Allow keystone to run from apache

Provide a template for running keystone as a mod_wsgi process and enable it from configuration. Based on: https://review.openstack.org/#/c/36474/ Also-by: zhang-hare <zhuadl@cn.ibm.com> Implements: blueprint devstack-setup-apache-keystone Change-Id: Icc9d7ddfa4a488c08816ff4ae0b53c0134a1016b
2013-09-17 12:47:03 +10:00 · 2013-09-17 12:47:03 +10:00 · a00e5f8810
commit a00e5f8810
parent 5470701e10
2 changed files with 67 additions and 2 deletions
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@ -0,0 +1,22 @@
+Listen %PUBLICPORT%
+Listen %ADMINPORT%
+
+<VirtualHost *:%PUBLICPORT%>
+    WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER%
+    WSGIProcessGroup keystone-public
+    WSGIScriptAlias / %PUBLICWSGI%
+    WSGIApplicationGroup %{GLOBAL}
+    ErrorLog /var/log/%APACHE_NAME%/keystone
+    LogLevel debug
+    CustomLog /var/log/%APACHE_NAME%/access.log combined
+</VirtualHost>
+
+<VirtualHost *:%ADMINPORT%>
+    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER%
+    WSGIProcessGroup keystone-admin
+    WSGIScriptAlias / %ADMINWSGI%
+    WSGIApplicationGroup %{GLOBAL}
+    ErrorLog /var/log/%APACHE_NAME%/keystone
+    LogLevel debug
+    CustomLog /var/log/%APACHE_NAME%/access.log combined
+</VirtualHost>
--- a/lib/keystone
+++ b/lib/keystone
@ -14,11 +14,13 @@
 #
 # install_keystone
 # configure_keystone
+# _config_keystone_apache_wsgi
 # init_keystone
 # start_keystone
 # create_keystone_accounts
 # stop_keystone
 # cleanup_keystone
+# _cleanup_keystone_apache_wsgi

 # Save trace setting
 XTRACE=$(set +o | grep xtrace)
@ -34,6 +36,7 @@ KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
 KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
 KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
 KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone}
+KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone}

 KEYSTONECLIENT_DIR=$DEST/python-keystoneclient

@ -86,6 +89,33 @@ function cleanup_keystone() {
    :
 }

+# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
+function _cleanup_keystone_apache_wsgi() {
+    sudo rm -f $KEYSTONE_WSGI_DIR/*.wsgi
+    disable_apache_site keystone
+    sudo rm -f /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
+}
+
+# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone
+function _config_keystone_apache_wsgi() {
+    sudo mkdir -p $KEYSTONE_WSGI_DIR
+
+    # copy proxy vhost and wsgi file
+    sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main
+    sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin
+
+    sudo cp $FILES/apache-keystone.template /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
+    sudo sed -e "
+        s|%PUBLICPORT%|$KEYSTONE_SERVICE_PORT|g;
+        s|%ADMINPORT%|$KEYSTONE_AUTH_PORT|g;
+        s|%APACHE_NAME%|$APACHE_NAME|g;
+        s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g;
+        s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g;
+        s|%USER%|$STACK_USER|g
+    " -i /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
+    enable_apache_site keystone
+}
+
 # configure_keystone() - Set config files, create data dirs, etc
 function configure_keystone() {
    if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
@ -204,6 +234,10 @@ function configure_keystone() {
    cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_CONF_DIR/logging.conf
    iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG"
    iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production"
+
+    if is_apache_enabled_service key; then
+        _config_keystone_apache_wsgi
+    fi
 }

 # create_keystone_accounts() - Sets up common required keystone accounts
@ -316,6 +350,9 @@ function install_keystone() {
    fi
    git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
    setup_develop $KEYSTONE_DIR
+    if is_apache_enabled_service key; then
+        install_apache_wsgi
+    fi
 }

 # start_keystone() - Start running processes, including screen
@ -326,8 +363,14 @@ function start_keystone() {
        service_port=$KEYSTONE_SERVICE_PORT_INT
    fi

-    # Start Keystone in a screen window
-    screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
+    if is_apache_enabled_service key; then
+        restart_apache_server
+        screen_it key "cd $KEYSTONE_DIR && sudo tail -f /var/log/$APACHE_NAME/keystone"
+    else
+        # Start Keystone in a screen window
+        screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
+    fi
+
    echo "Waiting for keystone to start..."
    if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= curl -s http://$SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then
      die $LINENO "keystone did not start"