openstack
/
openstack-ansible-os_nova
Code Issues Proposed changes

Move to use UWsgi for Nova 

The placement service is already setup to use UWsgi, we need
to move the other Nova services to follow suit as part of our community
goal for Pike.

Additionally, we need to clean up the nginx configuration as we are
moving away from fronting uWSGI with nginx inside the roles.

Depends-On: Ib66b9709fb88205eaf3f133c87357a4dbbdde5ae
Change-Id: If6c30e00c1c753692c970457b75e3ae7f5cc066c
Implements: blueprint goal-deploy-api-in-wsgi
This commit is contained in:
Andy McCrae 2017-03-28 13:42:09 +01:00
parent 672c76219d
commit 823a80bd44
17 changed files with 179 additions and 303 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
defaults/main.yml
View File

@ -266,23 +266,17 @@ nova_placement_service_publicuri_proto: "{{ openstack_service_publicuri_proto |
nova_placement_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_placement_service_proto) }}"
nova_placement_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(nova_placement_service_proto) }}"
nova_placement_service_publicuri: "{{ nova_placement_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_placement_service_port }}"
nova_placement_service_publicurl: "{{ nova_placement_service_publicuri }}/placement"
nova_placement_service_publicurl: "{{ nova_placement_service_publicuri }}"
nova_placement_service_adminuri: "{{ nova_placement_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_placement_service_port }}"
nova_placement_service_adminurl: "{{ nova_placement_service_adminuri }}/placement"
nova_placement_service_adminurl: "{{ nova_placement_service_adminuri }}"
nova_placement_service_internaluri: "{{ nova_placement_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_placement_service_port }}"
nova_placement_service_internalurl: "{{ nova_placement_service_internaluri }}/placement"
nova_placement_service_internalurl: "{{ nova_placement_service_internaluri }}"
## Nova placement nginx & uwsgi settings
nova_placement_nginx_access_log_format_combined: '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
nova_placement_nginx_access_log_format_extras: '$request_time $upstream_response_time'
nova_placement_nginx_extra_conf:
- keepalive_timeout 70;
nova_placement_uwsgi_socket_port: 8781
nova_wsgi_threads: 1
## Cap the maximum number of processes when a user value is unspecified.
# Uwsgi settings
nova_wsgi_processes_max: 16
nova_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, nova_wsgi_processes_max] | min }}"
nova_wsgi_buffer_size: 65535
nova_wsgi_threads: 1
## Nova libvirt
# Warning: If nova_libvirt_inject_key or nova_libvirt_inject_password are enabled for Ubuntu compute hosts
@ -434,11 +428,23 @@ nova_services:
service_name: nova-api-metadata
init_config_overrides: "{{ nova_api_metadata_init_overrides }}"
start_order: 4
log_string: "--logto "
program_override: "{{ nova_bin }}/uwsgi --ini /etc/uwsgi/nova-api-metadata.ini"
wsgi_app: True
wsgi_overrides: "{{ nova_api_metadata_uwsgi_ini_overrides }}"
uwsgi_port: "{{ nova_metadata_port }}"
wsgi_name: nova-metadata-wsgi
nova-api-os-compute:
group: nova_api_os_compute
service_name: nova-api-os-compute
init_config_overrides: "{{ nova_api_os_compute_init_overrides }}"
start_order: 3
log_string: "--logto "
program_override: "{{ nova_bin }}/uwsgi --ini /etc/uwsgi/nova-api-os-compute.ini"
wsgi_app: True
wsgi_overrides: "{{ nova_api_os_compute_uwsgi_ini_overrides }}"
uwsgi_port: "{{ nova_service_port }}"
wsgi_name: nova-api-wsgi
nova-compute:
group: nova_compute
service_name: nova-compute
@ -477,8 +483,12 @@ nova_services:
init_config_overrides: "{{ nova_placement_api_init_overrides }}"
condition: "{{ nova_placement_service_enabled | bool }}"
log_string: "--logto "
program_override: "{{ nova_bin }}/uwsgi --ini /etc/uwsgi/nova-placement-uwsgi.ini"
start_order: 3
program_override: "{{ nova_bin }}/uwsgi --ini /etc/uwsgi/nova-placement-api.ini"
wsgi_app: True
uwsgi_port: "{{ nova_placement_service_port }}"
wsgi_name: nova-placement-api
wsgi_overrides: "{{ nova_placement_uwsgi_ini_overrides }}"
nova_novnc_pip_packages:
@ -507,8 +517,6 @@ nova_pip_packages:
- python-keystoneclient
- python-memcached
- python-novaclient
nova_placement_pip_packages:
- uWSGI
nova_compute_lxd_pip_packages:
@ -535,6 +543,8 @@ nova_rootwrap_conf_overrides: {}
nova_api_paste_ini_overrides: {}
nova_policy_overrides: {}
nova_placement_uwsgi_ini_overrides: {}
nova_api_metadata_uwsgi_ini_overrides: {}
nova_api_os_compute_uwsgi_ini_overrides: {}
nova_compute_powervm_pip_packages:
- nova-powervm

