Merge "Convert role to use a common systemd service role"
This commit is contained in:
commit
ef9dbcd853
@ -201,11 +201,7 @@ keystone_wsgi_threads: 1
|
|||||||
## Cap the maximun number of processes when a user value is unspecified.
|
## Cap the maximun number of processes when a user value is unspecified.
|
||||||
keystone_wsgi_processes_max: 16
|
keystone_wsgi_processes_max: 16
|
||||||
keystone_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, keystone_wsgi_processes_max] | min }}"
|
keystone_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, keystone_wsgi_processes_max] | min }}"
|
||||||
keystone_wsgi_public_program_name: keystone-wsgi-public
|
|
||||||
keystone_wsgi_admin_program_name: keystone-wsgi-admin
|
|
||||||
keystone_wsgi_program_names:
|
|
||||||
- "{{ keystone_wsgi_public_program_name }}"
|
|
||||||
- "{{ keystone_wsgi_admin_program_name }}"
|
|
||||||
keystone_uwsgi_ports:
|
keystone_uwsgi_ports:
|
||||||
keystone-wsgi-public:
|
keystone-wsgi-public:
|
||||||
http: 37358
|
http: 37358
|
||||||
@ -213,6 +209,7 @@ keystone_uwsgi_ports:
|
|||||||
keystone-wsgi-admin:
|
keystone-wsgi-admin:
|
||||||
http: 37359
|
http: 37359
|
||||||
socket: 5001
|
socket: 5001
|
||||||
|
|
||||||
keystone_uwsgi_ini_overrides: {}
|
keystone_uwsgi_ini_overrides: {}
|
||||||
|
|
||||||
# set keystone_ssl to true to enable SSL configuration on the keystone containers
|
# set keystone_ssl to true to enable SSL configuration on the keystone containers
|
||||||
@ -465,6 +462,17 @@ keystone_required_secrets:
|
|||||||
|
|
||||||
keystone_uwsgi_init_overrides: {}
|
keystone_uwsgi_init_overrides: {}
|
||||||
|
|
||||||
|
## Service Name-Group Mapping
|
||||||
|
keystone_services:
|
||||||
|
keystone-wsgi-public:
|
||||||
|
service_name: "keystone-wsgi-public"
|
||||||
|
init_config_overrides: "{{ keystone_uwsgi_init_overrides }}"
|
||||||
|
execstarts: "{{ keystone_bin }}/uwsgi --ini /etc/uwsgi/keystone-wsgi-public.ini"
|
||||||
|
keystone-wsgi-admin:
|
||||||
|
service_name: "keystone-wsgi-admin"
|
||||||
|
init_config_overrides: "{{ keystone_uwsgi_init_overrides }}"
|
||||||
|
execstarts: "{{ keystone_bin }}/uwsgi --ini /etc/uwsgi/keystone-wsgi-admin.ini"
