Isolate nginx/uwsgi files to unique directories

There will be multiple OpenStack snaps that have their own nginx/uwsgi files, such as nginx.conf template, systemd unit files, pid files, log files, and more. This change isolates the keystone directories for nginx and uwsgi so that they won't conflict with other OpenStack snaps that use nginx and uwsgi. Change-Id: Ia558bed548580f4b82a85b65ec029fd534334e2c
2017-04-05 16:09:02 +00:00 · 2017-04-05 16:09:02 +00:00 · 136d93f924
parent aa96f0f0bc
commit 136d93f924
2 changed files with 20 additions and 19 deletions
--- a/snap/snap-openstack.yaml
+++ b/snap/snap-openstack.yaml
@ -4,27 +4,27 @@ setup:
    - "/etc/keystone"
    - "/etc/keystone/conf.d"
    - "/etc/keystone/fernet-keys"
-    - "/etc/nginx/sites-enabled"
-    - "/etc/uwsgi"
+    - "/etc/nginx/keystone/sites-enabled"
+    - "/etc/uwsgi/keystone"
    - "/var/lib/keystone"
-    - "/var/lib/nginx"
+    - "/var/lib/nginx/keystone"
    - "/var/lock/keystone"
    - "/var/log/keystone"
-    - "/var/log/uwsgi"
+    - "/var/log/uwsgi/keystone"
    - "/var/log/nginx/keystone"
    - "/var/run/keystone"
-    - "/var/www/keystone"
+    - "/var/run/nginx/keystone"
  templates:
    keystone-snap.conf.j2: "/etc/keystone/conf.d/keystone-snap.conf"
-    admin.ini.j2: "/etc/uwsgi/keystone-admin.ini"
-    public.ini.j2: "/etc/uwsgi/keystone-public.ini"
-    keystone-nginx.conf.j2: "/etc/nginx/sites-enabled/keystone.conf"
+    admin.ini.j2: "/etc/uwsgi/keystone/admin.ini"
+    public.ini.j2: "/etc/uwsgi/keystone/public.ini"
+    keystone-nginx.conf.j2: "/etc/nginx/keystone/sites-enabled/keystone.conf"
    # NOTE(coreycb): drop nginx.conf template when support lands for
    # dropping permissions to regular user.
-    nginx.conf.j2: "/etc/nginx/nginx.conf"
+    nginx.conf.j2: "/etc/nginx/keystone/nginx.conf"
  copyfiles:
    "{snap}/etc/keystone": "/etc/keystone"
-    "{snap}/etc/nginx/": "/etc/nginx"
+    "{snap}/etc/nginx/": "/etc/nginx/keystone"
 entry_points:
  keystone-manage:
    binary: keystone-manage
@ -34,7 +34,8 @@ entry_points:
      - "/etc/keystone/conf.d"
  keystone-uwsgi:
    type: uwsgi
-    uwsgi-dir: "/etc/uwsgi"
-    log-file: "/var/log/uwsgi/keystone.log"
+    uwsgi-dir: "/etc/uwsgi/keystone"
+    log-file: "/var/log/uwsgi/keystone/uwsgi.log"
  keystone-nginx:
    type: nginx
+    config-file: "/etc/nginx/keystone/nginx.conf"
--- a/snap/templates/nginx.conf.j2
+++ b/snap/templates/nginx.conf.j2
@ -1,7 +1,7 @@
 user root;
 worker_processes auto;
-pid /var/run/nginx/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
+pid /var/run/nginx/keystone/nginx.pid;
+include /etc/nginx/keystone/modules-enabled/*.conf;

 events {
        worker_connections 768;
@ -19,7 +19,7 @@ http {
        keepalive_timeout 65;
        types_hash_max_size 2048;

-        include /etc/nginx/mime.types;
+        include /etc/nginx/keystone/mime.types;
        default_type application/octet-stream;

        ##
@ -33,8 +33,8 @@ http {
        # Logging Settings
        ##

-        access_log /var/log/nginx/access.log;
-        error_log /var/log/nginx/error.log;
+        access_log /var/log/nginx/keystone/access.log;
+        error_log /var/log/nginx/keystone/error.log;

        ##
        # Gzip Settings
@ -43,6 +43,6 @@ http {
        gzip on;
        gzip_disable "msie6";

-        include /etc/nginx/conf.d/*.conf;
-        include /etc/nginx/sites-enabled/*;
+        include /etc/nginx/keystone/conf.d/*.conf;
+        include /etc/nginx/keystone/sites-enabled/*;
 }