openstack/openstack-ansible-os_ironic
Code Issues Proposed changes
b3bbef88b3
openstack-ansible-os_ironic/tasks/ironic_inspector_post_install.yml
Jonathan Rosser b3bbef88b3 Replace default nginx config on rh-like systems 
The default nginx config file on centos/rocky includes a server
section listening on port 80 and [::]:80. There is no way to disable
this other than to adjust the configuration file.

This patch supplies a modified version of the centos nginx config
file which does not include a default server section.

A systemd drop in is installed to override the nginx service
ExecStart which starts the service using the modified configuration
file.

Change-Id: If7674a750e5316feb4d0fcff8cd0f4df7a67ffbb
2024-11-20 11:39:53 +00:00

111 lines
3.2 KiB
YAML
Raw Blame History

---
# Copyright 2019, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Default pxelinux.0 config
template:
src: pxelinux-default.j2
dest: "{{ ironic_inspector_tftpboot_dir }}/pxelinux.cfg/default"
mode: "0644"
- name: Copy Inspector iPXE Configuration
template:
src: inspector.ipxe.j2
dest: "{{ ironic_http_root }}/inspector.ipxe"
owner: "{{ ironic_system_user_name }}"
group: "{{ ironic_system_group_name }}"
mode: "0644"
- name: Download IPA Images
get_url:
url: "{{ item.url }}"
dest: "{{ ironic_inspector_httpboot_dir }}/{{ item.name }}"
checksum: "sha256:{{ item.sha_url }}"
owner: "{{ ironic_system_user_name }}"
group: "{{ ironic_system_group_name }}"
mode: '0644'
with_items: "{{ ironic_deploy_image_list }}"
- name: Configure nginx when inspector boot mode is http
when: ironic_inspector_boot_mode == 'http'
block:
- name: Disable default nginx configuration
file:
path: /etc/nginx/sites-enabled/default
state: absent
notify:
- Restart web server
- name: Remove default nginx config
file:
path: /etc/nginx/conf.d/default.conf
state: absent
notify:
- Restart web server
- name: Ensure nginx configuration directories exist
file:
path: "{{ item }}"
state: directory
mode: "0755"
with_items:
- "/etc/nginx/{{ ironic_nginx_conf_path }}"
- name: Write alternate nginx.conf for rh like systems
template:
src: nginx-nodefault.conf.j2
dest: "/etc/nginx/nginx-nodefault.conf"
mode: "0644"
when:
- ansible_facts['pkg_mgr'] == 'dnf'
notify:
- Restart web server
- name: Create systemd dropin for rh like systems
import_role:
name: systemd_service
when:
- ansible_facts['pkg_mgr'] == 'dnf'
vars:
systemd_services:
- service_name: "nginx"
systemd_overrides_only: true
load: false
systemd_overrides:
Service:
ExecStart:
- ''
- '/usr/sbin/nginx -c /etc/nginx/nginx-nodefault.conf'
notify:
- Restart web server
- name: Configure nginx virtual hosts
template:
src: ironic-ipxe.conf.j2
dest: "/etc/nginx/{{ ironic_nginx_conf_path }}/ironic-ipxe.conf"
mode: "0644"
notify:
- Restart web server
- name: Link to enable nginx virtual hosts
file:
src: "/etc/nginx/sites-available/ironic-ipxe.conf"
path: "/etc/nginx/sites-enabled/ironic-ipxe.conf"
state: link
when:
- ansible_facts['os_family'] == "Debian"
notify:
- Restart web server
View Git Blame Copy Permalink