diff --git a/manifests/resource/server.pp b/manifests/resource/server.pp index d8235c4a5..79ed4302c 100644 --- a/manifests/resource/server.pp +++ b/manifests/resource/server.pp @@ -5,7 +5,8 @@ # Parameters: # [*ensure*] - Enables or disables the specified server (present|absent) # [*listen_ip*] - Default IP Address for NGINX to listen with this server on. Defaults to all interfaces (*) -# [*listen_port*] - Default IP Port for NGINX to listen with this server on. Defaults to TCP 80 +# [*listen_port*] - Default IP Port for NGINX to listen with this server on. Defaults to TCP 80. It can be a port or a port range (eg. '8081-8085'). +# [*listen_port_range*] - From Nginx 1.15.10, support for port ranges was added (eg. '8081-8085'). # [*listen_options*] - Extra options for listen directive like 'default_server' to catchall. Undef by default. # [*listen_unix_socket_enable*] - BOOL value to enable/disable UNIX socket listening support (false|true). # [*listen_unix_socket*] - Default unix socket for NGINX to listen with this server on. Defaults to UNIX /var/run/nginx.sock @@ -17,6 +18,7 @@ # exists on your system before enabling. # [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with this server on. Defaults to all interfaces (::) # [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this server on. Defaults to TCP 80 +# [*ipv6_listen_port_range*] - From Nginx 1.15.10, support for port ranges was added (eg. '8081-8085'). # [*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on. # While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'. # [*add_header*] - Hash: Adds headers to the HTTP response when response code is equal to 200, 204, 301, 302 or 304. @@ -147,6 +149,7 @@ Enum['absent', 'present'] $ensure = 'present', Variant[Array, String] $listen_ip = '*', Integer $listen_port = 80, + Optional[Nginx::PortRange] $listen_port_range = undef, Optional[String] $listen_options = undef, Boolean $listen_unix_socket_enable = false, Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath] $listen_unix_socket = '/var/run/nginx.sock', @@ -157,6 +160,7 @@ Boolean $ipv6_enable = false, Variant[Array, String] $ipv6_listen_ip = '::', Integer $ipv6_listen_port = 80, + Optional[Nginx::PortRange] $ipv6_listen_port_range = undef, String $ipv6_listen_options = 'default ipv6only=on', Hash $add_header = {}, Boolean $ssl = false, @@ -316,9 +320,24 @@ } } + # If port range is defined, ignore any other $listen_port defined + if versioncmp($facts['nginx_version'], '1.15.10') < 0 { + $port = $listen_port + + if $ipv6_enable == true { + $ipv6_port = $ipv6_listen_port + } + } else { + $port = pick_default($listen_port_range, $listen_port) + + if $ipv6_enable == true { + $ipv6_port = pick_default($ipv6_listen_port_range, $ipv6_listen_port) + } + } + # Try to error in the case where the user sets ssl_port == listen_port but # doesn't set ssl = true - if !$ssl and $ssl_port == $listen_port { + if !$ssl and $ssl_port == $port { warning('nginx: ssl must be true if listen_port is the same as ssl_port') } @@ -341,7 +360,7 @@ # Suppress unneeded stuff in non-SSL location block when certain conditions are # met. - $ssl_only = ($ssl and $ssl_port == $listen_port) or $ssl_redirect + $ssl_only = ($ssl and $ssl_port == $port) or $ssl_redirect # If we're redirecting to SSL, the default location block is useless, *unless* # SSL is enabled for this server @@ -424,7 +443,7 @@ } } - if $listen_port != $ssl_port { + if $port != $ssl_port { concat::fragment { "${name_sanitized}-header": target => $config_file, content => template('nginx/server/server_header.erb'), diff --git a/manifests/resource/streamhost.pp b/manifests/resource/streamhost.pp index 65ff3e883..024b99b37 100644 --- a/manifests/resource/streamhost.pp +++ b/manifests/resource/streamhost.pp @@ -8,7 +8,9 @@ # [*listen_ip*] - Default IP Address for NGINX to listen with this # streamhost on. Defaults to all interfaces (*) # [*listen_port*] - Default IP Port for NGINX to listen with this -# streamhost on. Defaults to TCP 80 +# streamhost on. Defaults to TCP 80. +# [*listen_port_range*] - From Nginx 1.15.10, support for port +# ranges was added (eg. '8081-8085'). # [*listen_options*] - Extra options for listen