Convert Nova APIs to WSGI services

To be consistent with the install guide[1], the Nova services should be
deployed as WSGI services.

[1] https://docs.openstack.org/nova/queens/install/controller-install-ubuntu.html

Change-Id: I49a767724e744f98d7f008411755c063f96a4c9d
This commit is contained in:
Samuel Cassiba 2018-06-15 09:15:48 -07:00
parent 3a4c7f6b6f
commit 4992010231
13 changed files with 134 additions and 81 deletions

View File

@ -33,15 +33,17 @@ default['openstack']['compute']['rootwrap']['use_syslog'] = 'False'
default['openstack']['compute']['rootwrap']['syslog_log_facility'] = 'syslog'
default['openstack']['compute']['rootwrap']['syslog_log_level'] = 'ERROR'
# Placement API settings
default['openstack']['placement']['ssl']['enabled'] = false
default['openstack']['placement']['ssl']['certfile'] = ''
default['openstack']['placement']['ssl']['chainfile'] = ''
default['openstack']['placement']['ssl']['keyfile'] = ''
default['openstack']['placement']['ssl']['ca_certs_path'] = ''
default['openstack']['placement']['ssl']['cert_required'] = false
default['openstack']['placement']['ssl']['protocol'] = ''
default['openstack']['placement']['ssl']['ciphers'] = ''
# SSL settings
%w(api placement metadata).each do |service|
default['openstack']['compute'][service]['ssl']['enabled'] = false
default['openstack']['compute'][service]['ssl']['certfile'] = ''
default['openstack']['compute'][service]['ssl']['chainfile'] = ''
default['openstack']['compute'][service]['ssl']['keyfile'] = ''
default['openstack']['compute'][service]['ssl']['ca_certs_path'] = ''
default['openstack']['compute'][service]['ssl']['cert_required'] = false
default['openstack']['compute'][service]['ssl']['protocol'] = ''
default['openstack']['compute'][service]['ssl']['ciphers'] = ''
end
# Platform specific settings
case node['platform_family']
@ -81,8 +83,8 @@ when 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
}
when 'debian'
default['openstack']['compute']['platform'] = {
'api_os_compute_packages' => ['nova-api-os-compute'],
'api_os_compute_service' => 'nova-api-os-compute',
'api_os_compute_packages' => ['nova-api'],
'api_os_compute_service' => 'nova-api',
'api_placement_packages' => ['nova-placement-api'],
'api_placement_service' => 'nova-placement-api',
'memcache_python_packages' => ['python-memcache'],
@ -144,6 +146,7 @@ end
default['openstack']['endpoints'][type]['compute-novnc']['path'] = '/vnc_auto.html'
# The OpenStack Compute (Nova) metadata API endpoint
default['openstack']['endpoints'][type]['compute-metadata-api']['port'] = '8775'
default['openstack']['endpoints'][type]['compute-metadata-api']['path'] = ''
# The OpenStack Compute (Nova) serial proxy endpoint
default['openstack']['endpoints'][type]['compute-serial-proxy']['scheme'] = 'ws'
default['openstack']['endpoints'][type]['compute-serial-proxy']['port'] = '6083'
@ -161,7 +164,9 @@ default['openstack']['bind_service']['all']['compute-xvpvnc']['port'] = '6081'
default['openstack']['bind_service']['all']['compute-vnc']['port'] = '6081'
default['openstack']['bind_service']['all']['compute-serial-proxy']['port'] = '6081'
default['openstack']['bind_service']['all']['compute-novnc']['port'] = '6080'
default['openstack']['bind_service']['all']['compute-metadata-api']['host'] = '127.0.0.1'
default['openstack']['bind_service']['all']['compute-metadata-api']['port'] = '8775'
default['openstack']['bind_service']['all']['compute-api']['host'] = '127.0.0.1'
default['openstack']['bind_service']['all']['compute-api']['port'] = '8774'
default['openstack']['bind_service']['all']['placement-api']['port'] = '8778'
default['openstack']['bind_service']['all']['placement-api']['host'] = '127.0.0.1'

View File

@ -21,6 +21,7 @@ default['openstack']['compute']['conf'].tap do |conf|
conf['keystone_authtoken']['project_domain_name'] = 'Default'
conf['keystone_authtoken']['project_name'] = 'service'
conf['keystone_authtoken']['auth_version'] = 'v3'
conf['keystone_authtoken']['service_token_roles_required'] = true
# [libvirt]
conf['libvirt']['virt_type'] = 'kvm'

