API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 28th, 2018
114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.71 KB | None | 0 0
raw download clone embed print report
  1. nginx/files/etc/nginx/nginx.conf:
  2. {%- from 'nginx/map.jinja' import nginx with context -%}
  3. pid {{ nginx.settings.pid.dir }}/{{ nginx.settings.pid.file }};
  4. user {{ nginx.settings.user }};
  5. worker_processes {{ nginx.settings.worker.processes }};
  6.  
  7. events {
  8. worker_connections {{ nginx.settings.events.worker.connections }};
  9. }
  10.  
  11. http {
  12. access_log {{ nginx.settings.http.log.dir }}/{{ nginx.settings.http.access.log }};
  13. error_log {{ nginx.settings.http.log.dir }}/{{ nginx.settings.http.error.log }};
  14. default_type {{ nginx.settings.http.default.type }};
  15. gzip {{ nginx.settings.http.gzip.value }};
  16. gzip_disable "{{ nginx.settings.http.gzip.disable }}";
  17. keepalive_timeout {{ nginx.settings.http.keepalive.timeout }};
  18. sendfile {{ nginx.settings.http.sendfile }};
  19. server_names_hash_bucket_size {{ nginx.settings.http.server.names.hash.bucket.size }};
  20. tcp_nodelay {{ nginx.settings.http.tcp.nodelay }};
  21. tcp_nopush {{ nginx.settings.http.tcp.nopush }};
  22. types_hash_max_size {{ nginx.settings.http.types.hash.max.size }};
  23.  
  24. {%- for include in nginx.settings.http.includes %}
  25. include {{ include }};
  26. {%- endfor %}
  27. }
  28.  
  29. nginx/files.sls:
  30. {% from 'nginx/map.jinja' import nginx with context %}
  31.  
  32. nginx_config_file:
  33. file.managed:
  34. - name: {{ nginx.config.dir }}/{{ nginx.config.file }}
  35. - source: salt://nginx/files{{ nginx.config.dir }}/{{ nginx.config.file }}
  36. - user: root
  37. - group: root
  38. - mode: 0644
  39. - template: jinja
  40.  
  41. nginx_config_sites_enabled_default_file:
  42. file.absent:
  43. - name: {{ nginx.config.sites.enabled.dir }}/{{ nginx.config.sites.enabled.default.file }}
  44.  
  45.  
  46. nginx/map.jinja:
  47. {% import '_grains/map.jinja' as grain %}
  48.  
  49. {% load_yaml as defaults %}
  50. config:
  51. dir: /etc/nginx
  52. file: nginx.conf
  53. sites:
  54. enabled:
  55. dir: /etc/nginx/sites-enabled
  56. default:
  57. file: default
  58. pkgs:
  59. - nginx
  60. service:
  61. name: nginx
  62. settings:
  63. events:
  64. worker:
  65. connections: 768
  66. http:
  67. access:
  68. log: access.log
  69. default:
  70. type: application/octet-stream
  71. error:
  72. log: error.log
  73. gzip:
  74. value: 'on'
  75. disable: msie6
  76. includes:
  77. - /etc/nginx/mime.types
  78. - /etc/nginx/sites-enabled/*.conf
  79. keepalive:
  80. timeout: 65
  81. log:
  82. dir: /var/log/nginx
  83. sendfile: 'on'
  84. server:
  85. client:
  86. max:
  87. body:
  88. size: 1G
  89. names:
  90. hash:
  91. bucket:
  92. size: 128
  93. ssl:
  94. ssl_ciphers: EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
  95. ssl_prefer_server_ciphers: True
  96. ssl_protocols: TLSv1 TLSv1.1 TLSv1.2
  97. ssl_session_cache: shared:SSL:10m
  98. ssl_session_tickets: False
  99. ssl_session_timeout: 1d
  100. tcp:
  101. nodelay: 'on'
  102. nopush: 'on'
  103. types:
  104. hash:
  105. max:
  106. size: 2048
  107. pid:
  108. dir: /run
  109. file: nginx.pid
  110. user: www-data
  111. worker:
  112. processes: auto
  113. state:
  114. name: nginx
  115. {% endload %}
  116.  
