Implement uWSGI for ironic-api

Ironic already had mod_wsgi setup, but this patch moves it to use uWSGI.
Additionally, this moves to use a filtered_services_list for Ironic

The ironic role should be standardized to meet the service setup of
other roles, using a filtered service list, and a dict of services with
settings moves us closer to this.

Change-Id: Ib432380dbc2ea11f9ac005713121a7b42ab97109

defaults/main.yml

@@ -46,13 +46,29 @@ ironic_system_log_folder: "/var/log/{{ ironic_system_user_name }}"
 ironic_lock_path: /var/lock/ironic
 
 # Ironic Program and Service names
-ironic_api_program_name: apache2
-ironic_conductor_program_name: ironic-conductor
-ironic_oneviewd_program_name: ironic-oneviewd
 python_ironic_client_program_name: ironic
-ironic_service_names:
-    - "{{ ironic_api_program_name }}"
-    - "{{ ironic_conductor_program_name }}"
+ironic_services:
+  ironic-api:
+    group: ironic_api
+    service_name: ironic-api
+    init_config_overrides: "{{ ironic_api_init_config_overrides }}"
+    wsgi_overrides: "{{ ironic_api_uwsgi_ini_overrides }}"
+    wsgi_app: True
+    log_string: "--logto "
+    wsgi_name: ironic-api-wsgi
+    uwsgi_port: "{{ ironic_service_port }}"
+    uwsgi_bind_address: "{{ ironic_uwsgi_bind_address }}"
+    program_override: "{{ ironic_bin }}/uwsgi --ini /etc/uwsgi/ironic-api.ini"
+  ironic-conductor:
+    group: ironic_conductor
+    service_name: ironic-conductor
+    init_config_overrides: "{{ ironic_conductor_init_config_overrides }}"
+  ironic-oneviewd:
+    group: ironic_conductor
+    service_name: ironic-oneviewd
+    service_en: "{{ ironic_oneview_enabled | bool }}"
+    init_config_overrides: "{{ ironic_oneviewd_init_config_overrides }}"
+
 
 ironic_service_name: ironic
 ironic_service_type: baremetal
@@ -211,6 +227,7 @@ ironic_pip_packages:
   - python-ironicclient
   - python-memcached
   - python-swiftclient
+  - uwsgi
 
 ## RabbitMQ info
 ironic_rabbitmq_userid: ironic
@@ -222,10 +239,12 @@ ironic_rabbitmq_port: 5672
 # Auth
 ironic_service_user_name: "ironic"
 
-# Apache settings
+# WSGI settings
 ironic_wsgi_threads: 1
 ironic_wsgi_processes_max: 16
 ironic_wsgi_processes: "{{ [[ansible_processor_vcpus|default(4) // 4, 1] | max, ironic_wsgi_processes_max] | min }}"
+ironic_wsgi_buffer_size: 65535
+ironic_uwsgi_bind_address: 0.0.0.0
 
 ### OpenStack Services to integrate with
 
@@ -247,9 +266,11 @@ ironic_ironic_conf_overrides: {}
 ironic_ironic_oneviewd_conf_overrides: {}
 ironic_rootwrap_conf_overrides: {}
 ironic_policy_overrides: {}
+ironic_api_uwsgi_ini_overrides: {}
 
 # pxe boot
 ironic_pxe_append_params: "ipa-debug=1 systemd.journald.forward_to_console=yes"
 
+ironic_api_init_config_overrides: {}
 ironic_conductor_init_config_overrides: {}
 ironic_oneviewd_init_config_overrides: {}

handlers/main.yml

@@ -15,17 +15,11 @@
 
 - name: Restart ironic services
   service:
-    name: "{{ item }}"
+    name: "{{ item.service_name }}"
     state: restarted
-  with_items: "{{ ironic_service_names }}"
-  failed_when: false
-
-- name: Restart ironic-oneviewd
-  service:
-    name: "ironic-oneviewd"
-    state: restarted
-    pattern: "ironic-oneviewd"
-  failed_when: false
+    enabled: yes
+    daemon_reload: yes
+  with_list: "{{ filtered_ironic_services }}"
 
