Add support for API through Apache + mod_wsgi
Also adds a delay and more retries to policy setup in order to ensure that step completes successfully since the API takes a moment to stop returning Status 503s.
This commit is contained in:
parent
0d0c4dc54f
commit
02aab9480f
|
@ -17,7 +17,10 @@
|
|||
is_metal: true
|
||||
|
||||
debug: false
|
||||
gnocchi_fatal_deprecations: False
|
||||
gnocchi_fatal_deprecations: false
|
||||
|
||||
#: Set this to false to disable API service through Apache + mod_wsgi
|
||||
gnocchi_use_mod_wsgi: true
|
||||
|
||||
#: Set this to enable or disable installing in a venv
|
||||
gnocchi_venv_enabled: true
|
||||
|
@ -25,6 +28,7 @@ gnocchi_venv_enabled: true
|
|||
#: Name of the virtual env to deploy into
|
||||
gnocchi_venv_tag: untagged
|
||||
gnocchi_venv_bin: "/openstack/venvs/gnocchi-{{ gnocchi_venv_tag }}/bin"
|
||||
gnocchi_venv_pkgs: "/openstack/venvs/gnocchi-{{ gnocchi_venv_tag }}/lib/python2.7/site-packages"
|
||||
|
||||
#: The bin path defaults to the venv path however if installation in a
|
||||
# venv is disabled the bin path will be dynamically set based on the
|
||||
|
@ -76,6 +80,7 @@ gnocchi_archive_policy_rules:
|
|||
#: System info
|
||||
gnocchi_system_user_name: gnocchi
|
||||
gnocchi_system_group_name: gnocchi
|
||||
gnocchi_system_service_name: apache2
|
||||
gnocchi_system_shell: /bin/false
|
||||
gnocchi_system_comment: gnocchi system user
|
||||
gnocchi_system_user_home: "/var/lib/{{ gnocchi_system_user_name }}"
|
||||
|
@ -103,6 +108,30 @@ gnocchi_service_internalurl: "{{ gnocchi_service_internaluri_proto }}://{{ inter
|
|||
gnocchi_service_adminurl: "{{ gnocchi_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ gnocchi_service_port }}"
|
||||
gnocchi_healthcheck_disable_path: /etc/gnocchi/healthcheck_disable
|
||||
|
||||
## Apache setup
|
||||
gnocchi_apache_log_level: info
|
||||
gnocchi_apache_servertokens: "Prod"
|
||||
gnocchi_apache_serversignature: "Off"
|
||||
gnocchi_wsgi_threads: 1
|
||||
gnocchi_wsgi_processes: "{{ ansible_processor_vcpus | default (1) * 2 }}"
|
||||
|
||||
# set gnocchi_ssl to true to enable SSL configuration on the gnocchi containers
|
||||
gnocchi_ssl: false
|
||||
gnocchi_ssl_cert: /etc/ssl/certs/gnocchi.pem
|
||||
gnocchi_ssl_key: /etc/ssl/private/gnocchi.key
|
||||
gnocchi_ssl_ca_cert: /etc/ssl/certs/gnocchi-ca.pem
|
||||
gnocchi_ssl_protocol: "{{ ssl_protocol }}"
|
||||
gnocchi_ssl_cipher_suite: "{{ ssl_cipher_suite }}"
|
||||
|
||||
# if using a self-signed certificate, set this to true to regenerate it
|
||||
gnocchi_ssl_self_signed_regen: false
|
||||
gnocchi_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
|
||||
|
||||
# Set these in user_variables to deploy custom certificates
|
||||
#gnocchi_user_ssl_cert: <path to cert on ansible deployment host>
|
||||
#gnocchi_user_ssl_key: <path to cert on ansible deployment host>
|
||||
#gnocchi_user_ssl_ca_cert: <path to cert on ansible deployment host>
|
||||
|
||||
#: Gnocchi API program name
|
||||
gnocchi_api_program_name: gnocchi-api
|
||||
#: Gnocchi Metricd program name
|
||||
|
@ -110,6 +139,9 @@ gnocchi_metricd_program_name: gnocchi-metricd
|
|||
|
||||
#: Necessary packages
|
||||
gnocchi_apt_packages:
|
||||
- apache2
|
||||
- apache2-utils
|
||||
- libapache2-mod-wsgi
|
||||
- git
|
||||
- build-essential
|
||||
- python-dev
|
||||
|
@ -131,9 +163,9 @@ gnocchi_pip_packages:
|
|||
- python-memcached
|
||||
|
||||
#: List of programs/services owned by gnocchi
|
||||
gnocchi_service_names:
|
||||
- "{{ gnocchi_api_program_name }}"
|
||||
gnocchi_service_names: []
|
||||
# TODO(stevelle) needs configuration help
|
||||
# - "{{ gnocchi_api_program_name }}"
|
||||
# - "{{ gnocchi_metricd_program_name }}"
|
||||
|
||||
#: Tunable overrides
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# gnocchi_service_names should exclude the API if {{ gnocchi_use_mod_wsgi }}
|
