cookbook 'openresty', '= 0.5.5'
openresty
(24) Versions
0.5.5
-
Follow13
Installs and configures the OpenResty NGINX bundle
cookbook 'openresty', '= 0.5.5', :supermarket
knife supermarket install openresty
knife supermarket download openresty
Description
Installs the OpenResty NGINX bundle (http://www.openresty.org) from source and
sets up configuration handling similar to Debian's Apache2 scripts. It also
provides an OHAI plugin for configuration detection and an LWRP for easy site
activation and deactivation.
The latest and greatest revision of this cookbook will always be available
at https://github.com/priestjim/chef-openresty
Requirements
Cookbooks
The following cookbooks are direct dependencies because they're used
for common "default" functionality.
- build-essential
- ohai (for openresty::ohai_plugin)
- logrotate (for log file rotation)
- apt
- yum
In order to install the OpenResty postgresql
module you'll also need
the postgresql
cookbook.
If you want to link NGINX to the very performant jemalloc library, you'll
need the jemalloc
cookbook.
Platform
The following platforms are supported and tested using test-kitchen:
- Ubuntu 16.04
- CentOS 7.2
Other Debian and RHEL family distributions are assumed to work.
Chef Server
The cookbook converges best on Chef installations >= 10.16.2
Awesome stuff
This cookbook includes automatic activation of some nice NGINX features such as:
By default LUAJIT-enabled build: The cookbook by default activates the LUAJIT
feature of OpenResty (since this is the main reason to use the bundle) and
accounts for all the peculiarities this option may bring.-
Automatic CPU affinity: Automatically sets the worker-to-core affinity for all
of the NGINX worker processes. For a scenario of 8 workers and 8 cores, the
following directive gets generated:worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
This feature can offer a nice performance boost, since it helps the CPUs maintain
cache locality (especially when used in conjunction to the LUA module)
Automatic detection and activation of the AIO feature: The cookbook automatically
detects support (Linux kernel >= 2.6.22) and enables theaio
directive of NGINX.Automatic IPv6 detection and activation: The cookbook automatically detects and
activates IPv6 support on NGINX.Support for custom PCRE runtime: The cookbook can use custom PCRE sources in order
to statically link to a custom-compiled PCRE runtime that supports JIT regular expression
compilation which will significantly speed up RE execution in the NGINX and Lua environments.Support for LUA Rocks: The cookbook installs support for LUA Rocks embedded in the LUAJIT
installation, allowing you to install any rock you want, right from the official Rocks site. It
also provides an LWRP for installing rocks via your recipes.
Attributes
Node attributes for this cookbook are logically separated into different files.
default.rb
Generally used attributes. Some have platform specific values. See
attributes/default.rb
. "The Config" refers to "nginx.conf" the main config file.
node['openresty']['source']['version']
- The OpenResty version to be installed from source.node['openresty']['source']['url']
- The URL for downloading the selected version.node['openresty']['source']['checksum']
- The SHA-256 checksum for the selected version.node['openresty']['source']['file_prefix']
- The main source directory name.
ngx_
got dropped in newer OpenResty versions.node['openresty']['dir']
- Location for NGINX configuration.node['openresty']['log_dir']
- Location for NGINX logs.node['openresty']['cache_dir']
- Location for NGINX cache files.node['openresty']['run_dir']
- Location for NGINX state and pid files.node['openresty']['binary']
- Location for NGINX executable.node['openresty']['pid']
- The exact NGINX pid filename.node['openresty']['source']['conf_path']
- Exact filename for the NGINX configuration file.node['openresty']['source']['prefix']
- Installation prefix for miscellaneous data.node['openresty']['source']['path']
- Download and compilation temporary path.node['openresty']['source']['default_configure_flags']
- A set of default configuration
flags for the source compilation, generally best left untouched unless you
really know what you're doing.node['openresty']['modules']
- An array of recipe names that are included
from this cookbook and add additional features to the source compilation process.node['openresty']['extra_modules']
- An array of full recipe references (in the
form of cookbook::recipe), for you to include extra-cookbook modules in the same
manner as above.node['openresty']['configure_flags']
- An array of extra configure flags to
be included included along the default configure flags.node['openresty']['user']
- User that NGINX will run as.node['openresty']['group]
- Group for NGINX.node['openresty']['ipv6']
- Enables IPv6 support for NGINX. Automatically
detected and enabled.node['openresty']['gzip']
- Whether to use gzip, can be "on" or "off"node['openresty']['gzip_http_version']
- used for config value ofgzip_http_version
.node['openresty']['gzip_comp_level']
- used for config value ofgzip_comp_level
.node['openresty']['gzip_proxied']
- used for config value ofgzip_proxied
.node['openresty']['gzip_vary']
- used for config value ofgzip_vary
.node['openresty']['gzip_buffers']
- used for config value ofgzip_buffers
.node['openresty']['gzip_types']
- used for config value ofgzip_types
- must be an Array.node['openresty']['keepalive']
- Whether to usekeepalive_timeout
,
any value besides "on" will leave that option out of the config.node['openresty']['keepalive_timeout']
- used for config value of
keepalive_timeout
.node['openresty']['worker_processes']
- used for config value of
worker_processes
.node['openresty']['worker_connections']
- used for config value of
events { worker_connections }
node['openresty']['worker_rlimit_nofile']
- used for config value of
worker_rlimit_nofile
. Can replace any "ulimit -n" command. The
value depend on your usage (cache or not) but must always be
superior than worker_connections.node['openresty']['worker_auto_affinity']
- Automatically computes and creates
CPU affinity assignments (config valueworker_cpu_affinity
) based on the
total number of workers and CPU cores. Can show a nice performance boost when
used in high request volume scenarios.node['openresty']['multi_accept']
- used for config value ofevents {
. Try to accept() as many connections as possible.
