Convert Nova APIs to WSGI services
To be consistent with the install guide[1], the Nova services should be deployed as WSGI services. [1] https://docs.openstack.org/nova/queens/install/controller-install-ubuntu.html Change-Id: I49a767724e744f98d7f008411755c063f96a4c9d
This commit is contained in:
parent
3a4c7f6b6f
commit
4992010231
|
@ -33,15 +33,17 @@ default['openstack']['compute']['rootwrap']['use_syslog'] = 'False'
|
|||
default['openstack']['compute']['rootwrap']['syslog_log_facility'] = 'syslog'
|
||||
default['openstack']['compute']['rootwrap']['syslog_log_level'] = 'ERROR'
|
||||
|
||||
# Placement API settings
|
||||
default['openstack']['placement']['ssl']['enabled'] = false
|
||||
default['openstack']['placement']['ssl']['certfile'] = ''
|
||||
default['openstack']['placement']['ssl']['chainfile'] = ''
|
||||
default['openstack']['placement']['ssl']['keyfile'] = ''
|
||||
default['openstack']['placement']['ssl']['ca_certs_path'] = ''
|
||||
default['openstack']['placement']['ssl']['cert_required'] = false
|
||||
default['openstack']['placement']['ssl']['protocol'] = ''
|
||||
default['openstack']['placement']['ssl']['ciphers'] = ''
|
||||
# SSL settings
|
||||
%w(api placement metadata).each do |service|
|
||||
default['openstack']['compute'][service]['ssl']['enabled'] = false
|
||||
default['openstack']['compute'][service]['ssl']['certfile'] = ''
|
||||
default['openstack']['compute'][service]['ssl']['chainfile'] = ''
|
||||
default['openstack']['compute'][service]['ssl']['keyfile'] = ''
|
||||
default['openstack']['compute'][service]['ssl']['ca_certs_path'] = ''
|
||||
default['openstack']['compute'][service]['ssl']['cert_required'] = false
|
||||
default['openstack']['compute'][service]['ssl']['protocol'] = ''
|
||||
default['openstack']['compute'][service]['ssl']['ciphers'] = ''
|
||||
end
|
||||
|
||||
# Platform specific settings
|
||||
case node['platform_family']
|
||||
|
@ -81,8 +83,8 @@ when 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
|
|||
}
|
||||
when 'debian'
|
||||
default['openstack']['compute']['platform'] = {
|
||||
'api_os_compute_packages' => ['nova-api-os-compute'],
|
||||
'api_os_compute_service' => 'nova-api-os-compute',
|
||||
'api_os_compute_packages' => ['nova-api'],
|
||||
'api_os_compute_service' => 'nova-api',
|
||||
'api_placement_packages' => ['nova-placement-api'],
|
||||
'api_placement_service' => 'nova-placement-api',
|
||||
'memcache_python_packages' => ['python-memcache'],
|
||||
|
@ -144,6 +146,7 @@ end
|
|||
default['openstack']['endpoints'][type]['compute-novnc']['path'] = '/vnc_auto.html'
|
||||
# The OpenStack Compute (Nova) metadata API endpoint
|
||||
default['openstack']['endpoints'][type]['compute-metadata-api']['port'] = '8775'
|
||||
default['openstack']['endpoints'][type]['compute-metadata-api']['path'] = ''
|
||||
# The OpenStack Compute (Nova) serial proxy endpoint
|
||||
default['openstack']['endpoints'][type]['compute-serial-proxy']['scheme'] = 'ws'
|
||||
default['openstack']['endpoints'][type]['compute-serial-proxy']['port'] = '6083'
|
||||
|
@ -161,7 +164,9 @@ default['openstack']['bind_service']['all']['compute-xvpvnc']['port'] = '6081'
|
|||
default['openstack']['bind_service']['all']['compute-vnc']['port'] = '6081'
|
||||
default['openstack']['bind_service']['all']['compute-serial-proxy']['port'] = '6081'
|
||||
default['openstack']['bind_service']['all']['compute-novnc']['port'] = '6080'
|
||||
default['openstack']['bind_service']['all']['compute-metadata-api']['host'] = '127.0.0.1'
|
||||
default['openstack']['bind_service']['all']['compute-metadata-api']['port'] = '8775'
|
||||
default['openstack']['bind_service']['all']['compute-api']['host'] = '127.0.0.1'
|
||||
default['openstack']['bind_service']['all']['compute-api']['port'] = '8774'
|
||||
default['openstack']['bind_service']['all']['placement-api']['port'] = '8778'
|
||||
default['openstack']['bind_service']['all']['placement-api']['host'] = '127.0.0.1'
|
||||
|
|
|
@ -21,6 +21,7 @@ default['openstack']['compute']['conf'].tap do |conf|
|
|||
conf['keystone_authtoken']['project_domain_name'] = 'Default'
|
||||
conf['keystone_authtoken']['project_name'] = 'service'
|
||||
conf['keystone_authtoken']['auth_version'] = 'v3'
|
||||
conf['keystone_authtoken']['service_token_roles_required'] = true
|
||||
|
||||
# [libvirt]
|
||||
conf['libvirt']['virt_type'] = 'kvm'
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
#
|
||||
# Copyright 2012, Rackspace US, Inc.
|
||||
# Copyright 2013, Craig Tracey <craigtracey@gmail.com>
|
||||
# Copyright 2018, Workday, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +26,13 @@ class ::Chef::Recipe
|
|||
include ::Openstack
|
||||
end
|
||||
|
||||
execute 'nova-metadata: set-selinux-permissive' do
|
||||
command '/sbin/setenforce Permissive'
|
||||
action :run
|
||||
|
||||
only_if "[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]"
|
||||
end
|
||||
|
||||
include_recipe 'openstack-compute::nova-common'
|
||||
|
||||
platform_options = node['openstack']['compute']['platform']
|
||||
|
@ -46,9 +54,39 @@ end
|
|||
service 'nova-api-metadata' do
|
||||
service_name platform_options['compute_api_metadata_service']
|
||||
supports status: true, restart: true
|
||||
action [:enable, :start]
|
||||
subscribes :restart, [
|
||||
'template[/etc/nova/nova.conf]',
|
||||
'template[/etc/nova/api-paste.ini]',
|
||||
]
|
||||
action [:disable, :stop]
|
||||
end
|
||||
|
||||
bind_service = node['openstack']['bind_service']['all']['compute-metadata-api']
|
||||
|
||||
web_app 'nova-metadata' do
|
||||
template 'wsgi-template.conf.erb'
|
||||
daemon_process 'nova-metadata'
|
||||
server_host bind_service['host']
|
||||
server_port bind_service['port']
|
||||
server_entry '/usr/bin/nova-metadata-wsgi'
|
||||
log_dir node['apache']['log_dir']
|
||||
run_dir node['apache']['run_dir']
|
||||
user node['openstack']['compute']['user']
|
||||
group node['openstack']['compute']['group']
|
||||
use_ssl node['openstack']['compute']['metadata']['ssl']['enabled']
|
||||
cert_file node['openstack']['compute']['metadata']['ssl']['certfile']
|
||||
chain_file node['openstack']['compute']['metadata']['ssl']['chainfile']
|
||||
key_file node['openstack']['compute']['metadata']['ssl']['keyfile']
|
||||
ca_certs_path node['openstack']['compute']['metadata']['ssl']['ca_certs_path']
|
||||
cert_required node['openstack']['compute']['metadata']['ssl']['cert_required']
|
||||
protocol node['openstack']['compute']['metadata']['ssl']['protocol']
|
||||
ciphers node['openstack']['compute']['metadata']['ssl']['ciphers']
|
||||
end
|
||||
|
||||
execute 'nova-metadata apache restart' do
|
||||
command 'uname'
|
||||
notifies :run, 'execute[nova-metadata: restore-selinux-context]', :immediately
|
||||
notifies :restart, 'service[apache2]', :immediately
|
||||
end
|
||||
|
||||
execute 'nova-metadata: restore-selinux-context' do
|
||||
command 'restorecon -Rv /etc/httpd /etc/pki || :'
