Enable and use salt_api proxy by default
* Use nginx as proxy
* Misc: define defaults for
salt_master_host
infra_config_address
reclass_config_master
jenkins_salt_api_url
* Pass certs dir for jenkins docker slaves
Related: PROD-27641(PROD:27641)
Related: PROD-30528(PROD:30528)
Change-Id: I5fac90101131a8d8d4fa7857982f18c855e0771c
diff --git a/defaults/init.yml b/defaults/init.yml
index b37fbfb..0094ec3 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -11,6 +11,7 @@
- system.defaults.backupninja
- system.defaults.git
- system.defaults.glusterfs
+- system.defaults.nginx
- system.defaults.jenkins
- system.defaults.postgresql
- system.defaults.maas
@@ -58,3 +59,7 @@
single_address: '127.0.0.1'
# Cloudwatch api removed from Queens
openstack_heat_cloudwatch_api_enabled: True
+
+ salt_master_host: '127.0.0.1'
+ infra_config_address: '127.0.0.1'
+ reclass_config_master: '127.0.0.1'
diff --git a/defaults/jenkins.yml b/defaults/jenkins.yml
index eddf216..d01bf4e 100644
--- a/defaults/jenkins.yml
+++ b/defaults/jenkins.yml
@@ -3,4 +3,4 @@
jenkins_master_port: 8081
jenkins_master_protocol: http
jenkins_pipelines_branch: "master"
- jenkins_salt_api_url: "http://${_param:salt_master_host}:${_param:salt_master_api_port}"
+ jenkins_salt_api_url: "https://${_param:salt_master_host}:${_param:nginx_proxy_salt_api_site_port}"
diff --git a/defaults/nginx.yml b/defaults/nginx.yml
new file mode 100644
index 0000000..dd47452
--- /dev/null
+++ b/defaults/nginx.yml
@@ -0,0 +1,5 @@
+parameters:
+ _param:
+ nginx_proxy_salt_api_proxy_protocol: 'http'
+ nginx_proxy_salt_api_site_port: 8969
+ nginx_proxy_salt_api_site_protocol: 'https'
diff --git a/defaults/salt/init.yml b/defaults/salt/init.yml
index a720189..0b80c35 100644
--- a/defaults/salt/init.yml
+++ b/defaults/salt/init.yml
@@ -57,3 +57,4 @@
- '@jobs' # to allow access to the jobs runner and/or wheel mo
salt_minion_ca_authority: salt_master_ca
+ salt_master_api_bind_address: 0.0.0.0