3e06f195b7
Changes in patchset #11: 1) moved to putting default port variables in group_vars/all.yml 2) updated README to specify changing port variables for undercloud deployments 3) removed setting variables in the nginx task, but we can utilize fail: checks for variable checks instead (cleaner). Changes in patchet #10: 1) added become: true for filebeat per jtaleric comments 2) added no_log: True to reduce unecessary firewall debug discovery during the playbook run Changes in patchset #9: Rebased against commit 5ef39f88ddd6b2f26ae080be3a63301f5395a30e Changes in patchset #8: 1) use restart instead of start for ansible service this will address when you re-run playbooks if you decide to change the listener ports Changes in patchset #7: 1) use rpm_key ansible module instead of rpm command for GPG key management Changes in patchset #6: 1) ensure elk_server_ssl_cert_port variable can be set for non-standard port access like elk_server Changes in patchset #5: 1) use 'become=true' for all operations within filebeat so that elk clients running as non-root (but privileged) users can run client deployments. Changes in patchset #4: 1) turn logstash stdout off by default 2) remove unneeded logstash refresh Changes in patchset #3: 1) remove debug statements for port variable testing Changes in patchset #2: 1) remove unneeded conditional logic, only comparison for 'none' is needed. 2) fix duplicate variable assignment 3) add more info to group_vars/all comments that you need to use nonstandard ports for both if you need one only. Changes introduced in patchset #1: This provides the following functionality: 1) adds two new variables to group_vars/all: * nginx_kibana_port * elk_server_ssl_cert_port 2) sets a normal default for these ports if they are not defined explicitly. If these are not defined then default ports of 80/TCP and 8080/TCP will be used respectively. If they are defined (in case of undercloud install where lots of services/ports are listening on standard ports) then both nginx jinja2 templates will be updated along with firewall rules. Why we need this functionality, and why we should use it: 1) Avoid hard-coded defaults like 1.1.1.1 or service ports 2) Minimize the amount of editing needed for variables before Browbeat can be run by users Change-Id: Ia689f73d9c0c83de4d34a1954824afbee8205c25
56 lines
1.5 KiB
Django/Jinja
56 lines
1.5 KiB
Django/Jinja
# For more information on configuration, see:
|
|
# * Official English Documentation: http://nginx.org/en/docs/
|
|
# * Official Russian Documentation: http://nginx.org/ru/docs/
|
|
|
|
user nginx;
|
|
worker_processes auto;
|
|
error_log /var/log/nginx/error.log;
|
|
pid /run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
|
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
|
# for more information.
|
|
include /etc/nginx/conf.d/*.conf;
|
|
|
|
server {
|
|
listen {{elk_server_ssl_cert_port}} default_server;
|
|
listen [::]:{{elk_server_ssl_cert_port}} default_server;
|
|
server_name _;
|
|
root /usr/share/nginx/html;
|
|
|
|
# Load configuration files for the default server block.
|
|
include /etc/nginx/default.d/*.conf;
|
|
|
|
location / {
|
|
}
|
|
|
|
error_page 404 /404.html;
|
|
location = /40x.html {
|
|
}
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
}
|
|
}
|
|
}
|