openstack/openstack-ansible-os_keystone
Code Issues Proposed changes

Merge "Convert role to use a common systemd service role"

Browse Source
This commit is contained in:
Zuul 2018-03-28 21:37:23 +00:00 committed by Gerrit Code Review
commit ef9dbcd853
10 changed files with 49 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
defaults/main.yml
View File

@ -201,11 +201,7 @@ keystone_wsgi_threads: 1
## Cap the maximun number of processes when a user value is unspecified.
keystone_wsgi_processes_max: 16
keystone_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, keystone_wsgi_processes_max] | min }}"
keystone_wsgi_public_program_name: keystone-wsgi-public
keystone_wsgi_admin_program_name: keystone-wsgi-admin
keystone_wsgi_program_names:
- "{{ keystone_wsgi_public_program_name }}"
- "{{ keystone_wsgi_admin_program_name }}"
keystone_uwsgi_ports:
keystone-wsgi-public:
http: 37358
@ -213,6 +209,7 @@ keystone_uwsgi_ports:
keystone-wsgi-admin:
http: 37359
socket: 5001
keystone_uwsgi_ini_overrides: {}
# set keystone_ssl to true to enable SSL configuration on the keystone containers
@ -465,6 +462,17 @@ keystone_required_secrets:
keystone_uwsgi_init_overrides: {}
## Service Name-Group Mapping
keystone_services:
keystone-wsgi-public:
service_name: "keystone-wsgi-public"
init_config_overrides: "{{ keystone_uwsgi_init_overrides }}"
execstarts: "{{ keystone_bin }}/uwsgi --ini /etc/uwsgi/keystone-wsgi-public.ini"
keystone-wsgi-admin:
service_name: "keystone-wsgi-admin"
init_config_overrides: "{{ keystone_uwsgi_init_overrides }}"
execstarts: "{{ keystone_bin }}/uwsgi --ini /etc/uwsgi/keystone-wsgi-admin.ini"
## Extra HTTP headers for Keystone
# Add any additional headers here that Keystone should return.
#

4
handlers/main.yml
View File

@ -46,7 +46,7 @@
until: _stop | success
retries: 5
delay: 2
with_items: "{{ keystone_wsgi_program_names }}"
with_items: "{{ keystone_services.keys() | list }}"
listen: "Restart uWSGI"
# Note (odyssey4me):
@ -77,7 +77,7 @@
until: _start | success
retries: 5
delay: 2
with_items: "{{ keystone_wsgi_program_names }}"
with_items: "{{ keystone_services.keys() | list }}"
listen: "Restart uWSGI"
- name: Wait for uWSGI socket to be ready

2
tasks/keystone_db_setup.yml
View File

@ -50,7 +50,7 @@
name: "{{ item }}"
check_mode: yes
register: keystone_service_exists
with_items: "{{ keystone_wsgi_program_names }}"
with_items: "{{ keystone_services.keys() | list }}"
- name: Ensure keystone service is stopped
service:

59
tasks/keystone_init_systemd.yml
View File

@ -1,59 +0,0 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create TEMP run dir
file:
path: "/var/run/{{ item }}"
state: directory
owner: "{{ keystone_system_user_name }}"
group: "{{ keystone_system_group_name }}"
mode: "02755"
with_items: "{{ keystone_wsgi_program_names }}"
- name: Create TEMP lock dir
file:
path: "/var/lock/{{ item }}"
state: directory
owner: "{{ keystone_system_user_name }}"
group: "{{ keystone_system_group_name }}"
mode: "02755"
with_items: "{{ keystone_wsgi_program_names }}"
- name: Create tempfile.d entry
template:
src: "keystone-systemd-tempfiles.j2"
dest: "/etc/tmpfiles.d/keystone.conf"
mode: "0644"
owner: "root"
group: "root"
notify:
- Manage LB
- Restart uWSGI
- Restart web server
- name: Place the systemd init script
config_template:
src: "keystone-uwsgi_systemd-init.j2"
dest: "/etc/systemd/system/{{ item }}.service"
mode: "0644"
owner: "root"
group: "root"
config_overrides: "{{ keystone_uwsgi_init_overrides }}"
config_type: "ini"
with_items: "{{ keystone_wsgi_program_names }}"
notify:
- Manage LB
- Restart uWSGI
- Restart web server

