Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 882feee0a5964568ff5e5432b9fc63b82c8f4192^! / . / nginx / server / proxy / openstack / barbican.yml
commit882feee0a5964568ff5e5432b9fc63b82c8f4192[log] [tgz]
authorVasyl Saienko <vsaienko@mirantis.com>Tue Jan 16 16:33:02 2018 +0200
committerVasyl Saienko <vsaienko@mirantis.com>Mon Jan 22 10:10:05 2018 +0000
tree5d9df30dffbcb8debaaca4ecb7751d4e3a4e3176
parentd802e9e44c028916fca88702c12ba513ed0a73fc [diff] [blame]
Prepare nginx proxy config to be installed on controllers

When SSL is enabled nginx is used as SSL termination proxy.
It will be installed on controllers and will proxy requests to
openstack service that listens on localhost.
This patch makes sure nginx site listens only on specific IP, specified
in `nginx_proxy_openstack_api_address` parameter, by default 0.0.0.0
And allow to do flexible configuration of proxy site IP.

Change-Id: I861da305655fd1c8f5b011cef857b7818a00921b
Related-Prod: PROD-16990

diff --git a/nginx/server/proxy/openstack/barbican.yml b/nginx/server/proxy/openstack/barbican.yml
index 5f658d1..89e5a9c 100644
--- a/nginx/server/proxy/openstack/barbican.yml
+++ b/nginx/server/proxy/openstack/barbican.yml

@@ -1,6 +1,8 @@
 parameters:
   _param:
     nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
+    nginx_proxy_openstack_api_address: 0.0.0.0
+    nginx_proxy_openstack_barbican_host: ${_param:barbican_service_host}
   nginx:
     server:
       enabled: true
@@ -11,10 +13,11 @@
           name: openstack_api_barbican
           check: false
           proxy:
-            host: ${_param:barbican_service_host}
+            host: ${_param:nginx_proxy_openstack_barbican_host}
             port: 9311
             protocol: http
           host:
             name: ${_param:nginx_proxy_openstack_api_host}
             port: 9311
+            address: ${_param:nginx_proxy_openstack_api_address}
           ssl: ${_param:nginx_proxy_ssl}