openstack/openstack-ansible-os_horizon
Code Issues Proposed changes

Add uwsgi option to horizon

Browse Source 
This change provides the horizon role the ability to deploy its services
using uWSGI instead of apache. This feature produces a minimal horizon
deployment which is perfectly functional in cases where capabilities
like federation and SSL terminated all the way through are not needed.

Change-Id: I457a111511543731746d868ae7f7184743e5703b
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
This commit is contained in:
Kevin Carter 2022-09-07 21:44:22 -05:00
parent 10126daa9c
commit 8f8a84f15c
17 changed files with 123 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
defaults/main.yml
View File

@ -39,6 +39,9 @@ horizon_git_repo: https://opendev.org/openstack/horizon
horizon_git_track_branch: master horizon_git_track_branch: master
horizon_git_install_branch: "{{ horizon_git_track_branch }}" horizon_git_install_branch: "{{ horizon_git_track_branch }}"
# Enable or disable apache. If disabled a basic uwsgi deployment will be setup for this service.
horizon_use_uwsgi: false
## The git source/branch for the Adjutant UI plugin ## The git source/branch for the Adjutant UI plugin
adjutant_dashboard_git_repo: https://opendev.org/openstack/adjutant-ui adjutant_dashboard_git_repo: https://opendev.org/openstack/adjutant-ui
adjutant_dashboard_git_install_branch: "{{ horizon_git_track_branch }}" adjutant_dashboard_git_install_branch: "{{ horizon_git_track_branch }}"
@ -153,6 +156,7 @@ horizon_lib_wsgi_file: "{{ horizon_lib_dir }}/openstack_dashboard/wsgi.py"
horizon_endpoint_type: internalURL horizon_endpoint_type: internalURL
horizon_server_name: "{{ ansible_facts['fqdn'] | default('horizon') }}" horizon_server_name: "{{ ansible_facts['fqdn'] | default('horizon') }}"
horizon_apache_servertokens: "Prod" horizon_apache_servertokens: "Prod"
horizon_apache_serversignature: "Off" horizon_apache_serversignature: "Off"
horizon_log_level: info horizon_log_level: info
@ -505,6 +509,9 @@ horizon_config_overrides: {}
# "volume:create": "rule:admin_or_owner" # "volume:create": "rule:admin_or_owner"
horizon_policy_overrides: {} horizon_policy_overrides: {}
horizon_init_overrides: {}
horizon_uwsgi_ini_overrides: {}
horizon_keystone_admin_roles: horizon_keystone_admin_roles:
- admin - admin

2
handlers/main.yml
View File

@ -22,7 +22,7 @@
listen: listen:
- "venv changed" - "venv changed"
- name: Restart apache2 - name: Restart wsgi process
service: service:
name: "{{ horizon_system_service_name }}" name: "{{ horizon_system_service_name }}"
enabled: yes enabled: yes

15
releasenotes/notes/horizon_uwsgi-28d22fc08594ecb3.yaml Normal file
View File

@ -0,0 +1,15 @@
---
features:
- |
Horizon now has the ability to run directly from uWSGI. To support
this feature the new Boolean variable `horizon_use_uwsgi` has
been added. The new variable, when set to **true**, will omit the
apache2 install process and instead run horizon from a uWSGI process
leveraging a systemd service file.
other:
- |
When the option `horizon_use_uwsgi` is enabled, operators need
to be aware that not all horizon capabilities will be present. The
minimal uSGI process is just that, minimal, and not full featured.
If the deployment requires full featured capabilities, the apache
based deployment should remain enabled.

