From 410475357da0f73d57e9514987daba0edb52a9e2 Mon Sep 17 00:00:00 2001 From: Theo Chatzimichos Date: Jan 22 2018 18:51:22 +0000 Subject: bin/test_nginx.sh: reset the grains-retrieved IPs to 127.0.0.1 nginx -t actually tries to bind to the configured listen IPs, thus resetting them to 127.0.0.1 to let it pass --- diff --git a/bin/test_nginx.sh b/bin/test_nginx.sh index c848b74..da601e4 100755 --- a/bin/test_nginx.sh +++ b/bin/test_nginx.sh @@ -17,6 +17,13 @@ reset_nginx() { printf "roles:\n- $role" | $SUDO tee /etc/salt/grains > /dev/null } +reset_ip() { + # Reset the grains-retrieved IPs to 127.0.0.1, as `nginx -t` actually tries + # to bind to any configured listen IP + + sed -i -e "s/{{ ip4_.* }}/127.0.0.1/g" pillar/role/$role.sls +} + create_fake_certs() { # We are replacing both the cert/key pair because: # - the key is encrypted and the CI worker can't decrypt it @@ -49,6 +56,7 @@ for role in ${WEB_ROLES[@]}; do if grep nginx salt/role/$role.sls > /dev/null; then echo "Testing role: $role" reset_nginx + reset_ip $SUDO salt-call --local -l quiet state.apply role.$role > /dev/null create_fake_certs if $(nginx -tq); then diff --git a/pillar/role/web_mirrors.sls b/pillar/role/web_mirrors.sls index ee15f6b..5f5d4e9 100644 --- a/pillar/role/web_mirrors.sls +++ b/pillar/role/web_mirrors.sls @@ -1,3 +1,5 @@ +{% set ip4_private = salt['grains.get']('ipv4_interfaces:private[0]') %} + include: - role.common.nginx @@ -11,7 +13,7 @@ nginx: mirrors.opensuse.org.conf: config: - server: - - listen: 192.168.47.17:80 + - listen: {{ ip4_private }}:80 - set_real_ip_from: 192.168.47.101 - set_real_ip_from: 192.168.47.102 - real_ip_header: X-Forwarded-For