bug(ansible): distributed_setup/defaults backend_port: 8443 conflicts with backend role's 8001

[mrveiss]

Problem

autobot-slm-backend/ansible/roles/distributed_setup/defaults/main.yml line 63:

backend_port: 8443

The backend role's own defaults/main.yml correctly defines:

backend_host: "127.0.0.1"   # uvicorn: localhost only
backend_port: 8001           # uvicorn: plain HTTP port

Ansible role defaults have the lowest precedence, so whichever role runs last wins for that variable. When any playbook runs distributed_setup AFTER backend (or when distributed_setup is included via another role), backend_port is left as 8443 in the host var space.

This was the secondary source of the bug fixed in #3426, where uvicorn was started with --port 8443 (nginx's TLS port) instead of 8001. PR #3429 fixed the wizard path, but direct Ansible runs using slm-nodes.yml with plays that include distributed_setup before backend are still vulnerable.

Fix

distributed_setup/defaults/main.yml uses backend_port to mean the external nginx TLS port (for health check URLs). Rename it to backend_nginx_port or backend_external_port to avoid collision with the backend role's internal bind port:

# External TLS port exposed by nginx (for health checks and service discovery URLs)
backend_nginx_port: 8443

Update all references in distributed_setup templates (check-health.sh.j2, distributed.env.j2, fleet_topology.yml.j2, fleet_registry.json.j2) to use the renamed var.

Area

ansible/roles/distributed_setup

Priority

Medium — silent misbehaviour on direct playbook runs, already worked around for wizard path in #3429.

[github-actions]

PR #3442 (merged to Dev_new_gui) references this issue with a close keyword.

fix(ansible): rename backend_port to backend_nginx_port in distributed_setup (#3431)

If this issue is fully resolved, close it manually. If work remains, no action is needed.

[mrveiss]

Fixed in PR #3442 — renamed backend_port to backend_nginx_port.