Comments (11)
@halcyonCorsair could you please share the .toml
configuration file? It seems like the check_cmd
returning a non-zero exit code for some reason.
from confd.
@gabrtv I could be wrong, but my suspicion is that what happened is:
- nodes were accidentally removed from etcd
- confd was run
- the check was run against the old (working) config
- confd put new (broken) config in place with all servers removed from the nginx upstream
- a broken nginx config is now in place
- nodes were re-added to etcd
- confd was run
- the check was run against the old (broken) config and failed
At which point, if I'm reading the source right, confd bailed out and didn't put the new config in place.
config:
[template]
src = "site-nginx-staging.tmpl"
dest = "/etc/nginx/sites-enabled/site.conf"
owner = "nginx"
mode = "0644"
keys = [
"/site/upstream/staging",
]
check_cmd = "/usr/sbin/nginx -t -c /etc/nginx/nginx.conf"
reload_cmd = "/usr/sbin/service nginx reload"
template:
upstream site {
{{range $server := .site_upstream_staging}}
server {{$server.Value}};
{{end}}
}
server {
server_name site.mydomain.com;
location / {
proxy_pass http://site;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
from confd.
@gabrtv does that make sense?
from confd.
Ah, you need to fix the check command. You are checking against the live config. Instead of
check_cmd = "/usr/sbin/nginx -t -c /etc/nginx/nginx.conf"
Use
check_cmd = "/usr/sbin/nginx -t -c {{ .src }}"
from confd.
@halcyonCorsair Does my last comment work for you?
from confd.
@kelseyhightower I don't think so, the template I'm putting in place is a partial, included by the main /etc/nginx/nginx.conf. The intention (at least at this stage) is that nginx will be hosting multiple sites.
from confd.
I agree with @kelseyhightower that the problem is check_cmd
returning a non-zero exit code. See:
https://github.com/kelseyhightower/confd/blob/master/resource/template/resource.go#L126:L131
Maybe a partial template will always fail an Nginx config check?
from confd.
@gabrtv @kelseyhightower I feel like it may not be possible to test a new piece of configuration in isolation especially for apps which have config split into many files (eg. nginx, exim, etc).
How about an option to move the original config out of the way temporarily while the check_cmd
get's run, and on failure, moved back into place?
from confd.
@halcyonCorsair my personal opinion is that the check_cmd
and reload_cmd
constructs should be sufficient as is. I would try writing a check_cmd
script that assembles and tests a complete config in a temp directory, including all your existing partial configs plus the newly templated one.
from confd.
@halcyonCorsair I'm with @gabrtv on this one. Now that I think about it, nothing is stoping you from moving the temp file in place before running the check_cmd, and then moving it back if it fails.
I think that would be a nice use case to write up.
@halcyonCorsair Closing this one as I don't think that feature should be added to confd. But I do like the idea of a check_cmd that did that.
from confd.
@kelseyhightower I see the reasoning, it's just an unfortunate amount of extra work for my use case. :(
from confd.
Related Issues (20)
- confd does not re-resolve SRV records after startup
- update install docs for macOS
- A confd variable issue
- cannot find module providing package code.google.com/p/go.crypto/openpgp HOT 1
- Request a new release
- Put this to alpine's offical repository? HOT 1
- Issue looping through an array of objects
- Why isn`t it automatically rendered when a new template added
- xxx.toml 配置文件是否支持dest目录路径动态从etcdv3 获取 HOT 3
- connected to redis too many colons in address HOT 1
- 监听命令启动之后,过几分钟不再生效
- warning: master confd[346010]: WARNING Found no templates
- arm64 confd not working HOT 6
- Zookeeper backend. randomly not sync files after changes
- Vulnerability of dependency "golang.org/x/crypto, golang.org/x/net, golang.org/x/text, github.com/hashicorp/vault/sdk"
- support polaris as backend
- [PATCH] improve client insecure mode
- support http as backend
- how to contribue in this project? HOT 1
- ==
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from confd.