16
tasks/horizon_apache.yml
View File

@ -23,7 +23,7 @@
- "{{ horizon_apache_modules }}" - "{{ horizon_apache_modules }}"
when: when:
- ansible_facts['pkg_mgr'] == 'apt' - ansible_facts['pkg_mgr'] == 'apt'
notify: Restart apache2 notify: Restart wsgi process
- name: Drop apache2 configs - name: Drop apache2 configs
template: template:
@ -32,14 +32,14 @@
owner: "{{ item.owner | default(horizon_system_user_name) }}" owner: "{{ item.owner | default(horizon_system_user_name) }}"
group: "{{ item.group | default(horizon_system_group_name) }}" group: "{{ item.group | default(horizon_system_group_name) }}"
with_items: "{{ horizon_apache_configs }}" with_items: "{{ horizon_apache_configs }}"
notify: Restart apache2 notify: Restart wsgi process
- name: Disable default apache site - name: Disable default apache site
file: file:
path: "{{ item }}" path: "{{ item }}"
state: "absent" state: "absent"
with_items: "{{ horizon_apache_default_sites }}" with_items: "{{ horizon_apache_default_sites }}"
notify: Restart apache2 notify: Restart wsgi process
- name: Enable Horizon Site - name: Enable Horizon Site
file: file:
@ -49,27 +49,27 @@
when: when:
- horizon_apache_site_available is defined - horizon_apache_site_available is defined
- horizon_apache_site_enabled is defined - horizon_apache_site_enabled is defined
notify: Restart apache2 notify: Restart wsgi process
- name: Ensure Apache ServerName - name: Ensure Apache ServerName
lineinfile: lineinfile:
dest: "{{ horizon_apache_conf }}" dest: "{{ horizon_apache_conf }}"
line: "ServerName {{ horizon_server_name }}" line: "ServerName {{ horizon_server_name }}"
notify: Restart apache2 notify: Restart wsgi process
- name: Ensure Apache ServerTokens - name: Ensure Apache ServerTokens
lineinfile: lineinfile:
dest: "{{ horizon_apache_security_conf }}" dest: "{{ horizon_apache_security_conf }}"
regexp: '^ServerTokens' regexp: '^ServerTokens'
line: "ServerTokens {{ horizon_apache_servertokens }}" line: "ServerTokens {{ horizon_apache_servertokens }}"
notify: Restart apache2 notify: Restart wsgi process
- name: Ensure Apache ServerSignature - name: Ensure Apache ServerSignature
lineinfile: lineinfile:
dest: "{{ horizon_apache_security_conf }}" dest: "{{ horizon_apache_security_conf }}"
regexp: '^ServerSignature' regexp: '^ServerSignature'
line: "ServerSignature {{ horizon_apache_serversignature }}" line: "ServerSignature {{ horizon_apache_serversignature }}"
notify: Restart apache2 notify: Restart wsgi process
# Removing the Listen (or listen.conf inclusion) from apache config to prevent # Removing the Listen (or listen.conf inclusion) from apache config to prevent
# conflicts with ports.conf on CentOS and openSUSE # conflicts with ports.conf on CentOS and openSUSE
@ -79,4 +79,4 @@
regexp: '^(Listen.*)' regexp: '^(Listen.*)'
backrefs: yes backrefs: yes
line: '#\1' line: '#\1'
notify: Restart apache2 notify: Restart wsgi process

2
tasks/horizon_install.yml
View File

@ -37,7 +37,7 @@
delay: 2 delay: 2
notify: notify:
- Compile messages - Compile messages
- Restart apache2 - Restart wsgi process
- name: Install horizon packages from PIP - name: Install horizon packages from PIP
include_tasks: horizon_install_source.yml include_tasks: horizon_install_source.yml

