debug"]("### MAP.JINJA DUMP ###\n" ~ _mapdata | yaml(False)) %}
+
+{%- set output_dir = "/temp" if grains.os_family == "Windows" else "/tmp" %}
+{%- set output_file = output_dir ~ "/salt_mapdata_dump.yaml" %}
+
+{{ tplroot }}-mapdata-dump:
+ file.managed:
+ - name: {{ output_file }}
+ - source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja
+ - template: jinja
+ - context:
+ map: {{ _mapdata | yaml }}
diff --git a/nginx/certificates.sls b/nginx/certificates.sls
index e088dd21..8781045f 100644
--- a/nginx/certificates.sls
+++ b/nginx/certificates.sls
@@ -4,6 +4,10 @@ include:
- nginx.service
{% set certificates_path = salt['pillar.get']('nginx:certificates_path', '/etc/nginx/ssl') %}
+prepare_certificates_path_dir:
+ file.directory:
+ - name: {{ certificates_path }}
+ - makedirs: True
{%- for dh_param, value in salt['pillar.get']('nginx:dh_param', {}).items() %}
{%- if value is string %}
@@ -12,19 +16,21 @@ create_nginx_dhparam_{{ dh_param }}_key:
- name: {{ certificates_path }}/{{ dh_param }}
- contents_pillar: nginx:dh_param:{{ dh_param }}
- makedirs: True
+ - require:
+ - file: prepare_certificates_path_dir
- watch_in:
- service: nginx_service
{%- else %}
generate_nginx_dhparam_{{ dh_param }}_key:
pkg.installed:
- name: {{ nginx.lookup.openssl_package }}
- file.directory:
- - name: {{ certificates_path }}
- - makedirs: True
cmd.run:
- name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }}
- cwd: {{ certificates_path }}
- creates: {{ certificates_path }}/{{ dh_param }}
+ - require:
+ - file: prepare_certificates_path_dir
+ - pkg: generate_nginx_dhparam_{{ dh_param }}_key
- watch_in:
- service: nginx_service
{%- endif %}
@@ -37,21 +43,21 @@ nginx_{{ domain }}_ssl_certificate:
- name: {{ certificates_path }}/{{ domain }}.crt
- makedirs: True
{% if salt['pillar.get']("nginx:certificates:{}:public_cert_pillar".format(domain)) %}
- - contents_pillar: {{salt['pillar.get']('nginx:certificates:{}:public_cert_pillar'.format(domain))}}
+ - contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:public_cert_pillar'.format(domain)) }}
{% else %}
- contents_pillar: nginx:certificates:{{ domain }}:public_cert
{% endif %}
- watch_in:
- service: nginx_service
-{% if salt['pillar.get']("nginx:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain))%}
+{% if salt['pillar.get']("nginx:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}
nginx_{{ domain }}_ssl_key:
file.managed:
- name: {{ certificates_path }}/{{ domain }}.key
- mode: 600
- makedirs: True
{% if salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}
- - contents_pillar: {{salt['pillar.get']('nginx:certificates:{}:private_key_pillar'.format(domain))}}
+ - contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:private_key_pillar'.format(domain)) }}
{% else %}
- contents_pillar: nginx:certificates:{{ domain }}:private_key
{% endif %}
diff --git a/nginx/files/default/nginx-archive-keyring.gpg b/nginx/files/default/nginx-archive-keyring.gpg
new file mode 100644
index 00000000..82b5bff0
Binary files /dev/null and b/nginx/files/default/nginx-archive-keyring.gpg differ
diff --git a/nginx/files/default/phusionpassenger-archive-keyring.gpg b/nginx/files/default/phusionpassenger-archive-keyring.gpg
new file mode 100644
index 00000000..ee1337f9
Binary files /dev/null and b/nginx/files/default/phusionpassenger-archive-keyring.gpg differ
diff --git a/nginx/libtofs.jinja b/nginx/libtofs.jinja
index da656a5e..f39fd42b 100644
--- a/nginx/libtofs.jinja
+++ b/nginx/libtofs.jinja
@@ -1,40 +1,37 @@
-{%- macro files_switch(source_files,
- lookup=None,
- default_files_switch=['id', 'os_family'],
- indent_width=6,
- v1_path_prefix='') %}
- {#-
+{%- macro files_switch(
+ source_files,
+ lookup=None,
+ default_files_switch=["id", "os_family"],
+ indent_width=6,
+ use_subpath=False
+ ) %}
+{#-
Returns a valid value for the "source" parameter of a "file.managed"
state function. This makes easier the usage of the Template Override and
Files Switch (TOFS) pattern.
-
Params:
* source_files: ordered list of files to look for
- * lookup: key under ':tofs:source_files' to override
+ * lookup: key under ":tofs:source_files" to prepend to the
list of source files
* default_files_switch: if there's no config (e.g. pillar)
- ':tofs:files_switch' this is the ordered list of grains to
+ ":tofs:files_switch" this is the ordered list of grains to
use as selector switch of the directories under
"/files"
- * indent_witdh: indentation of the result value to conform to YAML
- * v1_path_prefix: (deprecated) only used for injecting a path prefix into
- the source, to support older TOFS configs
-
+ * indent_width: indentation of the result value to conform to YAML
+ * use_subpath: defaults to `False` but if set, lookup the source file
+ recursively from the current state directory up to `tplroot`
Example (based on a `tplroot` of `xxx`):
-
If we have a state:
-
Deploy configuration:
file.managed:
- name: /etc/yyy/zzz.conf
- - source: {{ files_switch(['/etc/yyy/zzz.conf', '/etc/yyy/zzz.conf.jinja'],
- lookup='Deploy configuration'
- ) }}
+ - source: {{ files_switch(
+ ["/etc/yyy/zzz.conf", "/etc/yyy/zzz.conf.jinja"],
+ lookup="Deploy configuration",
+ ) }}
- template: jinja
-
In a minion with id=theminion and os_family=RedHat, it's going to be
rendered as:
-
Deploy configuration:
file.managed:
- name: /etc/yyy/zzz.conf
@@ -46,56 +43,73 @@
- salt://xxx/files/default/etc/yyy/zzz.conf
- salt://xxx/files/default/etc/yyy/zzz.conf.jinja
- template: jinja
- #}
- {#- Get the `tplroot` from `tpldir` #}
- {%- set tplroot = tpldir.split('/')[0] %}
- {%- set path_prefix = salt['config.get'](tplroot ~ ':tofs:path_prefix', tplroot) %}
- {%- set files_dir = salt['config.get'](tplroot ~ ':tofs:dirs:files', 'files') %}
- {%- set files_switch_list = salt['config.get'](
- tplroot ~ ':tofs:files_switch',
- default_files_switch
- ) %}
- {#- Lookup source_files (v2), files (v1), or fallback to source_files parameter #}
- {%- set src_files = salt['config.get'](
- tplroot ~ ':tofs:source_files:' ~ lookup,
- salt['config.get'](
- tplroot ~ ':tofs:files:' ~ lookup,
- source_files
- )
- ) %}
- {#- Only add to [''] when supporting older TOFS implementations #}
- {%- set path_prefix_exts = [''] %}
- {%- if v1_path_prefix != '' %}
- {%- do path_prefix_exts.append(v1_path_prefix) %}
- {%- endif %}
- {%- for path_prefix_ext in path_prefix_exts %}
- {%- set path_prefix_inc_ext = path_prefix ~ path_prefix_ext %}
- {#- For older TOFS implementation, use `files_switch` from the config #}
- {#- Use the default, new method otherwise #}
- {%- set fsl = salt['config.get'](
- tplroot ~ path_prefix_ext|replace('/', ':') ~ ':files_switch',
- files_switch_list
- ) %}
- {#- Append an empty value to evaluate as `default` in the loop below #}
- {%- if '' not in fsl %}