|
||||||
|
|
||||||
## Extra HTTP headers for Keystone
|
## Extra HTTP headers for Keystone
|
||||||
# Add any additional headers here that Keystone should return.
|
# Add any additional headers here that Keystone should return.
|
||||||
#
|
#
|
||||||
|
@ -46,7 +46,7 @@
|
|||||||
until: _stop | success
|
until: _stop | success
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
with_items: "{{ keystone_wsgi_program_names }}"
|
with_items: "{{ keystone_services.keys() | list }}"
|
||||||
listen: "Restart uWSGI"
|
listen: "Restart uWSGI"
|
||||||
|
|
||||||
# Note (odyssey4me):
|
# Note (odyssey4me):
|
||||||
@ -77,7 +77,7 @@
|
|||||||
until: _start | success
|
until: _start | success
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
with_items: "{{ keystone_wsgi_program_names }}"
|
with_items: "{{ keystone_services.keys() | list }}"
|
||||||
listen: "Restart uWSGI"
|
listen: "Restart uWSGI"
|
||||||
|
|
||||||
- name: Wait for uWSGI socket to be ready
|
- name: Wait for uWSGI socket to be ready
|
||||||
|
@ -50,7 +50,7 @@
|
|||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
register: keystone_service_exists
|
register: keystone_service_exists
|
||||||
with_items: "{{ keystone_wsgi_program_names }}"
|
with_items: "{{ keystone_services.keys() | list }}"
|
||||||
|
|
||||||
- name: Ensure keystone service is stopped
|
- name: Ensure keystone service is stopped
|
||||||
service:
|
service:
|
||||||
|
@ -1,59 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright 2016, Rackspace US, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: Create TEMP run dir
|
|
||||||
file:
|
|
||||||
path: "/var/run/{{ item }}"
|
|
||||||
state: directory
|
|
||||||
owner: "{{ keystone_system_user_name }}"
|
|
||||||
group: "{{ keystone_system_group_name }}"
|
|
||||||
mode: "02755"
|
|
||||||
with_items: "{{ keystone_wsgi_program_names }}"
|
|
||||||
|
|
||||||
- name: Create TEMP lock dir
|
|
||||||
file:
|
|
||||||
path: "/var/lock/{{ item }}"
|
|
||||||
state: directory
|
|
||||||
owner: "{{ keystone_system_user_name }}"
|
|
||||||
group: "{{ keystone_system_group_name }}"
|
|
||||||
mode: "02755"
|
|
||||||
with_items: "{{ keystone_wsgi_program_names }}"
|
|
||||||
|
|
||||||
- name: Create tempfile.d entry
|
|
||||||
template:
|
|
||||||
src: "keystone-systemd-tempfiles.j2"
|
|
||||||
dest: "/etc/tmpfiles.d/keystone.conf"
|
|
||||||
mode: "0644"
|
|
||||||
owner: "root"
|
|
||||||
group: "root"
|
|
||||||
notify:
|
|
||||||
- Manage LB
|
|
||||||
- Restart uWSGI
|
|
||||||
- Restart web server
|
|
||||||
|
|
||||||
- name: Place the systemd init script
|
|
||||||
config_template:
|
|
||||||
src: "keystone-uwsgi_systemd-init.j2"
|
|
||||||
dest: "/etc/systemd/system/{{ item }}.service"
|
|
||||||
mode: "0644"
|
|
||||||
owner: "root"
|
|
||||||
group: "root"
|
|
||||||
config_overrides: "{{ keystone_uwsgi_init_overrides }}"
|
|
||||||
config_type: "ini"
|
|
||||||
with_items: "{{ keystone_wsgi_program_names }}"
|
|
||||||
notify:
|
|
||||||
- Manage LB
|
|
||||||
- Restart uWSGI
|
|
||||||
- Restart web server
|
|
@ -58,7 +58,7 @@
|
|||||||
name: "{{ (keystone_web_server == 'nginx') | ternary(keystone_system_service_name, 'nginx') }}"
|
name: "{{ (keystone_web_server == 'nginx') | ternary(keystone_system_service_name, 'nginx') }}"
|
||||||
enabled: no
|
enabled: no
|
||||||
state: stopped
|
state: stopped
|
||||||
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
|
daemon_reload: "yes"
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
||||||
- name: Remove other web server distro packages and mod_wsgi
|
- name: Remove other web server distro packages and mod_wsgi
|
||||||
|
@ -48,7 +48,7 @@
|
|||||||
template:
|
template:
|
||||||
src: keystone_nginx.conf.j2
|
src: keystone_nginx.conf.j2
|
||||||
dest: "/etc/nginx/{{ keystone_nginx_conf_path }}/{{ item }}.conf"
|
dest: "/etc/nginx/{{ keystone_nginx_conf_path }}/{{ item }}.conf"
|
||||||
with_items: "{{ keystone_wsgi_program_names }}"
|
with_items: "{{ keystone_services.keys() | list }}"
|
||||||
notify:
|
notify:
|
||||||
- Manage LB
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
@ -58,7 +58,7 @@
|
|||||||
src: "/etc/nginx/sites-available/{{ item }}.conf"
|
