openstack
/
devstack
Code Issues Proposed changes

Factor out code to write uwsgi config files 

Instead of this code all existing in keystone inline, factor out into
a dedicated set of functions, and make keystone use this. This drops
uwsgi supporting https directly, but that's not going to be a
supported model going forward once we get to proxy only anyway.

Change-Id: I1d89be1f1b36f26eaf543b99bde6fdc5701474fe
This commit is contained in:
Sean Dague 2017-04-13 09:08:39 -04:00
parent 2b85cf0f06
commit 2f8c88e053
2 changed files with 61 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
lib/apache
View File

@ -181,6 +181,59 @@ function reload_apache_server {
reload_service $APACHE_NAME
}
function write_uwsgi_config {
local file=$1
local wsgi=$2
local url=$3
local http=$4
local name=""
name=$(basename $wsgi)
local socket="/tmp/${name}.socket"
# always cleanup given that we are using iniset here
rm -rf $file
iniset "$file" uwsgi wsgi-file "$wsgi"
iniset "$file" uwsgi socket "$socket"
iniset "$file" uwsgi processes $API_WORKERS
# This is running standalone
iniset "$file" uwsgi master true
# Set die-on-term & exit-on-reload so that uwsgi shuts down
iniset "$file" uwsgi die-on-term true
iniset "$file" uwsgi exit-on-reload true
iniset "$file" uwsgi enable-threads true
iniset "$file" uwsgi plugins python
# uwsgi recommends this to prevent thundering herd on accept.
iniset "$file" uwsgi thunder-lock true
# Override the default size for headers from the 4k default.
iniset "$file" uwsgi buffer-size 65535
# Make sure the client doesn't try to re-use the connection.
iniset "$file" uwsgi add-header "Connection: close"
# This ensures that file descriptors aren't shared between processes.
iniset "$file" uwsgi lazy-apps true
iniset "$file" uwsgi chmod-socket 666
# If we said bind directly to http, then do that and don't start the apache proxy
if [[ -n "$http" ]]; then
iniset "$file" uwsgi http $http
else
local apache_conf=""
apache_conf=$(apache_site_config_for $name)
echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\"" | sudo tee $apache_conf
enable_apache_site $name
reload_apache_server
fi
}
function remove_uwsgi_config {
local file=$1
local wsgi=$2
local name=""
name=$(basename $wsgi)
rm -rf $file
disable_apache_site $name
}
# Restore xtrace
$_XTRACE_LIB_APACHE

47
lib/keystone
View File

@ -50,6 +50,10 @@ fi
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
KEYSTONE_PUBLIC_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
KEYSTONE_ADMIN_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
KEYSTONE_PUBLIC_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-public
KEYSTONE_ADMIN_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-admin
# Toggle for deploying Keystone under HTTPD + mod_wsgi
# Deprecated in Mitaka, use KEYSTONE_DEPLOY instead.
@ -293,44 +297,9 @@ function configure_keystone {
_config_keystone_apache_wsgi
else # uwsgi
# iniset creates these files when it's called if they don't exist.
KEYSTONE_PUBLIC_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
KEYSTONE_ADMIN_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
rm -f "$KEYSTONE_PUBLIC_UWSGI_FILE"
rm -f "$KEYSTONE_ADMIN_UWSGI_FILE"
if is_ssl_enabled_service key; then
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi https $KEYSTONE_SERVICE_HOST:$service_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi https $KEYSTONE_ADMIN_BIND_HOST:$auth_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
else
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi http $KEYSTONE_SERVICE_HOST:$service_port
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi http $KEYSTONE_ADMIN_BIND_HOST:$auth_port
fi
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-public"
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi processes $(nproc)
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-admin"
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi processes $API_WORKERS
# Common settings
for file in "$KEYSTONE_PUBLIC_UWSGI_FILE" "$KEYSTONE_ADMIN_UWSGI_FILE"; do
# This is running standalone
iniset "$file" uwsgi master true
# Set die-on-term & exit-on-reload so that uwsgi shuts down
iniset "$file" uwsgi die-on-term true
iniset "$file" uwsgi exit-on-reload true
iniset "$file" uwsgi enable-threads true
iniset "$file" uwsgi plugins python
# uwsgi recommends this to prevent thundering herd on accept.
iniset "$file" uwsgi thunder-lock true
# Override the default size for headers from the 4k default.
iniset "$file" uwsgi buffer-size 65535
# Make sure the client doesn't try to re-use the connection.
iniset "$file" uwsgi add-header "Connection: close"
# This ensures that file descriptors aren't shared between processes.
iniset "$file" uwsgi lazy-apps true
done
write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity" "$KEYSTONE_SERVICE_HOST:$service_port"
write_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" "/identity_admin" "$KEYSTONE_ADMIN_BIND_HOST:$auth_port"
fi
iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
@ -604,8 +573,8 @@ function start_keystone {
# TODO(sdague): we should really get down to a single keystone here
enable_service key-p
enable_service key-a
run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_FILE" ""
run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_FILE" ""
run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" ""
run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_CONF" ""
fi
echo "Waiting for keystone to start..."