- {%- do fsl.append('') %}
- {%- endif %}
- {%- for fs in fsl %}
- {%- for src_file in src_files %}
- {%- if fs %}
- {%- set fs_dir = salt['config.get'](fs, fs) %}
- {%- else %}
- {%- set fs_dir = salt['config.get'](tplroot ~ ':tofs:dirs:default', 'default') %}
- {%- endif %}
- {%- set url = [
- '- salt:/',
- path_prefix_inc_ext.strip('/'),
- files_dir.strip('/'),
- fs_dir.strip('/'),
- src_file.strip('/'),
- ] | select | join('/') %}
+#}
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split("/")[0] %}
+{%- set path_prefix = salt["config.get"](tplroot ~ ":tofs:path_prefix", tplroot) %}
+{%- set files_dir = salt["config.get"](tplroot ~ ":tofs:dirs:files", "files") %}
+{%- set files_switch_list = salt["config.get"](
+ tplroot ~ ":tofs:files_switch", default_files_switch
+ ) %}
+{#- Lookup source_files (v2), files (v1), or fallback to an empty list #}
+{%- set src_files = salt["config.get"](
+ tplroot ~ ":tofs:source_files:" ~ lookup,
+ salt["config.get"](tplroot ~ ":tofs:files:" ~ lookup, []),
+ ) %}
+{#- Append the default source_files #}
+{%- set src_files = src_files + source_files %}
+{#- Only add to [""] when supporting older TOFS implementations #}
+{%- set path_prefix_exts = [""] %}
+{%- if use_subpath and tplroot != tpldir %}
+{#- Walk directory tree to find {{ files_dir }} #}
+{%- set subpath_parts = tpldir.lstrip(tplroot).lstrip("/").split("/") %}
+{%- for path in subpath_parts %}
+{%- set subpath = subpath_parts[0 : loop.index] | join("/") %}
+{%- do path_prefix_exts.append("/" ~ subpath) %}
+{%- endfor %}
+{%- endif %}
+{%- for path_prefix_ext in path_prefix_exts | reverse %}
+{%- set path_prefix_inc_ext = path_prefix ~ path_prefix_ext %}
+{#- For older TOFS implementation, use `files_switch` from the config #}
+{#- Use the default, new method otherwise #}
+{%- set fsl = salt["config.get"](
+ tplroot ~ path_prefix_ext | replace("/", ":") ~ ":files_switch",
+ files_switch_list,
+ ) %}
+{#- Append an empty value to evaluate as `default` in the loop below #}
+{%- if "" not in fsl %}
+{%- set fsl = fsl + [""] %}
+{%- endif %}
+{%- for fs in fsl %}
+{%- for src_file in src_files %}
+{%- if fs %}
+{%- set fs_dirs = salt["config.get"](fs, fs) %}
+{%- else %}
+{%- set fs_dirs = salt["config.get"](
+ tplroot ~ ":tofs:dirs:default", "default"
+ ) %}
+{%- endif %}
+{#- Force the `config.get` lookup result as a list where necessary #}
+{#- since we need to also handle grains that are lists #}
+{%- if fs_dirs is string %}
+{%- set fs_dirs = [fs_dirs] %}
+{%- endif %}
+{%- for fs_dir in fs_dirs %}
+{#- strip empty elements by using a select #}
+{%- set url = (
+ [
+ "- salt:/",
+ path_prefix_inc_ext.strip("/"),
+ files_dir.strip("/"),
+ fs_dir.strip("/"),
+ src_file.strip("/"),
+ ]
+ | select
+ | join("/")
+ ) %}
{{ url | indent(indent_width, true) }}
- {%- endfor %}
- {%- endfor %}
- {%- endfor %}
+{%- endfor %}
+{%- endfor %}
+{%- endfor %}
+{%- endfor %}
{%- endmacro %}
diff --git a/nginx/map.jinja b/nginx/map.jinja
index c99790dd..b3beb3d3 100644
--- a/nginx/map.jinja
+++ b/nginx/map.jinja
@@ -9,7 +9,7 @@
'Debian': {
'package': 'nginx',
'passenger_package': 'passenger',
- 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
+ 'passenger_config_file': '/etc/nginx/conf.d/mod-http-passenger.conf',
'service': 'nginx',
'webuser': 'www-data',
'conf_file': '/etc/nginx/nginx.conf',
@@ -19,6 +19,8 @@
'server_use_symlink': True,
'pid_file': '/run/nginx.pid',
'openssl_package': 'openssl',
+ 'package_repo_keyring': '/usr/share/keyrings/nginx-archive-keyring.gpg',
+ 'passenger_package_repo_keyring': '/usr/share/keyrings/phusionpassenger-archive-keyring.gpg',
},
'CentOS': {
'package': 'nginx',
@@ -70,7 +72,8 @@
'server_use_symlink': False,
'pid_file': '/run/nginx.pid',
'gpg_check': True,
- 'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_{{ grains.osrelease }}/repodata/repomd.xml.key',
+ 'gpg_key': 'http://download.opensuse.org/repositories/server:/http/{{ grains.osrelease }}/repodata/repomd.xml.key',
+ 'gpg_autoimport': True,
'openssl_package': 'openssl',
},
'Arch': {
@@ -105,6 +108,7 @@
'server_enabled': '/usr/local/etc/nginx/sites-enabled',
'snippets_dir': '/usr/local/etc/nginx/snippets',
'server_use_symlink': True,
+ 'openssl_package': 'openssl',
'pid_file': '/var/run/nginx.pid',
},
}, default='Debian' ),
@@ -112,6 +116,8 @@
'install_from_ppa': False,
'install_from_repo': False,
'install_from_phusionpassenger': False,
+ 'install_from_opensuse_devel': False,
+ 'check_config_before_apply': False,
'ppa_version': 'stable',
'source_version': '1.10.0',
'source_hash': '8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d',
@@ -119,7 +125,9 @@
'opts': {},
},
'package': {
- 'opts': {},
+ 'opts': {
+ 'refresh': True,
+ },
},
'service': {
'enable': True,
@@ -130,7 +138,7 @@
'config': {
'worker_processes': 'auto',
'events': {
- 'worker_connections': 768,
+ 'worker_connections': 512,
},
'http': {
'sendfile': 'on',
@@ -162,6 +170,7 @@
'makedirs': True,
},
'managed': {},
+ 'purge_servers_config': False,
},
'passenger': {
'passenger_root': '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
@@ -172,26 +181,26 @@
{% if 'user' not in nginx.server.config %}
{% do nginx.server.config.update({
'user': nginx.lookup.webuser,
-})%}
+}) %}
{% endif %}
{% if 'pid' not in nginx.server.config and 'pid_file' in nginx.lookup %}
{% do nginx.server.config.update({
'pid': nginx.lookup.pid_file,
-})%}
+}) %}
{% endif %}
{% if salt['grains.get']('os_family') == 'RedHat' %}
{% do nginx.passenger.update({
'passenger_root': '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini',
'passenger_instance_registry_dir': '/var/run/passenger-instreg',
-})%}
- {% if salt['grains.get']('osfinger') == 'CentOS-6' %}
+}) %}
+ {% if 'osfinger' in grains and salt['grains.get']('osfinger') == 'CentOS-6' %}
{% do nginx.server.config.update({
'pid': '/var/run/nginx.pid',
- })%}
+ }) %}
{% do nginx.passenger.update({
'passenger_root': '/usr/lib/ruby/1.8/phusion_passenger/locations.ini',
- })%}
+ }) %}
{% endif %}
{% endif %}
diff --git a/nginx/passenger.sls b/nginx/passenger.sls
index 1f962904..374c35df 100644
--- a/nginx/passenger.sls
+++ b/nginx/passenger.sls
@@ -10,15 +10,23 @@
{% if salt['grains.get']('os_family') in ['Debian', 'RedHat'] %}
include:
- nginx.pkg
+ - nginx.config
- nginx.service
+ {%- if nginx.snippets is defined %}
+ - nginx.snippets
+ {%- endif %}
+ - nginx.servers
+ - nginx.certificates
passenger_install:
pkg.installed:
+ {{ sls_block(nginx.package.opts) }}
- name: {{ nginx.lookup.passenger_package }}
- require:
- pkg: nginx_install
- require_in:
- service: nginx_service
+ - file: nginx_config
/etc/nginx/passenger.conf:
file.absent:
@@ -40,6 +48,7 @@ passenger_config:
- service: nginx_service
- require_in:
- service: nginx_service
+ - file: nginx_config
- require:
