Getting through a Saltstack tutorial and ran into a problem how to install packages on a linux host if it's behind a proxy.
For example, I have a file nettools.sls:
install_network_packages:
pkg.installed:
- pkgs:
- rsync
- lftp
- curl
How can I pass env variables like http_proxy so to install packages?
Thank you.
This is how it worked for me:
proxy:
environ.setenv:
- name: Proxy Settings
- value:
http_proxy: http://10.20.80.50:3128
https_proxy: https://10.20.80.50:3128
install_network_packages:
pkg.installed:
- pkgs:
- rsync
- lftp
- curl
You will need a state or add it to this state to configure the server to use HTTP_PROXY before running these packages. See the following document on configuration of this:
https://www.shellhacks.com/linux-proxy-server-settings-set-proxy-command-line
Also see this article from Salt:
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.proxy.html
Related
I am trying to configure an external pillar in github, but no matter what I cannot get the minions to successfully read top.sls. Below is my ext_pillar and pillar_roots config:
pillar_roots:
base:
- /srv/pillar
fileserver_backend:
- gitfs
- roots
gitfs_update_interval: 60
gitfs_base: main
gitfs_remotes:
- https://gituser:gittoken#github.com/gitaccount/saltstack.git:
- mountpoint: salt://
ext_pillar:
- git:
- main https://gituser:gittoken#github.com/gitaccount/saltpillar.git
I have the following in the root of my saltpillar repo:
top.sls:
base:
'*':
- data
data.sls:
info: some test data from remote pillar
Repos are accessible with the URIs provided. When I run salt '*' saltutil.refresh_pillar and then salt '*' pillar.items I get no results. However, I can put top.sls and data.sls directly into /srv/pillar and it works. I put the master in debug mode and don't see any errors running the commands. Any help is appreciated.
Does the following ext_pillar configuration fix your issue? I'm assuming your top.sls you posted is still in the main branch of your git repo.
ext_pillar:
- git:
- main https://gituser:gittoken#github.com/gitaccount/saltpillar.git
- env: base
Your top.sls must reference your actual branch name or you can add the env option to specify a different name.
https://docs.saltproject.io/en/latest/ref/pillar/all/salt.pillar.git_pillar.html
Let's assume I have the next simple Ansible playbook:
---
tasks:
- name: Upgrade installed packages
become: true
apt:
upgrade: safe
- name: Install NGINX web server
become: true
apt:
name: nginx
state: latest
notify:
- Restart NGINX
handlers:
- name: Restart NGINX
become: true
service:
name: nginx
state: restarted
As you see, I upgrade installed APT packages first and only then make sure I have the latest Nginx version. The problem is that if there's an update for Nginx, it will be installed in the first task and if so, the second task won't be marked as changed and the handler won't be fired. Is it true? Or Ansible is clever enough to somehow fire this handle only when Nginx was upgraded in the first task?
I wonder about the best practice for this case. Is there a better way than move all the separate installation tasks (which should fire handlers on their change) before the task which upgrades all the installed packages?
Thanks!
This is not "The Ansible way", but it is an option.
one why you can do it is by using lsof to find all the pid's which need restart and pass this information to systemd to get the service name for each pid. And then go over the list of services and restart each one of them.
some one all ready wrote a perl-script like that
- see example here: https://rwmj.wordpress.com/2014/07/10/which-services-need-restarting-after-an-upgrade/
another option is but the same is the restart-services script from the debian-goodies repo/package.
I use nginx docker(https://github.com/jwilder/nginx-proxy), but find it no way to amend .htaccess as mentioned here(Nginx no-www to www and www to no-www). Could anyone tell me how to redirect no-www to www under the above jwilder/nginx-proxy.
This may be a little late but I found the solutions here to be too much faffing, so I created the adamkdean/redirect lightweight companion service for jwilder/nginx-proxy.
The example below simply shows HTTP but you can hook this up to HTTPS if you like using the letsencrypt-nginx-proxy companion service by JrCs.
For adamkdean/redirect, you simply provide two environment vars, one of the redirect location and one of the status code (which can be either 301, 302, 303, or 307) with the default being 307 (if you omit REDIRECT_STATUS_CODE).
version: '2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
ports:
- 80:80
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
redirect:
image: adamkdean/redirect
environment:
- VIRTUAL_HOST=example.com
- REDIRECT_LOCATION="http://www.example.com"
- REDIRECT_STATUS_CODE=301
example:
image: example
environment:
- VIRTUAL_HOST=www.example.com
Find the repo here: https://github.com/adamkdean/redirect
You would need to:
git clone https://github.com/jwilder/nginx-proxy,
amend nginx.tmpl and
rebuild the nginx-proxy image yourself.
That way, you would generate a new nginx-proxy image which does include the directives you need.
