Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nginx: Check config syntax validity with nginx -t in preStart #24664

Merged
merged 1 commit into from Feb 17, 2018
Merged

nginx: Check config syntax validity with nginx -t in preStart #24664

merged 1 commit into from Feb 17, 2018

Conversation

nh2
Copy link
Contributor

@nh2 nh2 commented Apr 6, 2017

Motivation for this change

Currently nginx in NixOS doesn't use the standard practice of checking its config file in systemd's ExecPreStart (this is what ExecPreStart was made for).

This results in nixops deployments to succeed even with wrong config file syntax.

By checking the config file syntax in preStart using nginx -t, a nixops will fail correctly on wrong config file syntax.

@mention-bot
Copy link

@nh2, thanks for your PR! By analyzing the history of the files in this pull request, we identified @globin, @domenkozar and @fadenb to be potential reviewers.

@Mic92
Copy link
Member

Mic92 commented Apr 6, 2017

In ferm, I check that the configuration is valid, even before the update is applied to the system.
However I fear this will not work here, because nginx would try to resolve ips during configuration check:
https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ferm.nix#L14

@domenkozar
Copy link
Member

There have been many attempts at getting this right (see closed PRs), you can find the latest at #24476

@domenkozar domenkozar closed this Apr 6, 2017
@nh2
Copy link
Contributor Author

nh2 commented Apr 6, 2017

There have been many attempts at getting this right (see closed PRs), you can find the latest at #24476

@domenkozar I am confused, this issue is not about reloading without restarting. This issue is about making sure that starting with invalid config file fails before systemd counts the service as running.

@nh2
Copy link
Contributor Author

nh2 commented Sep 27, 2017

@domenkozar Ping, as I cannot reopen this myself apparently.

@domenkozar domenkozar reopened this Sep 27, 2017
@Mic92 Mic92 requested a review from fpletz September 27, 2017 20:47
@joachifm
Copy link
Contributor

@GrahamcOfBorg test nginx

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Partial log (click to expand)

webserver: exit status 1
syncing
webserver: running command: sync
webserver: exit status 0
test script finished in 9.83s
cleaning up
killing webserver (pid 593)
vde_switch: EOF on stdin, cleaning up and exiting
vde_switch: Could not remove ctl dir '/tmp/nix-build-vm-test-run-nginx.drv-0/vde1.ctl': Directory not empty
/nix/store/n06m7s6lgdx0hq23nc20mm49fp6hw9y9-vm-test-run-nginx

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Partial log (click to expand)

webserver: exit status 1
syncing
webserver: running command: sync
webserver: exit status 0
test script finished in 17.88s
cleaning up
killing webserver (pid 627)
vde_switch: EOF on stdin, cleaning up and exiting
vde_switch: Could not remove ctl dir '/build/vde1.ctl': Directory not empty
/nix/store/fr2l4vynh8gm24a850l3iwfnf5hcfnbk-vm-test-run-nginx

@joachifm joachifm merged commit f00a151 into NixOS:master Feb 17, 2018
@nh2
Copy link
Contributor Author

nh2 commented Feb 23, 2018

@volth Agreed -- I think both are useful. The preStart check so that you see if something is wrong if you systemctl start something manually, or somehow configured nginx to load a config file not controlled by nix, and also so that commands like nixops deploy fail loudly (because it doesn't return before preStart is over).

I think we should open another issue to add nix-evaluation-time config checking for nginx, like you did for Varnish.

@nh2 nh2 mentioned this pull request Feb 23, 2018
Closed
@nh2
Copy link
Contributor Author

nh2 commented Feb 23, 2018

I think we should open another issue to add nix-evaluation-time config checking for nginx

Done in #35395

@aanderse aanderse mentioned this pull request Jan 30, 2019
Closed
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fpletz fpletz Awaiting requested review from fpletz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@nh2 @mention-bot @Mic92 @domenkozar @joachifm @GrahamcOfBorg