- file: /etc/nginx/passenger.conf
- pkg: passenger_install
diff --git a/nginx/pkg.sls b/nginx/pkg.sls
index 280c8be1..680c524e 100644
--- a/nginx/pkg.sls
+++ b/nginx/pkg.sls
@@ -2,25 +2,40 @@
#
# Manages installation of nginx from pkg.
-{% from 'nginx/map.jinja' import nginx, sls_block with context %}
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import nginx, sls_block with context %}
+{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
+
{%- if nginx.install_from_repo %}
{% set from_official = true %}
{% set from_ppa = false %}
{% set from_phusionpassenger = false %}
+ {% set from_opensuse_devel = false %}
{% elif nginx.install_from_ppa %}
{% set from_official = false %}
{% set from_ppa = true %}
{% set from_phusionpassenger = false %}
+ {% set from_opensuse_devel = false %}
{% elif nginx.install_from_phusionpassenger %}
{% set from_official = false %}
{% set from_ppa = false %}
{% set from_phusionpassenger = true %}
+ {% set from_opensuse_devel = false %}
+{% elif nginx.install_from_opensuse_devel %}
+ {% set from_official = false %}
+ {% set from_ppa = false %}
+ {% set from_phusionpassenger = false %}
+ {% set from_opensuse_devel = true %}
{% else %}
{% set from_official = false %}
{% set from_ppa = false %}
{% set from_phusionpassenger = false %}
+ {% set from_opensuse_devel = false %}
{%- endif %}
+{%- set resource_repo_managed = 'file' if grains.os_family == 'Debian' else 'pkgrepo' %}
+
nginx_install:
pkg.installed:
{{ sls_block(nginx.package.opts) }}
@@ -33,19 +48,31 @@ nginx_install:
- name: {{ nginx.lookup.package }}
{% endif %}
-{% if salt['grains.get']('os_family') == 'Debian' %}
+{% if grains.os_family == 'Debian' %}
+ {%- if from_official %}
+nginx_official_repo_keyring:
+ file.managed:
+ - name: {{ nginx.lookup.package_repo_keyring }}
+ - source: {{ files_switch(['nginx-archive-keyring.gpg'],
+ lookup='nginx_official_repo_keyring'
+ )
+ }}
+ - require_in:
+ - {{ resource_repo_managed }}: nginx_official_repo
+ {%- endif %}
+
nginx_official_repo:
- pkgrepo:
+ file:
{%- if from_official %}
- managed
{%- else %}
- absent
{%- endif %}
- - humanname: nginx apt repo
- - name: deb http://nginx.org/packages/{{ grains['os'].lower() }}/ {{ grains['oscodename'] }} nginx
- - file: /etc/apt/sources.list.d/nginx-official-{{ grains['oscodename'] }}.list
- - keyid: ABF5BD827BD9BF62
- - keyserver: keyserver.ubuntu.com
+ - name: /etc/apt/sources.list.d/nginx-official-{{ grains.oscodename }}.list
+ - contents: >
+ deb [signed-by={{ nginx.lookup.package_repo_keyring }}]
+ http://nginx.org/packages/{{ grains.os | lower }}/ {{ grains.oscodename }} nginx
+
- require_in:
- pkg: nginx_install
- watch_in:
@@ -60,10 +87,10 @@ nginx_ppa_repo:
{%- else %}
- absent
{%- endif %}
- {% if salt['grains.get']('os') == 'Ubuntu' %}
+ {% if grains.os == 'Ubuntu' %}
- ppa: nginx/{{ nginx.ppa_version }}
{% else %}
- - name: deb http://ppa.launchpad.net/nginx/{{ nginx.ppa_version }}/ubuntu {{ grains['oscodename'] }} main
+ - name: deb http://ppa.launchpad.net/nginx/{{ nginx.ppa_version }}/ubuntu {{ grains.oscodename }} main
- keyid: C300EE8C
- keyserver: keyserver.ubuntu.com
{% endif %}
@@ -73,46 +100,87 @@ nginx_ppa_repo:
- pkg: nginx_install
{%- endif %}
+ {%- if from_phusionpassenger %}
+nginx_phusionpassenger_repo_keyring:
+ file.managed:
+ - name: /usr/share/keyrings/phusionpassenger-archive-keyring.gpg
+ - source: {{ files_switch(['phusionpassenger-archive-keyring.gpg'],
+ lookup='nginx_phusionpassenger_repo_keyring'
+ )
+ }}
+ - require_in:
+ - {{ resource_repo_managed }}: nginx_phusionpassenger_repo
+
+# Remove the old repo file
+nginx_phusionpassenger_repo_remove:
+ pkgrepo.absent:
+ - name: deb http://nginx.org/packages/{{ grains.os |lower }}/ {{ grains.oscodename }} nginx
+ - keyid: 561F9B9CAC40B2F7
+ - require_in:
+ - {{ resource_repo_managed }}: nginx_phusionpassenger_repo
+ file.absent:
+ - name: /etc/apt/sources.list.d/nginx-phusionpassenger-{{ grains.oscodename }}.list
+ - require_in:
+ - {{ resource_repo_managed }}: nginx_phusionpassenger_repo
+ {%- endif %}
+
nginx_phusionpassenger_repo:
- pkgrepo:
+ file:
{%- if from_phusionpassenger %}
- managed
{%- else %}
- absent
{%- endif %}
- - humanname: nginx phusionpassenger repo
- - name: deb https://oss-binaries.phusionpassenger.com/apt/passenger {{ grains['oscodename'] }} main
- - file: /etc/apt/sources.list.d/nginx-phusionpassenger-{{ grains['oscodename'] }}.list
- - keyid: 561F9B9CAC40B2F7
- - keyserver: keyserver.ubuntu.com
+ - name: /etc/apt/sources.list.d/phusionpassenger-official-{{ grains.oscodename }}.list
+ - contents: >
+ deb [signed-by={{ nginx.lookup.passenger_package_repo_keyring }}]
+ https://oss-binaries.phusionpassenger.com/apt/passenger {{ grains.oscodename }} main
+
- require_in:
- pkg: nginx_install
- watch_in:
- pkg: nginx_install
{% endif %}
-{% if salt['grains.get']('os_family') == 'Suse' or salt['grains.get']('os') == 'SUSE' %}
+{% if grains.os_family == 'Suse' or grains.os == 'SUSE' %}
nginx_zypp_repo:
pkgrepo:
- {%- if from_official %}
- - managed
- {%- else %}
- - absent
- {%- endif %}
- name: server_http
+ {%- if from_opensuse_devel %}
+ - managed
- humanname: server_http
- - baseurl: 'http://download.opensuse.org/repositories/server:/http/openSUSE_13.2/'
+ - baseurl: 'http://download.opensuse.org/repositories/server:/http/{{ grains.osrelease }}/'
- enabled: True
- autorefresh: True
- gpgcheck: {{ nginx.lookup.gpg_check }}
- gpgkey: {{ nginx.lookup.gpg_key }}
+ - gpgautoimport: {{ nginx.lookup.gpg_autoimport }}
+ {%- else %}
+ - absent
+ {%- endif %}
- require_in:
- pkg: nginx_install
- watch_in:
- pkg: nginx_install
{% endif %}
-{% if salt['grains.get']('os_family') == 'RedHat' %}
+{% if grains.os_family == 'RedHat' %}
+ {% if grains.get('osfinger', '') == 'Amazon Linux-2' %}
+nginx_epel_repo:
+ pkgrepo.managed:
+ - name: epel
+ - humanname: Extra Packages for Enterprise Linux 7 - $basearch
+ - mirrorlist: https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
+ - enabled: 1
+ - gpgcheck: 1
+ - gpgkey: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
+ - failovermethod: priority
+ - require_in:
+ - pkg: nginx_install
+ - watch_in:
+ - pkg: nginx_install
+{% endif %}
+
nginx_yum_repo:
pkgrepo:
{%- if from_official %}
@@ -122,7 +190,7 @@ nginx_yum_repo:
{%- endif %}
- name: nginx
- humanname: nginx repo
- {%- if salt['grains.get']('os') == 'CentOS' %}
+ {%- if grains.os == 'CentOS' %}
- baseurl: 'http://nginx.org/packages/centos/$releasever/$basearch/'
{%- else %}
- baseurl: 'http://nginx.org/packages/rhel/{{ nginx.lookup.rh_os_releasever }}/$basearch/'
@@ -146,8 +214,8 @@ nginx_phusionpassenger_yum_repo:
- humanname: nginx phusionpassenger repo
- baseurl: 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch'
- repo_gpgcheck: 1
- - gpgcheck: 0
- - gpgkey: 'https://packagecloud.io/gpg.key'
+ - gpgcheck: 0
+ - gpgkey: 'https://oss-binaries.phusionpassenger.com/yum/definitions/RPM-GPG-KEY.asc'
- enabled: True
- sslverify: 1
- sslcacert: /etc/pki/tls/certs/ca-bundle.crt
diff --git a/nginx/servers.sls b/nginx/servers.sls
index f3033bb2..4f26fd4b 100644
--- a/nginx/servers.sls
+++ b/nginx/servers.sls
@@ -5,12 +5,11 @@
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ '/map.jinja' import nginx, sls_block with context %}
{%- from tplroot ~ '/servers_config.sls' import server_states with context %}
-{%- from tplroot ~ '/service.sls' import service_function with context %}
{% macro file_requisites(states) %}
- {%- for state in states %}
- - file: {{ state }}
- {%- endfor -%}
+{%- for state in states %}
+ - file: {{ state }}
+{%- endfor -%}
{% endmacro %}
include:
@@ -18,15 +17,14 @@ include:
- nginx.servers_config
{% if server_states|length() > 0 %}
-nginx_service_reload:
- service.{{ service_function }}:
- - name: {{ nginx.lookup.service }}
- - reload: True
- - use:
- - service: nginx_service
- - listen:
- {{ file_requisites(server_states) }}
- - require:
- {{ file_requisites(server_states) }}
- - service: nginx_service
+extend:
+ nginx_service:
+ service:
+ - reload: True
+ - require:
+ - file: nginx_config
+ {{ file_requisites(server_states) }}
+ - listen:
