From c289763ebe3a93c64e3ee986bad9a12a036b19c6 Mon Sep 17 00:00:00 2001
From: Lukasz Nowak <luke@nexedi.com>
Date: Fri, 15 Jun 2018 08:43:31 +0200
Subject: [PATCH] apache-frontend: Fix Ngnix main configuration

jinja2 template is required, as some paramters might come from the network.

/reviewed-on https://lab.nexedi.com/nexedi/slapos/merge_requests/345
---
 software/apache-frontend/buildout.hash.cfg    |  4 +-
 .../instance-apache-frontend.cfg              | 29 +++++++++++---
 .../apache-frontend/templates/nginx.cfg.in    | 40 +++++++++----------
 3 files changed, 45 insertions(+), 28 deletions(-)

diff --git a/software/apache-frontend/buildout.hash.cfg b/software/apache-frontend/buildout.hash.cfg
index 461faa58c..328a41c01 100644
--- a/software/apache-frontend/buildout.hash.cfg
+++ b/software/apache-frontend/buildout.hash.cfg
@@ -18,7 +18,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
 
 [template-apache-frontend]
 filename = instance-apache-frontend.cfg
-md5sum = b6a2c860ea1cd4bc9d185c7108c52d0a
+md5sum = d6570c7a7e3c48efa7305677fe7c7ceb
 
 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -82,7 +82,7 @@ md5sum = 117238225b3fc3c5b5be381815f44c67
 
 [template-nginx-configuration]
 filename = templates/nginx.cfg.in
-md5sum = 18633ce55e53340efa1ba7693aac4152
+md5sum = f334ef32234771aee69c06f843da1980
 
 [template-nginx-eventsource-slave-virtualhost]
 filename = templates/nginx-eventsource-slave.conf.in
diff --git a/software/apache-frontend/instance-apache-frontend.cfg b/software/apache-frontend/instance-apache-frontend.cfg
index e62e2915d..3018f1ef5 100644
--- a/software/apache-frontend/instance-apache-frontend.cfg
+++ b/software/apache-frontend/instance-apache-frontend.cfg
@@ -676,14 +676,31 @@ curl_path = ${curl:location}/bin/curl
 #
 [nginx-frontend]
 recipe = slapos.cookbook:wrapper
-command-line = ${nginx-push-stream:location}/sbin/nginx -c $${nginx-configuration:output}
+command-line = ${nginx-push-stream:location}/sbin/nginx -c $${dynamic-nginx-frontend-template:rendered}
 wrapper-path = $${directory:service}/frontend_nginx
 
-[nginx-configuration]
-recipe = slapos.recipe.template
-url = ${template-nginx-configuration:output}
-output = $${directory:etc}/nginx.cfg
+[dynamic-nginx-frontend-template]
+< = jinja2-template-base
+template = ${template-nginx-configuration:output}
+rendered = $${directory:etc}/nginx.cfg
 mode = 0600
+extra-context =
+  key ip nginx-configuration:ip
+  key local_ip nginx-configuration:local_ip
+  key port nginx-configuration:port
+  key plain_port nginx-configuration:plain_port
+  key worker_processes nginx-configuration:worker_processes
+  key pidfile nginx-configuration:pid-file
+  key worker_connections nginx-configuration:worker_connections
+  key error_log nginx-configuration:error_log
+  key access_log nginx-configuration:access_log
+  key ssl_certificate ca-frontend:cert-file
+  key ssl_key ca-frontend:key-file
+  key varnginx directory:varnginx
+  key slave_configuration_directory nginx-configuration:slave-configuration-directory
+  key document_root apache-directory:document-root
+
+[nginx-configuration]
 access_log = $${directory:log}/nginx-access.log
 error_log = $${directory:log}/nginx-error.log
 ip = $${slap-network-information:global-ipv6}
@@ -695,7 +712,7 @@ worker_connections = 1024
 slave-configuration-directory = $${apache-directory:nginx-slave-configuration}
 pid-file = $${directory:run}/nginx.pid 
 nginx-graceful-command = $${:nginx-configuration-verification}; if [ $? -eq 0 ]; then kill -HUP $(cat $${:pid-file}); fi
-nginx-configuration-verification = ${nginx-push-stream:location}/sbin/nginx -t -c $${nginx-configuration:output}
+nginx-configuration-verification = ${nginx-push-stream:location}/sbin/nginx -t -c $${dynamic-nginx-frontend-template:rendered}
 
