From bdd06c84488c7008c0dcb3eaca4effc8d38fcaeb Mon Sep 17 00:00:00 2001
From: Andy McCrae <andy.mccrae@gmail.com>
Date: Fri, 21 Jul 2017 15:10:18 +0100
Subject: [PATCH] Implement uWSGI for neutron-api

As part of the Pike goals we are moving api services to run as WSGI
apps. neutron-server service is set up as a wsgi app, and this patch
moves it over.

Since this is just a drop in replacement for the existing eventlet
service, operators an deployers should notice no difference.

Change-Id: Ia7ebd13be9ce7834679d439b7bda242805768ef8
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/820586
Implements: blueprint goal-deploy-api-in-wsgi
---
 defaults/main.yml                   | 18 ++++++++-----
 tasks/main.yml                      | 12 ++++++++-
 tasks/neutron_post_install.yml      |  6 +++++
 tests/ansible-role-requirements.yml |  4 +++
 vars/debian.yml                     |  1 +
 vars/main.yml                       | 40 ++++++++++++++++++++++++++---
 vars/redhat.yml                     |  1 +
 7 files changed, 72 insertions(+), 10 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 9481edbc..53f4a366 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -134,11 +134,6 @@ neutron_dnsmasq_noresolv: False
 # 'Overriding OpenStack configuration defaults' in the
 # 'Advanced configuration' appendix of the Deploy Guide.
 neutron_api_paste_ini_overrides: {}
-_neutron_api_paste_ini_overrides:
-  "composite:neutronapi_v2_0":
-    noauth: "cors http_proxy_to_wsgi request_id catch_errors osprofiler extensions neutronapiapp_v2_0"
-    keystone: "cors http_proxy_to_wsgi request_id catch_errors osprofiler authtoken keystonecontext extensions neutronapiapp_v2_0"
-
 neutron_bgp_dragent_ini_overrides: {}
 neutron_bgp_dragent_init_overrides: {}
 neutron_calico_dhcp_agent_ini_overrides: {}
@@ -175,10 +170,12 @@ neutron_policy_overrides: {}
 _neutron_rootwrap_conf_overrides:
   DEFAULT:
     filters_path: "{{ neutron_conf_dir }}/rootwrap.d,/usr/share/neutron/rootwrap"
-    exec_dirs: "{{ neutron_bin }},/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin"
+    exec_dirs: "{{ neutron_bin }},/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/etc/neutron/kill_scripts"
 neutron_rootwrap_conf_overrides: {}
 
+neutron_api_uwsgi_ini_overrides: {}
 neutron_server_init_overrides: {}
+neutron_rpc_server_init_overrides: {}
 neutron_sriov_nic_agent_ini_overrides: {}
 neutron_sriov_nic_agent_init_overrides: {}
 neutron_vpn_agent_init_overrides: {}
@@ -186,6 +183,15 @@ neutron_vpnaas_agent_ini_overrides: {}
 neutron_ovn_metadata_agent_ini_overrides: {}
 neutron_ovn_metadata_agent_init_overrides: {}
 
+###
+### UWSGI
+###
+# NOTE(noonedeadpunk): uWSGI is still not fully supported. See: https://bugs.launchpad.net/neutron/+bug/1912359
+neutron_use_uwsgi: "{{ (neutron_plugin_type not in ['ml2.ovn', 'ml2.calico']) }}"
+neutron_wsgi_processes_max: 16
+neutron_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, neutron_wsgi_processes_max] | min }}"
+neutron_wsgi_threads: 1
+
 ###
 ### Quotas
 ###
diff --git a/tasks/main.yml b/tasks/main.yml
index dcb69493..b07f3742 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -173,10 +173,20 @@
 
 - import_tasks: neutron_db_setup.yml
   when:
-    - "neutron_services['neutron-server']['group'] in group_names"
+    - "_neutron_is_first_play_host"
   tags:
     - neutron-config
 
+- name: Import uwsgi role
+  import_role:
+    name: uwsgi
+  vars:
+    uwsgi_services: "{{ uwsgi_neutron_services }}"
+    uwsgi_install_method: "{{ neutron_install_method }}"
+  tags:
+    - neutron-config
+    - uwsgi
+
 - include_role:
     name: openstack.osa.service_setup
     apply:
diff --git a/tasks/neutron_post_install.yml b/tasks/neutron_post_install.yml
index eb556c99..bd7eb455 100644
--- a/tasks/neutron_post_install.yml
+++ b/tasks/neutron_post_install.yml
@@ -41,6 +41,7 @@
     - rootwrap.d/*
   notify:
     - Restart neutron services
+    - Restart uwsgi services
 
 - name: Copy common neutron config
   openstack.config_template.config_template:
@@ -62,6 +63,7 @@
       config_type: "ini"
   notify:
     - Restart neutron services
+    - Restart uwsgi services
 
 - name: Implement policy.yaml if there are overrides configured
   openstack.config_template.config_template:
@@ -119,6 +121,7 @@
   with_items: "{{ neutron_core_files }}"
   notify:
     - Restart neutron services
+    - Restart uwsgi services
 
 - name: Cleanup fetched temp files
   file:
@@ -158,6 +161,7 @@
     mode: "0640"
   notify:
     - Restart neutron services
+    - Restart uwsgi services
   when:
     - neutron_services['neutron-dhcp-agent']['group'] in group_names
 