+ - file: nginx_config
+ {{ file_requisites(server_states) }}
{% endif %}
diff --git a/nginx/servers_config.sls b/nginx/servers_config.sls
index 3d0d38c9..6652d64a 100644
--- a/nginx/servers_config.sls
+++ b/nginx/servers_config.sls
@@ -8,6 +8,10 @@
{%- from tplroot ~ '/libtofs.jinja' import files_switch with context %}
{% set server_states = [] %}
+{#- _nginx is a lightened copy of nginx map intended to passed in templates #}
+{%- set _nginx = nginx.copy() %}
+{%- do _nginx.pop('snippets') if nginx.snippets is defined %}
+{%- do _nginx.pop('servers') if nginx.servers is defined %}
# Simple path concatenation.
# Needs work to make this function on windows.
@@ -48,6 +52,7 @@
file.symlink:
{{ sls_block(nginx.servers.symlink_opts) }}
- name: {{ server_path(server, state) }}
+ - makedirs: True
- target: {{ server_path(server, anti_state) }}
{%- else %}
{%- if deleted == True %}
@@ -83,6 +88,7 @@ nginx_server_enabled_dir:
file.directory:
{{ sls_block(nginx.servers.dir_opts) }}
- name: {{ nginx.lookup.server_enabled }}
+ - clean: {{ nginx.servers.purge_servers_config }}
# If enabled and available are not the same, create available
{% if nginx.lookup.server_enabled != nginx.lookup.server_available -%}
@@ -90,12 +96,9 @@ nginx_server_available_dir:
file.directory:
{{ sls_block(nginx.servers.dir_opts) }}
- name: {{ nginx.lookup.server_available }}
+ - clean: {{ nginx.servers.purge_servers_config }}
{%- endif %}
-# Manage the actual server files
-{% for server, settings in nginx.servers.managed.items() %}
-{% endfor %}
-
# Managed enabled/disabled state for servers
{% for server, settings in nginx.servers.managed.items() %}
{% set conf_state_id = 'server_conf_' ~ loop.index0 %}
@@ -103,6 +106,7 @@ nginx_server_available_dir:
{{ conf_state_id }}:
file.absent:
- name: {{ server_curpath(server) }}
+{% do server_states.append(conf_state_id) %}
{% else %}
{% if settings.enabled == True %}
{{ conf_state_id }}:
@@ -119,11 +123,16 @@ nginx_server_available_dir:
}}
- makedirs: True
- template: jinja
- - require_in:
- - service: nginx_service
+ {%- if 'requires' in settings %}
+ - require:
+ {%- for k, v in settings.requires.items() %}
+ - {{ k }}: {{ v }}
+ {%- endfor %}
+ {%- endif %}
{% if 'source_path' not in settings.config %}
- context:
config: {{ settings.config|json(sort_keys=False) }}
+ nginx: {{ _nginx|json() }}
{% endif %}
{% if 'overwrite' in settings and settings.overwrite == False %}
- unless:
@@ -149,9 +158,7 @@ nginx_server_available_dir:
- file: {{ conf_state_id }}
{% endif %}
-{% if 'deleted' not in settings or ( 'deleted' in settings and settings.deleted == False ) %}
{% do server_states.append(status_state_id) %}
-{% endif %}
{%- endif %} {# enabled != available_dir #}
{% endif %}
{% endfor %}
diff --git a/nginx/service.sls b/nginx/service.sls
index 9cbc5cc8..adb51f09 100644
--- a/nginx/service.sls
+++ b/nginx/service.sls
@@ -42,3 +42,6 @@ nginx_service:
{% else %}
- pkg: nginx_install
{% endif %}
+{% if nginx.check_config_before_apply %}
+ - onlyif: /usr/sbin/nginx -t
+{% endif %}
diff --git a/nginx/snippets.sls b/nginx/snippets.sls
index bd881a93..3bd78349 100644
--- a/nginx/snippets.sls
+++ b/nginx/snippets.sls
@@ -6,6 +6,11 @@
{%- from tplroot ~ '/map.jinja' import nginx, sls_block with context %}
{%- from tplroot ~ '/libtofs.jinja' import files_switch with context %}
+{#- _nginx is a lightened copy of nginx map intended to passed in templates #}
+{%- set _nginx = nginx.copy() %}
+{%- do _nginx.pop('snippets') if nginx.snippets is defined %}
+{%- do _nginx.pop('servers') if nginx.servers is defined %}
+
nginx_snippets_dir:
file.directory:
{{ sls_block(nginx.servers.dir_opts) }}
@@ -22,4 +27,12 @@ nginx_snippet_{{ snippet }}:
- template: jinja
- context:
config: {{ config|json() }}
+ nginx: {{ _nginx|json() }}
+ - require:
+ - file: nginx_snippets_dir
+ - require_in:
+ - file: nginx_config
+ - sls: nginx.servers
+ - sls: nginx.servers_config
+ - service: nginx_service
{% endfor %}
diff --git a/pillar.example b/pillar.example
index 975688e3..f5e21902 100644
--- a/pillar.example
+++ b/pillar.example
@@ -1,11 +1,15 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
# ========
# nginx (previously named nginx:ng)
# ========
nginx:
- # The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided
- # package will be installed. If one of the `install_from` option is set to `True`, the state will
- # make sure the other two repos are removed.
+ # The following three `install_from_` options are mutually exclusive. If none
+ # is used, the distro's provided package will be installed. If one of the
+ # `install_from` option is set to `true`, the state will make sure the other
+ # two repos are removed.
# Use the official's nginx repo binaries
install_from_repo: false
@@ -16,13 +20,29 @@ nginx:
# PPA install
install_from_ppa: false
- # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx )
+ # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for
+ # each build accordingly ( https://launchpad.net/~nginx )
ppa_version: 'stable'
+ # Use openSUSE devel (server:http) repository to install nginx.
+ # If not set, the server_http repository will be removed if it exists.
+ install_from_opensuse_devel: false
+
# Source install
source_version: '1.10.0'
source_hash: ''
+ # Check the configuration before applying:
+ # To prevent applying a configuration that might break nginx, set this
+ # parameter to true so the configuration is checked BEFORE applying. If
+ # the check fails, the state will fail and it won't be deployed.
+ # CAVEAT: As the configuration file is created in a temp dir, it can't
+ # have relative references or it will fail to check. You'll need to
+ # specify full paths where required (ie, `include`, `load_module`,
+ # `snippets`, etc.0
+ # Defaults to false
+ check_config_before_apply: false
+
# These are usually set by grains in map.jinja
# Typically you can comment these out.
lookup:
@@ -32,40 +52,44 @@ nginx:
conf_file: /etc/nginx/nginx.conf
server_available: /etc/nginx/sites-available
server_enabled: /etc/nginx/sites-enabled
- server_use_symlink: True
- # If you install nginx+passenger from phusionpassenger in Debian, these values will probably be needed
+ server_use_symlink: true
+ # If you install nginx+passenger from phusionpassenger in Debian, these
+ # values will probably be needed
passenger_package: libnginx-mod-http-passenger
passenger_config_file: /etc/nginx/conf.d/mod-http-passenger.conf
- # This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever
+ # This is required for RedHat like distros (Amazon Linux) that don't follow
+ # semantic versioning for $releasever
rh_os_releasever: '6'
# Currently it can be used on rhel/centos/suse when installing from repo
- gpg_check: True
- pid_file: /var/run/nginx.pid ### prevents rendering SLS error nginx.server.config.pid undefined ###
+ gpg_check: true
+ ### prevents rendering SLS error nginx.server.config.pid undefined ###
+ pid_file: /var/run/nginx.pid
# Source compilation is not currently a part of nginx
- from_source: False
+ from_source: false
source:
opts: {}
package:
- opts: {} # this partially exposes parameters of pkg.installed
+ opts: {} # this partially exposes parameters of pkg.installed
service:
- enable: True # Whether or not the service will be enabled/running or dead
- opts: {} # this partially exposes parameters of service.running / service.dead
-
- ##--- --- - - - - - - -- - - - - -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ##
- ## You can use snippets to define often repeated configuration once and include it later
- ## The letsencrypt example below is consumed by "- include: 'snippets/letsencrypt.conf'"
- ## Files or Templates can be retrieved by TOFS with snippet name ( Fallback to server.conf )
- ##--- --- - - - - - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ##
+ enable: true # Whether or not the service will be enabled/running or dead
+ opts: {} # this partially exposes parameters of service.running / service.dead
+
+ ## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ##
+ ## You can use snippets to define often repeated configuration once and
+ ## include it later # The letsencrypt example below is consumed by "- include:
+ ## 'snippets/letsencrypt.conf'" # Files or Templates can be retrieved by TOFS
+ ## with snippet name ( Fallback to server.conf )
+ ## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ##
snippets:
letsencrypt.conf:
- location ^~ /.well-known/acme-challenge/:
- - proxy_pass: http://localhost:9999
+ - proxy_pass: http://localhost:9999
cloudflare_proxy.conf:
- set_real_ip_from: 103.21.244.0/22
- set_real_ip_from: 103.22.200.0/22
@@ -73,43 +97,48 @@ nginx:
- set_real_ip_from: 108.162.192.0/18
blacklist.conf:
- map $http_user_agent $bad_bot:
- - default: 0
- - '~*^Lynx': 0
- - '~*malicious': 1
- - '~*bot': 1
- - '~*crawler': 1
- - '~*bandit': 1
- - libwww-perl: 1
- - '~(?i)(httrack|htmlparser|libwww)': 1
+ - default: 0
+ - '~*^Lynx': 0
+ - '~*malicious': 1
+ - '~*bot': 1
+ - '~*crawler': 1
+ - '~*bandit': 1
+ - libwww-perl: 1
+ - '~(?i)(httrack|htmlparser|libwww)': 1
upstream_netdata_tcp.conf:
- upstream netdata:
- - server: 127.0.0.1:19999
- - keepalive: 64
+ - server: 127.0.0.1:19999
+ - keepalive: 64
server:
- opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file
-
- #-- - - - - -- - - -- - - - - -- - - -- - - - -- - - - - - -- - - - - - -- - - - - -- - - - - -- - - #
- # nginx.conf (main server) declarations
- # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values
- # see also http://nginx.org/en/docs/example.html
- # Nginx config file or template can be retrieved by TOFS ( Fallback to nginx.conf )
- #-- - - - - -- - - -- - - - - -- - - -- - - - -- - - - - - -- - - - - - -- - - - - -- - - - - -- - - #
+ # this partially exposes file.managed parameters as they relate to the main
+ # nginx.conf file
+ opts: {}
+
+ ## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ##
+ # nginx.conf (main server) declarations dictionaries map to blocks {} and
+ # lists cause the same declaration to repeat with different values see also
+ # http://nginx.org/en/docs/example.html Nginx config file or template can
+ # be retrieved by TOFS ( Fallback to nginx.conf )
+ ## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ##
config:
include: 'snippets/letsencrypt.conf'
- source_path: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with TOFS and
- # the rest of the options; if it is found other options
- # (worker_processes: 4 and so on) are not processed
- # and just upload the file from source
+ # IMPORTANT: This option is mutually exclusive with TOFS and the rest of
+ # the options; if it is found other options (worker_processes: 4 and so
+ # on) are not processed and just upload the file from source
+ source_path: salt://path_to_nginx_conf_file/nginx.conf
worker_processes: 4
- load_module: modules/ngx_http_lua_module.so # pass as very first in configuration; otherwise nginx will fail to start
- #pid: /var/run/nginx.pid # Directory location must exist (i.e. it's /run/nginx.pid on EL7)
+ # pass as very first in configuration; otherwise nginx will fail to start
+ load_module: modules/ngx_http_lua_module.so
+ # Directory location must exist (i.e. it's /run/nginx.pid on EL7)
+ # pid: /var/run/nginx.pid
events:
worker_connections: 1024
http:
sendfile: 'on'
include:
- #### Note: Syntax issues in these files generate nginx [emerg] errors on startup. ####
+ #### Note: Syntax issues in these files generate nginx [emerg] errors
+ #### on startup.