|
||||
action :nothing
|
||||
only_if { platform_family?('rhel') }
|
||||
end
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
# Recipe:: api-os-compute
|
||||
#
|
||||
# Copyright 2012, Rackspace US, Inc.
|
||||
# Copyright 2018, Workday, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -22,6 +23,13 @@ class ::Chef::Recipe
|
|||
include ::Openstack
|
||||
end
|
||||
|
||||
execute 'nova-api: set-selinux-permissive' do
|
||||
command '/sbin/setenforce Permissive'
|
||||
action :run
|
||||
|
||||
only_if "[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]"
|
||||
end
|
||||
|
||||
include_recipe 'openstack-compute::nova-common'
|
||||
|
||||
platform_options = node['openstack']['compute']['platform']
|
||||
|
@ -54,11 +62,41 @@ end
|
|||
service 'nova-api-os-compute' do
|
||||
service_name platform_options['api_os_compute_service']
|
||||
supports status: true, restart: true
|
||||
action [:enable, :start]
|
||||
subscribes :restart, [
|
||||
'template[/etc/nova/nova.conf]',
|
||||
'template[/etc/nova/api-paste.ini]',
|
||||
]
|
||||
action [:disable, :stop]
|
||||
end
|
||||
|
||||
bind_service = node['openstack']['bind_service']['all']['compute-api']
|
||||
|
||||
web_app 'nova-api' do
|
||||
template 'wsgi-template.conf.erb'
|
||||
daemon_process 'nova-api'
|
||||
server_host bind_service['host']
|
||||
server_port bind_service['port']
|
||||
server_entry '/usr/bin/nova-api-wsgi'
|
||||
log_dir node['apache']['log_dir']
|
||||
run_dir node['apache']['run_dir']
|
||||
user node['openstack']['compute']['user']
|
||||
group node['openstack']['compute']['group']
|
||||
use_ssl node['openstack']['compute']['api']['ssl']['enabled']
|
||||
cert_file node['openstack']['compute']['api']['ssl']['certfile']
|
||||
chain_file node['openstack']['compute']['api']['ssl']['chainfile']
|
||||
key_file node['openstack']['compute']['api']['ssl']['keyfile']
|
||||
ca_certs_path node['openstack']['compute']['api']['ssl']['ca_certs_path']
|
||||
cert_required node['openstack']['compute']['api']['ssl']['cert_required']
|
||||
protocol node['openstack']['compute']['api']['ssl']['protocol']
|
||||
ciphers node['openstack']['compute']['api']['ssl']['ciphers']
|
||||
end
|
||||
|
||||
include_recipe 'openstack-compute::_nova_cell'
|
||||
|
||||
execute 'nova-api apache restart' do
|
||||
command 'uname'
|
||||
notifies :run, 'execute[nova-api: restore-selinux-context]', :immediately
|
||||
notifies :restart, 'service[apache2]', :immediately
|
||||
end
|
||||
|
||||
execute 'nova-api: restore-selinux-context' do
|
||||
command 'restorecon -Rv /etc/httpd /etc/pki || :'
|
||||
action :nothing
|
||||
only_if { platform_family?('rhel') }
|
||||
end
|
||||
|
|
|
@ -115,8 +115,6 @@ vnc_bind = node['openstack']['bind_service']['all']['compute-vnc']
|
|||
vnc_bind_address = bind_address vnc_bind
|
||||
vnc_proxy_bind = node['openstack']['bind_service']['all']['compute-vnc-proxy']
|
||||
vnc_proxy_bind_address = bind_address vnc_proxy_bind
|
||||
compute_api_bind = node['openstack']['bind_service']['all']['compute-api']
|
||||
compute_api_bind_address = bind_address compute_api_bind
|
||||
compute_api_endpoint = internal_endpoint 'compute-api'
|
||||
compute_metadata_api_bind = node['openstack']['bind_service']['all']['compute-metadata-api']
|
||||
compute_metadata_api_bind_address = bind_address compute_metadata_api_bind
|
||||
|
@ -157,13 +155,6 @@ node.default['openstack']['compute']['conf'].tap do |conf|
|
|||
conf['DEFAULT']['iscsi_helper'] = platform_options['iscsi_helper']
|
||||
# conf['DEFAULT']['scheduler_default_filters'] = node['openstack']['compute']['scheduler']['default_filters'].join(',')
|
||||
|
||||
if node['openstack']['compute']['conf']['DEFAULT']['enabled_apis'].include?('osapi_compute')
|
||||
conf['DEFAULT']['osapi_compute_listen'] = compute_api_bind_address
|
||||
conf['DEFAULT']['osapi_compute_listen_port'] = compute_api_bind['port']
|
||||
end
|
||||
# if node['openstack']['mq']['compute']['rabbit']['ha']
|
||||
# conf['DEFAULT']['rabbit_hosts'] = rabbit_hosts
|
