From 59c0f4fb031184a3ac9c39fcbd326dcd61fb9997 Mon Sep 17 00:00:00 2001 From: Jeff Ohrstrom Date: Thu, 29 Jan 2026 12:22:58 -0500 Subject: [PATCH 1/2] support nginx shell message and disabling --- defaults/main/nginx_stage.yml | 3 +++ .../config/nginx_stage.yml.custom.Debian | 8 ++++++++ .../config/nginx_stage.yml.custom.RedHat | 8 ++++++++ .../config/nginx_stage.yml.default.Debian | 9 +++++++++ .../config/nginx_stage.yml.default.RedHat | 8 ++++++++ molecule/default/vars/nginx.yml | 6 +++++- templates/nginx_stage.yml.j2 | 16 ++++++++++++++++ 7 files changed, 57 insertions(+), 1 deletion(-) diff --git a/defaults/main/nginx_stage.yml b/defaults/main/nginx_stage.yml index 57d7933..082f094 100644 --- a/defaults/main/nginx_stage.yml +++ b/defaults/main/nginx_stage.yml @@ -26,3 +26,6 @@ locations_ini: "{{ passenger_lib_dir }}/locations.ini" # passenger_disable_anonymous_telemetry: on # passenger_log_file: '/var/log/ondemand-nginx/%{user}/error.log' + +# disabled_shell_message: 'user has a disabled shell: %s' +# show_nginx_stage_help_message: true \ No newline at end of file diff --git a/molecule/default/fixtures/config/nginx_stage.yml.custom.Debian b/molecule/default/fixtures/config/nginx_stage.yml.custom.Debian index 5e9b037..21bc06b 100644 --- a/molecule/default/fixtures/config/nginx_stage.yml.custom.Debian +++ b/molecule/default/fixtures/config/nginx_stage.yml.custom.Debian @@ -241,6 +241,14 @@ min_uid: 500 # #disabled_shell: '/access/denied' +# Define an error message that is displayed to users when they have a +# disabled_shell. +disabled_shell_message: 'user %s has a disabled shell. Open a ticket with Support.' + +# Hide the stderr "Run 'nginx_stage --help' to see a full list of available +# command line options." message when calling nginx_stage +show_nginx_stage_help_message: false + # Set BUNDLE_USER_CONFIG to /dev/null in the PUN environment # NB: This prevents a user's ~/.bundle/config from affecting OnDemand applications # diff --git a/molecule/default/fixtures/config/nginx_stage.yml.custom.RedHat b/molecule/default/fixtures/config/nginx_stage.yml.custom.RedHat index e0cb15b..f9abd05 100644 --- a/molecule/default/fixtures/config/nginx_stage.yml.custom.RedHat +++ b/molecule/default/fixtures/config/nginx_stage.yml.custom.RedHat @@ -241,6 +241,14 @@ min_uid: 500 # #disabled_shell: '/access/denied' +# Define an error message that is displayed to users when they have a +# disabled_shell. +disabled_shell_message: 'user %s has a disabled shell. Open a ticket with Support.' + +# Hide the stderr "Run 'nginx_stage --help' to see a full list of available +# command line options." message when calling nginx_stage +show_nginx_stage_help_message: false + # Set BUNDLE_USER_CONFIG to /dev/null in the PUN environment # NB: This prevents a user's ~/.bundle/config from affecting OnDemand applications # diff --git a/molecule/default/fixtures/config/nginx_stage.yml.default.Debian b/molecule/default/fixtures/config/nginx_stage.yml.default.Debian index f29511e..ba5bddc 100644 --- a/molecule/default/fixtures/config/nginx_stage.yml.default.Debian +++ b/molecule/default/fixtures/config/nginx_stage.yml.default.Debian @@ -236,6 +236,15 @@ app_root: # #disabled_shell: '/access/denied' +# Define an error message that is displayed to users when they have a +# disabled_shell. +#disabled_shell_message: 'user has a disabled shell: %s' + +# Hide the stderr "Run 'nginx_stage --help' to see a full list of available +# command line options." message when calling nginx_stage +#show_nginx_stage_help_message: true + + # Set BUNDLE_USER_CONFIG to /dev/null in the PUN environment # NB: This prevents a user's ~/.bundle/config from affecting OnDemand applications # diff --git a/molecule/default/fixtures/config/nginx_stage.yml.default.RedHat b/molecule/default/fixtures/config/nginx_stage.yml.default.RedHat index 22b5980..2036e98 100644 --- a/molecule/default/fixtures/config/nginx_stage.yml.default.RedHat +++ b/molecule/default/fixtures/config/nginx_stage.yml.default.RedHat @@ -236,6 +236,14 @@ app_root: # #disabled_shell: '/access/denied' +# Define an error message that is displayed to users when they have a +# disabled_shell. +#disabled_shell_message: 'user has a disabled shell: %s' + +# Hide the stderr "Run 'nginx_stage --help' to see a full list of available +# command line options." message when calling nginx_stage +#show_nginx_stage_help_message: true + # Set BUNDLE_USER_CONFIG to /dev/null in the PUN environment # NB: This prevents a user's ~/.bundle/config from affecting OnDemand applications # diff --git a/molecule/default/vars/nginx.yml b/molecule/default/vars/nginx.yml index 554dabe..e49a275 100644 --- a/molecule/default/vars/nginx.yml +++ b/molecule/default/vars/nginx.yml @@ -13,4 +13,8 @@ pun_custom_env: passenger_disable_anonymous_telemetry: 'on' # note the misspelling here that it's different than the default 'error.log'. -passenger_log_file: '/var/log/ondemand-nginx/%{user}/ezzor.log' \ No newline at end of file +passenger_log_file: '/var/log/ondemand-nginx/%{user}/ezzor.log' + + +disabled_shell_message: 'user %s has a disabled shell. Open a ticket with Support.' +show_nginx_stage_help_message: false \ No newline at end of file diff --git a/templates/nginx_stage.yml.j2 b/templates/nginx_stage.yml.j2 index 9360590..274195d 100644 --- a/templates/nginx_stage.yml.j2 +++ b/templates/nginx_stage.yml.j2 @@ -276,6 +276,22 @@ min_uid: {{ nginx_min_uid }} # #disabled_shell: '/access/denied' +# Define an error message that is displayed to users when they have a +# disabled_shell. +{% if disabled_shell_message is defined %} +disabled_shell_message: '{{ disabled_shell_message }}' +{% else %} +#disabled_shell_message: 'user has a disabled shell: %s' +{% endif %} + +# Hide the stderr "Run 'nginx_stage --help' to see a full list of available +# command line options." message when calling nginx_stage +{% if show_nginx_stage_help_message is defined %} +show_nginx_stage_help_message: {{ show_nginx_stage_help_message | bool | lower }} +{% else %} +#show_nginx_stage_help_message: true +{% endif %} + # Set BUNDLE_USER_CONFIG to /dev/null in the PUN environment # NB: This prevents a user's ~/.bundle/config from affecting OnDemand applications # From 3b2d1d644bd45c74809dd785ee61b8d9e6f6f4ce Mon Sep 17 00:00:00 2001 From: Jeff Ohrstrom Date: Thu, 29 Jan 2026 12:59:41 -0500 Subject: [PATCH 2/2] rm extra newline in fixture --- molecule/default/fixtures/config/nginx_stage.yml.default.Debian | 1 - 1 file changed, 1 deletion(-) diff --git a/molecule/default/fixtures/config/nginx_stage.yml.default.Debian b/molecule/default/fixtures/config/nginx_stage.yml.default.Debian index ba5bddc..9c6dc79 100644 --- a/molecule/default/fixtures/config/nginx_stage.yml.default.Debian +++ b/molecule/default/fixtures/config/nginx_stage.yml.default.Debian @@ -244,7 +244,6 @@ app_root: # command line options." message when calling nginx_stage #show_nginx_stage_help_message: true - # Set BUNDLE_USER_CONFIG to /dev/null in the PUN environment # NB: This prevents a user's ~/.bundle/config from affecting OnDemand applications #