Allow bind and nginx to be different #123
Conversation
This introduces a pulp_api_bind variable in the 'pulp' playbook which the user can use to set the bind address (or multiple) of pulp-api. This is used by the pulp-api service template for the systemd service. It moves the nginx and apache reverse proxy variables out of the 'pulp' playbook and into the 'pulp-webserver' playbook where they are used exclusively. The defaults are there also. It created 4 variables: * pulp_content_host * pulp_content_port * pulp_api_host * pulp_api_port https://pulp.plan.io/issues/4964 closes #4964
| * `pulp_use_system_wide_pkgs` Use python system-wide packages. Defaults to "false". | ||
| * `pulp_remote_user_environ_name` Optional. Set the `REMOTE_USER_ENVIRON_NAME` setting for Pulp. | ||
| * `pulp_content_host`: Host and port where Pulp content app is served. Defaults to `127.0.0.1:24816` | ||
| This variable will be set as the value of `CONTENT_HOST` as the base path to build content URLs. | ||
| * `pulp_api_bind` Interface and Port where Pulp Content `gunicorn` service will listen. Defaults to |
There was a problem hiding this comment.
Whats the logic behind combining this into one variable? Since you arent using namespaced variables, I know how to always construct this value via pulp_api_bind: {{ pulp_api_host }}:{{ pulp_api_port }} since it needs to match the reverse proxy values.
There was a problem hiding this comment.
@ehelms in a multi server deployment we can have api serving on server1:24817 and content serving on server2:24817 the fqdn is important in this case to write the proper settings files like /etc/pulp/settings.py where the CONTENT_HOST variable will be read.
At the same time, when starting the services like gunicorn and nginx we want the ability to set it to listen throught all the interfaces like 0.0.0.0:24816 or specific interfaces in a more complex deployment.
There was a problem hiding this comment.
There are two motivations for doing it this way. Note that this isn't replacing pulp_api_host and pulp_api_port, those got moved to the pulp-webserver role. This pattern seemed redundant to me at first also. Why are they moving there and bind stays here? I'll try to explain.
-
pulp_api_bind != to {{pulp_api_host}}:{{pulp_api_port}} in cases where the installer is run with nginx reverse proxying from host A to gunicorn hosting pulp-api on host B you may need to bind the gunicorn process to an interface (not a hostname), and you may need to address that service by its hostname differently. For example, 'localhost' on host A is not the same 'localhost' on host B. Also it's possible there are load-balancers in between host A and B.
-
Also consider the use case of multiple bind addresses. Say you want to bind to both IPv4 and IPv6. If we continue assembling pulp_api_bind as {{pulp_api_host}}:{{pulp_api_port}} then the user could never provide multiple bind addresses to meet that use case.
Note that these reverse proxy variables aren't yet correctly configured in the nginx and apache configs. Those are stories https://pulp.plan.io/issues/4966 and https://pulp.plan.io/issues/4967.
Also this same bind/host/port triple-variable pattern is also in-place for the pulp-content-app, except the pulp_content_bind lives in the pulp-content role, and the webserver parts live in pulp-webserver (similar to pulp_api_host, etc).
I'm going to merge now so we can unblock https://pulp.plan.io/issues/4965, but if this doesn't make sense or there is any way it could be better, please reach out.
This introduces a pulp_api_bind variable in the 'pulp' playbook which
the user can use to set the bind address (or multiple) of pulp-api. This
is used by the pulp-api service template for the systemd service.
It moves the nginx and apache reverse proxy variables out of the 'pulp'
playbook and into the 'pulp-webserver' playbook where they are used
exclusively. The defaults are there also. It created 4 variables:
https://pulp.plan.io/issues/4964
closes #4964