View File

@ -5,6 +5,7 @@
#
# Copyright 2012, Rackspace US, Inc.
# Copyright 2013, Craig Tracey <craigtracey@gmail.com>
# Copyright 2018, Workday, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -25,6 +26,13 @@ class ::Chef::Recipe
include ::Openstack
end
execute 'nova-metadata: set-selinux-permissive' do
command '/sbin/setenforce Permissive'
action :run
only_if "[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]"
end
include_recipe 'openstack-compute::nova-common'
platform_options = node['openstack']['compute']['platform']
@ -46,9 +54,39 @@ end
service 'nova-api-metadata' do
service_name platform_options['compute_api_metadata_service']
supports status: true, restart: true
action [:enable, :start]
subscribes :restart, [
'template[/etc/nova/nova.conf]',
'template[/etc/nova/api-paste.ini]',
]
action [:disable, :stop]
end
bind_service = node['openstack']['bind_service']['all']['compute-metadata-api']
web_app 'nova-metadata' do
template 'wsgi-template.conf.erb'
daemon_process 'nova-metadata'
server_host bind_service['host']
server_port bind_service['port']
server_entry '/usr/bin/nova-metadata-wsgi'
log_dir node['apache']['log_dir']
run_dir node['apache']['run_dir']
user node['openstack']['compute']['user']
group node['openstack']['compute']['group']
use_ssl node['openstack']['compute']['metadata']['ssl']['enabled']
cert_file node['openstack']['compute']['metadata']['ssl']['certfile']
chain_file node['openstack']['compute']['metadata']['ssl']['chainfile']
key_file node['openstack']['compute']['metadata']['ssl']['keyfile']
ca_certs_path node['openstack']['compute']['metadata']['ssl']['ca_certs_path']
cert_required node['openstack']['compute']['metadata']['ssl']['cert_required']
protocol node['openstack']['compute']['metadata']['ssl']['protocol']
ciphers node['openstack']['compute']['metadata']['ssl']['ciphers']
end
execute 'nova-metadata apache restart' do
command 'uname'
notifies :run, 'execute[nova-metadata: restore-selinux-context]', :immediately
notifies :restart, 'service[apache2]', :immediately
end
execute 'nova-metadata: restore-selinux-context' do
command 'restorecon -Rv /etc/httpd /etc/pki || :'
action :nothing
only_if { platform_family?('rhel') }
end

View File

@ -4,6 +4,7 @@
# Recipe:: api-os-compute
#
# Copyright 2012, Rackspace US, Inc.
# Copyright 2018, Workday, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -22,6 +23,13 @@ class ::Chef::Recipe
include ::Openstack
end
execute 'nova-api: set-selinux-permissive' do
command '/sbin/setenforce Permissive'
action :run
only_if "[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]"
end
include_recipe 'openstack-compute::nova-common'
platform_options = node['openstack']['compute']['platform']
@ -54,11 +62,41 @@ end
service 'nova-api-os-compute' do
service_name platform_options['api_os_compute_service']
supports status: true, restart: true
action [:enable, :start]
subscribes :restart, [
'template[/etc/nova/nova.conf]',
'template[/etc/nova/api-paste.ini]',
]
action [:disable, :stop]
end
bind_service = node['openstack']['bind_service']['all']['compute-api']
web_app 'nova-api' do
template 'wsgi-template.conf.erb'
daemon_process 'nova-api'
server_host bind_service['host']
server_port bind_service['port']
server_entry '/usr/bin/nova-api-wsgi'
log_dir node['apache']['log_dir']
run_dir node['apache']['run_dir']
user node['openstack']['compute']['user']
group node['openstack']['compute']['group']
use_ssl node['openstack']['compute']['api']['ssl']['enabled']
cert_file node['openstack']['compute']['api']['ssl']['certfile']
chain_file node['openstack']['compute']['api']['ssl']['chainfile']
key_file node['openstack']['compute']['api']['ssl']['keyfile']
ca_certs_path node['openstack']['compute']['api']['ssl']['ca_certs_path']
cert_required node['openstack']['compute']['api']['ssl']['cert_required']
protocol node['openstack']['compute']['api']['ssl']['protocol']
ciphers node['openstack']['compute']['api']['ssl']['ciphers']
end
include_recipe 'openstack-compute::_nova_cell'
execute 'nova-api apache restart' do
command 'uname'
notifies :run, 'execute[nova-api: restore-selinux-context]', :immediately
notifies :restart, 'service[apache2]', :immediately
end
execute 'nova-api: restore-selinux-context' do
command 'restorecon -Rv /etc/httpd /etc/pki || :'
action :nothing
only_if { platform_family?('rhel') }
end

