Replace default nginx config on rh-like systems

The default nginx config file on centos/rocky includes a server
section listening on port 80 and [::]:80. There is no way to disable
this other than to adjust the configuration file.

This patch supplies a modified version of the centos nginx config
file which does not include a default server section.

A systemd drop in is installed to override the nginx service
ExecStart which starts the service using the modified configuration
file.

Change-Id: If7674a750e5316feb4d0fcff8cd0f4df7a67ffbb

tasks/ironic_conductor_post_install.yml

@@ -116,6 +116,34 @@
   with_items:
     - "/etc/nginx/{{ ironic_nginx_conf_path }}"
 
+- name: Write alternate nginx.conf for rh like systems
+  template:
+    src: nginx-nodefault.conf.j2
+    dest: "/etc/nginx/nginx-nodefault.conf"
+    mode: "0644"
+  when:
+    - ansible_facts['pkg_mgr'] == 'dnf'
+  notify:
+    - Restart web server
+
+- name: Create systemd dropin for rh like systems
+  import_role:
+    name: systemd_service
+  when:
+    - ansible_facts['pkg_mgr'] == 'dnf'
+  vars:
+    systemd_services:
+      - service_name: "nginx"
+        systemd_overrides_only: true
+        load: false
+        systemd_overrides:
+          Service:
+            ExecStart:
+              - ''
+              - '/usr/sbin/nginx -c /etc/nginx/nginx-nodefault.conf'
+  notify:
+    - Restart web server
+
 - name: Configure nginx virtual hosts
   template:
     src: ironic-ipxe.conf.j2

tasks/ironic_inspector_post_install.yml

@@ -63,6 +63,34 @@
       with_items:
         - "/etc/nginx/{{ ironic_nginx_conf_path }}"
 
+    - name: Write alternate nginx.conf for rh like systems
+      template:
+        src: nginx-nodefault.conf.j2
+        dest: "/etc/nginx/nginx-nodefault.conf"
+        mode: "0644"
+      when:
+        - ansible_facts['pkg_mgr'] == 'dnf'
+      notify:
+        - Restart web server
+
+    - name: Create systemd dropin for rh like systems
+      import_role:
+        name: systemd_service
+      when:
+        - ansible_facts['pkg_mgr'] == 'dnf'
+      vars:
+        systemd_services:
+          - service_name: "nginx"
+            systemd_overrides_only: true
+            load: false
+            systemd_overrides:
+              Service:
+                ExecStart:
+                  - ''
+                  - '/usr/sbin/nginx -c /etc/nginx/nginx-nodefault.conf'
+      notify:
+        - Restart web server
+
     - name: Configure nginx virtual hosts
       template:
         src: ironic-ipxe.conf.j2

templates/nginx-nodefault.conf.j2

@@ -0,0 +1,39 @@
+# For more information on configuration, see:
+#   * Official English Documentation: http://nginx.org/en/docs/
+#   * Official Russian Documentation: http://nginx.org/ru/docs/
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 4096;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+}
+