Enable uwsgi to bind to multiple different IP addresses

Previously the template could only insert one http-socket or https-socket line into the uwsgi configuration file. This meant a choice between binding to a specific IP address, or 0.0.0.0 to listen on all addresses. This patch makes the template distinguish between uwsgi_bind_address being an iterable list of addresses, or a single address. It is now possible to specify a number of specific addresses to bind to. Change-Id: I088a64c65a9f9912091bd10402028db574767ca4
2022-12-19 13:46:14 +00:00 · 2022-12-19 13:46:14 +00:00 · c354def47a
commit c354def47a
parent 847ee272a1
3 changed files with 18 additions and 4 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -48,7 +48,7 @@ uwsgi_env: "{{ _uwsgi_env }}"
 #     uwsgi_overrides: {}
 #     uwsgi_processes: [ansible_facts['processor_vcpus'] | default(1), 1] | max * 2
 #     uwsgi_threads: 1
-#     uwsgi_bind_address: 0.0.0.0
+#     uwsgi_bind_address: 0.0.0.0   # OR a list, uwsgi_bind_address: [ '127.0.0.1', '1.2.3.4' ]
 #     uwsgi_port: 8080
 #     uwsgi_env: "FOO=bar"
 #     uwsgi_tls:
--- a/releasenotes/notes/bind-address-list-64633fd1cd22d785.yaml
+++ b/releasenotes/notes/bind-address-list-64633fd1cd22d785.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - |
+    The variable ``uwsgi_bind_address`` can now be a single IP address
+    passed as a string, or a list of IP addresses passed in a yaml list
+    to the uwsgi role. This allows uwsgi to listen on a specific set of
+    IP addresses rather than just a single one.
--- a/templates/uwsgi.ini.j2
+++ b/templates/uwsgi.ini.j2
@ -13,11 +13,18 @@ wsgi-file = {{ item.value.wsgi_path }}
 {% elif 'wsgi' in item.value %}
 wsgi = {{ item.value.wsgi }}
 {% endif %}
-{% if item.value.uwsgi_tls | default({}) | length %}
-https-socket = {{ item.value.uwsgi_bind_address | default('0.0.0.0') }}:{{ item.value.uwsgi_port | default(8080) }},{{ item.value.uwsgi_tls.crt }},{{ item.value.uwsgi_tls.key }},HIGH
+{% if (item.value.uwsgi_bind_address is defined) and (item.value.uwsgi_bind_address is not string) and (item.value.uwsgi_bind_address is iterable) %}
+{% set addresses = item.value.uwsgi_bind_address %}
 {% else %}
-http-socket = {{ item.value.uwsgi_bind_address | default('0.0.0.0') }}:{{ item.value.uwsgi_port | default(8080) }}
+{% set addresses = [item.value.uwsgi_bind_address | default('0.0.0.0')] %}
 {% endif %}
+{% for addr in addresses %}
+{% if item.value.uwsgi_tls | default({}) | length %}
+https-socket = {{ addr }}:{{ item.value.uwsgi_port | default(8080) }},{{ item.value.uwsgi_tls.crt }},{{ item.value.uwsgi_tls.key }},HIGH
+{% else %}
+http-socket = {{ addr }}:{{ item.value.uwsgi_port | default(8080) }}
+{% endif %}
+{% endfor %}

 master = true
 enable-threads = true