19b028e660
This patch introduces a global keep alive timeout value for services that leverage httpd + wsgi to handle http/https requests. The default value is one minute. Change-Id: Icf7cb0baf86b428a60a7e9bbed642999711865cd Partially-Implements: blueprint add-ssl-internal-network
80 lines
3.2 KiB
Django/Jinja
80 lines
3.2 KiB
Django/Jinja
{% set keystone_log_dir = '/var/log/kolla/keystone' %}
|
|
{% if keystone_install_type == 'binary' %}
|
|
{% set python_path = '/usr/lib/python3/dist-packages' if kolla_base_distro in ['debian', 'ubuntu'] else '/usr/lib/python' ~ distro_python_version ~ '/site-packages' %}
|
|
{% else %}
|
|
{% set python_path = '/var/lib/kolla/venv/lib/python' + distro_python_version + '/site-packages' %}
|
|
{% endif %}
|
|
{% set binary_path = '/usr/bin' if keystone_install_type == 'binary' else '/var/lib/kolla/venv/bin' %}
|
|
{% if keystone_enable_tls_backend | bool %}
|
|
{% if kolla_base_distro in ['centos'] %}
|
|
LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
|
|
{% else %}
|
|
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
|
|
{% endif %}
|
|
{% endif %}
|
|
Listen {{ api_interface_address | put_address_in_context('url') }}:{{ keystone_public_listen_port }}
|
|
Listen {{ api_interface_address | put_address_in_context('url') }}:{{ keystone_admin_listen_port }}
|
|
|
|
ServerSignature Off
|
|
ServerTokens Prod
|
|
TraceEnable off
|
|
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
|
|
|
|
ErrorLog "{{ keystone_log_dir }}/apache-error.log"
|
|
<IfModule log_config_module>
|
|
CustomLog "{{ keystone_log_dir }}/apache-access.log" common
|
|
</IfModule>
|
|
|
|
{% if keystone_logging_debug | bool %}
|
|
LogLevel info
|
|
{% endif %}
|
|
|
|
<Directory "{{ binary_path }}">
|
|
<FilesMatch "^keystone-wsgi-(public|admin)$">
|
|
AllowOverride None
|
|
Options None
|
|
Require all granted
|
|
</FilesMatch>
|
|
</Directory>
|
|
|
|
|
|
<VirtualHost *:{{ keystone_public_listen_port }}>
|
|
WSGIDaemonProcess keystone-public processes={{ openstack_service_workers }} threads=1 user=keystone group=keystone display-name=%{GROUP} python-path={{ python_path }}
|
|
WSGIProcessGroup keystone-public
|
|
WSGIScriptAlias / {{ binary_path }}/keystone-wsgi-public
|
|
WSGIApplicationGroup %{GLOBAL}
|
|
WSGIPassAuthorization On
|
|
<IfVersion >= 2.4>
|
|
ErrorLogFormat "%{cu}t %M"
|
|
</IfVersion>
|
|
ErrorLog "{{ keystone_log_dir }}/keystone-apache-public-error.log"
|
|
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat
|
|
CustomLog "{{ keystone_log_dir }}/keystone-apache-public-access.log" logformat
|
|
|
|
{% if keystone_enable_tls_backend | bool %}
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/keystone/certs/keystone-cert.pem
|
|
SSLCertificateKeyFile /etc/keystone/certs/keystone-key.pem
|
|
{% endif %}
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:{{ keystone_admin_listen_port }}>
|
|
WSGIDaemonProcess keystone-admin processes={{ openstack_service_workers }} threads=1 user=keystone group=keystone display-name=%{GROUP} python-path={{ python_path }}
|
|
WSGIProcessGroup keystone-admin
|
|
WSGIScriptAlias / {{ binary_path }}/keystone-wsgi-admin
|
|
WSGIApplicationGroup %{GLOBAL}
|
|
WSGIPassAuthorization On
|
|
<IfVersion >= 2.4>
|
|
ErrorLogFormat "%{cu}t %M"
|
|
</IfVersion>
|
|
ErrorLog "{{ keystone_log_dir }}/keystone-apache-admin-error.log"
|
|
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat
|
|
CustomLog "{{ keystone_log_dir }}/keystone-apache-admin-access.log" logformat
|
|
|
|
{% if keystone_enable_tls_backend | bool %}
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/keystone/certs/keystone-cert.pem
|
|
SSLCertificateKeyFile /etc/keystone/certs/keystone-key.pem
|
|
{% endif %}
|
|
</VirtualHost>
|