 - name: Restart tftpd-hpa
   service:

tasks/ironic_api_post_install.yml

@@ -1,65 +0,0 @@
----
-# Copyright 2014, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- name: Setup Ironic Apache site conf
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: "root"
-    group: "root"
-  with_items:
-    - { src: "ironic-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
-    - { src: "ironic-httpd.conf.j2", dest: "/etc/apache2/sites-available/ironic-httpd.conf" }
-  notify:
-    - Restart ironic services
-
-- name: Disable default apache site
-  file:
-    path: "/etc/apache2/sites-enabled/000-default.conf"
-    state: "absent"
-  when: not ironic_standalone
-  notify:
-    - Restart ironic services
-
-- name: Enable default apache site vhost
-  file:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    state: "{{ item.state }}"
-  with_items:
-    - { src: "/etc/apache2/sites-available/000-default.conf", dest: "/etc/apache2/sites-enabled/000-default.conf", state: "link" }
-  when: ironic_standalone
-  notify:
-    - Restart ironic services
-
-- name: Enable ironic vhost
-  file:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    state: "{{ item.state }}"
-  with_items:
-    - { src: "/etc/apache2/sites-available/ironic-httpd.conf", dest: "/etc/apache2/sites-enabled/ironic-httpd.conf", state: "link" }
-  notify:
-    - Restart ironic services
-
-- name: Setup Ironic WSGI Configs
-  template:
-    src: "ironic-wsgi.py.j2"
-    dest: "/var/www/cgi-bin/ironic/ironic.wsgi"
-    owner: "{{ ironic_system_user_name }}"
-    group: "{{ ironic_system_group_name }}"
-    mode: "0755"
-  notify:
-    - Restart ironic services

tasks/ironic_init.yml

@@ -1,24 +0,0 @@
----
-# Copyright 2014, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- include: ironic_init_common.yml
-  vars:
-    program_name: "{{ ironic_conductor_program_name }}"
-    service_name: "{{ ironic_service_name }}"
-    system_user: "{{ ironic_system_user_name }}"
-    system_group: "{{ ironic_system_group_name }}"
-    service_home: "{{ ironic_system_home_folder }}"
-    init_config_overrides: "{{ ironic_conductor_init_config_overrides }}"
-  when: inventory_hostname in groups['ironic_conductor']

tasks/ironic_init_common.yml

@@ -1,26 +0,0 @@
----
-# Copyright 2016, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- include: ironic_init_systemd.yml
-  static: no
-  when:
-    - ansible_service_mgr == 'systemd'
-
-- name: Load service
-  service:
-   name: "{{ program_name }}"
-   enabled: "yes"
-  notify:
-    - Restart ironic services

tasks/ironic_init_systemd.yml

@@ -15,49 +15,42 @@
 
 - name: Create TEMP run dir
   file:
-    path: "/var/run/{{ program_name }}"
+    path: "/var/run/{{ item.service_name }}"
     state: directory
-    owner: "{{ system_user }}"
-    group: "{{ system_group }}"
+    owner: "{{ ironic_system_user_name }}"
+    group: "{{ ironic_system_group_name }}"
     mode: "02755"
+  with_items: "{{ filtered_ironic_services }}"
 
 - name: Create TEMP lock dir
   file:
-    path: "/var/lock/{{ program_name }}"
+    path: "/var/lock/{{ item.service_name }}"
     state: directory
-    owner: "{{ system_user }}"
-    group: "{{ system_group }}"
+    owner: "{{ ironic_system_user_name }}"
+    group: "{{ ironic_system_group_name }}"
     mode: "02755"
-
-# TODO(mgariepy):
-# Remove this in Pike as it only needed to handle upgrades
-# from Newton->Newton and Newton->Ocata
-- name: Cleanup old tmpfiles.d entry
-  file:
-    path: "/etc/tmpfiles.d/{{ program_name }}.conf"
-    state: absent
+  with_items: "{{ filtered_ironic_services }}"
 
 - name: Create tmpfiles.d entry
   template:
     src: "ironic-systemd-tmpfiles.j2"
-    dest: "/etc/tmpfiles.d/openstack-{{ program_name }}.conf"
+    dest: "/etc/tmpfiles.d/openstack-{{ item.service_name }}.conf"
     mode: "0644"
     owner: "root"
     group: "root"
+  with_items: "{{ filtered_ironic_services }}"
+  notify:
+    - Restart ironic services
 
