From e3a9237b83c99547c5eaf976fc59fda9ad302f6e Mon Sep 17 00:00:00 2001
From: Jonathan Rosser <jonathan.rosser@rd.bbc.co.uk>
Date: Mon, 22 Jul 2019 13:56:54 +0100
Subject: [PATCH] Add default bind addresses for nginx, apache and uwsgi

These can be overriden to bind to the actual management network IP
in a real deployment

Change-Id: I4824faedd1c663ac004a9e2674988c565f4cc27f
---
 defaults/main.yml                | 2 ++
 handlers/main.yml                | 2 +-
 templates/keystone-httpd.conf.j2 | 2 +-
 templates/keystone-uwsgi.ini.j2  | 2 +-
 templates/keystone_nginx.conf.j2 | 2 +-
 5 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 63a64153..e743ebcd 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -185,6 +185,7 @@ keystone_service_adminuri: "{{ keystone_service_adminuri_proto }}://{{ internal_
 # so that we do not have to be concerned with multiple web servers.
 #
 keystone_web_server: "{{ (keystone_sp != {}) | ternary('apache', 'nginx') }}"
+keystone_web_server_bind_address: 0.0.0.0
 
 ## Apache setup
 keystone_apache_log_level: info
@@ -215,6 +216,7 @@ keystone_wsgi_threads: 1
 ## Cap the maximun number of processes when a user value is unspecified.
 keystone_wsgi_processes_max: 16
 keystone_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, keystone_wsgi_processes_max] | min }}"
+keystone_uwsgi_bind_address: 0.0.0.0
 
 keystone_uwsgi_ports:
   keystone-wsgi-public:
diff --git a/handlers/main.yml b/handlers/main.yml
index fba24596..d0264943 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -28,7 +28,7 @@
 
 - name: Wait for web server to complete starting
   wait_for:
-    host: "{{ ansible_default_ipv4.address | default('127.0.0.1') }}"
+    host: "{{ keystone_web_server_bind_address }}"
     port: "{{ item }}"
     timeout: 25
     delay: 10
diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2
index 8870497a..a75f38e3 100644
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@@ -1,7 +1,7 @@
 # {{ ansible_managed }}
 
 Listen {{ keystone_service_port }}
-<VirtualHost *:{{ keystone_service_port }}>
+<VirtualHost {{ keystone_web_server_bind_address }}:{{ keystone_service_port }}>
 
     <IfVersion >= 2.4>
       ErrorLogFormat "%{cu}t %M"
diff --git a/templates/keystone-uwsgi.ini.j2 b/templates/keystone-uwsgi.ini.j2
index 8643d0f2..a1b352fc 100644
--- a/templates/keystone-uwsgi.ini.j2
+++ b/templates/keystone-uwsgi.ini.j2
@@ -10,7 +10,7 @@ virtualenv = /openstack/venvs/keystone-{{ keystone_venv_tag }}
 plugin = python3
 {% endif %}
 wsgi-file = {{ keystone_bin }}/{{ item }}
-http = :{{ keystone_uwsgi_ports[item]['http'] }}
+http = {{ keystone_uwsgi_bind_address }}:{{ keystone_uwsgi_ports[item]['http'] }}
 socket = 127.0.0.1:{{ keystone_uwsgi_ports[item]['socket'] }}
 
 master = true
diff --git a/templates/keystone_nginx.conf.j2 b/templates/keystone_nginx.conf.j2
index 13f85821..950c0f61 100644
--- a/templates/keystone_nginx.conf.j2
+++ b/templates/keystone_nginx.conf.j2
@@ -1,7 +1,7 @@
 # {{ ansible_managed }}
 server {
 
-    listen {{ keystone_nginx_ports[item] }};
+    listen {{ keystone_web_server_bind_address }}:{{ keystone_nginx_ports[item] }};
 
     {% if keystone_ssl | bool and keystone_service_adminuri_proto == "https" %}
     ssl                     on;