multi_accept }
Disable by default.node['openresty']['event']
- used for config value ofevents { use
. Set the event-model. By default NGINX looks for the most
}
suitable method for your OS. Automatically set toepoll
for Linux >= 2.6 kernelsnode['openresty']['server_names_hash_bucket_size']
- used for config
value ofserver_names_hash_bucket_size
.node['openresty']['client_max_body_size']
- used for config
value ofclient_max_body_size
.node['openresty']['client_body_buffer_size']
- used for config
value ofclient_body_buffer_size
.node['openresty']['large_client_header_buffers']
- used for config
value oflarge_client_header_buffers
.node['openresty']['types_hash_max_size']
- used for config
value oftypes_hash_max_size
.node['openresty']['types_hash_bucket_size']
- used for config
value oftypes_hash_bucket_size
.node['openresty']['open_file_cache']
- used for config
value ofopen_file_cache
. Must be an array with values used in the
open_file_cache
directive of NGINX.node['openresty']['log_formats']
- hash oflog_format
s you want to use in
nginx.conf
http contextnode['openresty']['logrotate']
- set to true to use thelogrotate_app
of the
logrotate
cookbook to enable automatic log rotation of NGINX logs.node['openresty']['disable_access_log']
- set to true to disable the
general access log, may be useful on high traffic sites.node['openresty']['default_site_enabled']
- enable the default sitenode['openresty']['custom_pcre']
- Se to true to download and use a custom
PCRE source tree in order to enable RE JIT support.node['openresty']['link_to_jemalloc']
- Se to true to link the NGINX executable to the
jemalloc library. Requires thejemalloc
cookbook.node['openresty']['generate_dhparams']
- Set to true to generate a 2048-bit Diffie-Helman parameter file
for increased security.node['openresty']['resolver']
- Set a customer DNS resolver IP address for internal domain name resolution.node['openresty']['resolver_ttl']
- Set the cache time to live for the resolved domains by the resolver.node['openresty']['lua_package_path']
- The default LUA package pathnode['openresty']['lua_package_cpath']
- The default LUA package path for C libraries
service.rb
Define service-specific attributes
node['openresty']['service']['recipe']
- Set it to a fully qualified Chef recipe definition
likeopenresty::service_init
. The recipe should initialize the service definition and maybe
start OpenResty. The default installs and initializes a SYSV-init-style service.node['openresty']['service']['resource']
- Set it to the resource string, i.e.service[nginx]
that will be notified on configuration file changes.node['openresty']['service']['restart_on_update']
- Set it totrue
to enable automatic service
restart after updating the OpenResty binary.node['openresty']['service']['start_on_boot']
- Set it totrue
to enable automatic service
activation and startup via the selected init service. Currently used by the defaultinit
service handler.node['openresty']['service']['defaults_file_cookbook']
- Optionally specify a cookbook location
for a custom defaults file that contains exported environment variables for Nginxnode['openresty']['service']['defaults_file_template']
- Optionally specify the template name,
if the previousdefaults_file_cookbook
attribute is not set to the current cookbook.
realip.rb
From: http://wiki.nginx.org/HttpRealIpModule
node['openresty']['realip']['header']
- Header to use for the RealIp
Module; only accepts "X-Forwarded-For" or "X-Real-IP"node['openresty']['realip']['addresses']
- Addresses to use for the
http_realip
configuration.node['openresty']['realip']['recursive']
- If recursive search is enabled, the original client
address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the
request header field. Can be true or false (default).