||||
- name: Restart gnocchi services
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
|
@ -20,3 +21,13 @@
|
|||
pattern: "{{ item }}"
|
||||
with_items: gnocchi_service_names
|
||||
|
||||
- name: Restart Apache
|
||||
service:
|
||||
name: "apache2"
|
||||
state: "restarted"
|
||||
pattern: "apache2"
|
||||
when: gnocchi_use_mod_wsgi | bool
|
||||
register: apache_restart
|
||||
until: apache_restart|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
|
|
@ -0,0 +1,89 @@
|
|||
---
|
||||
# Copyright 2014, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Drop apache2 virtual host and ports file
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
with_items:
|
||||
- { src: "gnocchi-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
|
||||
- { src: "gnocchi-httpd.conf.j2", dest: "/etc/apache2/sites-available/gnocchi-httpd.conf" }
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- gnocchi-httpd
|
||||
|
||||
- name: Disable default apache site
|
||||
file:
|
||||
path: "/etc/apache2/sites-enabled/000-default.conf"
|
||||
state: "absent"
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- gnocchi-httpd
|
||||
|
||||
- name: Enabled gnocchi vhost
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
with_items:
|
||||
- { src: "/etc/apache2/sites-available/gnocchi-httpd.conf", dest: "/etc/apache2/sites-enabled/gnocchi-httpd.conf", state: "link" }
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- gnocchi-httpd
|
||||
|
||||
- name: Ensure Apache ServerName
|
||||
lineinfile:
|
||||
dest: "/etc/apache2/apache2.conf"
|
||||
line: "ServerName {{ inventory_hostname }}"
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- gnocchi-httpd
|
||||
|
||||
- name: Ensure Apache ServerTokens
|
||||
lineinfile:
|
||||
dest: "/etc/apache2/conf-available/security.conf"
|
||||
regexp: '^ServerTokens'
|
||||
line: "ServerTokens {{ gnocchi_apache_servertokens }}"
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- gnocchi-httpd
|
||||
|
||||
- name: Ensure Apache ServerSignature
|
||||
lineinfile:
|
||||
dest: "/etc/apache2/conf-available/security.conf"
|
||||
regexp: '^ServerSignature'
|
||||
line: "ServerSignature {{ gnocchi_apache_serversignature }}"
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- gnocchi-httpd
|
||||
|
||||
- name: Enable/disable mod_ssl for apache2
|
||||
apache2_module:
|
||||
name: ssl
|
||||
state: "{{ (gnocchi_ssl | bool) | ternary('present', 'absent') }}"
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- gnocchi-httpd
|
||||
- gnocchi-ssl
|
|
@ -13,13 +13,28 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Ensure gnocchi API service is started
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
state: "started"
|
||||
pattern: "{{ item }}"
|
||||
with_items:
|
||||
- "{{ gnocchi_api_program_name }}"
|
||||
- name: Ensure Gnocchi API service is (re)started
|
||||
meta: flush_handlers
|
||||
|
||||
#- name: Ensure Gnocchi API service is started
|
||||
# service:
|
||||
# name: "{{ item }}"
|
||||
# state: "started"
|
||||
# pattern: "{{ item }}"
|
||||
# when: not gnocchi_use_mod_wsgi | bool
|
||||
# with_items:
|
||||
# - "{{ gnocchi_api_program_name }}"
|
||||
#
|
||||
#- name: Ensure Gnocchi API is available through Apache
|
||||
# service:
|
||||
# name: "{{ item }}"
|
||||
# state: "restarted"
|
||||
# pattern: "{{ item }}"
|
||||
# when: gnocchi_use_mod_wsgi | bool
|
||||
# retries: 5
|
||||
# delay: 3
|
||||
# with_items:
|
||||
# - apache2
|
||||
|
||||
- name: Ensure Archive Policies
|
||||
gnocchi:
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Drop gnocchi Config(s)
|
||||
- name: Drop Gnocchi Config(s)
|
||||
config_template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
|
@ -36,22 +36,36 @@
|
|||
config_overrides: "{{ gnocchi_policy_overrides }}"
|
||||
config_type: "json"
|
||||
notify:
|
||||
- Restart gnocchi services
|
||||
- Restart Apache
|
||||