- /etc/nginx/mime.types
### module ngx_http_log_module example
@@ -117,25 +146,26 @@ nginx:
main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
- access_log: [] #suppress default access_log option from being added
+ access_log: [] # suppress default access_log option from being added
- ### module nngx_stream_core_module
- ### https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/#example
+ # module nngx_stream_core_module
+ # yamllint disable-line rule:line-length
+ # https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/#example
stream:
upstream lb-1000:
- server:
- - hostname1.example.com:1000
- - hostname2.example.com:1000
+ - hostname1.example.com:1000
+ - hostname2.example.com:1000
upstream stream_backend:
least_conn: ''
- 'server backend1.example.com:12345 weight=5':
- 'server backend2.example.com:12345 max_fails=2 fail_timeout=30s':
- 'server backend3.example.com:12345 max_conns=3':
+ 'server backend1.example.com:12345 weight=5': ~
+ 'server backend2.example.com:12345 max_fails=2 fail_timeout=30s': ~
+ 'server backend3.example.com:12345 max_conns=3': ~
upstream dns_servers:
- least_conn:
- 'server 192.168.136.130:53':
- 'server 192.168.136.131:53':
- 'server 192.168.136.132:53':
+ least_conn: ''
+ 'server 192.168.136.130:53': ~
+ 'server 192.168.136.131:53': ~
+ 'server 192.168.136.132:53': ~
server:
listen: 1000
proxy_pass: lb-1000
@@ -148,11 +178,20 @@ nginx:
servers:
- disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling
- symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites
- rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites
- managed_opts: {} # partially exposes file.managed params for managed server files
- dir_opts: {} # partially exposes file.directory params for site available/enabled and snippets dirs
+ # a postfix appended to files when doing non-symlink disabling
+ disabled_postfix: .disabled
+ # partially exposes file.symlink params when symlinking enabled sites
+ symlink_opts: {}
+ # partially exposes file.rename params when not symlinking disabled/enabled sites
+ rename_opts: {}
+ # partially exposes file.managed params for managed server files
+ managed_opts: {}
+ # partially exposes file.directory params for site available/enabled and
+ # snippets dirs
+ dir_opts: {}
+ # let the choice to purge site-available and site-enable folders before add new ones
+ # (if True it removes all non-salt-managed files)
+ purge_servers_config: false
#####################
@@ -160,72 +199,96 @@ nginx:
#####################
managed:
- mysite: # relative filename of server file (defaults to '/etc/nginx/sites-available/mysite')
- # may be True, False, or None where True is enabled, False, disabled, and None indicates no action
- enabled: True
-
- # Remove the site config file shipped by nginx (i.e. '/etc/nginx/sites-available/default' by default)
+ # relative filename of server file
+ # (defaults to '/etc/nginx/sites-available/mysite')
+ mysite:
+ # may be true, false, or None where true is enabled, false, disabled,
+ # and None indicates no action
+ enabled: true
+
+ # This let's you add dependencies on other resources being applied for a
+ # particular vhost
+ # A common case is when you use this formula together with letsencrypt's,
+ # validating through nginx: you need nginx running (to validate the vhost) but
+ # can't have the ssl vhost up until the certificate is created (because it
+ # won't exist and will make nginx fail to load the configuration)
+ #
+ # An example, when using LE to create the cert for 'some.host.domain':
+ # requires:
+ # cmd: create-initial-cert-some.host.domain
+ requires: {}
+
+ # Remove the site config file shipped by nginx
+ # (i.e. '/etc/nginx/sites-available/default' by default)
# It also remove the symlink (if it is exists).
- # The site MUST be disabled before delete it (if not the nginx is not reloaded).
- #deleted: True
-
- #available_dir: /etc/nginx/sites-available-custom # custom directory (not sites-available) for server filename
- #enabled_dir: /etc/nginx/sites-enabled-custom # custom directory (not sites-enabled) for server filename
- disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking
- overwrite: True # overwrite an existing server file or not
-
- # May be a list of config options or None, if None, no server file will be managed/templated
- # Take server directives as lists of dictionaries. If the dictionary value is another list of
- # dictionaries a block {} will be started with the dictionary key name
+ # The site MUST be disabled before delete it (if not the nginx is not
+ # reloaded).
+ # deleted: true
+
+ # custom directory (not sites-available) for server filename
+ # available_dir: /etc/nginx/sites-available-custom
+ # custom directory (not sites-enabled) for server filename
+ # enabled_dir: /etc/nginx/sites-enabled-custom
+ # an alternative disabled name to be use when not symlinking
+ disabled_name: mysite.aint_on
+ # overwrite an existing server file or not
+ overwrite: true
+
+ # May be a list of config options or None, if None, no server file will
+ # be managed/templated Take server directives as lists of dictionaries.
+ # If the dictionary value is another list of dictionaries a block {}
+ # will be started with the dictionary key name
config:
- - server:
- - server_name: localhost
- - listen:
- - '80 default_server'
- - listen:
- - '443 ssl'
- - index: 'index.html index.htm'
- - location ~ .htm:
- - try_files: '$uri $uri/ =404'
- - test: something else
- - include: 'snippets/letsencrypt.conf'
-
- # Or a slightly more compact alternative syntax:
+ # both of the methods below lead to the output:
+ # server {
+ # server_name localhost;
+ # listen 80 default_server;
+ # listen 443 ssl;
+ # index index.html index.htm;
+ # location ~ .htm {
+ # try_files $uri $uri/ =404;
+ # test something else;
+ # }
+ # }
- server:
- - server_name: localhost
- - listen:
- - '80 default_server'
- - '443 ssl'
- - index: 'index.html index.htm'
- - location ~ .htm:
- - try_files: '$uri $uri/ =404'
- - test: something else
- - include: 'snippets/letsencrypt.conf'
-
- # both of those output:
- # server {
- # server_name localhost;
- # listen 80 default_server;
- # listen 443 ssl;
- # index index.html index.htm;
- # location ~ .htm {
- # try_files $uri $uri/ =404;
- # test something else;
- # }
- # }
-
- mysite2: # Using source_path options to upload the file instead of templating all the file
- enabled: True
+ - server_name: localhost
+ - listen:
+ - '80 default_server'
+ - listen:
+ - '443 ssl'
+ - index: 'index.html index.htm'
+ - location ~ .htm:
+ - try_files: '$uri $uri/ =404'
+ - test: something else
+ - include: 'snippets/letsencrypt.conf'
+
+ # Or a slightly more compact alternative syntax:
+ - server:
+ - server_name: localhost
+ - listen:
+ - '80 default_server'
+ - '443 ssl'
+ - index: 'index.html index.htm'
+ - location ~ .htm:
+ - try_files: '$uri $uri/ =404'
+ - test: something else
+ - include: 'snippets/letsencrypt.conf'
+
+
+ # Using source_path options to upload the file instead of templating all the file
+ mysite2:
+ enabled: true
available_dir: /etc/nginx/sites-available
enabled_dir: /etc/nginx/sites-enabled
config:
- source_path: salt://path-to-site-file/mysite2 # IMPORTANT: This field is mutually exclusive with TOFS
- # and other config options, it just uploads the specified file
+ # IMPORTANT: This field is mutually exclusive with TOFS and other
+ # config options, it just uploads the specified file
+ source_path: salt://path-to-site-file/mysite2
- # Below configuration becomes handy if you want to create custom configuration files
- # for example if you want to create /usr/local/etc/nginx/http_options.conf with
- # the following content:
+ # Below configuration becomes handy if you want to create custom
+ # configuration files for example if you want to create
+ # /usr/local/etc/nginx/http_options.conf with the following content:
# sendfile on;
# tcp_nopush on;
@@ -233,7 +296,7 @@ nginx:
# send_iowait 12000;
http_options.conf:
- enabled: True
+ enabled: true
available_dir: /usr/local/etc/nginx
enabled_dir: /usr/local/etc/nginx
config:
@@ -242,14 +305,16 @@ nginx:
- tcp_nodelay: 'on'
- send_iowait: 12000
- certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path.
+ # Use this if you need to deploy below certificates in a custom path.