View File

@ -115,8 +115,6 @@ vnc_bind = node['openstack']['bind_service']['all']['compute-vnc']
vnc_bind_address = bind_address vnc_bind
vnc_proxy_bind = node['openstack']['bind_service']['all']['compute-vnc-proxy']
vnc_proxy_bind_address = bind_address vnc_proxy_bind
compute_api_bind = node['openstack']['bind_service']['all']['compute-api']
compute_api_bind_address = bind_address compute_api_bind
compute_api_endpoint = internal_endpoint 'compute-api'
compute_metadata_api_bind = node['openstack']['bind_service']['all']['compute-metadata-api']
compute_metadata_api_bind_address = bind_address compute_metadata_api_bind
@ -157,13 +155,6 @@ node.default['openstack']['compute']['conf'].tap do |conf|
conf['DEFAULT']['iscsi_helper'] = platform_options['iscsi_helper']
# conf['DEFAULT']['scheduler_default_filters'] = node['openstack']['compute']['scheduler']['default_filters'].join(',')
if node['openstack']['compute']['conf']['DEFAULT']['enabled_apis'].include?('osapi_compute')
conf['DEFAULT']['osapi_compute_listen'] = compute_api_bind_address
conf['DEFAULT']['osapi_compute_listen_port'] = compute_api_bind['port']
end
# if node['openstack']['mq']['compute']['rabbit']['ha']
# conf['DEFAULT']['rabbit_hosts'] = rabbit_hosts
# end
conf['DEFAULT']['metadata_listen'] = compute_metadata_api_bind_address
conf['DEFAULT']['metadata_listen_port'] = compute_metadata_api_bind['port']
conf['vnc']['novncproxy_base_url'] = novnc_endpoint.to_s
@ -192,8 +183,6 @@ node.default['openstack']['compute']['conf'].tap do |conf|
"#{image_endpoint.scheme}://#{image_endpoint.host}:#{image_endpoint.port}"
# [neutron] section
conf['neutron']['url'] =
"#{network_endpoint.scheme}://#{network_endpoint.host}:#{network_endpoint.port}"
conf['neutron']['auth_url'] = identity_endpoint.to_s
# [serial_console] section

View File

@ -61,12 +61,12 @@ web_app 'nova-placement-api' do
run_dir node['apache']['run_dir']
user node['openstack']['compute']['user']
group node['openstack']['compute']['group']
use_ssl node['openstack']['placement']['ssl']['enabled']
cert_file node['openstack']['placement']['ssl']['certfile']
chain_file node['openstack']['placement']['ssl']['chainfile']
key_file node['openstack']['placement']['ssl']['keyfile']
ca_certs_path node['openstack']['placement']['ssl']['ca_certs_path']
cert_required node['openstack']['placement']['ssl']['cert_required']
protocol node['openstack']['placement']['ssl']['protocol']
ciphers node['openstack']['placement']['ssl']['ciphers']
use_ssl node['openstack']['compute']['placement']['ssl']['enabled']
cert_file node['openstack']['compute']['placement']['ssl']['certfile']
chain_file node['openstack']['compute']['placement']['ssl']['chainfile']
key_file node['openstack']['compute']['placement']['ssl']['keyfile']
ca_certs_path node['openstack']['compute']['placement']['ssl']['ca_certs_path']
cert_required node['openstack']['compute']['placement']['ssl']['cert_required']
protocol node['openstack']['compute']['placement']['ssl']['protocol']
ciphers node['openstack']['compute']['placement']['ssl']['ciphers']
end

View File

@ -17,8 +17,12 @@ describe 'openstack-compute::api-metadata' do
expect(chef_run).to upgrade_package 'openstack-nova-api'
end
it 'starts metadata api on boot' do
expect(chef_run).to enable_service 'nova-api-metadata'
it 'disables metadata api on boot' do
expect(chef_run).to disable_service 'nova-api-metadata'
end
it 'stops metadata api now' do
expect(chef_run).to stop_service 'nova-api-metadata'
end
end
end

View File

@ -18,18 +18,12 @@ describe 'openstack-compute::api-metadata' do
expect(chef_run).to upgrade_package 'nova-api-metadata'
end
it 'starts metadata api on boot' do
expect(chef_run).to enable_service 'nova-api-metadata'
it 'disables metadata api on boot' do
expect(chef_run).to disable_service 'nova-api-metadata'
end
it 'starts metadata api now' do
expect(chef_run).to start_service 'nova-api-metadata'
it 'stop metadata api now' do
expect(chef_run).to stop_service 'nova-api-metadata'
end
it do
template = chef_run.template('/etc/nova/api-paste.ini')
expect(template).to notify('service[nova-api-metadata]').to(:restart)
end
# expect_creates_api_paste 'service[nova-api-metadata]'
end
end

