Support uWSGI for API server

Currently Nova API server still using eventlet-based HTTP servers,
it is generally considered more performant and flexible to run them
using a generic HTTP server that supports WSGI.

Change-Id: I489557181bb8becbaf5cf7d9812a671d5cb3cc4a

nova/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Nova
 name: nova
-version: 0.3.37
+version: 0.3.38
 home: https://docs.openstack.org/nova/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
 sources:

nova/templates/bin/_nova-api-metadata.sh.tpl

@@ -48,9 +48,7 @@ function start () {
   # Starts Apache2
   exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
 {{- else }}
-  exec nova-api-metadata \
-        --config-file /etc/nova/nova.conf \
-        --config-file /tmp/pod-shared/nova-api-metadata.ini
+  exec uwsgi --ini /etc/nova/nova-metadata-uwsgi.ini
 {{- end }}
 }
 

nova/templates/bin/_nova-api.sh.tpl

@@ -49,8 +49,7 @@ function start () {
   # Starts Apache2
   exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
 {{- else }}
-  exec nova-api-os-compute \
-        --config-file /etc/nova/nova.conf
+  exec uwsgi --ini /etc/nova/nova-api-uwsgi.ini
 {{- end }}
 }
 

nova/templates/configmap-etc.yaml

@@ -258,6 +258,7 @@ limitations under the License.
 {{- if empty .Values.conf.nova.cinder.auth_url -}}
 {{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.cinder "auth_url" -}}
 {{- end -}}
+
 {{- if empty .Values.conf.nova.cinder.os_region_name -}}
 {{- $_ := set .Values.conf.nova.cinder "os_region_name" .Values.endpoints.identity.auth.cinder.region_name -}}
 {{- end -}}
@@ -284,6 +285,24 @@ limitations under the License.
 {{- $_ := tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.DEFAULT "osapi_compute_listen_port" -}}
 {{- end -}}
 
+{{- if empty .Values.conf.nova_api_uwsgi.uwsgi.processes -}}
+{{- $_ := set .Values.conf.nova_api_uwsgi.uwsgi "processes" .Values.conf.nova.DEFAULT.osapi_compute_workers -}}
+{{- end -}}
+{{- if empty (index .Values.conf.nova_api_uwsgi.uwsgi "http-socket") -}}
+{{- $http_socket_port := tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
+{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
+{{- $_ := set .Values.conf.nova_api_uwsgi.uwsgi "http-socket" $http_socket -}}
+{{- end -}}
+
+{{- if empty .Values.conf.nova_metadata_uwsgi.uwsgi.processes -}}
+{{- $_ := set .Values.conf.nova_metadata_uwsgi.uwsgi "processes" .Values.conf.nova.DEFAULT.metadata_workers -}}
+{{- end -}}
+{{- if empty (index .Values.conf.nova_metadata_uwsgi.uwsgi "http-socket") -}}
+{{- $http_socket_port := .Values.network.metadata.port | toString }}
+{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
+{{- $_ := set .Values.conf.nova_metadata_uwsgi.uwsgi "http-socket" $http_socket -}}
+{{- end -}}
+
 {{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
 {{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
 {{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
@@ -323,6 +342,8 @@ data:
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
   api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
   nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}
+  nova-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_api_uwsgi | b64enc }}
+  nova-metadata-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_metadata_uwsgi | b64enc }}
 {{- if .Values.manifests.certificates }}
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf" "format" "Secret" ) | indent 2 }}
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_nova_api "key" "wsgi-api.conf" "format" "Secret" ) | indent 2 }}

nova/templates/deployment-api-metadata.yaml

@@ -120,6 +120,10 @@ spec:
               mountPath: /tmp/nova-api-metadata.sh
               subPath: nova-api-metadata.sh
               readOnly: true
+            - name: nova-etc
+              mountPath: /etc/nova/nova-metadata-uwsgi.ini
+              subPath: nova-metadata-uwsgi.ini
+              readOnly: true
             - name: nova-bin
               mountPath: /sbin/iptables
               subPath: fake-iptables.sh

nova/templates/deployment-api-osapi.yaml

@@ -108,6 +108,10 @@ spec:
               mountPath: /etc/nova/nova.conf
               subPath: nova.conf
               readOnly: true
+            - name: nova-etc
+              mountPath: /etc/nova/nova-api-uwsgi.ini
+              subPath: nova-api-uwsgi.ini
+              readOnly: true
             {{- if .Values.conf.nova.DEFAULT.log_config_append }}
             - name: nova-etc
               mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}

nova/values.yaml

@@ -1564,6 +1564,38 @@ conf:
     before:
       enabled: false
       date: 'nil'
+  nova_api_uwsgi:
+    uwsgi:
+      add-header: "Connection: close"
+      buffer-size: 65535
+      die-on-term: true
+      enable-threads: true
+      exit-on-reload: false
+      hook-master-start: unix_signal:15 gracefully_kill_them_all
+      lazy-apps: true
+      log-x-forwarded-for: true
+      master: true
+      procname-prefix-spaced: "nova-api:"
+      route-user-agent: '^kube-probe.* donotlog:'
+      thunder-lock: true
+      worker-reload-mercy: 80
+      wsgi-file: /var/lib/openstack/bin/nova-api-wsgi
+  nova_metadata_uwsgi:
+    uwsgi:
+      add-header: "Connection: close"
+      buffer-size: 65535
+      die-on-term: true
+      enable-threads: true
+      exit-on-reload: false
+      hook-master-start: unix_signal:15 gracefully_kill_them_all
+      lazy-apps: true
+      log-x-forwarded-for: true
+      master: true
+      procname-prefix-spaced: "nova-metadata:"
+      route-user-agent: '^kube-probe.* donotlog:'
+      thunder-lock: true
+      worker-reload-mercy: 80
+      wsgi-file: /var/lib/openstack/bin/nova-metadata-wsgi
 
 # Names of secrets used by bootstrap and environmental checks
 secrets:
@@ -2028,29 +2060,29 @@ pod:
         liveness:
           enabled: True
           params:
-            initialDelaySeconds: 30
-            periodSeconds: 60
-            timeoutSeconds: 15
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 5
         readiness:
           enabled: True
           params:
-            initialDelaySeconds: 30
-            periodSeconds: 60
-            timeoutSeconds: 15
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 5
     api-osapi:
       default:
         liveness:
           enabled: True
           params:
-            initialDelaySeconds: 30
-            periodSeconds: 60
-            timeoutSeconds: 15
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 5
         readiness:
           enabled: True
           params:
-            initialDelaySeconds: 30
-            periodSeconds: 60
-            timeoutSeconds: 15
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 5
     conductor:
       default:
         liveness:

releasenotes/notes/nova.yaml

@@ -106,4 +106,5 @@ nova:
   - 0.3.35 Use directory mount for vencrypt certificates
   - 0.3.36 Update Ceph images to Jammy and Reef 18.2.1
   - 0.3.37 Use metadata_listen_port instead of metadata_port
+  - 0.3.38 Using uWSGI
 ...