||||
# end
|
||||
conf['DEFAULT']['metadata_listen'] = compute_metadata_api_bind_address
|
||||
conf['DEFAULT']['metadata_listen_port'] = compute_metadata_api_bind['port']
|
||||
conf['vnc']['novncproxy_base_url'] = novnc_endpoint.to_s
|
||||
|
@ -192,8 +183,6 @@ node.default['openstack']['compute']['conf'].tap do |conf|
|
|||
"#{image_endpoint.scheme}://#{image_endpoint.host}:#{image_endpoint.port}"
|
||||
|
||||
# [neutron] section
|
||||
conf['neutron']['url'] =
|
||||
"#{network_endpoint.scheme}://#{network_endpoint.host}:#{network_endpoint.port}"
|
||||
conf['neutron']['auth_url'] = identity_endpoint.to_s
|
||||
|
||||
# [serial_console] section
|
||||
|
|
|
@ -61,12 +61,12 @@ web_app 'nova-placement-api' do
|
|||
run_dir node['apache']['run_dir']
|
||||
user node['openstack']['compute']['user']
|
||||
group node['openstack']['compute']['group']
|
||||
use_ssl node['openstack']['placement']['ssl']['enabled']
|
||||
cert_file node['openstack']['placement']['ssl']['certfile']
|
||||
chain_file node['openstack']['placement']['ssl']['chainfile']
|
||||
key_file node['openstack']['placement']['ssl']['keyfile']
|
||||
ca_certs_path node['openstack']['placement']['ssl']['ca_certs_path']
|
||||
cert_required node['openstack']['placement']['ssl']['cert_required']
|
||||
protocol node['openstack']['placement']['ssl']['protocol']
|
||||
ciphers node['openstack']['placement']['ssl']['ciphers']
|
||||
use_ssl node['openstack']['compute']['placement']['ssl']['enabled']
|
||||
cert_file node['openstack']['compute']['placement']['ssl']['certfile']
|
||||
chain_file node['openstack']['compute']['placement']['ssl']['chainfile']
|
||||
key_file node['openstack']['compute']['placement']['ssl']['keyfile']
|
||||
ca_certs_path node['openstack']['compute']['placement']['ssl']['ca_certs_path']
|
||||
cert_required node['openstack']['compute']['placement']['ssl']['cert_required']
|
||||
protocol node['openstack']['compute']['placement']['ssl']['protocol']
|
||||
ciphers node['openstack']['compute']['placement']['ssl']['ciphers']
|
||||
end
|
||||
|
|
|
@ -17,8 +17,12 @@ describe 'openstack-compute::api-metadata' do
|
|||
expect(chef_run).to upgrade_package 'openstack-nova-api'
|
||||
end
|
||||
|
||||
it 'starts metadata api on boot' do
|
||||
expect(chef_run).to enable_service 'nova-api-metadata'
|
||||
it 'disables metadata api on boot' do
|
||||
expect(chef_run).to disable_service 'nova-api-metadata'
|
||||
end
|
||||
|
||||
it 'stops metadata api now' do
|
||||
expect(chef_run).to stop_service 'nova-api-metadata'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -18,18 +18,12 @@ describe 'openstack-compute::api-metadata' do
|
|||
expect(chef_run).to upgrade_package 'nova-api-metadata'
|
||||
end
|
||||
|
||||
it 'starts metadata api on boot' do
|
||||
expect(chef_run).to enable_service 'nova-api-metadata'
|
||||
it 'disables metadata api on boot' do
|
||||
expect(chef_run).to disable_service 'nova-api-metadata'
|
||||
end
|
||||
|
||||
it 'starts metadata api now' do
|
||||
expect(chef_run).to start_service 'nova-api-metadata'
|
||||
it 'stop metadata api now' do
|
||||
expect(chef_run).to stop_service 'nova-api-metadata'
|
||||
end
|
||||
it do
|
||||
template = chef_run.template('/etc/nova/api-paste.ini')
|
||||
expect(template).to notify('service[nova-api-metadata]').to(:restart)
|
||||
end
|
||||
|
||||
# expect_creates_api_paste 'service[nova-api-metadata]'
|
||||
end
|
||||
end
|
||||
|
|
|
@ -25,12 +25,12 @@ describe 'openstack-compute::api-os-compute' do
|
|||
expect(chef_run).to upgrade_package 'openstack-nova-api'
|
||||
end
|
||||
|
||||
it 'starts openstack api on boot' do
|
||||
expect(chef_run).to enable_service 'openstack-nova-api'
|
||||
it 'disables openstack api on boot' do
|
||||
expect(chef_run).to disable_service 'openstack-nova-api'
|
||||
end
|
||||
|
||||
it 'starts openstack api now' do
|
||||
expect(chef_run).to start_service 'openstack-nova-api'
|
||||
it 'stops openstack api now' do
|
||||
