No allowance for custom nginx source?

[CameronMcAuley]

What is the reason for not allowing a custom source for nginx?
I need to use nginx compiled with extra modules (ModSecurity for example), but this doesn't seem to be possible with this module - for example, debian.pp can only use ‘nginx’, 'nginx-stable’, ‘passenger’ or ‘nginx-mainline’ and $manage_repo doesn't appear to do anything if set to false.

Would it be possible to include an option to install from a custom .deb on a repo, say, on an AWS S3 bucket or something similar?

[wyardley]

@CameronMcAuley: I don't know how we'd explicitly allow a custom source easily, but, we do have a proposed PR to rework some of this logic in this. One proposal did include setting an option to not manage the package at all (at which point you could manage it in your site-specific code).

That said, if you disable managing the repo and configure a repo with the appropriate source, and set the right nginx version in package_ensure instead of present (or latest if the version in the other repo is newer), you should get that package, that is, the module will install whatever package named 'nginx' comes by default from the configured repos on the system, if that makes sense.

Does that help answer your question? You're also, of course, welcome to submit a PR that implements the behavior you're describing.

[wyardley]

ps - The proposed PR would be getting rid of manage_repo in favor of just having package_source undefined, but that would become the default behavior, and the behavior would be very similar to what I outlined above.

[CameronMcAuley]

@wyardley Thanks for the reply! So, am I understanding you correctly - if manage_repo is set to false, the module will search for a package named 'nginx' in a local apt repository (For example - http://askubuntu.com/questions/170348/how-to-create-a-local-apt-repository) configured on my system, and it will install it given that I set the correct version in package_ensure?

EDIT: I have created a local apt repository using the guide I linked above, and added a deb named 'nginx.deb' to this repo. When I test this on my vagrant box with apt-get update and apt-get install nginx, it successfully installs from my local repo.

I've now changed my puppet code to change manage_repo to false and package_source to 'nginx'. When I reload my vagrant box with the --provision tag to install my nginx module, I get the following error:

==> web: Error: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install nginx' returned 100: Reading package lists... ==> web: Building dependency tree... ==> web: Reading state information... ==> web: The following NEW packages will be installed: ==> web: nginx ==> web: 0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded. ==> web: Need to get 0 B/500 kB of archives. ==> web: After this operation, 1888 kB of additional disk space will be used. ==> web: WARNING: The following packages cannot be authenticated! ==> web: nginx ==> web: E: There are problems and -y was used without --force-yes ==> web: Error: /Stage[main]/Nginx::Package::Debian/Package[nginx]/ensure: change from purged to present failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install nginx' returned 100: Reading package lists... ==> web: Building dependency tree... ==> web: Reading state information... ==> web: The following NEW packages will be installed: ==> web: nginx ==> web: 0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded. ==> web: Need to get 0 B/500 kB of archives. ==> web: After this operation, 1888 kB of additional disk space will be used. ==> web: WARNING: The following packages cannot be authenticated! ==> web: nginx ==> web: E: There are problems and -y was used without --force-yes

What is wrong here?

[wyardley]

As things are now, setting package_source without manage_repos will do nothing; that's why in the future, we're likely to have this just be a single setting (package_source), set to undef to not manage repos.

As far as the authentication problem, it looks like a signing problem, but are you sure you're getting the expected nginx version from the repo you configured? You may need to handle importing the repo's GPG key (or disabling gpg checks); the module only configures the repo's gpg key when it's managing the repos.

I haven't been using Debian derived distros for a long time, but I think maybe you'll find some helpful troubleshooting info in this comment:
#929 (comment)

Specifically, you may want to take a look at the output of
apt-cache policy nginx

Note also that, barring some apt plugins that pin the package source to a particular repo, you might need to specify the package version explicitly in package_ensure (you may need to experiment to see how it needs to be specified exactly) to make sure you're getting "your" version.

[wyardley]

You may have more luck getting help on the Puppet community slack and / or on IRC; as best I can see, the module works as currently intended, though again, we are considering re-working the default package source and some other stuff, you can follow discussion in #938 if you're interested.