10
tasks/horizon_post_install.yml
View File

@ -63,7 +63,7 @@
- src: "80_admin_default_panel.py.j2" - src: "80_admin_default_panel.py.j2"
dest: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_80_admin_default_panel.py" dest: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_80_admin_default_panel.py"
mode: "0755" mode: "0755"
notify: Restart apache2 notify: Restart wsgi process
- name: Retrieve horizon policy files - name: Retrieve horizon policy files
slurp: slurp:
@ -113,7 +113,7 @@
owner: "{{ horizon_system_user_name }}" owner: "{{ horizon_system_user_name }}"
group: "{{ horizon_system_group_name }}" group: "{{ horizon_system_group_name }}"
mode: "0644" mode: "0644"
notify: Restart apache2 notify: Restart wsgi process
when: horizon_customization_module is defined when: horizon_customization_module is defined
- name: Creating horizon custom theme path - name: Creating horizon custom theme path
@ -133,21 +133,21 @@
group: "{{ horizon_system_group_name }}" group: "{{ horizon_system_group_name }}"
with_dict: "{{ horizon_custom_themes }}" with_dict: "{{ horizon_custom_themes }}"
when: item.value.theme_src_archive is defined when: item.value.theme_src_archive is defined
notify: Restart apache2 notify: Restart wsgi process
- name: Collect static files - name: Collect static files
command: "{{ horizon_manage }} collectstatic --noinput" command: "{{ horizon_manage }} collectstatic --noinput"
become: yes become: yes
become_user: "{{ horizon_system_user_name }}" become_user: "{{ horizon_system_user_name }}"
changed_when: false changed_when: false
notify: Restart apache2 notify: Restart wsgi process
- name: Compress static files - name: Compress static files
command: "{{ horizon_manage }} compress --force" command: "{{ horizon_manage }} compress --force"
become: yes become: yes
become_user: "{{ horizon_system_user_name }}" become_user: "{{ horizon_system_user_name }}"
changed_when: false changed_when: false
notify: Restart apache2 notify: Restart wsgi process
register: async_compress_static_files register: async_compress_static_files
async: 600 async: 600
poll: 0 poll: 0

2
tasks/horizon_post_install_source.yml
View File

@ -82,4 +82,4 @@
with_items: "{{ found_panels.files }}" with_items: "{{ found_panels.files }}"
notify: notify:
- Compile messages - Compile messages
- Restart apache2 - Restart wsgi process

2
tasks/horizon_ssl_key_create.yml
View File

@ -28,4 +28,4 @@
-out {{ horizon_ssl_cert }} -out {{ horizon_ssl_cert }}
-extensions v3_ca -extensions v3_ca
creates={{ horizon_ssl_cert }} creates={{ horizon_ssl_cert }}
notify: Restart apache2 notify: Restart wsgi process

6
tasks/horizon_ssl_user_provided.yml
View File

@ -21,7 +21,7 @@
group: "root" group: "root"
mode: "0644" mode: "0644"
when: horizon_user_ssl_cert is defined when: horizon_user_ssl_cert is defined
notify: Restart apache2 notify: Restart wsgi process
- name: Drop user provided ssl key - name: Drop user provided ssl key
copy: copy:
@ -31,7 +31,7 @@
group: "root" group: "root"
mode: "0640" mode: "0640"
when: horizon_user_ssl_key is defined when: horizon_user_ssl_key is defined
notify: Restart apache2 notify: Restart wsgi process
- name: Drop user provided ssl CA cert - name: Drop user provided ssl CA cert
copy: copy:
@ -41,4 +41,4 @@
group: "root" group: "root"
mode: "0644" mode: "0644"
when: horizon_user_ssl_ca_cert is defined when: horizon_user_ssl_ca_cert is defined
notify: Restart apache2 notify: Restart wsgi process

2
tasks/horizon_translations_update.yml
View File

@ -24,4 +24,4 @@
- (translation.enabled | default("True")) | bool - (translation.enabled | default("True")) | bool
notify: notify:
- Compile messages - Compile messages
- Restart apache2 - Restart wsgi process

32
tasks/horizon_uwsgi.yml Normal file
View File

@ -0,0 +1,32 @@
---
# Copyright 2022, Cloudnull
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure uwsgi can bind to privledged ports
ansible.posix.sysctl:
name: net.ipv4.ip_unprivileged_port_start
value: "0"
sysctl_set: yes
state: present
reload: yes
- name: Import uwsgi role
include_role:
name: uwsgi
vars:
uwsgi_services: "{{ uwsgi_horizon_services }}"
uwsgi_install_method: "{{ horizon_install_method }}"
tags:
- horizon-config
- uwsgi

2
tasks/main.yml
View File

@ -103,7 +103,7 @@
tags: tags:
- horizon-config - horizon-config
- import_tasks: horizon_apache.yml - import_tasks: "{{ (horizon_use_uwsgi | bool) | ternary('horizon_uwsgi.yml', 'horizon_apache.yml') }}"
tags: tags:
- horizon-config - horizon-config

