From dd4a64226ecd054475653965f615dac5fef10e44 Mon Sep 17 00:00:00 2001
From: Travis Truman <travis_truman@cable.comcast.com>
Date: Mon, 18 Jul 2016 16:49:14 -0400
Subject: [PATCH] Serve the aodh-api using mod_wsgi

aodh upstream change Iefd6f4d9f76c69ed9b49483e1feda0b7dbe2cb81
moves from Werkzeug to WSGI so we should follow suit

Without this change, the aodh-api service fails to start at all.

Apache vhost config based on https://github.com/openstack/aodh/blob/master/etc/apache2/aodh

Change-Id: I2fb1eb984949a4457ae313cffec872a0bb425eab
---
 defaults/main.yml             |  7 ++++
 doc/source/index.rst          |  2 +-
 handlers/main.yml             | 16 +++++----
 tasks/aodh_apache.yml         | 65 +++++++++++++++++++++++++++++++++++
 tasks/aodh_post_install.yml   | 14 +++++++-
 tasks/aodh_pre_install.yml    | 11 ++++++
 tasks/main.yml                |  5 +++
 templates/aodh-api-wsgi.py.j2 | 22 ++++++++++++
 templates/aodh-httpd.conf.j2  | 16 +++++++++
 templates/aodh-ports.conf.j2  |  3 ++
 10 files changed, 153 insertions(+), 8 deletions(-)
 create mode 100644 tasks/aodh_apache.yml
 create mode 100644 templates/aodh-api-wsgi.py.j2
 create mode 100644 templates/aodh-httpd.conf.j2
 create mode 100644 templates/aodh-ports.conf.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index 802a3e7..612444d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -48,6 +48,13 @@ aodh_connection_string: "{{ aodh_db_type }}://{{ aodh_database_user }}:{{ aodh_c
 aodh_rabbitmq_userid: aodh
 aodh_rabbitmq_vhost: /aodh
 
+## Apache setup
+aodh_apache_log_level: info
+aodh_apache_servertokens: "Prod"
+aodh_apache_serversignature: "Off"
+aodh_wsgi_threads: 10
+aodh_wsgi_processes: "{{ ansible_processor_vcpus | default (1) * 2 }}"
+
 #Aodh services info
 aodh_role_name: admin
 
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 38ba804..a6210d3 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -1 +1 @@
-.. include:: ../../README.rst
\ No newline at end of file
+.. include:: ../../README.rst
diff --git a/handlers/main.yml b/handlers/main.yml
index f726f18..320fb0a 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -13,12 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: Restart aodh api
-  service:
-    name: "{{ aodh_api_program_name }}"
-    state: "restarted"
-    pattern: "{{ aodh_api_program_name }}"
-
 - name: Restart aodh alarm_notifier
   service:
     name: "{{ aodh_alarm_notifier_program_name }}"
@@ -44,3 +38,13 @@
     pattern: "{{ item }}"
   with_items: "{{ aodh_service_names }}"
   failed_when: false
+
+- name: Restart Apache
+  service:
+    name: "apache2"
+    state: "restarted"
+    pattern: "apache2"
+  register: apache_restart
+  until: apache_restart|success
+  retries: 5
+  delay: 2
diff --git a/tasks/aodh_apache.yml b/tasks/aodh_apache.yml
new file mode 100644
index 0000000..a65f953
--- /dev/null
+++ b/tasks/aodh_apache.yml
@@ -0,0 +1,65 @@
+---
+# Copyright 2016, Comcast Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Drop apache2 virtual host and ports file
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "root"
+    group: "root"
+  with_items:
+    - { src: "aodh-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
+    - { src: "aodh-httpd.conf.j2", dest: "/etc/apache2/sites-available/aodh-httpd.conf" }
+  notify:
+    - Restart Apache
+
+- name: Disable default apache site
+  file:
+    path: "/etc/apache2/sites-enabled/000-default.conf"
+    state: "absent"
+  notify:
+    - Restart Apache
+
+- name: Enabled aodh vhost
+  file:
+    src: "/etc/apache2/sites-available/aodh-httpd.conf"
+    dest: "/etc/apache2/sites-enabled/aodh-httpd.conf"
+    state: "link"
+  notify:
+    - Restart Apache
+
+- name: Ensure Apache ServerName
+  lineinfile:
+    dest: "/etc/apache2/apache2.conf"
+    line: "ServerName {{ inventory_hostname }}"
+  notify:
+    - Restart Apache
+
+- name: Ensure Apache ServerTokens
+  lineinfile:
+    dest: "/etc/apache2/conf-available/security.conf"
+    regexp: '^ServerTokens'
+    line: "ServerTokens {{ aodh_apache_servertokens }}"
+  notify:
+    - Restart Apache
+
+- name: Ensure Apache ServerSignature
+  lineinfile:
+    dest: "/etc/apache2/conf-available/security.conf"
+    regexp: '^ServerSignature'
+    line: "ServerSignature {{ aodh_apache_serversignature }}"
+  notify:
+    - Restart Apache
diff --git a/tasks/aodh_post_install.yml b/tasks/aodh_post_install.yml
index f3a5e91..151926d 100644
--- a/tasks/aodh_post_install.yml
+++ b/tasks/aodh_post_install.yml
@@ -35,4 +35,16 @@
       dest: "/etc/aodh/policy.json"
       config_overrides: "{{ aodh_policy_overrides }}"
       config_type: "json"
-  notify: Restart aodh services
+  notify:
+    - Restart aodh services
+    - Restart Apache
+
+- name: Drop aodh API WSGI Configs
+  template:
+    src: aodh-api-wsgi.py.j2
+    dest: /var/www/cgi-bin/aodh/aodh-api
+    owner: "{{ aodh_system_user_name }}"
+    group: "{{ aodh_system_group_name }}"
+    mode: "0755"
+  notify:
+    - Restart Apache
diff --git a/tasks/aodh_pre_install.yml b/tasks/aodh_pre_install.yml
index c10c81d..27987b0 100644
--- a/tasks/aodh_pre_install.yml
+++ b/tasks/aodh_pre_install.yml
@@ -42,6 +42,17 @@
     - { path: "{{ aodh_system_user_home }}/.ssh", mode: "0700" }
     - { path: "/var/cache/aodh", mode: "0700" }
 
