Add uwsgi+nginx API support
With this patch we use nginx as the web server for API requests, and continue to run the keystone API wsgi apps under uwsgi. Change-Id: I637daec2424ef4c377dac249fcc03f43db70a2fe
This commit is contained in:
parent
3394be995d
commit
aa96f0f0bc
|
@ -4,18 +4,27 @@ setup:
|
|||
- "/etc/keystone"
|
||||
- "/etc/keystone/conf.d"
|
||||
- "/etc/keystone/fernet-keys"
|
||||
- "/etc/nginx/sites-enabled"
|
||||
- "/etc/uwsgi"
|
||||
- "/var/lib/keystone"
|
||||
- "/var/lib/nginx"
|
||||
- "/var/lock/keystone"
|
||||
- "/var/log/keystone"
|
||||
- "/var/log/uwsgi"
|
||||
- "/var/log/nginx/keystone"
|
||||
- "/var/run/keystone"
|
||||
- "/var/www/keystone"
|
||||
templates:
|
||||
keystone-snap.conf.j2: "/etc/keystone/conf.d/keystone-snap.conf"
|
||||
admin.ini.j2: "/etc/uwsgi/keystone-admin.ini"
|
||||
public.ini.j2: "/etc/uwsgi/keystone-public.ini"
|
||||
keystone-nginx.conf.j2: "/etc/nginx/sites-enabled/keystone.conf"
|
||||
# NOTE(coreycb): drop nginx.conf template when support lands for
|
||||
# dropping permissions to regular user.
|
||||
nginx.conf.j2: "/etc/nginx/nginx.conf"
|
||||
copyfiles:
|
||||
"{snap}/etc/keystone": "/etc/keystone"
|
||||
"{snap}/etc/nginx/": "/etc/nginx"
|
||||
entry_points:
|
||||
keystone-manage:
|
||||
binary: keystone-manage
|
||||
|
@ -23,7 +32,9 @@ entry_points:
|
|||
- "/etc/keystone/keystone.conf"
|
||||
config-dirs:
|
||||
- "/etc/keystone/conf.d"
|
||||
keystone-api:
|
||||
keystone-uwsgi:
|
||||
type: uwsgi
|
||||
uwsgi-dir: "/etc/uwsgi"
|
||||
log-file: "/var/log/uwsgi/keystone.log"
|
||||
keystone-nginx:
|
||||
type: nginx
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
wsgi-file = {{ snap }}/bin/keystone-wsgi-admin
|
||||
uwsgi-socket = /var/run/keystone/admin.sock
|
||||
buffer-size = 65535
|
||||
http = 0.0.0.0:35357
|
||||
master = true
|
||||
enable-threads = true
|
||||
processes = 4
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
server {
|
||||
listen 5000;
|
||||
access_log /var/log/nginx/keystone/access.log;
|
||||
error_log /var/log/nginx/keystone/error.log;
|
||||
location / {
|
||||
include uwsgi_params;
|
||||
uwsgi_param SCRIPT_NAME '';
|
||||
uwsgi_pass unix:///var/run/keystone/admin.sock;
|
||||
}
|
||||
}
|
||||
server {
|
||||
listen 35357;
|
||||
access_log /var/log/nginx/keystone/access.log;
|
||||
error_log /var/log/nginx/keystone/error.log;
|
||||
location / {
|
||||
include uwsgi_params;
|
||||
uwsgi_param SCRIPT_NAME '';
|
||||
uwsgi_pass unix:///var/run/keystone/public.sock;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,48 @@
|
|||
user root;
|
||||
worker_processes auto;
|
||||
pid /var/run/nginx/nginx.pid;
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
|
||||
events {
|
||||
worker_connections 768;
|
||||
}
|
||||
|
||||
http {
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
##
|
||||
# SSL Settings
|
||||
##
|
||||
|
||||
ssl_protocols TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
##
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
##
|
||||
# Gzip Settings
|
||||
##
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
|
@ -2,7 +2,6 @@
|
|||
wsgi-file = {{ snap }}/bin/keystone-wsgi-public
|
||||
uwsgi-socket = /var/run/keystone/public.sock
|
||||
buffer-size = 65535
|
||||
http = 0.0.0.0:5000
|
||||
master = true
|
||||
enable-threads = true
|
||||
processes = 4
|
||||
|
|
|
@ -10,13 +10,16 @@ confinement: classic
|
|||
grade: devel
|
||||
|
||||
environment:
|
||||
PATH: $PATH:$SNAP/bin/
|
||||
PATH: $PATH:$SNAP/bin/:$SNAP/usr/sbin
|
||||
PYTHONPATH: $PYTHONPATH:$SNAP/lib/python2.7/site-packages
|
||||
|
||||
apps:
|
||||
api:
|
||||
command: snap-openstack keystone-api
|
||||
uwsgi:
|
||||
command: snap-openstack keystone-uwsgi
|
||||
daemon: simple
|
||||
nginx:
|
||||
command: snap-openstack keystone-nginx
|
||||
daemon: forking
|
||||
manage:
|
||||
command: snap-openstack keystone-manage
|
||||
|
||||
|
@ -34,6 +37,7 @@ parts:
|
|||
- gcc
|
||||
- libffi-dev
|
||||
- libssl-dev
|
||||
stage-packages: [nginx]
|
||||
templates:
|
||||
after: [keystone]
|
||||
plugin: dump
|
||||
|
|
Loading…
Reference in New Issue