8
vars/debian.yml
View File

@ -16,7 +16,7 @@
## APT Cache options ## APT Cache options
cache_timeout: 600 cache_timeout: 600
horizon_system_service_name: apache2 horizon_system_service_name: "{{ (horizon_use_uwsgi | bool) | ternary('horizon-dashboard', 'apache2') }}"
horizon_devel_distro_packages: horizon_devel_distro_packages:
- git - git
@ -25,12 +25,14 @@ horizon_devel_distro_packages:
- openssl - openssl
- libpcre3-dev - libpcre3-dev
horizon_distro_packages: horizon_apache_distro_packages:
- apache2 - apache2
- apache2-utils - apache2-utils
- libapache2-mod-wsgi-py3
horizon_distro_packages:
- cron # required by the Ansible cron module - cron # required by the Ansible cron module
- gettext - gettext
- libapache2-mod-wsgi-py3
horizon_service_distro_packages: horizon_service_distro_packages:
- python3-django-openstack-auth - python3-django-openstack-auth

10
vars/distro_install.yml
View File

@ -13,6 +13,14 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
horizon_package_list: "{{ horizon_distro_packages + horizon_service_distro_packages }}" horizon_package_list: "{{
horizon_distro_packages | union(
(
(horizon_use_uwsgi | bool) | ternary([], horizon_apache_distro_packages)
)
) | union(
horizon_service_distro_packages
)
}}"
_horizon_bin: "/usr/bin" _horizon_bin: "/usr/bin"

18
vars/main.yml
View File

@ -48,3 +48,21 @@ _horizon_translations_pull:
horizon_dashboard_panel_dir: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled" horizon_dashboard_panel_dir: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled"
horizon_manage: "{{ horizon_bin }}/horizon-manage.py" horizon_manage: "{{ horizon_bin }}/horizon-manage.py"
_horizon_uwsgi_ini_requirements:
uwsgi:
static-map: "/static={{ horizon_lib_dir }}/static/"
_horizon_uwsgi_ini_overrides: "{{ _horizon_uwsgi_ini_requirements | combine(horizon_uwsgi_ini_overrides, recursive=True) }}"
uwsgi_horizon_services:
horizon-dashboard:
wsgi_path: "{{ horizon_lib_wsgi_file }}"
wsgi_venv: "{{ horizon_bin | dirname }}"
uwsgi_uid: "{{ horizon_system_user_name }}"
uwsgi_guid: "{{ horizon_system_group_name }}"
uwsgi_processes: 1
uwsgi_threads: "{{ horizon_wsgi_threads }}"
uwsgi_bind_address: "{{ horizon_bind_address }}"
uwsgi_port: 80
uwsgi_overrides: "{{ _horizon_uwsgi_ini_overrides }}"

12
vars/redhat.yml
View File

@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
horizon_system_service_name: httpd horizon_system_service_name: "{{ (horizon_use_uwsgi | bool) | ternary('horizon-dashboard', 'httpd') }}"
horizon_devel_distro_packages: horizon_devel_distro_packages:
- git - git
@ -22,14 +22,16 @@ horizon_devel_distro_packages:
- openssl-libs - openssl-libs
- pcre-devel - pcre-devel
horizon_distro_packages: horizon_apache_distro_packages:
- cronie
- cronie-anacron
- gettext
- httpd - httpd
- httpd-tools - httpd-tools
- mod_ssl - mod_ssl
- python3-mod_wsgi - python3-mod_wsgi
horizon_distro_packages:
- cronie
- cronie-anacron
- gettext
- which - which
horizon_service_distro_packages: horizon_service_distro_packages:

9
vars/source_install.yml
View File

@ -13,7 +13,14 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
horizon_package_list: "{{ horizon_distro_packages }}" horizon_package_list: "{{
horizon_distro_packages | union(
(
(horizon_use_uwsgi | bool) | ternary([], horizon_apache_distro_packages)
)
)
}}"
_horizon_bin: "/openstack/venvs/horizon-{{ horizon_venv_tag }}/bin" _horizon_bin: "/openstack/venvs/horizon-{{ horizon_venv_tag }}/bin"
_dashboard_panels_location: _dashboard_panels_location: