From fde90991985a39ea35de3b5c5bcf626853ea314c Mon Sep 17 00:00:00 2001
From: Scott Percival <scott.percival@dbca.wa.gov.au>
Date: Wed, 3 Jan 2018 09:39:36 +0800
Subject: [PATCH] Add REMOTE_HOST_HEADERS override to OpenShift template

Signed-off-by: Scott Percival <scott.percival@dbca.wa.gov.au>
---
 installer/openshift/templates/configmap.yml.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/installer/openshift/templates/configmap.yml.j2 b/installer/openshift/templates/configmap.yml.j2
index 486c768797..803ea27fa1 100644
--- a/installer/openshift/templates/configmap.yml.j2
+++ b/installer/openshift/templates/configmap.yml.j2
@@ -17,6 +17,11 @@ data:
     CLUSTER_HOST_ID = socket.gethostname()
     SYSTEM_UUID = '00000000-0000-0000-0000-000000000000'
     
+    # Token-based authentication performs a hash check on HTTP headers expected to be consistent, including the remote host IP.
+    # The default OpenShift router exposes the remote host IP via the X-Forwarded-For header.
+    # You might have to change this setting if you use an additional reverse proxy in front of OpenShift.
+    REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR']
+
     CELERY_TASK_QUEUES += (Queue(CLUSTER_HOST_ID, Exchange(CLUSTER_HOST_ID), routing_key=CLUSTER_HOST_ID),)
     CELERY_TASK_ROUTES['awx.main.tasks.cluster_node_heartbeat'] = {'queue': CLUSTER_HOST_ID, 'routing_key': CLUSTER_HOST_ID}
     CELERY_TASK_ROUTES['awx.main.tasks.purge_old_stdout_files'] = {'queue': CLUSTER_HOST_ID, 'routing_key': CLUSTER_HOST_ID}