 - name: Place the systemd init script
   config_template:
     src: "ironic-systemd-init.j2"
-    dest: "/etc/systemd/system/{{ program_name }}.service"
+    dest: "/etc/systemd/system/{{ item.service_name }}.service"
     mode: "0644"
     owner: "root"
     group: "root"
-    config_overrides: "{{ init_config_overrides }}"
+    config_overrides: "{{ item.init_config_overrides }}"
     config_type: "ini"
-  register: systemd_init
-
-- name: Reload the systemd daemon
-  command: "systemctl daemon-reload"
-  when: systemd_init | changed
+  with_items: "{{ filtered_ironic_services }}"
   notify:
     - Restart ironic services

tasks/ironic_oneview_setup.yml

@@ -38,15 +38,6 @@
   retries: 5
   delay: 2
 
-- include: ironic_init_common.yml
-  vars:
-    program_name: "{{ ironic_oneviewd_program_name }}"
-    service_name: "{{ ironic_service_name }}"
-    system_user: "{{ ironic_system_user_name }}"
-    system_group: "{{ ironic_system_group_name }}"
-    service_home: "{{ ironic_system_home_folder }}"
-    init_config_overrides: "{{ ironic_oneviewd_init_config_overrides }}"
-
 - name: Generate ironic-oneviewd config
   config_template:
     src: "ironic-oneviewd.conf.j2"
@@ -56,4 +47,4 @@
     mode: "0644"
     config_overrides: "{{ ironic_ironic_oneviewd_conf_overrides }}"
     config_type: "ini"
-  notify: Restart ironic-oneviewd
+  notify: Restart ironic services

tasks/ironic_uwsgi.yml

@@ -0,0 +1,44 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Setup Ironic WSGI Configs
+  template:
+    src: "ironic-wsgi.py.j2"
+    dest: "{{ ironic_bin }}/{{ item.wsgi_name }}.wsgi"
+    owner: "{{ ironic_system_user_name }}"
+    group: "{{ ironic_system_group_name }}"
+    mode: "0755"
+  with_list: "{{ filtered_ironic_services }}"
+  when: item.wsgi_app | default(False)
+  notify:
+    - Restart ironic services
+
+- name: Ensure uWSGI directory exists
+  file:
+    path: "/etc/uwsgi/"
+    state: directory
+    mode: "0711"
+
+- name: Apply uWSGI configuration
+  config_template:
+    src: "ironic-uwsgi.ini.j2"
+    dest: "/etc/uwsgi/{{ item.service_name }}.ini"
+    mode: "0744"
+    config_overrides: "{{ item.wsgi_overrides }}"
+    config_type: ini
+  with_list: "{{ filtered_ironic_services }}"
+  when: item.wsgi_app | default(False)
+  notify:
+    - Restart ironic services

tasks/main.yml

@@ -33,16 +33,13 @@
     - ironic-install
 
 - include: ironic_oneview_setup.yml
-  when:
-    - ironic_oneview_enabled | bool
-    - inventory_hostname in groups['ironic_conductor']
+  when: "'ironic-oneviewd' in (filtered_ironic_services | map(attribute='service_key') | list)"
 
 - include: ironic_post_install.yml
   tags:
     - ironic-config
 
-- include: ironic_api_post_install.yml
-  when: inventory_hostname in groups['ironic_api']
+- include: ironic_uwsgi.yml
   tags:
     - ironic-config
 
@@ -56,7 +53,7 @@
   tags:
     - ironic-config
 
-- include: ironic_init.yml
+- include: "ironic_init_{{ ansible_service_mgr }}.yml"
   tags:
     - ironic-config
 

templates/ironic-httpd.conf.j2

@@ -1,20 +0,0 @@
-# {{ ansible_managed }}
-
-<VirtualHost *:{{ ironic_service_port }}>
-    WSGIDaemonProcess ironic-api user={{ ironic_system_user_name }} group={{ ironic_system_group_name }} processes={{ ironic_wsgi_processes }} threads={{ ironic_wsgi_threads }} display-name=%{GROUP}
-    WSGIScriptAlias / /var/www/cgi-bin/ironic/ironic.wsgi
-    SetEnv APACHE_RUN_USER {{ ironic_system_user_name }}
-    SetEnv APACHE_RUN_GROUP {{ ironic_system_group_name }}
-    WSGIProcessGroup ironic-api
-
-    ErrorLog /var/log/ironic/ironic_error.log
-    LogLevel info
-    CustomLog /var/log/ironic/ironic_access.log combined
-
-    <Directory /var/www/cgi-bin/ironic/>
-        WSGIProcessGroup ironic-api
-        WSGIApplicationGroup %{GLOBAL}
-        AllowOverride All
-        Require all granted
-    </Directory>
-</VirtualHost>

templates/ironic-ports.conf.j2

@@ -1,7 +0,0 @@
-# {{ ansible_managed }}
-
-Listen {{ ironic_service_port }}
-{% if ironic_standalone %}
-Listen 80
-{% endif %}
-

templates/ironic-systemd-init.j2

@@ -7,13 +7,13 @@ After=network.target
 
 [Service]
 Type=simple
-User={{ system_user }}
-Group={{ system_group }}
+User={{ ironic_system_user_name }}
+Group={{ ironic_system_group_name }}
 
-{% if program_override is defined %}
-ExecStart={{ program_override }} {{ program_config_options|default('') }} --log-file=/var/log/ironic/{{ program_name }}.log
+{% if item.program_override is defined %}
+ExecStart={{ item.program_override }} {{ item.program_config_options|default('') }} {{ item.log_string | default('--log-file=') }}/var/log/ironic/{{ item.service_name }}.log
 {% else %}
-ExecStart={{ ironic_bin }}/{{ program_name }} {{ program_config_options|default('') }} --log-file=/var/log/ironic/{{ program_name }}.log
+ExecStart={{ ironic_bin }}/{{ item.service_name }} {{ item.program_config_options|default('') }} --log-file=/var/log/ironic/{{ item.service_name }}.log
 {% endif %}
 
 # Give a reasonable amount of time for the server to start up/shut down

templates/ironic-systemd-tmpfiles.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
 
-D /var/lock/{{ program_name }} 2755 {{ system_user }} {{ system_group }}
-D /var/run/{{ program_name }} 2755 {{ system_user }} {{ system_group }}
-D {{ ironic_lock_path }} 2755 {{ system_user }} {{ system_group }}
+D /var/lock/{{ item.service_name }} 2755 {{ ironic_system_user_name }} {{ ironic_system_group_name }}
+D /var/run/{{ item.service_name }} 2755 {{ ironic_system_user_name }} {{ ironic_system_group_name }}
+D {{ ironic_lock_path }} 2755 {{ ironic_system_user_name }} {{ ironic_system_group_name }}

templates/ironic-uwsgi.ini.j2

@@ -0,0 +1,19 @@
+[uwsgi]
+uid = {{ ironic_system_user_name }}
+gid = {{ ironic_system_group_name }}
+
+virtualenv = /openstack/venvs/ironic-{{ ironic_venv_tag }}
+wsgi-file = {{ ironic_bin }}/{{ item.wsgi_name }}.wsgi
+http-socket = {{ item.uwsgi_bind_address }}:{{ item.uwsgi_port }}
+
+master = true
+enable-threads = true
+processes = {{ ironic_wsgi_processes }}
+threads = {{ ironic_wsgi_threads }}
+exit-on-reload = true
+die-on-term = true
+lazy-apps = true
+add-header = Connection: close
+buffer-size = {{ ironic_wsgi_buffer_size }}
+thunder-lock = true
+logfile-chmod = 644

vars/main.yml

@@ -30,3 +30,15 @@ ironic_packages_list: >
   {%-   endif %}
   {%- endif %}
   {{- package_list -}}
+
+filtered_ironic_services: |-
+  {% set services = [] %}
+  {% for key, value in ironic_services.items() %}
+  {%   if (value['group'] in group_names) and
+          (('service_en' not in value) or
+           ('service_en' in value and value['service_en'])) %}
+  {%     set _ = value.update({'service_key': key}) %}
+  {%     set _ = services.append(value) %}
+  {%   endif %}
+  {% endfor %}
+  {{ services }}

vars/ubuntu-16.04.yml

@@ -19,10 +19,7 @@ ironic_developer_mode_distro_packages:
   - git-core
   - libffi-dev
 
-ironic_api_distro_packages:
-  - apache2
-  - apache2-utils
-  - libapache2-mod-wsgi
+ironic_api_distro_packages: []
 
 ironic_conductor_distro_packages:
   - libxml2-dev