+ certificates_path: '/etc/nginx/ssl'
# If you're doing SSL termination, you can deploy certificates this way.
# The private one(s) should go in a separate pillar file not in version
# control (or use encrypted pillar data).
certificates:
'www.example.com':
- # choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree)
+ # choose one of: deploying this cert by pillar (e.g. in combination with
+ # ext_pillar and file_tree)
# public_cert_pillar: certs:example.com:fullchain.pem
# private_key_pillar: certs:example.com:privkey.pem
# or directly pasting the cert
@@ -299,8 +364,11 @@ nginx:
# - osfinger
# - os
# - os_family
+ #
# All aspects of path/file resolution are customisable using the options below.
# This is unnecessary in most cases; there are sensible defaults.
+ # Default path: salt://< path_prefix >/< dirs.files >/< dirs.default >
+ # I.e.: salt://nginx/files/default
# path_prefix: template_alt
# dirs:
# files: files_alt
diff --git a/pre-commit_semantic-release.sh b/pre-commit_semantic-release.sh
index 9d34d74c..80f46e20 100755
--- a/pre-commit_semantic-release.sh
+++ b/pre-commit_semantic-release.sh
@@ -7,16 +7,16 @@ sed -i -e "s_^\(version:\).*_\1 ${1}_" FORMULA
###############################################################################
-# (B) Use `m2r` to convert automatically produced `.md` docs to `.rst`
+# (B) Use `m2r2` to convert automatically produced `.md` docs to `.rst`
###############################################################################
-# Install `m2r`
-sudo -H pip install m2r
+# Install `m2r2`
+pip3 install m2r2
# Copy and then convert the `.md` docs
-cp *.md docs/
-cd docs/
-m2r --overwrite *.md
+cp ./*.md docs/
+cd docs/ || exit
+m2r2 --overwrite ./*.md
# Change excess `H1` headings to `H2` in converted `CHANGELOG.rst`
sed -i -e '/^=.*$/s/=/-/g' CHANGELOG.rst
diff --git a/release.config.js b/release.config.js
index afa0cb11..95c9fed2 100644
--- a/release.config.js
+++ b/release.config.js
@@ -1,5 +1,6 @@
module.exports = {
branch: 'master',
+ repositoryUrl: 'https://github.com/saltstack-formulas/nginx-formula',
plugins: [
['@semantic-release/commit-analyzer', {
preset: 'angular',
@@ -63,7 +64,7 @@ module.exports = {
}
if (typeof commit.hash === `string`) {
- commit.hash = commit.hash.substring(0, 7)
+ commit.shortHash = commit.hash.substring(0, 7)
}
if (typeof commit.subject === `string`) {
diff --git a/test/integration/default/README.md b/test/integration/default/README.md
new file mode 100644
index 00000000..37cf963c
--- /dev/null
+++ b/test/integration/default/README.md
@@ -0,0 +1,50 @@
+# InSpec Profile: `default`
+
+This shows the implementation of the `default` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
+
+## Verify a profile
+
+InSpec ships with built-in features to verify a profile structure.
+
+```bash
+$ inspec check default
+Summary
+-------
+Location: default
+Profile: profile
+Controls: 4
+Timestamp: 2019-06-24T23:09:01+00:00
+Valid: true
+
+Errors
+------
+
+Warnings
+--------
+```
+
+## Execute a profile
+
+To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
+
+```bash
+$ inspec exec default
+..
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+8 examples, 0 failures
+```
+
+## Execute a specific control from a profile
+
+To run one control from the profile use `inspec exec /path/to/profile --controls name`.
+
+```bash
+$ inspec exec default --controls package
+.
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+1 examples, 0 failures
+```
+
+See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).
diff --git a/test/integration/default/controls/config.rb b/test/integration/default/controls/config.rb
index fb7d69c7..c2845eb8 100644
--- a/test/integration/default/controls/config.rb
+++ b/test/integration/default/controls/config.rb
@@ -1,37 +1,52 @@
+# frozen_string_literal: true
+
# Set defaults, use debian as base
-server_available = '/etc/nginx/sites-available'
-server_enabled = '/etc/nginx/sites-enabled'
-
-# Override by OS
-case os[:name]
-when 'redhat', 'centos', 'fedora'
- server_available = '/etc/nginx/conf.d'
- server_enabled = '/etc/nginx/conf.d'
-when 'opensuse'
- server_available = '/etc/nginx/vhosts.d'
- server_enabled = '/etc/nginx/vhosts.d'
-end
+# Override by platform family
+server_available, server_enabled =
+ case platform[:family]
+ when 'redhat', 'fedora'
+ %w[/etc/nginx/conf.d /etc/nginx/conf.d]
+ when 'suse'
+ %w[/etc/nginx/vhosts.d /etc/nginx/vhosts.d]
+ when 'bsd'
+ %w[/usr/local/etc/nginx/sites-available /usr/local/etc/nginx/sites-enabled]
+ else
+ %w[/etc/nginx/sites-available /etc/nginx/sites-enabled]
+ end
+
+nginx_conf, snippets_letsencrypt_conf, file_owner, file_group =
+ case platform[:family]
+ when 'bsd'
+ %w[/usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/snippets/letsencrypt.conf
+ root wheel]
+ else
+ %w[/etc/nginx/nginx.conf /etc/nginx/snippets/letsencrypt.conf root root]
+ end
control 'Nginx configuration' do
title 'should match desired lines'
# main configuration
- describe file('/etc/nginx/nginx.conf') do
+ describe file(nginx_conf) do
it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
+ it { should be_owned_by file_owner }
+ it { should be_grouped_into file_group }
its('mode') { should cmp '0644' }
- its('content') { should include %Q[ log_format main '$remote_addr - $remote_user [$time_local] $status '
+ its('content') do
+ # rubocop:disable Metrics/LineLength
+ should include %( log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';] }
+ '"$http_user_agent" "$http_x_forwarded_for"';)
+ # rubocop:enable Metrics/LineLength
+ end
end
# snippets configuration
- describe file('/etc/nginx/snippets/letsencrypt.conf') do
+ describe file(snippets_letsencrypt_conf) do
it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
+ it { should be_owned_by file_owner }
+ it { should be_grouped_into file_group }
its('mode') { should cmp '0644' }
its('content') { should include 'location ^~ /.well-known/acme-challenge/ {' }
its('content') { should include 'proxy_pass http://localhost:9999;' }
@@ -40,15 +55,14 @@
# sites configuration
[server_available, server_enabled].each do |dir|
-
- describe file ("#{dir}/default") do
- it { should_not exist }
+ describe file "#{dir}/default" do
+ it { should_not exist }
end
- describe file ("#{dir}/mysite") do
+ describe file "#{dir}/mysite" do
it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
+ it { should be_owned_by file_owner }
+ it { should be_grouped_into file_group }
its('mode') { should cmp '0644' }
its('content') { should include 'server_name localhost;' }
its('content') { should include 'listen 80 default_server;' }
@@ -57,6 +71,16 @@
its('content') { should include 'try_files $uri $uri/ =404;' }
its('content') { should include 'include snippets/letsencrypt.conf;' }
end
-
+ describe file "#{dir}/mysite_with_require" do
+ it { should be_file }
+ it { should be_owned_by file_owner }
+ it { should be_grouped_into file_group }
+ its('mode') { should cmp '0644' }
+ its('content') { should include 'server_name with-deps;' }
+ its('content') { should include 'listen 80;' }
+ its('content') { should include 'index index.html index.htm;' }
+ its('content') { should include 'location ~ .htm {' }
+ its('content') { should include 'try_files $uri $uri/ =404;' }
+ end
end
end
diff --git a/test/integration/default/controls/file.rb b/test/integration/default/controls/file.rb
new file mode 100644
index 00000000..57151af8
--- /dev/null
+++ b/test/integration/default/controls/file.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+control 'Dependency test file' do
+ title 'should exist'
+
+ describe file('/tmp/created_to_test_dependencies') do
+ it { should be_file }
+ end
+end
diff --git a/test/integration/default/controls/install.rb b/test/integration/default/controls/install.rb
index 49aea2e3..5aa8d0e4 100644
--- a/test/integration/default/controls/install.rb
+++ b/test/integration/default/controls/install.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
control 'Nginx package' do
title 'should be installed'
diff --git a/test/integration/default/controls/service.rb b/test/integration/default/controls/service.rb
index 5dad48c7..605e9364 100644
--- a/test/integration/default/controls/service.rb
+++ b/test/integration/default/controls/service.rb
@@ -1,7 +1,10 @@
+# frozen_string_literal: true
+
control 'Nginx service' do
title 'should be running and enabled'
describe service('nginx') do
+ it { should be_installed }
it { should be_enabled }
it { should be_running }
end
diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml
index e49fb37f..ae31283c 100644
--- a/test/integration/default/inspec.yml
+++ b/test/integration/default/inspec.yml
@@ -1,11 +1,28 @@
-name: nginx
-title: Nginx Formula
-maintainer: Saltstack-formulas
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+name: default
+title: nginx formula
+maintainer: SaltStack Formulas
license: Apache-2.0
summary: Verify that the nginx formula is setup and configured correctly
+depends:
+ - name: share
+ path: test/integration/share
supports:
- - os-name: debian
- - os-name: ubuntu
- - os-name: centos
- - os-name: fedora
- - os-name: opensuse
+ - platform-name: debian
+ - platform-name: ubuntu
+ - platform-name: centos
+ - platform-name: fedora
+ - platform-name: opensuse
+ - platform-name: suse
+ - platform-name: freebsd
+ - platform-name: openbsd
+ - platform-name: amazon
+ - platform-name: oracle
+ - platform-name: arch
+ - platform-name: gentoo
+ - platform-name: almalinux
+ - platform-name: rocky
+ - platform-name: mac_os_x
+ - platform: windows
diff --git a/test/integration/passenger/README.md b/test/integration/passenger/README.md
new file mode 100644
index 00000000..66fa3cd4
--- /dev/null
+++ b/test/integration/passenger/README.md
@@ -0,0 +1,50 @@
+# InSpec Profile: `passenger`
+
+This shows the implementation of the `passenger` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
+
+## Verify a profile
+
+InSpec ships with built-in features to verify a profile structure.