View File

@ -25,12 +25,12 @@ describe 'openstack-compute::api-os-compute' do
expect(chef_run).to upgrade_package 'openstack-nova-api'
end
it 'starts openstack api on boot' do
expect(chef_run).to enable_service 'openstack-nova-api'
it 'disables openstack api on boot' do
expect(chef_run).to disable_service 'openstack-nova-api'
end
it 'starts openstack api now' do
expect(chef_run).to start_service 'openstack-nova-api'
it 'stops openstack api now' do
expect(chef_run).to stop_service 'openstack-nova-api'
end
end
end

View File

@ -23,20 +23,15 @@ describe 'openstack-compute::api-os-compute' do
end
it 'upgrades openstack api packages' do
expect(chef_run).to upgrade_package 'nova-api-os-compute'
expect(chef_run).to upgrade_package 'nova-api'
end
it 'starts openstack api on boot' do
expect(chef_run).to enable_service 'nova-api-os-compute'
it 'disables openstack api on boot' do
expect(chef_run).to disable_service 'nova-api-os-compute'
end
it 'starts openstack api now' do
expect(chef_run).to start_service 'nova-api-os-compute'
it 'stops openstack api now' do
expect(chef_run).to stop_service 'nova-api-os-compute'
end
it do
template = chef_run.template('/etc/nova/api-paste.ini')
expect(template).to notify('service[nova-api-os-compute]').to(:restart)
end
# expect_creates_api_paste 'service[nova-api-os-compute]'
end
end

View File

@ -98,13 +98,6 @@ describe 'openstack-compute::nova-common' do
end
end
it 'has default compute ip and port options set' do
[/^osapi_compute_listen = 127.0.0.1$/,
/^osapi_compute_listen_port = 8774$/].each do |line|
expect(chef_run).to render_file(file.name).with_content(line)
end
end
it 'has default metadata ip and port options set' do
[/^metadata_listen = 127.0.0.1$/,
/^metadata_listen_port = 8775$/].each do |line|
@ -129,6 +122,7 @@ describe 'openstack-compute::nova-common' do
'project_name = service',
'user_domain_name = Default',
'project_domain_name = Default',
'service_token_roles_required = true',
].each do |line|
expect(chef_run).to render_config_file(file.name)\
.with_section_content('keystone_authtoken', /^#{Regexp.quote(line)}$/)
@ -169,19 +163,12 @@ describe 'openstack-compute::nova-common' do
/^project_name = service$/,
/^user_domain_name = Default/,
/^project_domain_name = Default/,
%r{^url = http://127.0.0.1:9696$},
].each do |line|
expect(chef_run).to render_config_file(file.name)\
.with_section_content('neutron', line)
end
end
it 'sets scheme for neutron' do
node.set['openstack']['endpoints']['internal']['network']['scheme'] = 'https'
expect(chef_run).to render_config_file(file.name)\
.with_section_content('neutron', %r{^url = https://127.0.0.1:9696$})
end
context 'rabbit mq backend' do
describe 'ha rabbit disabled' do
before do

View File

@ -85,6 +85,7 @@ shared_context 'compute_stubs' do
# stub_command('nova-manage network list | grep 192.168.200.0/24').and_return(false)
# stub_command("nova-manage floating list |grep -E '.*([0-9]{1,3}[.]){3}[0-9]{1,3}*'").and_return(false)
stub_command('/usr/sbin/apache2 -t').and_return(true)
stub_command('/usr/sbin/httpd -t').and_return(true)
stub_command('virsh net-list | grep -q default').and_return(true)
stub_command('ovs-vsctl br-exists br-int').and_return(true)
stub_command('ovs-vsctl br-exists br-tun').and_return(true)
@ -94,6 +95,7 @@ shared_context 'compute_stubs' do
stub_command('nova-manage cell_v2 list_cells | grep -q cell0').and_return(false)
stub_command('nova-manage cell_v2 list_cells | grep -q cell1').and_return(false)
stub_command('nova-manage cell_v2 discover_hosts').and_return(true)
stub_command("[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]").and_return(true)
end
end

View File

@ -1,4 +1,4 @@
<%= node["openstack"]["compute"]["custom_template_banner"] %>
<%= node['openstack']['compute']['custom_template_banner'] %>
Listen <%= @params[:server_host] %>:<%= @params[:server_port] %>