 [frontend-nginx-graceful]
 < = jinja2-template-base
diff --git a/software/apache-frontend/templates/nginx.cfg.in b/software/apache-frontend/templates/nginx.cfg.in
index 1b0c416ac..9dab64a64 100644
--- a/software/apache-frontend/templates/nginx.cfg.in
+++ b/software/apache-frontend/templates/nginx.cfg.in
@@ -1,14 +1,14 @@
 daemon off; # run in the foreground so supervisord can look after it
 
-worker_processes $${nginx-configuration:worker_processes};
-pid $${nginx-configuration:pid-file};
+worker_processes {{ worker_processes }};
+pid {{ pidfile }};
 
 events {
-  worker_connections $${nginx-configuration:worker_connections};
+  worker_connections {{ worker_connections }};
   # multi_accept on;
 }
 
-error_log $${nginx-configuration:error_log};
+error_log {{ error_log }};
 
 http {
 
@@ -23,17 +23,17 @@ http {
   types_hash_max_size 2048;
   server_tokens off;
 
-  error_log $${nginx-configuration:error_log};
+  error_log {{ error_log }};
   log_format custom '$remote_addr - $remote_user $time_local $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time';
-  access_log $${nginx-configuration:access_log} custom;
+  access_log {{ access_log }} custom;
 
   # server_names_hash_bucket_size 64;
   # server_name_in_redirect off;
 
   default_type application/octet-stream;
 
-  ssl_certificate $${ca-frontend:cert-file};
-  ssl_certificate_key $${ca-frontend:key-file};
+  ssl_certificate {{ ssl_certificate }};
+  ssl_certificate_key {{ ssl_key }};
 
   ##
   # Gzip Settings
@@ -53,18 +53,18 @@ http {
   ##
   push_stream_shared_memory_size                32m;
 
-  fastcgi_temp_path  $${directory:varnginx} 1 2;
-  uwsgi_temp_path  $${directory:varnginx} 1 2;
-  scgi_temp_path  $${directory:varnginx} 1 2;
+  fastcgi_temp_path  {{ varnginx }} 1 2;
+  uwsgi_temp_path  {{ varnginx }} 1 2;
+  scgi_temp_path  {{ varnginx }} 1 2;
 
-  client_body_temp_path $${directory:varnginx} 1 2;
-  proxy_temp_path $${directory:varnginx} 1 2;
+  client_body_temp_path {{ varnginx }} 1 2;
+  proxy_temp_path {{ varnginx }} 1 2;
 
-  include $${nginx-configuration:slave-configuration-directory}/*.conf;
+  include {{ slave_configuration_directory }}/*.conf;
 
   server {
-    listen [$${nginx-configuration:ip}]:$${nginx-configuration:plain_port};
-    listen $${nginx-configuration:local_ip}:$${nginx-configuration:plain_port};
+    listen [{{ ip }}]:{{ plain_port }};
+    listen {{ local_ip }}:{{ plain_port }};
 
 
     ## Serve an error 204 (No Content) for favicon.ico
@@ -73,14 +73,14 @@ http {
     }
 
     location / {
-      root $${apache-directory:document-root};
+      root {{ document_root }};
       index notfound.html;
     }
   }
 
   server {
-    listen [$${nginx-configuration:ip}]:$${nginx-configuration:port} ssl;
-    listen $${nginx-configuration:local_ip}:$${nginx-configuration:port} ssl;
+    listen [{{ ip }}]:{{ port }} ssl;
+    listen {{ local_ip }}:{{ port }} ssl;
 
     ssl on;
   
@@ -96,7 +96,7 @@ http {
     }
 
     location / {
-      root $${apache-directory:document-root};
+      root {{ document_root }};
       index notfound.html;
     }
   }
-- 
2.30.9