From e377209297dd359c2191c8b1c23eae2ca21fe5eb Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@citynetwork.eu>
Date: Tue, 16 Feb 2021 11:18:08 +0200
Subject: [PATCH] Use absolute path for uwsgi_params include

Nginx config verification that is performed by ansible [1] is made
in tmp "on fly" which fails because of the relative import.

We also move task that replaces ports for nginx.conf to the end
so that config validation was accomplished after all configurations
are applied.

[1] https://opendev.org/openstack/openstack-ansible-os_keystone/src/branch/master/tasks/keystone_nginx.yml#L44

Change-Id: Ic52fc7dbdb0324ab8f4b71d25398f23a05df05d7
---
 tasks/keystone_nginx.yml         | 27 +++++++++++++++------------
 templates/keystone_nginx.conf.j2 |  2 +-
 2 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/tasks/keystone_nginx.yml b/tasks/keystone_nginx.yml
index 1fb30787..cfed18cc 100644
--- a/tasks/keystone_nginx.yml
+++ b/tasks/keystone_nginx.yml
@@ -36,18 +36,6 @@
     - Manage LB
     - Restart web server
 
-- name: Ensure nginx does not listen on 80 port
-  replace:
-    path: /etc/nginx/nginx.conf
-    regexp: "{{ item.regexp }}"
-    replace: "{{ item.replace }}"
-    validate: nginx -t -c %s
-  with_items:
-    - regexp: '(\s+listen\s+)[\[,\],:]+80'
-      replace: '\1 [::1]:8008'
-    - regexp: '(\s+listen\s+)80'
-      replace: '\1 127.0.0.1:8008'
-
 - name: Ensure configuration directories exist
   file:
     path: "{{ item }}"
@@ -104,3 +92,18 @@
   notify:
     - Manage LB
     - Restart web server
+
+- name: Ensure nginx does not listen on 80 port
+  replace:
+    path: /etc/nginx/nginx.conf
+    regexp: "{{ item.regexp }}"
+    replace: "{{ item.replace }}"
+    validate: nginx -t -c %s
+  with_items:
+    - regexp: '(\s+listen\s+)[\[,\],:]+80'
+      replace: '\1 [::1]:8008'
+    - regexp: '(\s+listen\s+)80'
+      replace: '\1 127.0.0.1:8008'
+  notify:
+    - Manage LB
+    - Restart web server
diff --git a/templates/keystone_nginx.conf.j2 b/templates/keystone_nginx.conf.j2
index a8953999..daa12392 100644
--- a/templates/keystone_nginx.conf.j2
+++ b/templates/keystone_nginx.conf.j2
@@ -47,7 +47,7 @@ server {
     }
 
     location @yourapplication {
-        include     uwsgi_params;
+        include     /etc/nginx/uwsgi_params;
         uwsgi_pass  127.0.0.1:{{ keystone_uwsgi_ports[item]['socket'] }};
         uwsgi_param SCRIPT_NAME '';
 {% for header in keystone_extra_headers %}