directive like # 'default' to catchall. Undef by default. # [*ipv6_enable*] - BOOL value to enable/disable IPv6 support @@ -18,6 +20,8 @@ # this streamhost on. Defaults to all interfaces (::) # [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this # streamhost on. Defaults to TCP 80 +# [*ipv6_listen_port_range*] - From Nginx 1.15.10, support for port +# ranges was added (eg. '8081-8085'). # [*ipv6_listen_options*] - Extra options for listen directive like 'default' # to catchall. Template will allways add ipv6only=on. While issue # jfryman/puppet-nginx#30 is discussed, default value is 'default'. @@ -47,29 +51,46 @@ # ensure => present, # } define nginx::resource::streamhost ( - Enum['absent', 'present'] $ensure = 'present', - Variant[Array, String] $listen_ip = '*', - Integer $listen_port = 80, - Optional[String] $listen_options = undef, - Boolean $ipv6_enable = false, - Variant[Array, String] $ipv6_listen_ip = '::', - Integer $ipv6_listen_port = 80, - String $ipv6_listen_options = 'default ipv6only=on', - $proxy = undef, - String $proxy_read_timeout = $nginx::proxy_read_timeout, - $proxy_connect_timeout = $nginx::proxy_connect_timeout, - Array $resolver = [], - $raw_prepend = undef, - $raw_append = undef, - String $owner = $nginx::global_owner, - String $group = $nginx::global_group, - String $mode = $nginx::global_mode, + Enum['absent', 'present'] $ensure = 'present', + Variant[Array, String] $listen_ip = '*', + Integer $listen_port = 80, + Optional[Nginx::PortRange] $listen_port_range = undef, + Optional[String] $listen_options = undef, + Boolean $ipv6_enable = false, + Variant[Array, String] $ipv6_listen_ip = '::', + Integer $ipv6_listen_port = 80, + Optional[Nginx::PortRange] $ipv6_listen_port_range = undef, + String $ipv6_listen_options = 'default ipv6only=on', + $proxy = undef, + String $proxy_read_timeout = $nginx::proxy_read_timeout, + $proxy_connect_timeout = $nginx::proxy_connect_timeout, + Array $resolver = [], + $raw_prepend = undef, + $raw_append = undef, + String $owner = $nginx::global_owner, + String $group = $nginx::global_group, + String $mode = $nginx::global_mode, ) { if ! defined(Class['nginx']) { fail('You must include the nginx base class before using any defined resources') } + # If port range is defined, ignore any other $listen_port defined + if versioncmp($facts['nginx_version'], '1.15.10') < 0 { + $port = $listen_port + + if $ipv6_enable == true { + $ipv6_port = $ipv6_listen_port + } + } else { + $port = pick_default($listen_port_range, $listen_port) + + if $ipv6_enable == true { + $ipv6_port = pick_default($ipv6_listen_port_range, $ipv6_listen_port) + } + } + # Variables if $nginx::confd_only { $streamhost_dir = "${nginx::conf_dir}/conf.stream.d" diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb index 65c23d384..aca1c048b 100644 --- a/spec/classes/nginx_spec.rb +++ b/spec/classes/nginx_spec.rb @@ -4,7 +4,7 @@ on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do - facts + facts.merge(nginx_version: '1.15.10') end let :params do diff --git a/spec/defines/resource_server_spec.rb b/spec/defines/resource_server_spec.rb index 47323991e..77a823364 100644 --- a/spec/defines/resource_server_spec.rb +++ b/spec/defines/resource_server_spec.rb @@ -4,7 +4,7 @@ on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do - facts + facts.merge(nginx_version: '1.15.10') end let :title do 'www.rspec.example.com' @@ -125,6 +125,18 @@ value: 45, match: %r{\s+listen\s+\[::\]:45 default ipv6only=on;} }, + { + title: 'should set the IPv6 listen port range', + attr: 'ipv6_listen_port_range', + value: '45-50', + match: %r{\s+listen\s+\[::\]:45-50 default ipv6only=on;} + }, + { + title: 'should set the IPv4 listen port range', + attr: 'listen_port_range', + value: '45-50', + match: %r{\s+listen\s+\*:45-50;} + }, { title: 'should set the IPv6 listen options', attr: 'ipv6_listen_options', @@ -446,13 +458,6 @@ ) end - context 'without a value for the nginx_version fact do' do - let :facts do - facts[:nginx_version] ? facts.delete(:nginx_version) : facts - end - - it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ ssl on;}) } - end context 'with fact nginx_version=1.14.1' do let(:facts) { facts.merge(nginx_version: '1.14.1') } diff --git a/spec/defines/resource_stream_spec.rb b/spec/defines/resource_stream_spec.rb index 76dbe4a33..d4bd46bc3 100644 --- a/spec/defines/resource_stream_spec.rb +++ b/spec/defines/resource_stream_spec.rb @@ -4,7 +4,7 @@ on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do - facts + facts.merge(nginx_version: '1.15.10') end let :title do 'www.rspec.example.com' @@ -65,6 +65,12 @@ value: 45, match: %r{\s+listen\s+\*:45;} }, + { + title: 'should set the IPv4 listen port range', + attr: 'listen_port_range', + value: '45-50', + match: %r{\s+listen\s+\*:45-50;} + }, { title: 'should set the IPv4 listen options', attr: 'listen_options', @@ -95,6 +101,12 @@ value: 45, match: %r{\s+listen\s+\[::\]:45 default ipv6only=on;} }, + { + title: 'should set the IPv6 listen port range', + attr: 'ipv6_listen_port_range', + value: '45-50', + match: %r{\s+listen\s+\[::\]:45-50 default ipv6only=on;} + }, { title: 'should set the IPv6 listen options', attr: 'ipv6_listen_options', diff --git a/templates/server/server_header.erb b/templates/server/server_header.erb index ca58dd6f8..759d0ed4a 100644 --- a/templates/server/server_header.erb +++ b/templates/server/server_header.erb @@ -4,10 +4,10 @@ server { <%- if @listen_ip.is_a?(Array) then -%> <%- @listen_ip.each do |ip| -%> - listen <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= ip %>:<%= @port %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%- else -%> - listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= @listen_ip %>:<%= @port %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%- if @listen_unix_socket_enable -%> <%- if @listen_unix_socket.is_a?(Array) then -%> @@ -32,10 +32,10 @@ server { server { <%- if @listen_ip.is_a?(Array) then -%> <%- @listen_ip.each do |ip| -%> - listen <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= ip %>:<%= @port %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%- else -%> - listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= @listen_ip %>:<%= @port %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%- if @listen_unix_socket_enable -%> <%- if @listen_unix_socket.is_a?(Array) then -%> diff --git a/templates/server/server_ipv6_listen.erb b/templates/server/server_ipv6_listen.erb index 640d2f8b8..f3d43ebea 100644 --- a/templates/server/server_ipv6_listen.erb +++ b/templates/server/server_ipv6_listen.erb @@ -2,9 +2,9 @@ <%- if @ipv6_enable -%> <%- if @ipv6_listen_ip.is_a?(Array) then -%> <%- @ipv6_listen_ip.each do |ipv6| -%> - listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; + listen [<%= ipv6 %>]:<%= @ipv6_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; <%- end -%> <%- else -%> - listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; + listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; <%- end -%> <%- end -%> diff --git a/templates/streamhost/streamhost.erb b/templates/streamhost/streamhost.erb index a8ce85bd9..ac40ffccf 100644 --- a/templates/streamhost/streamhost.erb +++ b/templates/streamhost/streamhost.erb @@ -2,20 +2,20 @@ server { <%- if @listen_ip.is_a?(Array) then -%> <%- @listen_ip.each do |ip| -%> - listen <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= ip %>:<%= @port %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%- else -%> - listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= @listen_ip %>:<%= @port %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%# check to see if ipv6 support exists in the kernel before applying -%> <%# FIXME this logic is duplicated all over the place -%> <%- if @ipv6_enable && (defined? @ipaddress6) -%> <%- if @ipv6_listen_ip.is_a?(Array) then -%> <%- @ipv6_listen_ip.each do |ipv6| -%> - listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; + listen [<%= ipv6 %>]:<%= @ipv6_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; <%- end -%> <%- else -%> - listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; + listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; <%- end -%> <%- end -%> diff --git a/types/portrange.pp b/types/portrange.pp new file mode 100644 index 000000000..bd77c17f3 --- /dev/null +++ b/types/portrange.pp @@ -0,0 +1 @@ +type Nginx::PortRange = Pattern[/^\d+-\d+?$/]