13
handlers/main.yml
View File

@ -74,16 +74,3 @@
- "'nova_compute' in group_names"
- "nova_discover_hosts_in_cells_interval | int < 1"
listen: "Restart nova services"
- name: Reload Nginx
service:
name: nginx
enabled: yes
state: reloaded
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
register: _restart
until: _restart | success
retries: 5
delay: 2
when:
- "'nova_api_placement' in group_names"

23
releasenotes/notes/nova_uwsgi-af062fa20317d41c.yaml Normal file
View File

@ -0,0 +1,23 @@
---
features:
- The ``nova-api``, and ``nova-metadata`` services
have moved to run as uWSGI applications. You can
override their uwsgi configuration files using the
``nova_api_os_compute_uwsgi_ini_overrides``, and
``nova_api_metadata_uwsgi_ini_overrides`` settings.
upgrade:
- The ``nova-placement`` service now runs as a uWSGI
application that is not fronted by an nginx
web-server by default. After upgrading, if the
``nova-placement`` service was running on a host
or container without any other services requiring
nginx, you should manually remove nginx.
deprecations:
- Settings related to nginx and the placement
will no longer serve any purpose, and should
be removed. Those settings are as follows -
``nova_placement_nginx_access_log_format_extras``,
``nova_placement_nginx_access_log_format_combined``,
``nova_placement_nginx_extra_conf``,
``nova_placement_uwsgi_socket_port``, and
``nova_placement_pip_packages``.

12
tasks/main.yml
View File

@ -68,6 +68,10 @@
tags:
- nova-config
- include: nova_uwsgi.yml
tags:
- nova-config
- include: "nova_init_{{ ansible_service_mgr}}.yml"
tags:
- nova-config
@ -80,14 +84,6 @@
tags:
- nova-config
- include: nova_placement.yml
static: no
when:
- "nova_placement_service_enabled | bool"
- "'nova_api_placement' in group_names"
tags:
- nova-placement
- include: nova_compute.yml
static: no
when:

48
tasks/nova_placement.yml
View File

@ -1,48 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install pip packages
pip:
name: "{{ nova_placement_pip_packages }}"
state: "{{ nova_pip_package_state }}"
virtualenv: "{{ nova_bin | dirname }}"
virtualenv_site_packages: "no"
extra_args: >-
{{ nova_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
{{ pip_install_options | default('') }}
register: install_packages
until: install_packages|success
retries: 5
delay: 2
when:
- nova_get_venv | failed or nova_get_venv | skipped
notify: Restart nova services
tags:
- nova-pip-packages
- nova-install
- include: nova_placement_nginx.yml
tags:
- nova-config
- include: nova_placement_uwsgi.yml
tags:
- nova-config
- include: nova_placement_service_setup.yml
when: inventory_hostname == groups['nova_api_placement'][0]
tags:
- nova-config

57
tasks/nova_placement_nginx.yml
View File

@ -1,57 +0,0 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Add nginx user to nova group for log writing
user:
name: "{{ nova_nginx_user_name }}"
groups: nova
append: yes
notify:
- Reload Nginx
tags:
- nova-install
- name: Disable default configuration
file:
path: /etc/nginx/sites-enabled/default
state: absent
notify:
- Reload Nginx
- name: Configure custom nginx log format
lineinfile:
insertbefore: access_log
dest: "/etc/nginx/nginx.conf"
line: "log_format custom '{{ nova_placement_nginx_access_log_format_combined }} {{ nova_placement_nginx_access_log_format_extras }}';"
notify:
- Reload Nginx
# Configure app
- name: Configure virtual hosts
template:
src: nova-placement-nginx.conf.j2
dest: "/etc/nginx/{{ nova_nginx_conf_path }}/nova_placement_api.conf"
notify:
- Reload Nginx
- name: Link to enable virtual hosts
file:
src: "/etc/nginx/sites-available/nova_placement_api.conf"
path: "/etc/nginx/sites-enabled/nova_placement_api.conf"
state: link
when:
- ansible_os_family == "Debian"
notify:
- Reload Nginx