You can add the redirect without changing the nginx.tmpl. There is the option to import further configuration files either directly under server { or in the default location location / {. See https://github.com/jwilder/nginx-proxy#per-virtual_host.
Create and mount a file /etc/nginx/vhost.d/your-website.com or /etc/nginx/vhost.d/your-website.com_location with the following content:
rewrite ^/(.*)$ http://www.your-website.com/$1 permanent;
Introduction
Unfortunately you did not specify your technical setup.
So i do have to make some assumptions.
Let's assume that you want to start a blog using a fully supported docker environment with following docker images:
nginx-proxy,
docker-gen,
letsencrypt,
ghost (blog software) and
mariaDB.
Therefore you registered a domain with the name personalblog.com.
You already set up an DNS A record to the IP address where your blog content will be hosted. So you have an A record for personalblog.com to that IP address and an A record for www.personalblog.com to that IP address.
Requirements
Please follow the instructions to setup your nginx-proxy with letsencrypt environment (you will find in these repositories a full instruction for setup):
https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion
After finishing the nginx-proxy setup for docker, please follow these instructions for setup your blog software with ghost and maria db:
https://github.com/LuisArteaga/docker-ghost-mariadb-letsencrypt
There might be a docker bug when pulling the latest image for ghost. So change in the docker-compose.yml ghost:latest to ghost:1.22.1
Redirect non-www to www for jwilder/nginx-proxy
In the nginx-proxy setup (described by #evertramos repository above) you specified in the .env file your Nginx File Path (Check out the line with NGINX_FILES_PATH=/path/to/your/nginx/data). With this you created a directory outside of the nginx docker container.
Step 1
cd /path/to/your/nginx/data/vhost.d/
sudo vim personalblog.com
Step 2
In the new file personalblog.com you add following line:
return 301 http://www.personalblog.com$request_uri;
Save the file with ESC and :wq
Step 3
Go to your path where your docker-compose.yml for nginx lies and do:
sudo docker-compose up -d --force-recreate
Notes
The file that you are creating under /path/to/your/nginx/data/vhost.d/ has to be the name of your domain. In this case you want to redirect from personalblog.com to www.personalblog.com, so the file name is personalblog.com. If you followed the instructions of the repositories above you will automatically redirected to https. So don't worry if you just redirect to http://www.personalblog.com.
Don't forget to update the variable VIRTUAL_HOST to have both the www and non-WW hostname:
VIRTUAL_HOST=www.target-host.com, target-host.com
First you need to clone git using: https://github.com/jwilder/nginx-proxy
Then amend it using nginx.tmpl and at last rebuild it using nginx-proxy image yourself.
I have set up a fairly vanilla Dockerfile to start with, just to see if I can get the sample index.cfm to run:
FROM lucee/lucee-nginx:preview
And the related docker-compose.yml file:
web:
build: .
ports:
- "80:80"
When I run this, I get an Nginx 403 Forbidden error. If I change the ports setting to 80:8080, I get a Tomcat 404 Not Found error.
I'm lost as to how to get this working with Docker Compose. How can I debug this, or is there a different way that I can configure Docker Compose to get it running?
The newer builds of Lucee 5 work (release candidates especially), so this problem has since "sorted itself out."
See the section of the lucee-dockerfiles project for Lucee 5 on Tomcat-8-jre with Nginx.
My vhost configuration: http://pastebin.com/ZyXUmQtx (only one domain on this installation)
I've been racking my head and Google for a solution the last two days and can't quite seem to come up with a solution that works.
My setup (from the above configuration):
IP.Board 3.4 installation in %root_domain%/forums/
IP.Content 2.3 installation in %root_domain/forums/ (with external access index.php on the top-level)
Redmine 2.2.2 install at /usr/share/redmine (this is working because Thin is running and there are no errors in either log file)
Stale phpMyAdmin configuration at /usr/share/phpmyadmin/ that also kinda doesn't load html/css properly.
Symlink to /usr/share/redmine/public to /srv/www/tiberian-genesis.net/public_html/redmine
I'm trying to get redmine setup to run under %root_domain%/redmine/, but I keep getting a 404 page from my IP.Content installation.
Accessing it takes me to the url: /redmine/login?back_url=http://redmine_thin_servers/redmine/ (which now that notice it, it seems to not like my upstream...)
In case someone requests the Thin configuration file:
---
pid: /var/run/thin/redmine.pid
group: tgmod
prefix: /redmine
timeout: 30
log: /var/log/thin/redmine.log
max_conns: 1024
require: []
max_persistent_conns: 512
environment: production
user: tgmod
servers: 1
daemonize: true
chdir: /usr/share/redmine
socket: /var/run/thin/redmine.sock
I'm out of ideas here.
Thanks in advance!
I just ended up setting it up on a sub-domain. I wanted to try to proxy it on a sub-directory, but my main website kept interfering with the rules.