diff --git a/devstack/files/apache-ironic-api.template b/devstack/files/apache-ironic-api.template index ffc7bca5bf..283c9b2f7c 100644 --- a/devstack/files/apache-ironic-api.template +++ b/devstack/files/apache-ironic-api.template @@ -38,3 +38,12 @@ Listen %IRONIC_SERVICE_PORT% + +Alias /baremetal %IRONIC_WSGI_DIR%/app.wsgi + + SetHandler wsgi-script + Options +ExecCGI + WSGIProcessGroup ironic-api + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + diff --git a/devstack/lib/ironic b/devstack/lib/ironic index d657016d72..c4b2d7c632 100644 --- a/devstack/lib/ironic +++ b/devstack/lib/ironic @@ -270,7 +270,12 @@ IRONIC_BIN_DIR=$(get_python_exec_prefix) # Ironic connection info. Note the port must be specified. IRONIC_SERVICE_PROTOCOL=${IRONIC_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} IRONIC_SERVICE_PORT=${IRONIC_SERVICE_PORT:-6385} -IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST:$IRONIC_SERVICE_PORT} +# If ironic api running under apache we use the path rather than port +if [[ "$IRONIC_USE_MOD_WSGI" != "True" ]]; then + IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST:$IRONIC_SERVICE_PORT} +else + IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST/baremetal} +fi # Enable iPXE IRONIC_IPXE_ENABLED=$(trueorfalse True IRONIC_IPXE_ENABLED) @@ -983,10 +988,15 @@ function configure_ironic_api { iniset $IRONIC_CONF_FILE oslo_policy policy_file $IRONIC_POLICY_JSON iniset_rpc_backend ironic $IRONIC_CONF_FILE - iniset $IRONIC_CONF_FILE api port $IRONIC_SERVICE_PORT iniset $IRONIC_CONF_FILE conductor automated_clean $IRONIC_AUTOMATED_CLEAN_ENABLED + if [[ "$IRONIC_USE_MOD_WSGI" == "True" ]]; then + iniset $IRONIC_CONF_FILE api public_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT + else + iniset $IRONIC_CONF_FILE api port $IRONIC_SERVICE_PORT + fi + cp -p $IRONIC_DIR/etc/ironic/policy.json $IRONIC_POLICY_JSON } @@ -1037,7 +1047,7 @@ function configure_ironic_conductor { iniset $IRONIC_CONF_FILE DEFAULT enabled_hardware_types $IRONIC_ENABLED_HARDWARE_TYPES iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF - iniset $IRONIC_CONF_FILE conductor api_url $IRONIC_SERVICE_PROTOCOL://$SERVICE_HOST:$IRONIC_SERVICE_PORT + iniset $IRONIC_CONF_FILE conductor api_url $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT if [[ -n "$IRONIC_CALLBACK_TIMEOUT" ]]; then iniset $IRONIC_CONF_FILE conductor deploy_callback_timeout $IRONIC_CALLBACK_TIMEOUT fi @@ -1230,7 +1240,7 @@ function start_ironic_api { run_process ir-api "$IRONIC_BIN_DIR/ironic-api --config-file=$IRONIC_CONF_FILE" fi echo "Waiting for ir-api ($IRONIC_HOSTPORT) to start..." - if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT; do sleep 1; done"; then + if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/; do sleep 1; done"; then die $LINENO "ir-api did not start" fi } @@ -1698,7 +1708,12 @@ function configure_iptables { sudo iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT || true # nodes boot from TFTP and callback to the API server listening on $HOST_IP sudo iptables -I INPUT -d $IRONIC_TFTPSERVER_IP -p udp --dport 69 -j ACCEPT || true - sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true + # To use named /baremetal endpoint we should open default apache port + if [[ "$IRONIC_USE_MOD_WSGI" == "False" ]]; then + sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true + else + sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true + fi if is_deployed_by_agent; then # agent ramdisk gets instance image from swift sudo iptables -I INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true @@ -1983,6 +1998,7 @@ function cleanup_baremetal_basic_ops { restart_service xinetd sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true sudo iptables -D INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true + sudo iptables -D INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true if is_deployed_by_agent; then # agent ramdisk gets instance image from swift sudo iptables -D INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true