105
tasks/nova_placement_service_setup.yml
View File

@ -1,105 +0,0 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Create a service
- name: Ensure nova placement service
keystone:
command: "ensure_service"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
service_name: "{{ nova_placement_service_name }}"
service_type: "{{ nova_placement_service_type }}"
description: "{{ nova_placement_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 2
tags:
- nova-api-setup
- nova-service-add
# Create an admin user
- name: Ensure nova placement user
keystone:
command: "ensure_user"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ nova_placement_service_username }}"
tenant_name: "{{ nova_placement_service_project_name }}"
password: "{{ nova_placement_service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when:
- not nova_placement_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- nova-api-setup
- nova-service-add
# Add a role to the user
- name: Ensure nova user to admin role
keystone:
command: "ensure_user_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ nova_placement_service_username }}"
tenant_name: "{{ nova_placement_service_project_name }}"
role_name: "{{ nova_placement_service_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when:
- not nova_placement_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- nova-api-setup
- nova-service-add
# Create an endpoint
- name: Ensure nova endpoint
keystone:
command: "ensure_endpoint"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
region_name: "{{ nova_placement_service_region }}"
service_name: "{{ nova_placement_service_name }}"
service_type: "{{ nova_placement_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ nova_placement_service_publicurl }}"
interface: "public"
- url: "{{ nova_placement_service_internalurl }}"
interface: "internal"
- url: "{{ nova_placement_service_adminurl }}"
interface: "admin"
register: add_service
until: add_service|success
retries: 5
delay: 10
tags:
- nova-api-setup
- nova-service-add

89
tasks/nova_service_setup.yml
View File

@ -107,3 +107,92 @@
- nova-api-setup
- nova-service-add
- nova-setup
# Create a service
- name: Ensure nova placement service
keystone:
command: "ensure_service"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
service_name: "{{ nova_placement_service_name }}"
service_type: "{{ nova_placement_service_type }}"
description: "{{ nova_placement_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 2
tags:
- nova-api-setup
- nova-service-add
# Create an admin user
- name: Ensure nova placement user
keystone:
command: "ensure_user"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ nova_placement_service_username }}"
tenant_name: "{{ nova_placement_service_project_name }}"
password: "{{ nova_placement_service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not nova_placement_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- nova-api-setup
- nova-service-add
# Add a role to the user
- name: Ensure nova user to admin role
keystone:
command: "ensure_user_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ nova_placement_service_username }}"
tenant_name: "{{ nova_placement_service_project_name }}"
role_name: "{{ nova_placement_service_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not nova_placement_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- nova-api-setup
- nova-service-add
# Create an endpoint
- name: Ensure nova endpoint
keystone:
command: "ensure_endpoint"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
region_name: "{{ nova_placement_service_region }}"
service_name: "{{ nova_placement_service_name }}"
service_type: "{{ nova_placement_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ nova_placement_service_publicurl }}"
interface: "public"
- url: "{{ nova_placement_service_internalurl }}"
interface: "internal"
- url: "{{ nova_placement_service_adminurl }}"
interface: "admin"
register: add_service
until: add_service|success
retries: 5
delay: 10
tags:
- nova-api-setup
- nova-service-add

32
tasks/nova_placement_uwsgi.yml → tasks/nova_uwsgi.yml
View File

@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# Uwsgi Configuration
- name: Ensure uWSGI directory exists
file:
path: "/etc/uwsgi/"
@ -22,10 +22,34 @@
- name: Apply uWSGI configuration
config_template:
src: "nova-placement-uwsgi.ini.j2"
dest: "/etc/uwsgi/nova-placement-uwsgi.ini"
src: "nova-uwsgi.ini.j2"
dest: "/etc/uwsgi/{{ item.service_name }}.ini"
mode: "0744"
config_overrides: "{{ nova_placement_uwsgi_ini_overrides }}"
config_overrides: "{{ item.wsgi_overrides }}"
config_type: ini
with_items: "{{ filtered_nova_services }}"
when: item.wsgi_app | default(False)
notify:
- Restart nova services
# Cleanup and restart nginx configuration
# For O->P upgrades, can remove in Q.
- name: Clean up nginx configuration
file:
path: "/etc/nginx/{{ nova_nginx_conf_path }}/nova_placement_api.conf"
state: absent
register: nginx_conf_removed
- name: Cleanup sites-enabled for Debian based deploys
file:
path: "/etc/nginx/sites-enabled/nova_placement_api.conf"
state: absent
when:
- ansible_os_family == "Debian"
- name: Restart nginx if conf removed
service:
name: nginx
state: restarted
when: nginx_conf_removed | changed
failed_when: false

