From 5986506799ffbf76a7a1b8db64fa66dff909d6fc Mon Sep 17 00:00:00 2001
From: portdirect <pete@port.direct>
Date: Thu, 30 Nov 2017 13:40:31 -0500
Subject: [PATCH] Nova: Move placement API to run behind Apache

This PS moves the placement API to run behind Apache, to match
the recommended deployment method.

Change-Id: Id057ef042cf30300c0cd35265dff6a9c16694c70
---
 nova/templates/bin/_nova-placement-api.sh.tpl | 14 ++++--
 nova/templates/configmap-etc.yaml             |  2 +
 nova/templates/deployment-placement.yaml      |  8 +++
 .../etc/_wsgi-nova-placement.conf.tpl         | 50 +++++++++++++++++++
 nova/values.yaml                              |  3 ++
 5 files changed, 74 insertions(+), 3 deletions(-)
 create mode 100644 nova/templates/etc/_wsgi-nova-placement.conf.tpl

diff --git a/nova/templates/bin/_nova-placement-api.sh.tpl b/nova/templates/bin/_nova-placement-api.sh.tpl
index 07519cc526..f9c8d7c582 100644
--- a/nova/templates/bin/_nova-placement-api.sh.tpl
+++ b/nova/templates/bin/_nova-placement-api.sh.tpl
@@ -20,12 +20,20 @@ set -ex
 COMMAND="${@:-start}"
 
 function start () {
-  exec nova-placement-api \
-        --port {{ .Values.network.placement.port }}
+
+  cp -a $(type -p nova-placement-api) /var/www/cgi-bin/nova/
+
+  if [ -f /etc/apache2/envvars ]; then
+     # Loading Apache2 ENV variables
+     source /etc/apache2/envvars
+  fi
+
+  # Start Apache2
+  exec apache2 -DFOREGROUND
 }
 
 function stop () {
-  kill -TERM 1
+  apachectl -k graceful-stop
 }
 
 $COMMAND
diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
index 7eff0653fc..d70f965922 100644
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@@ -149,6 +149,8 @@ data:
 {{- tuple .Values.conf.rootwrap_filters.network "etc/rootwrap.d/_network.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
   nova.conf: |+
 {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova | indent 4 }}
+  wsgi-nova-placement.conf: |+
+{{- tuple .Values.conf.wsgi_placement "etc/_wsgi-nova-placement.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
   ssh-config.sh: |+
 {{- tuple .Values.conf.ssh "etc/_ssh-config.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
 {{- end }}
diff --git a/nova/templates/deployment-placement.yaml b/nova/templates/deployment-placement.yaml
index d27223be29..a03db3956e 100644
--- a/nova/templates/deployment-placement.yaml
+++ b/nova/templates/deployment-placement.yaml
@@ -62,6 +62,8 @@ spec:
             tcpSocket:
               port: {{ .Values.network.placement.port }}
           volumeMounts:
+            - name: wsgi-nova
+              mountPath: /var/www/cgi-bin/nova
             - name: nova-bin
               mountPath: /tmp/nova-placement-api.sh
               subPath: nova-placement-api.sh
@@ -78,8 +80,14 @@ spec:
               mountPath: /etc/nova/policy.yaml
               subPath: policy.yaml
               readOnly: true
+            - name: nova-etc
+              mountPath: /etc/apache2/conf-enabled/wsgi-nova-placement.conf
+              subPath: wsgi-nova-placement.conf
+              readOnly: true
 {{- if $mounts_nova_placement.volumeMounts }}{{ toYaml $mounts_nova_placement.volumeMounts | indent 12 }}{{ end }}
       volumes:
+        - name: wsgi-nova
+          emptyDir: {}
         - name: nova-bin
           configMap:
             name: nova-bin
diff --git a/nova/templates/etc/_wsgi-nova-placement.conf.tpl b/nova/templates/etc/_wsgi-nova-placement.conf.tpl
new file mode 100644
index 0000000000..860680d49f
--- /dev/null
+++ b/nova/templates/etc/_wsgi-nova-placement.conf.tpl
@@ -0,0 +1,50 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+Listen 0.0.0.0:{{ .Values.network.placement.port }}
+
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+
+SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+CustomLog /dev/stdout combined env=!forwarded
+CustomLog /dev/stdout proxy env=forwarded
+
+<VirtualHost *:{{ .Values.network.placement.port }}>
+    WSGIDaemonProcess placement-api processes=1 threads=4 user=nova group=nova display-name=%{GROUP}
+    WSGIProcessGroup placement-api
+    WSGIScriptAlias / /var/www/cgi-bin/nova/nova-placement-api
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    <IfVersion >= 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    </IfVersion>
+    ErrorLog /dev/stdout
+
+    SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+    CustomLog /dev/stdout combined env=!forwarded
+    CustomLog /dev/stdout proxy env=forwarded
+</VirtualHost>
+
+Alias /placement /var/www/cgi-bin/nova/nova-placement-api
+<Location /placement>
+    SetHandler wsgi-script
+    Options +ExecCGI
+
+    WSGIProcessGroup placement-api
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+</Location>
diff --git a/nova/values.yaml b/nova/values.yaml
index 7b1f5c26f9..f754b4a637 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -941,6 +941,9 @@ conf:
   rootwrap:
     override:
     append:
+  wsgi_placement:
+    override:
+    append:
   rootwrap_filters:
     api_metadata:
       override: