Use uwsgi role for keystone
Instead of having own implementation of uwsgi, use common role. This allows to reduce maintainable code and ease providing fixes and features to uwsgi deployment code. Change-Id: I2dc9c749c37e41959da2403fab7512ab17b859e4
This commit is contained in:
parent
419cb210a9
commit
cb7eaa7ce3
@ -230,6 +230,9 @@ keystone_uwsgi_ports:
|
||||
socket: 35358
|
||||
|
||||
keystone_uwsgi_ini_overrides: {}
|
||||
keystone_default_uwsgi_overrides:
|
||||
uwsgi:
|
||||
socket: "127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}"
|
||||
|
||||
# set keystone_ssl to true to enable SSL configuration on the keystone containers
|
||||
keystone_ssl: false
|
||||
@ -526,9 +529,11 @@ keystone_uwsgi_init_overrides: {}
|
||||
keystone_services:
|
||||
keystone-wsgi-public:
|
||||
group: keystone_all
|
||||
service_name: "keystone-wsgi-public"
|
||||
init_config_overrides: "{{ keystone_uwsgi_init_overrides }}"
|
||||
execstarts: "{{ keystone_uwsgi_bin }}/uwsgi --autoload --ini /etc/uwsgi/keystone-wsgi-public.ini"
|
||||
wsgi_app: True
|
||||
wsgi_path: "{{ keystone_bin }}/keystone-wsgi-public"
|
||||
uwsgi_overrides: "{{ keystone_default_uwsgi_overrides | combine(keystone_uwsgi_ini_overrides, recursive=True) }}"
|
||||
uwsgi_bind_address: "{{ keystone_uwsgi_bind_address }}"
|
||||
uwsgi_port: "{{ keystone_uwsgi_ports['keystone-wsgi-public']['http'] }}"
|
||||
|
||||
## Extra HTTP headers for Keystone
|
||||
# Add any additional headers here that Keystone should return.
|
||||
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
Keystone now uses common uwsgi role for uWSGI deployment. Along with that
|
||||
variable ``keystone_services`` has been extended with required arguments
|
||||
for uWSGI. If you override this variable locally make sure to update it's
|
||||
structure accordingly.
|
@ -15,7 +15,7 @@
|
||||
|
||||
- name: Wait for service to be up
|
||||
uri:
|
||||
url: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-public']['http'] }}"
|
||||
url: "http://{{ keystone_uwsgi_bind_address }}:{{ keystone_uwsgi_ports['keystone-wsgi-public']['http'] }}"
|
||||
method: "HEAD"
|
||||
status_code: 300
|
||||
register: _wait_check
|
||||
|
@ -1,71 +0,0 @@
|
||||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Ensure uWSGI directory exists
|
||||
file:
|
||||
path: "/etc/uwsgi/"
|
||||
state: directory
|
||||
mode: "0711"
|
||||
|
||||
- name: Apply uWSGI configuration
|
||||
openstack.config_template.config_template:
|
||||
src: "keystone-uwsgi.ini.j2"
|
||||
dest: "/etc/uwsgi/{{ item }}.ini"
|
||||
mode: "0744"
|
||||
config_overrides: "{{ keystone_uwsgi_ini_overrides }}"
|
||||
config_type: ini
|
||||
with_items: "{{ keystone_services.keys() | list }}"
|
||||
notify:
|
||||
- Manage LB
|
||||
- Restart uWSGI
|
||||
|
||||
- name: Run the systemd service role
|
||||
import_role:
|
||||
name: systemd_service
|
||||
vars:
|
||||
systemd_user_name: "{{ keystone_system_user_name }}"
|
||||
systemd_group_name: "{{ keystone_system_group_name }}"
|
||||
systemd_tempd_prefix: openstack
|
||||
systemd_slice_name: keystone
|
||||
systemd_lock_path: /var/lock/keystone
|
||||
systemd_CPUAccounting: true
|
||||
systemd_BlockIOAccounting: true
|
||||
systemd_MemoryAccounting: true
|
||||
systemd_TasksAccounting: true
|
||||
systemd_services: |
|
||||
{%- set services = [] -%}
|
||||
{%- for service in keystone_services.values() | list -%}
|
||||
{%- set _ = service.update({
|
||||
'enabled': 'yes',
|
||||
'state': 'started',
|
||||