src: "/etc/nginx/sites-available/{{ item }}.conf"
|
||||||
path: "/etc/nginx/sites-enabled/{{ item }}.conf"
|
path: "/etc/nginx/sites-enabled/{{ item }}.conf"
|
||||||
state: link
|
state: link
|
||||||
with_items: "{{ keystone_wsgi_program_names }}"
|
with_items: "{{ keystone_services.keys() | list }}"
|
||||||
when: ansible_os_family == "Debian"
|
when: ansible_os_family == "Debian"
|
||||||
notify:
|
notify:
|
||||||
- Manage LB
|
- Manage LB
|
||||||
|
@ -25,9 +25,33 @@
|
|||||||
mode: "0744"
|
mode: "0744"
|
||||||
config_overrides: "{{ keystone_uwsgi_ini_overrides }}"
|
config_overrides: "{{ keystone_uwsgi_ini_overrides }}"
|
||||||
config_type: ini
|
config_type: ini
|
||||||
with_items: "{{ keystone_wsgi_program_names }}"
|
with_items: "{{ keystone_services.keys() | list }}"
|
||||||
notify:
|
notify:
|
||||||
- Manage LB
|
- Manage LB
|
||||||
- Restart uWSGI
|
- Restart uWSGI
|
||||||
|
|
||||||
- include_tasks: "keystone_init_{{ ansible_service_mgr }}.yml"
|
- name: Run the systemd service role
|
||||||
|
include_role:
|
||||||
|
name: systemd_service
|
||||||
|
private: true
|
||||||
|
vars:
|
||||||
|
systemd_user_name: "{{ keystone_system_user_name }}"
|
||||||
|
systemd_group_name: "{{ keystone_system_group_name }}"
|
||||||
|
systemd_tempd_prefix: openstack
|
||||||
|
systemd_slice_name: keystone
|
||||||
|
system_lock_path: /var/lock/keystone
|
||||||
|
systemd_CPUAccounting: true
|
||||||
|
systemd_BlockIOAccounting: true
|
||||||
|
systemd_MemoryAccounting: true
|
||||||
|
systemd_TasksAccounting: true
|
||||||
|
systemd_services:
|
||||||
|
- service_name: "{{ service_var.service_name }}"
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
||||||
|
execstarts: "{{ service_var.execstarts }}"
|
||||||
|
config_overrides: "{{ service_var.init_config_overrides }}"
|
||||||
|
with_items: "{{ keystone_services.values() | list }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: service_var
|
||||||
|
tags:
|
||||||
|
- keystone-config
|
||||||
|
@ -1,6 +0,0 @@
|
|||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
{% for program_name in keystone_wsgi_program_names %}
|
|
||||||
D /var/lock/{{ program_name }} 2755 {{ keystone_system_user_name }} {{ keystone_system_group_name }}
|
|
||||||
D /var/run/{{ program_name }} 2755 {{ keystone_system_user_name }} {{ keystone_system_group_name }}
|
|
||||||
{% endfor %}
|
|
@ -1,34 +0,0 @@
|
|||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
[Unit]
|
|
||||||
Description=OpenStack Keystone service
|
|
||||||
After=syslog.target
|
|
||||||
After=network.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=simple
|
|
||||||
User={{ keystone_system_user_name }}
|
|
||||||
Group={{ keystone_system_group_name }}
|
|
||||||
|
|
||||||
{% if program_override is defined %}
|
|
||||||
ExecStart={{ program_override }} --ini /etc/uwsgi/{{ item }}.ini --logto /var/log/keystone/{{ item }}.log {{ program_config_options|default('') }}
|
|
||||||
{% else %}
|
|
||||||
ExecStart={{ keystone_bin }}/uwsgi --ini /etc/uwsgi/{{ item }}.ini --logto /var/log/keystone/{{ item }}.log {{ program_config_options|default('') }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
# Give a reasonable amount of time for the server to start up/shut down
|
|
||||||
TimeoutSec=120
|
|
||||||
Restart=on-failure
|
|
||||||
RestartSec=2
|
|
||||||
|
|
||||||
# This creates a specific slice which all services will operate from
|
|
||||||
# The accounting options give us the ability to see resource usage through
|
|
||||||
# the `systemd-cgtop` command.
|
|
||||||
Slice=keystone.slice
|
|
||||||
CPUAccounting=true
|
|
||||||
BlockIOAccounting=true
|
|
||||||
MemoryAccounting=false
|
|
||||||
TasksAccounting=true
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -54,3 +54,7 @@
|
|||||||
src: https://git.openstack.org/openstack/ansible-role-python_venv_build
|
src: https://git.openstack.org/openstack/ansible-role-python_venv_build
|
||||||
scm: git
|
scm: git
|
||||||
version: master
|
version: master
|
||||||
|
- name: systemd_service
|
||||||
|
src: https://github.com/openstack/ansible-role-systemd_service
|
||||||
|
scm: git
|
||||||
|
version: master
|
||||||
|
Loading…
x
Reference in New Issue
Block a user