  117. {% set toplevel = salt['pillar.get'](defaults.state.name, default=defaults, merge=True) %}
  118. {% set env_cluster = salt['pillar.get'](defaults.state.name ~ ':' ~ grain.env ~ ':' ~ grain.cluster, default=toplevel, merge=True) %}
  119.  
  120. {% set nginx = env_cluster %}
  121.  
  122.  
  123. jenkins/map.jinja:
  124. {% import '_grains/map.jinja' as grain %}
  125. {% from 'default/map.jinja' import default with context %}
  126. {% from 'nginx/map.jinja' import nginx with context %}
  127. {% from 'ssl/map.jinja' import ssl with context %}
  128. {% from "volume/map.jinja" import volume with context %}
  129.  
  130. {% set name = 'jenkins' %}
  131.  
  132. {% load_yaml as defaults %}
  133. common:
  134. account:
  135. fullname: {{ name }}
  136. group: {{ name }}
  137. shell: /bin/bash
  138. user: {{ name }}
  139. uid: 10003
  140. config:
  141. dir: {{ volume.dir }}/{{ name }}
  142. data:
  143. dir: {{ volume.dir }}/{{ name }}
  144. ssh:
  145. public_key_file: id_rsa.pub
  146. private_key_file: id_rsa
  147. dir: .ssh
  148. version: 2.22
  149. volume:
  150. {{ volume }}
  151. master:
  152. bind_address: 127.0.0.1
  153. breadcrumb:
  154. file: .{{ name }}_setup_done
  155. config:
  156. file: config.xml
  157. default:
  158. dir: {{ default.dir }}
  159. file: {{ name }}
  160. java:
  161. max_heap: 2g
  162. nginx:
  163. config:
  164. dir: {{ nginx.config.dir }}
  165. sites:
  166. enabled:
  167. dir: {{ nginx.config.sites.enabled.dir }}
  168. file: {{ name }}.conf
  169. ssl:
  170. {{ nginx.settings.http.ssl }}
  171. pkgs:
  172. - {{ name }}
  173. pillars:
  174. - {{ name }}:{{ grain.region }}:master:ssh:private_key
  175. - {{ name }}:{{ grain.region }}:master:ssh:public_key
  176. {% if grain.account == 'development' %}
  177. - ldap:password:encoded
  178. {% endif %}
  179. port: 8080
  180. server:
  181. name: {{ grains['fqdn'] }}
  182. service:
  183. name: {{ name }}
  184. ssl:
  185. certs:
  186. dir: {{ ssl.certs.dir }}
  187. file: {{ ssl.bundles.star.env.cert_nginx }}
  188. dhparam:
  189. dir: {{ ssl.config.dir }}
  190. file: {{ ssl.dhparam.file }}
  191. key:
  192. dir: {{ ssl.key.dir }}
  193. file: {{ ssl.bundles.star.env.key }}
  194. slave:
  195. aws:
  196. config:
  197. dir: .aws
  198. file: config
  199. build:
  200. config:
  201. file: build.yml
  202. pkgs:
  203. - python3-{{ name }}api
  204. - mtd-utils
  205. - u-boot-tools
  206. - device-tree-compiler
  207. - python-jenkins
  208. - python-pexpect
  209. pillars:
  210. - deployer:ssh:private_key
  211. - deployer:ssh:public_key
  212. - {{ name }}:{{ grain.region }}:slave:artifactory:password
  213. - {{ name }}:{{ grain.region }}:slave:s3:access_key
  214. - {{ name }}:{{ grain.region }}:slave:s3:secret_key
  215. tmp:
  216. dir: {{ volume.dir }}/tmp
  217. state:
  218. name: {{ name }}
  219. {% endload %}
  220.  