2
tasks/keystone_install.yml
View File

@ -58,7 +58,7 @@
name: "{{ (keystone_web_server == 'nginx') | ternary(keystone_system_service_name, 'nginx') }}"
enabled: no
state: stopped
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
daemon_reload: "yes"
failed_when: false
- name: Remove other web server distro packages and mod_wsgi

4
tasks/keystone_nginx.yml
View File

@ -48,7 +48,7 @@
template:
src: keystone_nginx.conf.j2
dest: "/etc/nginx/{{ keystone_nginx_conf_path }}/{{ item }}.conf"
with_items: "{{ keystone_wsgi_program_names }}"
with_items: "{{ keystone_services.keys() | list }}"
notify:
- Manage LB
- Restart web server
@ -58,7 +58,7 @@
src: "/etc/nginx/sites-available/{{ item }}.conf"
path: "/etc/nginx/sites-enabled/{{ item }}.conf"
state: link
with_items: "{{ keystone_wsgi_program_names }}"
with_items: "{{ keystone_services.keys() | list }}"
when: ansible_os_family == "Debian"
notify:
- Manage LB

28
tasks/keystone_uwsgi.yml
View File

@ -25,9 +25,33 @@
mode: "0744"
config_overrides: "{{ keystone_uwsgi_ini_overrides }}"
config_type: ini
with_items: "{{ keystone_wsgi_program_names }}"
with_items: "{{ keystone_services.keys() | list }}"
notify:
- Manage LB
- Restart uWSGI
- include_tasks: "keystone_init_{{ ansible_service_mgr }}.yml"
- name: Run the systemd service role
include_role:
name: systemd_service
private: true
vars:
systemd_user_name: "{{ keystone_system_user_name }}"
systemd_group_name: "{{ keystone_system_group_name }}"
systemd_tempd_prefix: openstack
systemd_slice_name: keystone
system_lock_path: /var/lock/keystone
systemd_CPUAccounting: true
systemd_BlockIOAccounting: true
systemd_MemoryAccounting: true
systemd_TasksAccounting: true
systemd_services:
- service_name: "{{ service_var.service_name }}"
enabled: yes
state: started
execstarts: "{{ service_var.execstarts }}"
config_overrides: "{{ service_var.init_config_overrides }}"
with_items: "{{ keystone_services.values() | list }}"
loop_control:
loop_var: service_var
tags:
- keystone-config

6
templates/keystone-systemd-tempfiles.j2
View File

@ -1,6 +0,0 @@
# {{ ansible_managed }}
{% for program_name in keystone_wsgi_program_names %}
D /var/lock/{{ program_name }} 2755 {{ keystone_system_user_name }} {{ keystone_system_group_name }}
D /var/run/{{ program_name }} 2755 {{ keystone_system_user_name }} {{ keystone_system_group_name }}
{% endfor %}

34
templates/keystone-uwsgi_systemd-init.j2
View File

@ -1,34 +0,0 @@
# {{ ansible_managed }}
[Unit]
Description=OpenStack Keystone service
After=syslog.target
After=network.target
[Service]
Type=simple
User={{ keystone_system_user_name }}
Group={{ keystone_system_group_name }}
{% if program_override is defined %}
ExecStart={{ program_override }} --ini /etc/uwsgi/{{ item }}.ini --logto /var/log/keystone/{{ item }}.log {{ program_config_options|default('') }}
{% else %}
ExecStart={{ keystone_bin }}/uwsgi --ini /etc/uwsgi/{{ item }}.ini --logto /var/log/keystone/{{ item }}.log {{ program_config_options|default('') }}
{% endif %}
# Give a reasonable amount of time for the server to start up/shut down
TimeoutSec=120
Restart=on-failure
RestartSec=2
# This creates a specific slice which all services will operate from
# The accounting options give us the ability to see resource usage through
# the `systemd-cgtop` command.
Slice=keystone.slice
CPUAccounting=true
BlockIOAccounting=true
MemoryAccounting=false
TasksAccounting=true
[Install]
WantedBy=multi-user.target

4
tests/ansible-role-requirements.yml
View File

@ -54,3 +54,7 @@
src: https://git.openstack.org/openstack/ansible-role-python_venv_build
scm: git
version: master
- name: systemd_service
src: https://github.com/openstack/ansible-role-systemd_service
scm: git
version: master