From e6217a9719b88b550ccbbce7c9bc064cb746c1a3 Mon Sep 17 00:00:00 2001 From: Matthew Treinish Date: Mon, 24 Apr 2017 16:49:04 -0400 Subject: [PATCH] Use uwsgi for glance-api This commit adds support for deploying glance as a wsgi script under uwsgi. To get around limitations in the uwsgi protocol when using python3 for chunked encoding we have to setup uwsgi in http mode on a random port listening on localhost and use mod_proxy to forward the incoming requests. The alternative approach of having apache buffer the requests locally with the send_cl option with mod_proxy_uwsgi only worked on python2 and also has the limitation that apache is buffering the entire chunked object, which could be several gigabytes in size. Depends-On: I089a22a4be4227a551c32442dba27c426f54c87d Change-Id: Ie98fb7da5e8ecfa49cd680b88139cb7034d5f88f --- lib/apache | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++++- lib/cinder | 2 +- lib/glance | 39 ++++++++++++++++++++++++++++----------- lib/nova | 2 +- 4 files changed, 83 insertions(+), 14 deletions(-) diff --git a/lib/apache b/lib/apache index 34ac660266..f2de7f2ea9 100644 --- a/lib/apache +++ b/lib/apache @@ -260,12 +260,64 @@ function write_uwsgi_config { else local apache_conf="" apache_conf=$(apache_site_config_for $name) - echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\" retry=0 " | sudo tee $apache_conf + echo "SetEnv proxy-sendcl 1" | sudo tee $apache_conf + echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\" retry=0 " | sudo tee -a $apache_conf enable_apache_site $name restart_apache_server fi } +# For services using chunked encoding, the only services known to use this +# currently are Glance and Swift, we need to use an http proxy instead of +# mod_proxy_uwsgi because the chunked encoding gets dropped. See: +# https://github.com/unbit/uwsgi/issues/1540 You can workaround this on python2 +# but that involves having apache buffer the request before sending it to +# uswgi. +function write_local_uwsgi_http_config { + local file=$1 + local wsgi=$2 + local url=$3 + name=$(basename $wsgi) + + # create a home for the sockets; note don't use /tmp -- apache has + # a private view of it on some platforms. + + # always cleanup given that we are using iniset here + rm -rf $file + iniset "$file" uwsgi wsgi-file "$wsgi" + port=$(get_random_port) + iniset "$file" uwsgi http "127.0.0.1:$port" + iniset "$file" uwsgi processes $API_WORKERS + # This is running standalone + iniset "$file" uwsgi master true + # Set die-on-term & exit-on-reload so that uwsgi shuts down + iniset "$file" uwsgi die-on-term true + iniset "$file" uwsgi exit-on-reload true + iniset "$file" uwsgi enable-threads true + iniset "$file" uwsgi plugins python + # uwsgi recommends this to prevent thundering herd on accept. + iniset "$file" uwsgi thunder-lock true + # Override the default size for headers from the 4k default. + iniset "$file" uwsgi buffer-size 65535 + # Make sure the client doesn't try to re-use the connection. + iniset "$file" uwsgi add-header "Connection: close" + # This ensures that file descriptors aren't shared between processes. + iniset "$file" uwsgi lazy-apps true + iniset "$file" uwsgi chmod-socket 666 + iniset "$file" uwsgi http-raw-body true + iniset "$file" uwsgi http-chunked-input true + iniset "$file" uwsgi http-auto-chunked true + + enable_apache_mod proxy + enable_apache_mod proxy_http + local apache_conf="" + apache_conf=$(apache_site_config_for $name) + echo "KeepAlive Off" | sudo tee $apache_conf + echo "ProxyPass \"${url}\" \"http://127.0.0.1:$port\" retry=0 " | sudo tee -a $apache_conf + enable_apache_site $name + restart_apache_server +} + function remove_uwsgi_config { local file=$1 local wsgi=$2 diff --git a/lib/cinder b/lib/cinder index e3a687b4f2..dc6f443051 100644 --- a/lib/cinder +++ b/lib/cinder @@ -347,7 +347,7 @@ function configure_cinder { iniset $CINDER_CONF DEFAULT osapi_volume_workers "$API_WORKERS" - iniset $CINDER_CONF DEFAULT glance_api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}" + iniset $CINDER_CONF DEFAULT glance_api_servers "$GLANCE_URL" if is_service_enabled tls-proxy; then iniset $CINDER_CONF DEFAULT glance_protocol https iniset $CINDER_CONF DEFAULT glance_ca_certificates_file $SSL_BUNDLE_FILE diff --git a/lib/glance b/lib/glance index d6438a6b48..19564183cd 100644 --- a/lib/glance +++ b/lib/glance @@ -71,6 +71,16 @@ GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT} GLANCE_SERVICE_PROTOCOL=${GLANCE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} GLANCE_REGISTRY_PORT=${GLANCE_REGISTRY_PORT:-9191} GLANCE_REGISTRY_PORT_INT=${GLANCE_REGISTRY_PORT_INT:-19191} +GLANCE_UWSGI=$GLANCE_BIN_DIR/glance-wsgi-api +GLANCE_UWSGI_CONF=$GLANCE_CONF_DIR/glance-uswgi.ini +# If wsgi mode is uwsgi run glance under uwsgi, else default to eventlet +# TODO(mtreinish): Remove the eventlet path here and in all the similar +# conditionals below after the Pike release +if [[ "$WSGI_MODE" == "uwsgi" ]]; then + GLANCE_URL="$GLANCE_SERVICE_PROTOCOL://$GLANCE_SERVICE_HOST/image" +else + GLANCE_URL="$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" +fi # Functions # --------- @@ -103,16 +113,13 @@ function configure_glance { dburl=`database_connection_url glance` iniset $GLANCE_REGISTRY_CONF database connection $dburl iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG - iniset $GLANCE_REGISTRY_CONF DEFAULT workers "$API_WORKERS" iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry iniset $GLANCE_REGISTRY_CONF oslo_messaging_notifications driver messagingv2 iniset_rpc_backend glance $GLANCE_REGISTRY_CONF iniset $GLANCE_REGISTRY_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT" - cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF iniset $GLANCE_API_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL - iniset $GLANCE_API_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS inicomment $GLANCE_API_CONF DEFAULT log_file iniset $GLANCE_API_CONF database connection $dburl iniset $GLANCE_API_CONF DEFAULT use_syslog $SYSLOG @@ -140,8 +147,6 @@ function configure_glance { iniset $GLANCE_API_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/ iniset $GLANCE_API_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST - iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS" - # CORS feature support - to allow calls from Horizon by default if [ -n "$GLANCE_CORS_ALLOWED_ORIGIN" ]; then iniset $GLANCE_API_CONF cors allowed_origin "$GLANCE_CORS_ALLOWED_ORIGIN" @@ -198,7 +203,6 @@ function configure_glance { setup_logging $GLANCE_REGISTRY_CONF cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI - cp -p $GLANCE_DIR/etc/glance-api-paste.ini $GLANCE_API_PASTE_INI cp $GLANCE_DIR/etc/glance-cache.conf $GLANCE_CACHE_CONF @@ -231,6 +235,13 @@ function configure_glance { iniset $GLANCE_API_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s" iniset $GLANCE_CACHE_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s" fi + + if [[ "$WSGI_MODE" == "uwsgi" ]]; then + write_local_uwsgi_http_config "$GLANCE_UWSGI_CONF" "$GLANCE_UWSGI" "/image" + else + iniset $GLANCE_API_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS + iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS" + fi } # create_glance_accounts() - Set up common required glance accounts @@ -255,7 +266,7 @@ function create_glance_accounts { get_or_create_endpoint \ "image" \ "$REGION_NAME" \ - "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" + "$GLANCE_URL" # Note(frickler): Crude workaround for https://bugs.launchpad.net/glance-store/+bug/1620999 service_domain_id=$(get_or_create_domain $SERVICE_DOMAIN_NAME) @@ -320,15 +331,21 @@ function install_glance { function start_glance { local service_protocol=$GLANCE_SERVICE_PROTOCOL if is_service_enabled tls-proxy; then - start_tls_proxy glance-service '*' $GLANCE_SERVICE_PORT $GLANCE_SERVICE_HOST $GLANCE_SERVICE_PORT_INT + if [[ "$WSGI_MODE" != "uwsgi" ]]; then + start_tls_proxy glance-service '*' $GLANCE_SERVICE_PORT $GLANCE_SERVICE_HOST $GLANCE_SERVICE_PORT_INT + fi start_tls_proxy glance-registry '*' $GLANCE_REGISTRY_PORT $GLANCE_SERVICE_HOST $GLANCE_REGISTRY_PORT_INT fi run_process g-reg "$GLANCE_BIN_DIR/glance-registry --config-file=$GLANCE_CONF_DIR/glance-registry.conf" - run_process g-api "$GLANCE_BIN_DIR/glance-api --config-file=$GLANCE_CONF_DIR/glance-api.conf" + if [[ "$WSGI_MODE" == "uwsgi" ]]; then + run_process g-api "$GLANCE_BIN_DIR/uwsgi --ini $GLANCE_UWSGI_CONF" + else + run_process g-api "$GLANCE_BIN_DIR/glance-api --config-file=$GLANCE_CONF_DIR/glance-api.conf" + fi - echo "Waiting for g-api ($GLANCE_HOSTPORT) to start..." - if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT; then + echo "Waiting for g-api ($GLANCE_SERVICE_HOST) to start..." + if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_URL; then die $LINENO "g-api did not start" fi } diff --git a/lib/nova b/lib/nova index de053ab389..f9cad2551d 100644 --- a/lib/nova +++ b/lib/nova @@ -574,7 +574,7 @@ function create_nova_conf { # enable notifications, but it will allow them to function when enabled. iniset $NOVA_CONF oslo_messaging_notifications driver "messagingv2" iniset_rpc_backend nova $NOVA_CONF - iniset $NOVA_CONF glance api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}" + iniset $NOVA_CONF glance api_servers "$GLANCE_URL" iniset $NOVA_CONF DEFAULT osapi_compute_workers "$API_WORKERS" iniset $NOVA_CONF DEFAULT metadata_workers "$API_WORKERS"