  221. {% set toplevel = salt['pillar.get'](defaults.state.name, default=defaults, merge=True) %}
  222. {% set region = salt['pillar.get'](defaults.state.name ~ ':' ~ grain.region, default=toplevel, merge=True) %}
  223.  
  224. {% set jenkins = region %}
  225.  
  226.  
  227. jenkins/files.sls:
  228. {%- from 'nginx/map.jinja' import nginx with context -%}
  229. pid {{ nginx.settings.pid.dir }}/{{ nginx.settings.pid.file }};
  230. user {{ nginx.settings.user }};
  231. worker_processes {{ nginx.settings.worker.processes }};
  232.  
  233. events {
  234. worker_connections {{ nginx.settings.events.worker.connections }};
  235. }
  236.  
  237. http {
  238. access_log {{ nginx.settings.http.log.dir }}/{{ nginx.settings.http.access.log }};
  239. error_log {{ nginx.settings.http.log.dir }}/{{ nginx.settings.http.error.log }};
  240. default_type {{ nginx.settings.http.default.type }};
  241. gzip {{ nginx.settings.http.gzip.value }};
  242. gzip_disable "{{ nginx.settings.http.gzip.disable }}";
  243. keepalive_timeout {{ nginx.settings.http.keepalive.timeout }};
  244. sendfile {{ nginx.settings.http.sendfile }};
  245. server_names_hash_bucket_size {{ nginx.settings.http.server.names.hash.bucket.size }};
  246. tcp_nodelay {{ nginx.settings.http.tcp.nodelay }};
  247. tcp_nopush {{ nginx.settings.http.tcp.nopush }};
  248. types_hash_max_size {{ nginx.settings.http.types.hash.max.size }};
  249.  
  250. {%- for include in nginx.settings.http.includes %}
  251. include {{ include }};
  252. {%- endfor %}
  253. }
  254.  
  255.  
  256. jenkins.conf:
  257. {%- from 'jenkins/map.jinja' import jenkins with context -%}
  258. upstream jenkins {
  259. server 127.0.0.1:{{ jenkins.master.port }} fail_timeout=0;
  260. }
  261.  
  262. server {
  263. listen 80;
  264. return 301 https://$host$request_uri;
  265. }
  266.  
  267. server {
  268. listen 443 default_server ssl;
  269. server_name {{ jenkins.master.server.name }};
  270.  
  271. ssl on;
  272. ssl_certificate {{ jenkins.master.ssl.certs.dir }}/{{ jenkins.master.ssl.certs.file }};
  273. ssl_certificate_key {{ jenkins.master.ssl.key.dir }}/{{ jenkins.master.ssl.key.file }};
  274. ssl_dhparam {{ jenkins.master.ssl.dhparam.dir }}/{{ jenkins.master.ssl.dhparam.file }};
  275. ssl_session_timeout {{ jenkins.master.nginx.ssl.ssl_session_timeout }};
  276. ssl_session_cache {{ jenkins.master.nginx.ssl.ssl_session_cache }};
  277. ssl_session_tickets {{ 'on' if jenkins.master.nginx.ssl.ssl_session_tickets else 'off' }};
  278.  
  279. ssl_prefer_server_ciphers {{ 'on' if jenkins.master.nginx.ssl.ssl_prefer_server_ciphers else 'off' }};
  280. ssl_protocols {{ jenkins.master.nginx.ssl.ssl_protocols }};
  281. ssl_ciphers {{ jenkins.master.nginx.ssl.ssl_ciphers }};
  282.  
  283. location / {
  284. add_header Pragma "no-cache";
  285. add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
  286. add_header X-Frame-Options DENY;
  287. add_header X-Content-Type-Options nosniff;
  288. proxy_set_header Host $host;
  289. proxy_set_header X-Real-IP $remote_addr;
  290. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  291. proxy_set_header X-Forwarded-Proto $scheme;
  292. proxy_redirect http:// https://;
  293. proxy_pass http://jenkins;
  294. }
  295. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!