summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJamie Lennox <jlennox@redhat.com>2013-09-17 12:47:03 +1000
committerGerrit Code Review <review@openstack.org>2013-09-24 01:14:28 +0000
commita00e5f8810b6ca3b0b5d63cc228125e19bc91955 (patch)
treefb91d81e881a549a02877141ccccabf67ea4fef4
parent5470701e10ee68c80860d4cf7e0fa5d8a913c288 (diff)
Allow keystone to run from apache
Provide a template for running keystone as a mod_wsgi process and enable it from configuration. Based on: https://review.openstack.org/#/c/36474/ Also-by: zhang-hare <zhuadl@cn.ibm.com> Implements: blueprint devstack-setup-apache-keystone Change-Id: Icc9d7ddfa4a488c08816ff4ae0b53c0134a1016b
Notes
Notes (review): Verified+2: Jenkins Code-Review+2: Dean Troyer <dtroyer@gmail.com> Code-Review+1: ayoung <ayoung@redhat.com> Code-Review+1: Zhang Hua <zhuadl@cn.ibm.com> Approved+1: Sean Dague <sean@dague.net> Code-Review+2: Sean Dague <sean@dague.net> Code-Review+1: Jose Castro Leon <jose.castro.leon@cern.ch> Code-Review+1: Brad Topol <btopol@us.ibm.com> Submitted-by: Jenkins Submitted-at: Thu, 26 Sep 2013 15:24:15 +0000 Reviewed-on: https://review.openstack.org/46866 Project: openstack-dev/devstack Branch: refs/heads/master
-rw-r--r--files/apache-keystone.template22
-rwxr-xr-xlib/keystone47
2 files changed, 67 insertions, 2 deletions
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
new file mode 100644
index 0000000..919452a
--- /dev/null
+++ b/files/apache-keystone.template
@@ -0,0 +1,22 @@
1Listen %PUBLICPORT%
2Listen %ADMINPORT%
3
4<VirtualHost *:%PUBLICPORT%>
5 WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER%
6 WSGIProcessGroup keystone-public
7 WSGIScriptAlias / %PUBLICWSGI%
8 WSGIApplicationGroup %{GLOBAL}
9 ErrorLog /var/log/%APACHE_NAME%/keystone
10 LogLevel debug
11 CustomLog /var/log/%APACHE_NAME%/access.log combined
12</VirtualHost>
13
14<VirtualHost *:%ADMINPORT%>
15 WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER%
16 WSGIProcessGroup keystone-admin
17 WSGIScriptAlias / %ADMINWSGI%
18 WSGIApplicationGroup %{GLOBAL}
19 ErrorLog /var/log/%APACHE_NAME%/keystone
20 LogLevel debug
21 CustomLog /var/log/%APACHE_NAME%/access.log combined
22</VirtualHost>
diff --git a/lib/keystone b/lib/keystone
index 3642904..c4b2dff 100755
--- a/lib/keystone
+++ b/lib/keystone
@@ -14,11 +14,13 @@
14# 14#
15# install_keystone 15# install_keystone
16# configure_keystone 16# configure_keystone
17# _config_keystone_apache_wsgi
17# init_keystone 18# init_keystone
18# start_keystone 19# start_keystone
19# create_keystone_accounts 20# create_keystone_accounts
20# stop_keystone 21# stop_keystone
21# cleanup_keystone 22# cleanup_keystone
23# _cleanup_keystone_apache_wsgi
22 24
23# Save trace setting 25# Save trace setting
24XTRACE=$(set +o | grep xtrace) 26XTRACE=$(set +o | grep xtrace)
@@ -34,6 +36,7 @@ KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
34KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf 36KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
35KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini} 37KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
36KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone} 38KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone}
39KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone}
37 40
38KEYSTONECLIENT_DIR=$DEST/python-keystoneclient 41KEYSTONECLIENT_DIR=$DEST/python-keystoneclient
39 42
@@ -86,6 +89,33 @@ function cleanup_keystone() {
86 : 89 :
87} 90}
88 91
92# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
93function _cleanup_keystone_apache_wsgi() {
94 sudo rm -f $KEYSTONE_WSGI_DIR/*.wsgi
95 disable_apache_site keystone
96 sudo rm -f /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
97}
98
99# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone
100function _config_keystone_apache_wsgi() {
101 sudo mkdir -p $KEYSTONE_WSGI_DIR
102
103 # copy proxy vhost and wsgi file
104 sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main
105 sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin
106
107 sudo cp $FILES/apache-keystone.template /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
108 sudo sed -e "
109 s|%PUBLICPORT%|$KEYSTONE_SERVICE_PORT|g;
110 s|%ADMINPORT%|$KEYSTONE_AUTH_PORT|g;
111 s|%APACHE_NAME%|$APACHE_NAME|g;
112 s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g;
113 s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g;
114 s|%USER%|$STACK_USER|g
115 " -i /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
116 enable_apache_site keystone
117}
118
89# configure_keystone() - Set config files, create data dirs, etc 119# configure_keystone() - Set config files, create data dirs, etc
90function configure_keystone() { 120function configure_keystone() {
91 if [[ ! -d $KEYSTONE_CONF_DIR ]]; then 121 if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
@@ -204,6 +234,10 @@ function configure_keystone() {
204 cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_CONF_DIR/logging.conf 234 cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_CONF_DIR/logging.conf
205 iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG" 235 iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG"
206 iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production" 236 iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production"
237
238 if is_apache_enabled_service key; then
239 _config_keystone_apache_wsgi
240 fi
207} 241}
208 242
209# create_keystone_accounts() - Sets up common required keystone accounts 243# create_keystone_accounts() - Sets up common required keystone accounts
@@ -316,6 +350,9 @@ function install_keystone() {
316 fi 350 fi
317 git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH 351 git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
318 setup_develop $KEYSTONE_DIR 352 setup_develop $KEYSTONE_DIR
353 if is_apache_enabled_service key; then
354 install_apache_wsgi
355 fi
319} 356}
320 357
321# start_keystone() - Start running processes, including screen 358# start_keystone() - Start running processes, including screen
@@ -326,8 +363,14 @@ function start_keystone() {
326 service_port=$KEYSTONE_SERVICE_PORT_INT 363 service_port=$KEYSTONE_SERVICE_PORT_INT
327 fi 364 fi
328 365
329 # Start Keystone in a screen window 366 if is_apache_enabled_service key; then
330 screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug" 367 restart_apache_server
368 screen_it key "cd $KEYSTONE_DIR && sudo tail -f /var/log/$APACHE_NAME/keystone"
369 else
370 # Start Keystone in a screen window
371 screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
372 fi
373
331 echo "Waiting for keystone to start..." 374 echo "Waiting for keystone to start..."
332 if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= curl -s http://$SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then 375 if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= curl -s http://$SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then
333 die $LINENO "keystone did not start" 376 die $LINENO "keystone did not start"