From dacf3e8666afa23ba934d207f148ce46455b6758 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Fri, 25 Sep 2020 15:54:27 +0300 Subject: [PATCH] Fix keystone nginx behaviour When keystone and horizon are both deployed on metal, it's important that after keystone run horizon won't get stopped. Also this patch replaces of default listen on 80, in case it's set in /etc/nginx/nginx.conf rather as an include file (like in CentOS8) with port 8008 which is not used by any OpenStack services [1] and is stated as alternate http port [2] [1] https://docs.openstack.org/install-guide/firewalls-default-ports.html [2] https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=http-alt Change-Id: I064c2a432b1b8de26d93dc26932874a106e2cf58 --- tasks/keystone_nginx.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tasks/keystone_nginx.yml b/tasks/keystone_nginx.yml index 875cedd4..1fb30787 100644 --- a/tasks/keystone_nginx.yml +++ b/tasks/keystone_nginx.yml @@ -18,6 +18,7 @@ name: "{{ keystone_system_service_name }}" state: stopped failed_when: false + when: ('horizon_all' in groups and inventory_hostname not in groups['horizon_all']) or ('horizon_all' not in groups) - name: Disable default configuration file: @@ -35,6 +36,18 @@ - Manage LB - Restart web server +- name: Ensure nginx does not listen on 80 port + replace: + path: /etc/nginx/nginx.conf + regexp: "{{ item.regexp }}" + replace: "{{ item.replace }}" + validate: nginx -t -c %s + with_items: + - regexp: '(\s+listen\s+)[\[,\],:]+80' + replace: '\1 [::1]:8008' + - regexp: '(\s+listen\s+)80' + replace: '\1 127.0.0.1:8008' + - name: Ensure configuration directories exist file: path: "{{ item }}"