+
+```bash
+$ inspec check passenger
+Summary
+-------
+Location: passenger
+Profile: profile
+Controls: 4
+Timestamp: 2019-06-24T23:09:01+00:00
+Valid: true
+
+Errors
+------
+
+Warnings
+--------
+```
+
+## Execute a profile
+
+To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
+
+```bash
+$ inspec exec passenger
+..
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+8 examples, 0 failures
+```
+
+## Execute a specific control from a profile
+
+To run one control from the profile use `inspec exec /path/to/profile --controls name`.
+
+```bash
+$ inspec exec passenger --controls package
+.
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+1 examples, 0 failures
+```
+
+See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).
diff --git a/test/integration/passenger/controls/config.rb b/test/integration/passenger/controls/config.rb
new file mode 100644
index 00000000..177a8dc9
--- /dev/null
+++ b/test/integration/passenger/controls/config.rb
@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+# Set defaults, use debian as base
+
+# Override by OS Family
+case platform[:family]
+when 'redhat', 'centos', 'fedora'
+ server_available = '/etc/nginx/conf.d'
+ server_enabled = '/etc/nginx/conf.d'
+ passenger_mod = '/usr/lib64/nginx/modules/ngx_http_passenger_module.so'
+ passenger_root = '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini'
+ passenger_config_file = '/etc/nginx/conf.d/passenger.conf'
+ should_not_exist_file = '/etc/nginx/conf.d/mod-http-passenger.conf'
+when 'debian', 'ubuntu'
+ server_available = '/etc/nginx/sites-available'
+ server_enabled = '/etc/nginx/sites-enabled'
+ passenger_mod = '/usr/lib/nginx/modules/ngx_http_passenger_module.so'
+ passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
+ passenger_config_file = '/etc/nginx/conf.d/mod-http-passenger.conf'
+ should_not_exist_file = '/etc/nginx/conf.d/passenger.conf'
+end
+
+control 'Passenger configuration' do
+ title 'should match desired lines'
+
+ # main configuration
+ describe file('/etc/nginx/nginx.conf') do
+ its('content') { should include "load_module #{passenger_mod}" }
+ end
+
+ describe file(passenger_config_file) do
+ it { should be_file }
+ it { should be_owned_by 'root' }
+ it { should be_grouped_into 'root' }
+ its('mode') { should cmp '0644' }
+ its('content') { should include "passenger_root #{passenger_root};" }
+ its('content') { should include 'passenger_ruby /usr/bin/ruby;' }
+ end
+
+ describe file(should_not_exist_file) do
+ it { should_not exist }
+ end
+
+ # sites configuration
+ [server_available, server_enabled].each do |dir|
+ describe file "#{dir}/default" do
+ it { should_not exist }
+ end
+
+ describe file "#{dir}/mysite" do
+ it { should be_file }
+ it { should be_owned_by 'root' }
+ it { should be_grouped_into 'root' }
+ its('mode') { should cmp '0644' }
+ its('content') { should include 'passenger_enabled on;' }
+ end
+ end
+end
diff --git a/test/integration/passenger/controls/install.rb b/test/integration/passenger/controls/install.rb
new file mode 100644
index 00000000..bbba8cb7
--- /dev/null
+++ b/test/integration/passenger/controls/install.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+control 'Nginx package' do
+ title 'should be installed'
+
+ describe package('nginx') do
+ it { should be_installed }
+ end
+end
+
+control 'Passenger packages' do
+ title 'should be installed'
+
+ # Override by OS Family
+ passenger_mod_pkg = case platform[:family]
+ when 'redhat', 'centos', 'fedora'
+ 'nginx-mod-http-passenger'
+ when 'debian', 'ubuntu'
+ 'libnginx-mod-http-passenger'
+ end
+
+ describe package('passenger') do
+ it { should be_installed }
+ end
+ describe package(passenger_mod_pkg) do
+ it { should be_installed }
+ end
+end
diff --git a/test/integration/passenger/controls/repository.rb b/test/integration/passenger/controls/repository.rb
new file mode 100644
index 00000000..4b92764a
--- /dev/null
+++ b/test/integration/passenger/controls/repository.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+case platform.family
+when 'redhat'
+ repo_file = '/etc/yum.repos.d/passenger.repo'
+ repo_url = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch'
+when 'debian'
+ codename = system.platform[:codename]
+ repo_keyring = '/usr/share/keyrings/phusionpassenger-archive-keyring.gpg'
+ repo_file = "/etc/apt/sources.list.d/phusionpassenger-official-#{codename}.list"
+ # rubocop:disable Layout/LineLength
+ repo_url = "deb [signed-by=#{repo_keyring}] https://oss-binaries.phusionpassenger.com/apt/passenger #{codename} main"
+ # rubocop:enable Layout/LineLength
+end
+
+control 'Phusion-passenger repository keyring' do
+ title 'should be installed'
+
+ only_if('Requirement for Debian family') do
+ os.debian?
+ end
+
+ describe file(repo_keyring) do
+ it { should exist }
+ it { should be_owned_by 'root' }
+ it { should be_grouped_into 'root' }
+ its('mode') { should cmp '0644' }
+ end
+end
+
+control 'Phusion-passenger repository' do
+ impact 1
+ title 'should be configured'
+ describe file(repo_file) do
+ its('content') { should include repo_url }
+ end
+end
diff --git a/test/integration/passenger/controls/service.rb b/test/integration/passenger/controls/service.rb
new file mode 100644
index 00000000..b4af8002
--- /dev/null
+++ b/test/integration/passenger/controls/service.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+control 'Nginx service' do
+ title 'should be running and enabled'
+
+ describe service('nginx') do
+ it { should be_enabled }
+ it { should be_running }
+ end
+end
+
+control 'Passenger module' do
+ title 'should be running and enabled'
+
+ describe 'Passenger engine' do
+ it 'passenger-config should say configuration "looks good"' do
+ expect(command(
+ '/usr/bin/passenger-config validate-install --auto'
+ ).stdout).to match(/looks good/)
+ end
+
+ it 'passenger-memory-stats should return Passenger stats' do
+ expect(command('/usr/sbin/passenger-memory-stats').stdout).to match(
+ %r{nginx: master process /usr/sbin/nginx.*Passenger watchdog.*Passenger core.*}m
+ )
+ end
+ end
+end
diff --git a/test/integration/passenger/inspec.yml b/test/integration/passenger/inspec.yml
new file mode 100644
index 00000000..72e8c381
--- /dev/null
+++ b/test/integration/passenger/inspec.yml
@@ -0,0 +1,28 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+name: passenger
+title: nginx formula
+maintainer: SaltStack Formulas
+license: Apache-2.0
+summary: Verify that the nginx formula is setup and configured correctly
+depends:
+ - name: share
+ path: test/integration/share
+supports:
+ - platform-name: debian
+ - platform-name: ubuntu
+ - platform-name: centos
+ - platform-name: fedora
+ - platform-name: opensuse
+ - platform-name: suse
+ - platform-name: freebsd
+ - platform-name: openbsd
+ - platform-name: amazon
+ - platform-name: oracle
+ - platform-name: arch
+ - platform-name: gentoo
+ - platform-name: almalinux
+ - platform-name: rocky
+ - platform-name: mac_os_x
+ - platform: windows
diff --git a/test/integration/share/README.md b/test/integration/share/README.md
new file mode 100644
index 00000000..5c5785b9
--- /dev/null
+++ b/test/integration/share/README.md
@@ -0,0 +1,22 @@
+# InSpec Profile: `share`
+
+This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
+
+Its goal is to share the libraries between all profiles.
