From c354def47a0d158b0df2991481ed20e46aef89c0 Mon Sep 17 00:00:00 2001
From: Jonathan Rosser <jonathan.rosser@rd.bbc.co.uk>
Date: Mon, 19 Dec 2022 13:46:14 +0000
Subject: [PATCH] Enable uwsgi to bind to multiple different IP addresses

Previously the template could only insert one http-socket or
https-socket line into the uwsgi configuration file. This meant
a choice between binding to a specific IP address, or 0.0.0.0 to
listen on all addresses.

This patch makes the template distinguish between uwsgi_bind_address
being an iterable list of addresses, or a single address. It is now
possible to specify a number of specific addresses to bind to.

Change-Id: I088a64c65a9f9912091bd10402028db574767ca4
---
 defaults/main.yml                                   |  2 +-
 .../notes/bind-address-list-64633fd1cd22d785.yaml   |  7 +++++++
 templates/uwsgi.ini.j2                              | 13 ++++++++++---
 3 files changed, 18 insertions(+), 4 deletions(-)
 create mode 100644 releasenotes/notes/bind-address-list-64633fd1cd22d785.yaml

diff --git a/defaults/main.yml b/defaults/main.yml
index 29cd40c..65f65eb 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -48,7 +48,7 @@ uwsgi_env: "{{ _uwsgi_env }}"
 #     uwsgi_overrides: {}
 #     uwsgi_processes: [ansible_facts['processor_vcpus'] | default(1), 1] | max * 2
 #     uwsgi_threads: 1
-#     uwsgi_bind_address: 0.0.0.0
+#     uwsgi_bind_address: 0.0.0.0   # OR a list, uwsgi_bind_address: [ '127.0.0.1', '1.2.3.4' ]
 #     uwsgi_port: 8080
 #     uwsgi_env: "FOO=bar"
 #     uwsgi_tls:
diff --git a/releasenotes/notes/bind-address-list-64633fd1cd22d785.yaml b/releasenotes/notes/bind-address-list-64633fd1cd22d785.yaml
new file mode 100644
index 0000000..13017e2
--- /dev/null
+++ b/releasenotes/notes/bind-address-list-64633fd1cd22d785.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    The variable ``uwsgi_bind_address`` can now be a single IP address
+    passed as a string, or a list of IP addresses passed in a yaml list
+    to the uwsgi role. This allows uwsgi to listen on a specific set of
+    IP addresses rather than just a single one.
diff --git a/templates/uwsgi.ini.j2 b/templates/uwsgi.ini.j2
index 7113bc1..0ec9810 100644
--- a/templates/uwsgi.ini.j2
+++ b/templates/uwsgi.ini.j2
@@ -13,11 +13,18 @@ wsgi-file = {{ item.value.wsgi_path }}
 {% elif 'wsgi' in item.value %}
 wsgi = {{ item.value.wsgi }}
 {% endif %}
-{% if item.value.uwsgi_tls | default({}) | length %}
-https-socket = {{ item.value.uwsgi_bind_address | default('0.0.0.0') }}:{{ item.value.uwsgi_port | default(8080) }},{{ item.value.uwsgi_tls.crt }},{{ item.value.uwsgi_tls.key }},HIGH
+{% if (item.value.uwsgi_bind_address is defined) and (item.value.uwsgi_bind_address is not string) and (item.value.uwsgi_bind_address is iterable) %}
+{% set addresses = item.value.uwsgi_bind_address %}
 {% else %}
-http-socket = {{ item.value.uwsgi_bind_address | default('0.0.0.0') }}:{{ item.value.uwsgi_port | default(8080) }}
+{% set addresses = [item.value.uwsgi_bind_address | default('0.0.0.0')] %}
 {% endif %}
+{% for addr in addresses %}
+{% if item.value.uwsgi_tls | default({}) | length %}
+https-socket = {{ addr }}:{{ item.value.uwsgi_port | default(8080) }},{{ item.value.uwsgi_tls.crt }},{{ item.value.uwsgi_tls.key }},HIGH
+{% else %}
+http-socket = {{ addr }}:{{ item.value.uwsgi_port | default(8080) }}
+{% endif %}
+{% endfor %}
 
 master = true
 enable-threads = true