tags:
|
||||
- gnocchi-config
|
||||
|
||||
- name: Get gnocchi command path
|
||||
- name: Get Gnocchi command path
|
||||
command: which gnocchi
|
||||
register: gnocchi_command_path
|
||||
when:
|
||||
- not gnocchi_venv_enabled | bool
|
||||
tags:
|
||||
- gnocchi-command-bin
|
||||
- gnocchi-config
|
||||
|
||||
- name: Set gnocchi command path
|
||||
- name: Set Gnocchi command path
|
||||
set_fact:
|
||||
gnocchi_bin: "{{ gnocchi_command_path.stdout | dirname }}"
|
||||
when:
|
||||
- not gnocchi_venv_enabled | bool
|
||||
tags:
|
||||
- gnocchi-command-bin
|
||||
- gnocchi-config
|
||||
|
||||
- name: Drop Gnocchi WSGI Configs
|
||||
template:
|
||||
src: gnocchi-wsgi.py.j2
|
||||
dest: /var/www/cgi-bin/gnocchi/gnocchi-api
|
||||
owner: "{{ gnocchi_system_user_name }}"
|
||||
group: "{{ gnocchi_system_group_name }}"
|
||||
mode: "0755"
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- gnocchi-config
|
||||
|
|
|
@ -47,6 +47,8 @@
|
|||
- { path: "/var/lib/gnocchi/tmp" }
|
||||
- { path: "/var/lib/gnocchi/locks" }
|
||||
- { path: "/var/cache/gnocchi", mode: "0700" }
|
||||
- { path: "/var/www/cgi-bin", owner: root, group: root }
|
||||
- { path: "/var/www/cgi-bin/gnocchi" }
|
||||
tags:
|
||||
- gnocchi-dirs
|
||||
|
||||
|
|
|
@ -25,5 +25,15 @@
|
|||
- include: gnocchi_service_setup.yml
|
||||
run_once: true
|
||||
|
||||
- include: gnocchi_apache.yml
|
||||
|
||||
- include: gnocchi_policy_setup.yml
|
||||
run_once: true
|
||||
run_once: true
|
||||
|
||||
#- include: gnocchi_ssl_self_signed.yml
|
||||
# when: >
|
||||
# gnocchi_user_ssl_cert is not defined or
|
||||
# gnocchi_user_ssl_key is not defined
|
||||
#
|
||||
#- include: gnocchi_ssl_user_provided.yml
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
<VirtualHost *:{{ gnocchi_service_port }}>
|
||||
WSGIDaemonProcess gnocchi lang='en_US.UTF-8' locale='en_US.UTF-8' user={{ gnocchi_system_user_name }} group={{ gnocchi_system_group_name }} processes={{ gnocchi_wsgi_processes }} threads={{ gnocchi_wsgi_threads }} display-name=%{GROUP}
|
||||
WSGIProcessGroup gnocchi
|
||||
WSGIScriptAlias / /var/www/cgi-bin/gnocchi/gnocchi-api
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
|
||||
<IfVersion >= 2.4>
|
||||
ErrorLogFormat "%{cu}t %M"
|
||||
</IfVersion>
|
||||
|
||||
LogLevel {{ gnocchi_apache_log_level }}
|
||||
ErrorLog /var/log/gnocchi/gnocchi-apache-error.log
|
||||
CustomLog /var/log/gnocchi/gnocchi-access.log combined
|
||||
|
||||
{% if gnocchi_ssl | bool and gnocchi_service_internaluri_proto == "https" -%}
|
||||
SSLEngine on
|
||||
SSLCertificateFile {{ gnocchi_ssl_cert }}
|
||||
SSLCertificateKeyFile {{ gnocchi_ssl_key }}
|
||||
{% if gnocchi_user_ssl_ca_cert is defined -%}
|
||||
SSLCACertificateFile {{ gnocchi_ssl_ca_cert }}
|
||||
{% endif -%}
|
||||
SSLCompression Off
|
||||
SSLProtocol {{ gnocchi_ssl_protocol }}
|
||||
SSLHonorCipherOrder On
|
||||
SSLCipherSuite {{ gnocchi_ssl_cipher_suite }}
|
||||
SSLOptions +StdEnvVars +ExportCertData
|
||||
{% endif %}
|
||||
</VirtualHost>
|
|
@ -0,0 +1,3 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
Listen {{ gnocchi_service_port }}
|
|
@ -0,0 +1,31 @@
|
|||
# Copyright 2013 OpenStack Foundation
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import os
|
||||
|
||||
{% if gnocchi_venv_enabled | bool %}
|
||||
activate_this = os.path.expanduser("{{ gnocchi_venv_bin }}/activate_this.py")
|
||||
execfile(activate_this, dict(__file__=activate_this))
|
||||
{% endif %}
|
||||
|
||||
from oslo_config import cfg
|
||||
|
||||
from gnocchi import service
|
||||
from gnocchi.rest import app
|
||||
|
||||
# Initialize the oslo configuration library and logging
|
||||
conf = service.prepare_service()
|
||||
# The pecan debugger cannot be used in wsgi mode
|
||||
conf.set_default('pecan_debug', False, group='api')
|
||||
application = app.load_app(conf)
|
Loading…
Reference in New Issue