@@ -173,6 +177,7 @@
   with_items: "{{ filtered_neutron_services }}"
   notify:
     - Restart neutron services
+    - Restart uwsgi services
   when:
     - "'service_conf_path' in item"
     - "'service_conf' in item"
@@ -186,6 +191,7 @@
     mode: "0640"
   notify:
     - Restart neutron services
+    - Restart uwsgi services
   when:
     - "'bgpvpn' in neutron_plugin_base"
 
diff --git a/tests/ansible-role-requirements.yml b/tests/ansible-role-requirements.yml
index 01c7a666..de01987c 100644
--- a/tests/ansible-role-requirements.yml
+++ b/tests/ansible-role-requirements.yml
@@ -63,3 +63,7 @@
   src: https://opendev.org/openstack/ansible-role-python_venv_build
   scm: git
   version: master
+- name: uwsgi
+  src: https://git.openstack.org/openstack/ansible-role-uwsgi
+  scm: git
+  version: master
diff --git a/vars/debian.yml b/vars/debian.yml
index 0020976e..2f9e74fe 100644
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -52,6 +52,7 @@ neutron_distro_packages:
   - dnsmasq-base
   - dnsmasq-utils
   - ebtables
+  - libxml2
   - ipset
   - iptables
   - iputils-arping
diff --git a/vars/main.yml b/vars/main.yml
index e9e1931d..2e2ef32b 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -349,13 +349,35 @@ filtered_neutron_services: |-
   {% for key, value in neutron_services.items() %}
   {%   if (value['group'] in group_names) and
           (('service_en' not in value) or
-           ('service_en' in value and value['service_en'])) %}
+           ('service_en' in value and value['service_en'])) and
+           not ('wsgi_app' in value and value['wsgi_app']) %}
   {%     set _ = value.update({'service_key': key}) %}
   {%     set _ = services.append(value) %}
   {%   endif %}
   {% endfor %}
   {{ services | sort(attribute='start_order') }}
 
+uwsgi_neutron_services: |-
+  {% set services = {} %}
+  {% for name, service in neutron_services.items() %}
+  {%   if (service['group'] in group_names) and
+         (('condition' not in service) or ('condition' in service and service['condition']))
+         and ('wsgi_app' in service and service['wsgi_app']) %}
+  {%     set _ = service.update(
+            {
+             'wsgi_path': neutron_bin ~ '/' ~ service.wsgi_name,
+             'wsgi_venv': ((neutron_install_method == 'source') | ternary(neutron_bin | dirname, None)),
+             'uwsgi_uid': neutron_system_user_name,
+             'uwsgi_guid': neutron_system_group_name,
+             'uwsgi_processes': neutron_wsgi_processes,
+             'uwsgi_threads': neutron_wsgi_threads
+           }
+         ) %}
+  {%     set _ = services.update({name: service}) %}
+  {%   endif %}
+  {% endfor %}
+  {{ services }}
+
 ###
 ### Internals: neutron_services mappings
 ###
@@ -448,9 +470,21 @@ neutron_services:
     group: neutron_server
     service_name: neutron-server
     service_en: True
+    start_order: 1
+    wsgi_app: "{{ neutron_use_uwsgi }}"
+    uwsgi_overrides: "{{ neutron_api_uwsgi_ini_overrides }}"
+    uwsgi_bind_address: "{{ neutron_api_bind_address }}"
+    uwsgi_port: "{{ neutron_service_port }}"
+    wsgi_name: "neutron-api"
     execstarts: "{{ neutron_bin }}/neutron-server --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}{%- if ('ml2.genericswitch' in neutron_plugin_types) %} --config-file {{ neutron_conf_dir }}/{{ neutron_plugins['ml2.genericswitch'].plugin_ini }}{%- endif %}"
     init_config_overrides: "{{ neutron_server_init_overrides }}"
-    start_order: 1
+  neutron-rpc-server:
+    group: neutron_server
+    service_name: neutron-rpc-server
+    service_en: "{{ neutron_use_uwsgi }}"
+    init_config_overrides: "{{ neutron_rpc_server_init_overrides | combine(neutron_server_init_overrides) }}"
+    start_order: 2
+    execstarts: "{{ neutron_bin }}/neutron-rpc-server --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}{%- if ('ml2.genericswitch' in neutron_plugin_types) %} --config-file {{ neutron_conf_dir }}/{{ neutron_plugins['ml2.genericswitch'].plugin_ini }}{%- endif %}"
   calico-felix:
     group: neutron_calico_dhcp_agent
     systemd_user_name: root
@@ -555,7 +589,7 @@ neutron_role_project_group: neutron_all
 neutron_core_files:
   - tmp_f: "/tmp/api-paste.ini.original"
     target_f: "{{ neutron_conf_version_dir }}/api-paste.ini"
-    config_overrides: "{{ _neutron_api_paste_ini_overrides | combine(neutron_api_paste_ini_overrides, recursive=True) }}"
+    config_overrides: "{{ neutron_api_paste_ini_overrides }}"
     config_type: "ini"
   - tmp_f: "/tmp/rootwrap.conf.original"
     target_f: "{{ neutron_conf_version_dir }}/rootwrap.conf"
diff --git a/vars/redhat.yml b/vars/redhat.yml
index 0da8be38..28946799 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -41,6 +41,7 @@ neutron_distro_packages:
   - dnsmasq
   - dnsmasq-utils
   - ebtables
+  - libxml2
   - ipset
   - iptables
   - iputils