+
+## Libraries
+
+### `system`
+
+The `system` library provides easy access to system dependent information:
+
+- `system.platform`: based on `inspec.platform`, modify to values that are more consistent from a SaltStack perspective
+ - `system.platform[:family]` provide a family name for Arch and Gentoo
+ - `system.platform[:name]` append `linux` to both `amazon` and `oracle`; ensure Windows platforms are resolved as simply `windows`
+ - `system.platform[:release]` tweak Arch, Amazon Linux, Gentoo, openSUSE and Windows:
+ - `Arch` is always `base-latest`
+ - `Amazon Linux` release `2018` is resolved as `1`
+ - `Gentoo` release is trimmed to its major version number and then the init system is appended (i.e. `sysv` or `sysd`)
+ - `openSUSE` is resolved as `tumbleweed` if the `platform[:release]` is in date format
+ - `Windows` uses the widely-used release number (e.g. `8.1` or `2019-server`) in place of the actual system release version
+ - `system.platform[:finger]` is the concatenation of the name and the major release number (except for Ubuntu, which gives `ubuntu-20.04` for example)
diff --git a/test/integration/share/inspec.yml b/test/integration/share/inspec.yml
new file mode 100644
index 00000000..28a97b94
--- /dev/null
+++ b/test/integration/share/inspec.yml
@@ -0,0 +1,25 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+name: share
+title: InSpec shared resources
+maintainer: SaltStack Formulas
+license: Apache-2.0
+summary: shared resources
+supports:
+ - platform-name: debian
+ - platform-name: ubuntu
+ - platform-name: centos
+ - platform-name: fedora
+ - platform-name: opensuse
+ - platform-name: suse
+ - platform-name: freebsd
+ - platform-name: openbsd
+ - platform-name: amazon
+ - platform-name: oracle
+ - platform-name: arch
+ - platform-name: gentoo
+ - platform-name: almalinux
+ - platform-name: rocky
+ - platform-name: mac_os_x
+ - platform: windows
diff --git a/test/integration/share/libraries/system.rb b/test/integration/share/libraries/system.rb
new file mode 100644
index 00000000..64405bbc
--- /dev/null
+++ b/test/integration/share/libraries/system.rb
@@ -0,0 +1,138 @@
+# frozen_string_literal: true
+
+# system.rb -- InSpec resources for system values
+# Author: Daniel Dehennin
+# Copyright (C) 2020 Daniel Dehennin
+
+# rubocop:disable Metrics/ClassLength
+class SystemResource < Inspec.resource(1)
+ name 'system'
+
+ attr_reader :platform
+
+ def initialize
+ super
+ @platform = build_platform
+ end
+
+ private
+
+ def build_platform
+ {
+ family: build_platform_family,
+ name: build_platform_name,
+ release: build_platform_release,
+ finger: build_platform_finger,
+ codename: build_platform_codename
+ }
+ end
+
+ def build_platform_family
+ case inspec.platform[:name]
+ when 'arch', 'gentoo'
+ inspec.platform[:name]
+ else
+ inspec.platform[:family]
+ end
+ end
+
+ def build_platform_name
+ case inspec.platform[:name]
+ when 'amazon', 'oracle', 'rocky'
+ "#{inspec.platform[:name]}linux"
+ when /^windows_/
+ inspec.platform[:family]
+ else
+ inspec.platform[:name]
+ end
+ end
+
+ # rubocop:disable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity
+ def build_platform_release
+ case inspec.platform[:name]
+ when 'amazon'
+ # `2018` relase is named `1` in `kitchen.yml`
+ inspec.platform[:release].gsub(/2018.*/, '1')
+ when 'arch'
+ 'base-latest'
+ when 'gentoo'
+ "#{inspec.platform[:release].split('.')[0]}-#{derive_gentoo_init_system}"
+ when 'mac_os_x'
+ inspec.command('sw_vers -productVersion').stdout.to_s
+ when 'opensuse'
+ # rubocop:disable Style/NumericLiterals,Layout/LineLength
+ inspec.platform[:release].to_i > 20210101 ? 'tumbleweed' : inspec.platform[:release]
+ # rubocop:enable Style/NumericLiterals,Layout/LineLength
+ when 'windows_8.1_pro'
+ '8.1'
+ when 'windows_server_2022_datacenter'
+ '2022-server'
+ when 'windows_server_2019_datacenter'
+ '2019-server'
+ when 'windows_server_2016_datacenter'
+ '2016-server'
+ else
+ inspec.platform[:release]
+ end
+ end
+ # rubocop:enable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity
+
+ def derive_gentoo_init_system
+ inspec.command('systemctl').exist? ? 'sysd' : 'sysv'
+ end
+
+ def build_platform_finger
+ "#{build_platform_name}-#{build_finger_release}"
+ end
+
+ def build_finger_release
+ case inspec.platform[:name]
+ when 'ubuntu'
+ build_platform_release.split('.').slice(0, 2).join('.')
+ else
+ build_platform_release.split('.')[0]
+ end
+ end
+
+ # rubocop:disable Metrics/MethodLength,Metrics/CyclomaticComplexity
+ def build_platform_codename
+ case build_platform_finger
+ when 'ubuntu-22.04'
+ 'jammy'
+ when 'ubuntu-20.04'
+ 'focal'
+ when 'ubuntu-18.04'
+ 'bionic'
+ when 'debian-11'
+ 'bullseye'
+ when 'debian-10'
+ 'buster'
+ when 'debian-9'
+ 'stretch'
+ when 'almalinux-8'
+ "AlmaLinux #{build_platform_release} (Arctic Sphynx)"
+ when 'amazonlinux-2'
+ 'Amazon Linux 2'
+ when 'arch-base-latest'
+ 'Arch Linux'
+ when 'centos-7'
+ 'CentOS Linux 7 (Core)'
+ when 'centos-8'
+ 'CentOS Stream 8'
+ when 'opensuse-tumbleweed'
+ 'openSUSE Tumbleweed'
+ when 'opensuse-15'
+ "openSUSE Leap #{build_platform_release}"
+ when 'oraclelinux-8', 'oraclelinux-7'
+ "Oracle Linux Server #{build_platform_release}"
+ when 'gentoo-2-sysd', 'gentoo-2-sysv'
+ 'Gentoo/Linux'
+ when 'rockylinux-8'
+ "Rocky Linux #{build_platform_release} (Green Obsidian)"
+ else
+ ''
+ end
+ end
+ # rubocop:enable Metrics/MethodLength,Metrics/CyclomaticComplexity
+end
+# rubocop:enable Metrics/ClassLength
diff --git a/test/salt/default/pillar/nginx.sls b/test/salt/default/pillar/nginx.sls
index bbdfa69c..84afe981 100644
--- a/test/salt/default/pillar/nginx.sls
+++ b/test/salt/default/pillar/nginx.sls
@@ -1,4 +1,6 @@
-
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
# Simple pillar setup
# - snippet letsencrypt
# - remove 'default' site
@@ -8,7 +10,7 @@ nginx:
snippets:
letsencrypt.conf:
- location ^~ /.well-known/acme-challenge/:
- - proxy_pass: http://localhost:9999
+ - proxy_pass: http://localhost:9999
server:
config:
http:
@@ -20,19 +22,34 @@ nginx:
servers:
managed:
default:
- deleted: True
- enabled: False
+ deleted: true
+ enabled: false
config: {}
mysite:
- enabled: True
+ enabled: true
+ config:
+ - server:
+ - server_name: localhost
+ - listen:
+ - '80 default_server'
+ - index: 'index.html index.htm'
+ - location ~ .htm:
+ - try_files: '$uri $uri/ =404'
+ - include: 'snippets/letsencrypt.conf'
+ mysite_with_require:
+ enabled: true
config:
- server:
- - server_name: localhost
- - listen:
- - '80 default_server'
- - index: 'index.html index.htm'
- - location ~ .htm:
- - try_files: '$uri $uri/ =404'
- - include: 'snippets/letsencrypt.conf'
+ - server_name: with-deps
+ - listen:
+ - '80'
+ - index: 'index.html index.htm'
+ - location ~ .htm:
+ - try_files: '$uri $uri/ =404'
+ requires:
+ file: created_to_test_dependencies
+ dh_param:
+ 'mydhparam2.pem':
+ keysize: 2048
diff --git a/test/salt/default/states/test_dep/create_dependency_file.sls b/test/salt/default/states/test_dep/create_dependency_file.sls
new file mode 100644
index 00000000..e2429275
--- /dev/null
+++ b/test/salt/default/states/test_dep/create_dependency_file.sls
@@ -0,0 +1,6 @@
+## this state creates a file that is used to test vhosts dependencies
+# (see https://github.com/saltstack-formulas/nginx-formula/pull/278)
+
+created_to_test_dependencies:
+ file.managed:
+ - name: /tmp/created_to_test_dependencies
diff --git a/test/salt/passenger/pillar/nginx.sls b/test/salt/passenger/pillar/nginx.sls
new file mode 100644
index 00000000..c8d90d48
--- /dev/null
+++ b/test/salt/passenger/pillar/nginx.sls
@@ -0,0 +1,60 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+# Simple pillar setup
+# - remove 'default' site
+# - create 'mysite' site
+
+{%- if grains.os_family in ('RedHat',) %}
+ {%- set passenger_pkg = 'nginx-mod-http-passenger' %}
+ {%- set passenger_mod = '/usr/lib64/nginx/modules/ngx_http_passenger_module.so' %}
+{%- else %}
+ {%- set passenger_pkg = 'libnginx-mod-http-passenger' %}
+ {%- set passenger_mod = '/usr/lib/nginx/modules/ngx_http_passenger_module.so' %}
+{%- endif %}
+
+nginx:
+ check_config_before_apply: true
+
+ install_from_phusionpassenger: true
+ lookup:
+ passenger_package: {{ passenger_pkg }}
+
+ server:
+ config:
+ # This is required to get the passenger module loaded
+ # In Debian it can be done with this
+ # include: 'modules-enabled/*.conf'
+ load_module: {{ passenger_mod }}
+
+ worker_processes: 4
+ http:
+ ### module ngx_http_log_module example
+ log_format: |-
+ main '$remote_addr - $remote_user [$time_local] $status '
+ '"$request" $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"'
+ include:
+ - /etc/nginx/mime.types
+ - /etc/nginx/conf.d/*.conf
+ - /etc/nginx/sites-enabled/*
+
+ servers:
+ managed:
+ default:
+ deleted: true
+ enabled: false
+ config: {}
+
+ mysite:
+ enabled: true
+ config:
+ - server:
+ - passenger_enabled: 'on'
+
+ - server_name: localhost
+ - listen:
+ - '80 default_server'
+ - index: 'index.html index.htm'
+ - location ~ .htm:
+ - try_files: '$uri $uri/ =404'