Enable and use salt_api proxy by default
* Use nginx as proxy
* Misc: define defaults for
salt_master_host
infra_config_address
reclass_config_master
jenkins_salt_api_url
* Pass certs dir for jenkins docker slaves
Related: PROD-27641(PROD:27641)
Related: PROD-30528(PROD:30528)
Change-Id: I5fac90101131a8d8d4fa7857982f18c855e0771c
diff --git a/defaults/init.yml b/defaults/init.yml
index bcee4bf..c90c404 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -11,6 +11,7 @@
- system.defaults.backupninja
- system.defaults.git
- system.defaults.glusterfs
+- system.defaults.nginx
- system.defaults.jenkins
- system.defaults.maas
- system.defaults.opencontrail
@@ -55,3 +56,6 @@
# Cloudwatch api removed from Queens
openstack_heat_cloudwatch_api_enabled: True
+ salt_master_host: '127.0.0.1'
+ infra_config_address: '127.0.0.1'
+ reclass_config_master: '127.0.0.1'
diff --git a/defaults/jenkins.yml b/defaults/jenkins.yml
index 36bcbfb..d01bf4e 100644
--- a/defaults/jenkins.yml
+++ b/defaults/jenkins.yml
@@ -3,3 +3,4 @@
jenkins_master_port: 8081
jenkins_master_protocol: http
jenkins_pipelines_branch: "master"
+ jenkins_salt_api_url: "https://${_param:salt_master_host}:${_param:nginx_proxy_salt_api_site_port}"
diff --git a/defaults/nginx.yml b/defaults/nginx.yml
new file mode 100644
index 0000000..dd47452
--- /dev/null
+++ b/defaults/nginx.yml
@@ -0,0 +1,5 @@
+parameters:
+ _param:
+ nginx_proxy_salt_api_proxy_protocol: 'http'
+ nginx_proxy_salt_api_site_port: 8969
+ nginx_proxy_salt_api_site_protocol: 'https'
diff --git a/defaults/salt/init.yml b/defaults/salt/init.yml
index feb27d7..d915fbe 100644
--- a/defaults/salt/init.yml
+++ b/defaults/salt/init.yml
@@ -56,3 +56,4 @@
- '@jobs' # to allow access to the jobs runner and/or wheel mo
salt_minion_ca_authority: salt_master_ca
+ salt_master_api_bind_address: 0.0.0.0