Factor out code to write uwsgi config files
Instead of this code all existing in keystone inline, factor out into a dedicated set of functions, and make keystone use this. This drops uwsgi supporting https directly, but that's not going to be a supported model going forward once we get to proxy only anyway. Change-Id: I1d89be1f1b36f26eaf543b99bde6fdc5701474fe
This commit is contained in:
parent
2b85cf0f06
commit
2f8c88e053
53
lib/apache
53
lib/apache
@ -181,6 +181,59 @@ function reload_apache_server {
|
||||
reload_service $APACHE_NAME
|
||||
}
|
||||
|
||||
function write_uwsgi_config {
|
||||
local file=$1
|
||||
local wsgi=$2
|
||||
local url=$3
|
||||
local http=$4
|
||||
local name=""
|
||||
name=$(basename $wsgi)
|
||||
local socket="/tmp/${name}.socket"
|
||||
|
||||
# always cleanup given that we are using iniset here
|
||||
rm -rf $file
|
||||
iniset "$file" uwsgi wsgi-file "$wsgi"
|
||||
iniset "$file" uwsgi socket "$socket"
|
||||
iniset "$file" uwsgi processes $API_WORKERS
|
||||
# This is running standalone
|
||||
iniset "$file" uwsgi master true
|
||||
# Set die-on-term & exit-on-reload so that uwsgi shuts down
|
||||
iniset "$file" uwsgi die-on-term true
|
||||
iniset "$file" uwsgi exit-on-reload true
|
||||
iniset "$file" uwsgi enable-threads true
|
||||
iniset "$file" uwsgi plugins python
|
||||
# uwsgi recommends this to prevent thundering herd on accept.
|
||||
iniset "$file" uwsgi thunder-lock true
|
||||
# Override the default size for headers from the 4k default.
|
||||
iniset "$file" uwsgi buffer-size 65535
|
||||
# Make sure the client doesn't try to re-use the connection.
|
||||
iniset "$file" uwsgi add-header "Connection: close"
|
||||
# This ensures that file descriptors aren't shared between processes.
|
||||
iniset "$file" uwsgi lazy-apps true
|
||||
iniset "$file" uwsgi chmod-socket 666
|
||||
|
||||
# If we said bind directly to http, then do that and don't start the apache proxy
|
||||
if [[ -n "$http" ]]; then
|
||||
iniset "$file" uwsgi http $http
|
||||
else
|
||||
local apache_conf=""
|
||||
apache_conf=$(apache_site_config_for $name)
|
||||
echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\"" | sudo tee $apache_conf
|
||||
enable_apache_site $name
|
||||
reload_apache_server
|
||||
fi
|
||||
}
|
||||
|
||||
function remove_uwsgi_config {
|
||||
local file=$1
|
||||
local wsgi=$2
|
||||
local name=""
|
||||
name=$(basename $wsgi)
|
||||
|
||||
rm -rf $file
|
||||
disable_apache_site $name
|
||||
}
|
||||
|
||||
# Restore xtrace
|
||||
$_XTRACE_LIB_APACHE
|
||||
|
||||
|
47
lib/keystone
47
lib/keystone
@ -50,6 +50,10 @@ fi
|
||||
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
|
||||
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
|
||||
KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
|
||||
KEYSTONE_PUBLIC_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
|
||||
KEYSTONE_ADMIN_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
|
||||
KEYSTONE_PUBLIC_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-public
|
||||
KEYSTONE_ADMIN_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-admin
|
||||
|
||||
# Toggle for deploying Keystone under HTTPD + mod_wsgi
|
||||
# Deprecated in Mitaka, use KEYSTONE_DEPLOY instead.
|
||||
@ -293,44 +297,9 @@ function configure_keystone {
|
||||
_config_keystone_apache_wsgi
|
||||
else # uwsgi
|
||||
# iniset creates these files when it's called if they don't exist.
|
||||
KEYSTONE_PUBLIC_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
|
||||
KEYSTONE_ADMIN_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
|
||||
|
||||
rm -f "$KEYSTONE_PUBLIC_UWSGI_FILE"
|
||||
rm -f "$KEYSTONE_ADMIN_UWSGI_FILE"
|
||||
|
||||
if is_ssl_enabled_service key; then
|
||||
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi https $KEYSTONE_SERVICE_HOST:$service_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
|
||||
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi https $KEYSTONE_ADMIN_BIND_HOST:$auth_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
|
||||
else
|
||||
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi http $KEYSTONE_SERVICE_HOST:$service_port
|
||||
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi http $KEYSTONE_ADMIN_BIND_HOST:$auth_port
|
||||
fi
|
||||
|
||||
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-public"
|
||||
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi processes $(nproc)
|
||||
|
||||
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-admin"
|
||||
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi processes $API_WORKERS
|
||||
|
||||
# Common settings
|
||||
for file in "$KEYSTONE_PUBLIC_UWSGI_FILE" "$KEYSTONE_ADMIN_UWSGI_FILE"; do
|
||||
# This is running standalone
|
||||
iniset "$file" uwsgi master true
|
||||
# Set die-on-term & exit-on-reload so that uwsgi shuts down
|
||||
iniset "$file" uwsgi die-on-term true
|
||||
iniset "$file" uwsgi exit-on-reload true
|
||||
iniset "$file" uwsgi enable-threads true
|
||||
iniset "$file" uwsgi plugins python
|
||||
# uwsgi recommends this to prevent thundering herd on accept.
|
||||
iniset "$file" uwsgi thunder-lock true
|
||||
# Override the default size for headers from the 4k default.
|
||||
iniset "$file" uwsgi buffer-size 65535
|
||||
# Make sure the client doesn't try to re-use the connection.
|
||||
iniset "$file" uwsgi add-header "Connection: close"
|
||||
# This ensures that file descriptors aren't shared between processes.
|
||||
iniset "$file" uwsgi lazy-apps true
|
||||
done
|
||||
write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity" "$KEYSTONE_SERVICE_HOST:$service_port"
|
||||
write_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" "/identity_admin" "$KEYSTONE_ADMIN_BIND_HOST:$auth_port"
|
||||
fi
|
||||
|
||||
iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
|
||||
@ -604,8 +573,8 @@ function start_keystone {
|
||||
# TODO(sdague): we should really get down to a single keystone here
|
||||
enable_service key-p
|
||||
enable_service key-a
|
||||
run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_FILE" ""
|
||||
run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_FILE" ""
|
||||
run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" ""
|
||||
run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_CONF" ""
|
||||
fi
|
||||
|
||||
echo "Waiting for keystone to start..."
|
||||
|
Loading…
x
Reference in New Issue
Block a user