+- name: Create Apache mod_wsgi dirs
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner|default(aodh_system_user_name) }}"
+    group: "{{ item.group|default(aodh_system_group_name) }}"
+    mode: "{{ item.mode|default('0755') }}"
+  with_items:
+    - { path: "/var/www/cgi-bin", owner: root, group: root }
+    - { path: "/var/www/cgi-bin/aodh" }
+
 - name: Test for log directory or link
   shell: |
     if [ -h "/var/log/aodh"  ]; then
diff --git a/tasks/main.yml b/tasks/main.yml
index 2762698..0572b04 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -67,6 +67,11 @@
   tags:
     - aodh-install
 
+- include: aodh_apache.yml
+  tags:
+    - aodh-install
+    - aodh-config
+
 - include: aodh_service_setup.yml
   when: >
     inventory_hostname == groups['aodh_api'][0]
diff --git a/templates/aodh-api-wsgi.py.j2 b/templates/aodh-api-wsgi.py.j2
new file mode 100644
index 0000000..a044d29
--- /dev/null
+++ b/templates/aodh-api-wsgi.py.j2
@@ -0,0 +1,22 @@
+# Copyright 2016 Comcast Corporation
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import os
+
+activate_this = os.path.expanduser("{{ aodh_bin }}/activate_this.py")
+execfile(activate_this, dict(__file__=activate_this))
+
+from aodh.api import app
+
+application = app.build_wsgi_app()
\ No newline at end of file
diff --git a/templates/aodh-httpd.conf.j2 b/templates/aodh-httpd.conf.j2
new file mode 100644
index 0000000..37b7c23
--- /dev/null
+++ b/templates/aodh-httpd.conf.j2
@@ -0,0 +1,16 @@
+# {{ ansible_managed }}
+
+<VirtualHost *:{{ aodh_service_port }}>
+    WSGIDaemonProcess aodh-api lang='en_US.UTF-8' locale='en_US.UTF-8' user={{ aodh_system_user_name }} group={{ aodh_system_group_name }} processes={{ aodh_wsgi_processes }} threads={{ aodh_wsgi_threads }} display-name=%{GROUP}
+    WSGIProcessGroup aodh-api
+    WSGIScriptAlias / /var/www/cgi-bin/aodh/aodh-api
+    WSGIApplicationGroup  %{GLOBAL}
+
+    <IfVersion >= 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    </IfVersion>
+
+    LogLevel  {{  aodh_apache_log_level }}
+    ErrorLog  /var/log/aodh/aodh-apache-error.log
+    CustomLog /var/log/aodh/aodh-access.log combined
+</VirtualHost>
diff --git a/templates/aodh-ports.conf.j2 b/templates/aodh-ports.conf.j2
new file mode 100644
index 0000000..b4f9434
--- /dev/null
+++ b/templates/aodh-ports.conf.j2
@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+Listen {{ aodh_service_port }}