Fix keystone nginx behaviour
When keystone and horizon are both deployed on metal, it's important that after keystone run horizon won't get stopped. Also this patch replaces of default listen on 80, in case it's set in /etc/nginx/nginx.conf rather as an include file (like in CentOS8) with port 8008 which is not used by any OpenStack services [1] and is stated as alternate http port [2] [1] https://docs.openstack.org/install-guide/firewalls-default-ports.html [2] https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=http-alt Change-Id: I064c2a432b1b8de26d93dc26932874a106e2cf58
This commit is contained in:
Dmitriy Rabotyagov
Jonathan Rosser
parent
2dda74a3d0
commit
dacf3e8666
@ -18,6 +18,7 @@
|
|||||||
name: "{{ keystone_system_service_name }}"
|
name: "{{ keystone_system_service_name }}"
|
||||||
state: stopped
|
state: stopped
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
when: ('horizon_all' in groups and inventory_hostname not in groups['horizon_all']) or ('horizon_all' not in groups)
|
||||||
|
|
||||||
- name: Disable default configuration
|
- name: Disable default configuration
|
||||||
file:
|
file:
|
||||||
@ -35,6 +36,18 @@
|
|||||||
- Manage LB
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
|
- name: Ensure nginx does not listen on 80 port
|
||||||
|
replace:
|
||||||
|
path: /etc/nginx/nginx.conf
|
||||||
|
regexp: "{{ item.regexp }}"
|
||||||
|
replace: "{{ item.replace }}"
|
||||||
|
validate: nginx -t -c %s
|
||||||
|
with_items:
|
||||||
|
- regexp: '(\s+listen\s+)[\[,\],:]+80'
|
||||||
|
replace: '\1 [::1]:8008'
|
||||||
|
- regexp: '(\s+listen\s+)80'
|
||||||
|
replace: '\1 127.0.0.1:8008'
|
||||||
|
|
||||||
- name: Ensure configuration directories exist
|
- name: Ensure configuration directories exist
|
||||||
file:
|
file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user