Add default bind addresses for nginx, apache and uwsgi

These can be overriden to bind to the actual management network IP in a real deployment Change-Id: I4824faedd1c663ac004a9e2674988c565f4cc27f
2019-07-22 13:56:54 +01:00 · 2019-07-22 13:56:54 +01:00 · e3a9237b83
parent 5132d6a839
commit e3a9237b83
5 changed files with 6 additions and 4 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -185,6 +185,7 @@ keystone_service_adminuri: "{{ keystone_service_adminuri_proto }}://{{ internal_
 # so that we do not have to be concerned with multiple web servers.
 #
 keystone_web_server: "{{ (keystone_sp != {}) | ternary('apache', 'nginx') }}"
+keystone_web_server_bind_address: 0.0.0.0

 ## Apache setup
 keystone_apache_log_level: info
@ -215,6 +216,7 @@ keystone_wsgi_threads: 1
 ## Cap the maximun number of processes when a user value is unspecified.
 keystone_wsgi_processes_max: 16
 keystone_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, keystone_wsgi_processes_max] | min }}"
+keystone_uwsgi_bind_address: 0.0.0.0

 keystone_uwsgi_ports:
  keystone-wsgi-public:
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -28,7 +28,7 @@

 - name: Wait for web server to complete starting
  wait_for:
-    host: "{{ ansible_default_ipv4.address | default('127.0.0.1') }}"
+    host: "{{ keystone_web_server_bind_address }}"
    port: "{{ item }}"
    timeout: 25
    delay: 10
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@ -1,7 +1,7 @@
 # {{ ansible_managed }}

 Listen {{ keystone_service_port }}
-<VirtualHost *:{{ keystone_service_port }}>
+<VirtualHost {{ keystone_web_server_bind_address }}:{{ keystone_service_port }}>

    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
--- a/templates/keystone-uwsgi.ini.j2
+++ b/templates/keystone-uwsgi.ini.j2
@ -10,7 +10,7 @@ virtualenv = /openstack/venvs/keystone-{{ keystone_venv_tag }}
 plugin = python3
 {% endif %}
 wsgi-file = {{ keystone_bin }}/{{ item }}
-http = :{{ keystone_uwsgi_ports[item]['http'] }}
+http = {{ keystone_uwsgi_bind_address }}:{{ keystone_uwsgi_ports[item]['http'] }}
 socket = 127.0.0.1:{{ keystone_uwsgi_ports[item]['socket'] }}

 master = true
--- a/templates/keystone_nginx.conf.j2
+++ b/templates/keystone_nginx.conf.j2
@ -1,7 +1,7 @@
 # {{ ansible_managed }}
 server {

-    listen {{ keystone_nginx_ports[item] }};
+    listen {{ keystone_web_server_bind_address }}:{{ keystone_nginx_ports[item] }};

    {% if keystone_ssl | bool and keystone_service_adminuri_proto == "https" %}
    ssl                     on;