23
templates/nova-placement-nginx.conf.j2
View File

@ -1,23 +0,0 @@
# {{ ansible_managed }}
server {
listen {{ nova_placement_service_port }};
{% for line in nova_placement_nginx_extra_conf %}
{{ line }}
{%- endfor %}
access_log /var/log/nova/nova-placement-api-access.log custom;
error_log /var/log/nova/nova-placement-api-error.log info;
location /placement {
try_files $uri @nova-placement-api;
}
location @nova-placement-api {
include uwsgi_params;
uwsgi_pass 127.0.0.1:{{ nova_placement_uwsgi_socket_port }};
uwsgi_param SCRIPT_NAME '/placement';
uwsgi_modifier1 30;
}
}

4
templates/nova-placement-uwsgi.ini.j2 → templates/nova-uwsgi.ini.j2
View File

@ -4,8 +4,8 @@ uid = {{ nova_system_user_name }}
gid = {{ nova_system_group_name }}
virtualenv = /openstack/venvs/nova-{{ nova_venv_tag }}
wsgi-file = {{ nova_bin }}/nova-placement-api
socket = 127.0.0.1:{{ nova_placement_uwsgi_socket_port }}
wsgi-file = {{ nova_bin }}/{{ item.wsgi_name }}
http = 0.0.0.0:{{ item.uwsgi_port }}
master = true
enable-threads = true

16
tests/os_nova-overrides-lxd.yml
View File

@ -15,10 +15,11 @@
nova_virt_type: lxd
tempest_run: yes
tempest_venv_tag: "{{ tempest_git_install_branch }}"
tempest_venv_bin: "/opt/tempest_{{ tempest_venv_tag }}/bin"
tempest_log_dir: "/var/log/"
tempest_test_whitelist:
- tempest.scenario.test_server_basic_ops.TestServerBasicOps.test_server_basic_ops
tempest_tempest_conf_overrides:
'compute-feature-enabled':
'config_drive': 'false'
tempest_img_url: "http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-lxc.tar.gz"
tempest_img_disk_format: raw
tempest_image_file: "cirros-0.3.4-x86_64-lxc.tar.gz"
@ -26,13 +27,8 @@ tempest_img_name: "cirros"
tempest_images:
- url: "http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-lxc.tar.gz"
sha256: "e8172c603fad47f4c95e67bd2751c2977e07164c9ebdfcf3f9c1d7ff598ed217"
tempest_test_whitelist:
- tempest.scenario.test_server_basic_ops.TestServerBasicOps.test_server_basic_ops
neutron_provider_networks:
network_types: "vxlan,flat"
network_mappings: "flat:eth12"
network_vxlan_ranges: "1:1000"
tempest_tempest_conf_overrides:
'compute-feature-enabled':
'config_drive': 'false'

4
tests/os_nova-overrides.yml
View File

@ -13,10 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
tempest_run: yes
tempest_venv_tag: "{{ tempest_git_install_branch }}"
tempest_venv_bin: "/opt/tempest_{{ tempest_venv_tag }}/bin"
tempest_log_dir: "/var/log/"
tempest_test_whitelist:
- tempest.scenario.test_server_basic_ops.TestServerBasicOps.test_server_basic_ops

3
vars/main.yml
View File

@ -40,9 +40,6 @@ nova_package_list: |-
{% set _ = packages.extend(nova_compute_barbican_distro_packages) %}
{% endif %}
{% endif %}
{% if 'nova_api_placement' in group_names %}
{% set _ = packages.extend(nova_nginx_distro_packages) %}
{% endif %}
{{ packages }}
#

5
vars/redhat-7.yml
View File

@ -66,8 +66,5 @@ nova_compute_powervm_distro_packages: []
novalink_gpg_keys: []
nova_nginx_distro_packages:
- nginx
# Needed for nginx cleanup for O -> P upgrades. Remove in Q
nova_nginx_conf_path: "conf.d"
nova_nginx_user_name: "nginx"

5
vars/suse-42.yml
View File

@ -60,8 +60,5 @@ nova_compute_powervm_distro_packages: []
novalink_gpg_keys: []
nova_nginx_distro_packages:
- nginx
# Needed for nginx cleanup for O -> P upgrades. Remove in Q
nova_nginx_conf_path: "conf.d"
nova_nginx_user_name: "nginx"

5
vars/ubuntu-16.04.yml
View File

@ -73,9 +73,6 @@ nova_compute_lxd_distro_packages:
- vlan
- thin-provisioning-tools
nova_nginx_distro_packages:
- nginx-full
# nova powervm virt driver
nova_compute_powervm_distro_packages:
- bridge-utils
@ -100,5 +97,5 @@ novalink_gpg_keys:
- url: "http://public.dhe.ibm.com/systems/virtualization/Novalink/debian/novalink-gpg-pub.key"
state: "present"
# Needed for nginx cleanup for O -> P upgrades. Remove in Q
nova_nginx_conf_path: "sites-available"
nova_nginx_user_name: "www-data"