expect(chef_run).to stop_service 'openstack-nova-api'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -23,20 +23,15 @@ describe 'openstack-compute::api-os-compute' do
|
|||
end
|
||||
|
||||
it 'upgrades openstack api packages' do
|
||||
expect(chef_run).to upgrade_package 'nova-api-os-compute'
|
||||
expect(chef_run).to upgrade_package 'nova-api'
|
||||
end
|
||||
|
||||
it 'starts openstack api on boot' do
|
||||
expect(chef_run).to enable_service 'nova-api-os-compute'
|
||||
it 'disables openstack api on boot' do
|
||||
expect(chef_run).to disable_service 'nova-api-os-compute'
|
||||
end
|
||||
|
||||
it 'starts openstack api now' do
|
||||
expect(chef_run).to start_service 'nova-api-os-compute'
|
||||
it 'stops openstack api now' do
|
||||
expect(chef_run).to stop_service 'nova-api-os-compute'
|
||||
end
|
||||
it do
|
||||
template = chef_run.template('/etc/nova/api-paste.ini')
|
||||
expect(template).to notify('service[nova-api-os-compute]').to(:restart)
|
||||
end
|
||||
# expect_creates_api_paste 'service[nova-api-os-compute]'
|
||||
end
|
||||
end
|
||||
|
|
|
@ -98,13 +98,6 @@ describe 'openstack-compute::nova-common' do
|
|||
end
|
||||
end
|
||||
|
||||
it 'has default compute ip and port options set' do
|
||||
[/^osapi_compute_listen = 127.0.0.1$/,
|
||||
/^osapi_compute_listen_port = 8774$/].each do |line|
|
||||
expect(chef_run).to render_file(file.name).with_content(line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'has default metadata ip and port options set' do
|
||||
[/^metadata_listen = 127.0.0.1$/,
|
||||
/^metadata_listen_port = 8775$/].each do |line|
|
||||
|
@ -129,6 +122,7 @@ describe 'openstack-compute::nova-common' do
|
|||
'project_name = service',
|
||||
'user_domain_name = Default',
|
||||
'project_domain_name = Default',
|
||||
'service_token_roles_required = true',
|
||||
].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name)\
|
||||
.with_section_content('keystone_authtoken', /^#{Regexp.quote(line)}$/)
|
||||
|
@ -169,19 +163,12 @@ describe 'openstack-compute::nova-common' do
|
|||
/^project_name = service$/,
|
||||
/^user_domain_name = Default/,
|
||||
/^project_domain_name = Default/,
|
||||
%r{^url = http://127.0.0.1:9696$},
|
||||
].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name)\
|
||||
.with_section_content('neutron', line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'sets scheme for neutron' do
|
||||
node.set['openstack']['endpoints']['internal']['network']['scheme'] = 'https'
|
||||
expect(chef_run).to render_config_file(file.name)\
|
||||
.with_section_content('neutron', %r{^url = https://127.0.0.1:9696$})
|
||||
end
|
||||
|
||||
context 'rabbit mq backend' do
|
||||
describe 'ha rabbit disabled' do
|
||||
before do
|
||||
|
|
|
@ -85,6 +85,7 @@ shared_context 'compute_stubs' do
|
|||
# stub_command('nova-manage network list | grep 192.168.200.0/24').and_return(false)
|
||||
# stub_command("nova-manage floating list |grep -E '.*([0-9]{1,3}[.]){3}[0-9]{1,3}*'").and_return(false)
|
||||
stub_command('/usr/sbin/apache2 -t').and_return(true)
|
||||
stub_command('/usr/sbin/httpd -t').and_return(true)
|
||||
stub_command('virsh net-list | grep -q default').and_return(true)
|
||||
stub_command('ovs-vsctl br-exists br-int').and_return(true)
|
||||
stub_command('ovs-vsctl br-exists br-tun').and_return(true)
|
||||
|
@ -94,6 +95,7 @@ shared_context 'compute_stubs' do
|
|||
stub_command('nova-manage cell_v2 list_cells | grep -q cell0').and_return(false)
|
||||
stub_command('nova-manage cell_v2 list_cells | grep -q cell1').and_return(false)
|
||||
stub_command('nova-manage cell_v2 discover_hosts').and_return(true)
|
||||
stub_command("[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]").and_return(true)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<%= node["openstack"]["compute"]["custom_template_banner"] %>
|
||||
<%= node['openstack']['compute']['custom_template_banner'] %>
|
||||
|
||||
Listen <%= @params[:server_host] %>:<%= @params[:server_port] %>
|
||||
|
||||
|
|
Loading…
Reference in New Issue