'config_overrides': service.init_config_overrides
|
||||
})
|
||||
-%}
|
||||
{%- set _ = service.pop('init_config_overrides') -%}
|
||||
{%- set _ = services.append(service) -%}
|
||||
{%- endfor %}
|
||||
{{- services -}}
|
||||
tags:
|
||||
- keystone-config
|
||||
- systemd-service
|
||||
|
||||
# This is to cater for Q-R, R-S upgrades and can be removed in T
|
||||
- name: Stop and disable keystone-wsgi-admin
|
||||
file:
|
||||
path: /etc/systemd/system/keystone-wsgi-admin.service
|
||||
state: absent
|
||||
notify:
|
||||
- Manage LB
|
||||
- Restart web server
|
@ -169,9 +169,15 @@
|
||||
tags:
|
||||
- keystone-config
|
||||
|
||||
- import_tasks: keystone_uwsgi.yml
|
||||
- name: Import uwsgi role
|
||||
import_role:
|
||||
name: uwsgi
|
||||
vars:
|
||||
uwsgi_services: "{{ uwsgi_keystone_services }}"
|
||||
uwsgi_install_method: "{{ keystone_install_method }}"
|
||||
tags:
|
||||
- keystone-config
|
||||
- uwsgi
|
||||
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
||||
|
@ -1,28 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
[uwsgi]
|
||||
uid = {{ keystone_system_user_name }}
|
||||
gid = {{ keystone_system_group_name }}
|
||||
|
||||
{% if keystone_install_method == 'source' %}
|
||||
virtualenv = /openstack/venvs/keystone-{{ keystone_venv_tag }}
|
||||
{% endif %}
|
||||
{% if keystone_install_method == 'distro' and (ansible_os_family | lower) == 'debian' %}
|
||||
plugin = python3
|
||||
{% endif %}
|
||||
wsgi-file = {{ keystone_bin }}/{{ item }}
|
||||
http = {{ keystone_uwsgi_bind_address }}:{{ keystone_uwsgi_ports[item]['http'] }}
|
||||
socket = 127.0.0.1:{{ keystone_uwsgi_ports[item]['socket'] }}
|
||||
|
||||
master = true
|
||||
enable-threads = true
|
||||
processes = {{ keystone_wsgi_processes }}
|
||||
threads = {{ keystone_wsgi_threads }}
|
||||
exit-on-reload = true
|
||||
die-on-term = true
|
||||
lazy-apps = true
|
||||
add-header = Connection: close
|
||||
buffer-size = 65535
|
||||
thunder-lock = true
|
||||
|
||||
# Avoid filling up the logs with health check requests from haproxy.
|
||||
route-user-agent = ^osa-haproxy-healthcheck$ donotlog:
|
@ -15,5 +15,25 @@
|
||||
|
||||
keystone_core_files: []
|
||||
|
||||
uwsgi_keystone_services: |-
|
||||
{% set services = {} %}
|
||||
{% for key, value in keystone_services.items() %}
|
||||
{% if (value['group'] in group_names) and
|
||||
(('condition' not in value) or ('condition' in value and value['condition']))
|
||||
and ('wsgi_app' in value and value['wsgi_app']) %}
|
||||
{% set _ = value.update(
|
||||
{
|
||||
'wsgi_venv': (keystone_install_method == 'source') | ternary(keystone_bin | dirname, None),
|
||||
'uwsgi_uid': keystone_system_user_name,
|
||||
'uwsgi_guid': keystone_system_group_name,
|
||||
'uwsgi_processes': keystone_wsgi_processes,
|
||||
'uwsgi_threads': keystone_wsgi_threads,
|
||||
}
|
||||
) %}
|
||||
{% set _ = services.update({key: value}) %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{{ services }}
|
||||
|
||||
_keystone_is_first_play_host: "{{ (keystone_services['keystone-wsgi-public']['group'] in group_names and inventory_hostname == ((groups[keystone_services['keystone-wsgi-public']['group']] | intersect(ansible_play_hosts)) | list)[0]) | bool }}"
|
||||
_keystone_is_last_play_host: "{{ (keystone_services['keystone-wsgi-public']['group'] in group_names and inventory_hostname == ((groups[keystone_services['keystone-wsgi-public']['group']] | intersect(ansible_play_hosts)) | list)[-1]) | bool }}"
|
||||
|
Loading…
x
Reference in New Issue
Block a user