fair.rb
From: http://wiki.nginx.org/HttpUpstreamFairModule
node['openresty']['fair']['url']
- GitHub URL to checkout the fair module fromnode['openresty']['fair']['name']
- Directory name to checkout the module to
upload_progress.rb
From: http://wiki.nginx.org/HttpUploadProgressModule
node['openresty']['upload_progress']['url']
- GitHub URL to checkout the upload_progress
module fromnode['openresty']['upload_progress']['name']
- Directory name to checkout the
module to
status.rb
-
node['openresty']['status']['url']
- The URL that will be exposed as the NGINX status URL -
node['openresty']['status']['name']
- An array of IPs allowed to view the status URL
or_modules.rb
Explicitely activate not-automatically-activated OpenResty modules
-
node['openresty']['or_modules']['luajit']
- Enables LUAJIT module compilation -
node['openresty']['or_modules']['luajit_binary']
- Defines the bundledluajit
binary version -
node['openresty']['or_modules']['iconv']
- Enables iconv module compilation -
node['openresty']['or_modules']['postgres']
- Enables PostgreSQL module compilation -
node['openresty']['or_modules']['drizzle']
- Enables Drizzle module compilation
cache_purge.rb
From: https://github.com/FRiCKLE/ngx_cache_purge and http://labs.frickle.com/nginx_ngx_cache_purge
-
node['openresty']['cache_purge']['version']
- The version of the cache_purge module -
node['openresty']['cache_purge']['url']
- URL to download the cache purge module from -
node['openresty']['cache_purge']['checksum']
- The SHA-256 sum of the cache_purge module archive
luarocks.rb
-
node['openresty']['luarocks']['version']
- The version of the luarocks pacakge to download -
node['openresty']['luarocks']['url']
- URL to download the luarocks package from -
node['openresty']['luarocks']['checksum']
- The SHA-256 sum of the luarocks archive -
node['openresty']['luarocks']['default_rocks']
- A hash with the names and versions of Lua rocks to install by default.
Recipes
default.rb
The default recipe will install the OpenResty NGINX bundle from source,
automatically including your selected set of modules, extra-cookbook modules and
set up the configuration according to the Debian site enable/disable style with
sites-enabled
using the nxensite
and nxdissite
scripts provided by the
openresty_site
LWRP.
The recipe ensures that the required packages to build NGINX are installed (pcre,
openssl, compile tools). The source will be downloaded from the
node['openresty']['source']['url']
. The node['openresty']['user']
will be
created as a system user. The appropriate configuration and log
directories and config files will be created as well according to the
attributes node['openresty']['dir']
and 'node['openresty']['log_dir']
.
The recipe attempts to detect whether additional modules should be
added to the configure command through recipe inclusion (see below),
and whether the version or configuration flags have changed and should
trigger a recompile.
Many features are automatically detected and enabled into the NGINX default
configuration file such as AIO support for Linux kernels >= 2.6.22, IPv6 support
and CPU worker affinity.
The NGINX service can be either managed with SYSV init style scripts that are already included in
the cookbook or you can define your own. You only have to define the service resource used for
notifications (like runit_service[nginx]
or service[nginx]
) and optionally a recipe to be included
in the convergence flow (like openresty::service_init
or my_openresty:::service_runit
).
The cookbook generates various include files (.inc) that are available for inclusion
in standard NGINX site definition files via the #include
directive. Look in the
conf.d
directory of node['openresty']['dir']
location for them!
Includes the ohai_plugin
recipe so the plugin is available.
ohai_plugin.rb
This recipe provides an Ohai plugin as a template. It is automatically included
by the default.rb
recipe.
http_*_module.rb, fair_module.rb, upload_progress_module.rb, cache_purge_module.rb
These recipes are automatically included by the default.rb
recipe according to
the node['openresty']['modules']
array and provide compiled-in additional
features to the standard OpenResty NGINX compile. Check each recipe separately
for more information.
http_stub_status_module.rb
Special mention needs to be made for the stub status module. The approach followed
here is to create an include file with proper directives (set in the
status_module.rb
attribute file) that can be included in any NGINX configuration
virtual host via the include directive:
include /etc/nginx/conf.d/nginx_status.conf.inc;
luarocks.rb
The luarocks
recipe installs the LUA rocks package management system for the
LUAJIT bundle that comes with OpenResty. You can define a set of rocks to install by
default using the node['openresty']['luarocks']['default_rocks']
hash.
For more information on using LUA rocks with OpenResty check out http://openresty.org/#UsingLuaRocks
Adding New Modules
To add a new module to be compiled into NGINX in the source recipe,
the node's run state is manipulated in a recipe, and the module as a
recipe should be added to node['openresty']['modules']
. For
example:
node.run_state['openresty_configure_flags'] =
node.run_state['openresty_configure_flags'] | ["--with-http_stub_status_module"]
The recipe will be included by recipe[nginx::default]
automatically,
adding the configure flags. Add any other configuration templates or
other resources as required. See the recipes described above for
examples.
In order to include extra-cookbook modules (most probably via an application
cookbook), you can use the node['openresty']['extra_modules']
array,
which takes as elements full recipe references like
'recipe[my_openresty::module_42istheanswerforeveryhing]'
The extra-cookbook modules will be included in the same manner as the standard
intra-cookbook modules.
LWRP
site
The cookbook includes the openresty_site
LWRP (in contrast to the original
nginx_site
cookbook definition script). The LWRP can be used in the same manner
as nginx_site
and offers resource notifications (an advantage LWRPs
offer over simpler definitions). It also includes a timing
parameter that can
be used to notify the nginx
process to restart immediately based on configuration
file changes. It can also deploy your website's configuration in the appropriate place
if you define the template
parameter with the filename of your website's configuration template
(variables for this template can be defined with variables
) in the cookbook where you've also
defined the openresty_site
resource. The LWRP can be used such as:
openresty_site 'site.example.com' do
template 'site.example.com.conf.erb'
variables hostname: 'site.example.com'
action :enable
timing :immediately
end
luarock
The cookbook includes a LUA rock LWRP that allows for easy installation of LUA rocks,
available to use with the LUAJIT system bundled with OpenResty. You can install and remove
LUA rocks using the install
and remove
actions of the LWRP. A sample follows:
openresty_luarock 'md5' do
action :install
version '1.1.2'
end
openresty_luarock 'luasql-mysql' do
action :install
environment {
'MYSQL_DIR' => '/usr/local'
}
end
openresty_luarock 'luafilesystem' do
action :remove # Removes all versions installed
end
Ohai Plugin
The ohai_plugin
recipe includes an Ohai plugin. It will be
automatically installed and activated, providing the following
attributes via ohai, no matter how NGINX is installed (source or
package):
-
node['nginx']['version']
- version of NGINX -
node['nginx']['configure_arguments']
- options passed to ./configure when NGINX was built. -
node['nginx']['prefix']
- installation prefix -
node['nginx']['conf_path']
- configuration file path
The Ohai plugin is generally used to determine whether control
attributes for building NGINX have changed.
Usage
Include the recipe on your node or role. Modify the
attributes as required in a role cookbook to change how various
configuration is applied per the attributes section above.
If you need to alter the location of various cookbook_file
directives, use chef_rewind
.
License and Author
- Author:: Panagiotis Papadomitsos (pj@ezgr.net)
A whole lot of this cookbook was based on original work by:
- Author:: Joshua Timberman (joshua@opscode.com)
- Author:: Adam Jacob (adam@opscode.com)
- Author:: AJ Christensen (aj@opscode.com)
- Author:: Jamie Winsor (jamie@vialstudios.com)
Copyright 2012, Panagiotis Papadomitsos
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Dependent cookbooks
build-essential >= 0.0.0 |
logrotate >= 0.0.0 |
ohai ~> 4.1 |
yum >= 0.0.0 |
apt >= 0.0.0 |
git >= 0.0.0 |
postgresql >= 0.0.0 |
jemalloc >= 0.0.0 |
Contingent cookbooks
0.5.5
- Support environment variables to rocks installation
- Bump OpenResty version
0.5.4
- Fix source recompilation on every run (#15)
0.5.3
- Bump OpenResty version
- Allow custom nginx defaults template
- Allow custom log formats
0.5.2
- Properly restart OpenResty (#52)
- Fix
site
resource link name (#53) - Bump OpenResty version
- Version bump of OpenResty fixes chef-solo idempotence as well
0.5.1
- Add template support for nginx_site
0.5.0
- Convert from Vagrant to test-kitchen
- Fix compatibility with Ohai cookbook > 4.0.0
- Upgrade Ohai plugin to version 7
- Bump OpenResty version
0.4.2
- Add bzip2 as a dependency. Resolves #45
- Switch custom PCRE to Sourceforge
0.4.1
- Fix metadata.rb DSL for older Chef versions
0.4.0
- Support for dynamic temporary path location
- Added option to change the source tree name from ngx_openresty to openresty
- Change fetch URLs from git to HTTPS to easily traverse firewalls
- OpenResty version bump
- Fixed a couple of foodcritic warnings
- Fixed a problematic LUAJIT link
0.3.5
- Made EC2 detection stricter
- Added support for 2048 bit DH param file per https://weakdh.org/
- Added custom resolver support
- Added support for custom LUA package paths
0.3.4
- Version bump for OpenResty, cache_purge and PCRE
- Added SPDY module support
0.3.3:
- Added configurable maximum number of subrequests
- Added apt/yum dependency fix
- Fixed luarocks build idempotency
- Fixed PCRE UTF-8 compilation
- Added gunzip module support
- Version bumps for PCRE and OpenResty
0.3.2:
- OpenResty version bump (LuaJIT 2.1!)
- PCRE version bump
- FIX: zip package dependency installation (#11)
- FIX: luarocks installation (#12)
- FIX: onditionally notify service on service changes (#13)
- FIX: PCRE URL to fix Chef redirect limit
0.3.1:
- Version bumps to multiple addons and OpenResty
0.3.0:
- OpenResty major version bump to 1.4-based NGINX
- Removed rate limit response code patch (since this is supported natively now)
- Promoted IPv6 support to standard configure flags
0.2.0:
- Added support for dynamic service definitions (i.e. runit, monit etc)
- OpenResty version bump
- Added automatic creation of /var/cache/nginx/{fastcgi,scgi,uwsgi,proxy}_cache
- Added support for linking with jemalloc. May provide some benefits when used in serving LUA
- Minor file naming fix
0.1.9:
- Fixed a bug in service restart
- Added flag for the control of the automatic activation of the bundled init script
- Refactored the build+install recipes (thanks @sdelano!)
- Altered the configure flags detection algorithm from consulting the OHAI plugin to consulting a set node attribute, which is more consistent and less error prone (thanks @sdelano!)
- Various fixes to the nxensite/nxdissite scripts (thanks @sdelano!)
- Fixed a bug where disabling the default site would not skip installing the
default
file in sites-enabled hence overwriting a potentialdefault
file installed from the administrator (thanks @sdelano!) - Added support for LUA Rocks + a
luarock
LWRP - Added support for more OpenResty modules
- Small fixes all around
0.1.8:
- Version bump
- Removed copytruncate from logrotate and used USR1 signaling after rotation in order to notify nginx that logs have been rotated. Thanks to @dim
- Added custom PCRE installation support (useful for includeing JIT-enabled PCRE installations)
- Updated Vagrantfile (supports Vagrant 1.1)
0.1.7:
- Added a manual restart command upon recompile
0.1.6:
- Added support for the cache_purge module
- Changelog updates
- Minor fixes
0.1.5:
- Added general security rules available for ad-hoc inclusion
- Updated documentation
- OpenResty version bump
0.1.4:
- OpenResty version bump
- mime.types update
- Added process notification timing information on LWRP
0.1.3:
- Added support for automatic CPU affinity
0.1.2:
- Various bugfixes
0.1.1:
- Added support for rate limit patch (changes 503 HTTP code to 429 which is more appropriate)
0.1.0:
- Initial release
Collaborator Number Metric
0.5.5 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.5.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.5.5 failed this metric
FC059: LWRP provider does not declare use_inline_resources: openresty/providers/luarock.rb:1
FC059: LWRP provider does not declare use_inline_resources: openresty/providers/site.rb:1
FC069: Ensure standardized license defined in metadata: openresty/metadata.rb:1
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
0.5.5 passed this metric
No Binaries Metric
0.5.5 passed this metric
Testing File Metric
0.5.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.5.5 passed this metric
0.5.5 failed this metric
0.5.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.5.5 failed this metric
FC059: LWRP provider does not declare use_inline_resources: openresty/providers/luarock.rb:1
FC059: LWRP provider does not declare use_inline_resources: openresty/providers/site.rb:1
FC069: Ensure standardized license defined in metadata: openresty/metadata.rb:1
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
0.5.5 passed this metric
No Binaries Metric
0.5.5 passed this metric
Testing File Metric
0.5.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.5.5 passed this metric
0.5.5 failed this metric
FC059: LWRP provider does not declare use_inline_resources: openresty/providers/site.rb:1
FC069: Ensure standardized license defined in metadata: openresty/metadata.rb:1
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.5.5 passed this metric
No Binaries Metric
0.5.5 passed this metric
Testing File Metric
0.5.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.5.5 passed this metric
0.5.5 passed this metric
0.5.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.5.5 passed this metric
0.5.5 passed this metric