Browse Source

Allow keystone to run from apache

Provide a template for running keystone as a mod_wsgi process and enable
it from configuration.

Based on: https://review.openstack.org/#/c/36474/
Also-by: zhang-hare <zhuadl@cn.ibm.com>
Implements: blueprint devstack-setup-apache-keystone

Change-Id: Icc9d7ddfa4a488c08816ff4ae0b53c0134a1016b
tags/havana-eol
Jamie Lennox 5 years ago
parent
commit
a00e5f8810
2 changed files with 67 additions and 2 deletions
  1. 22
    0
      files/apache-keystone.template
  2. 45
    2
      lib/keystone

+ 22
- 0
files/apache-keystone.template View File

@@ -0,0 +1,22 @@
1
+Listen %PUBLICPORT%
2
+Listen %ADMINPORT%
3
+
4
+<VirtualHost *:%PUBLICPORT%>
5
+    WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER%
6
+    WSGIProcessGroup keystone-public
7
+    WSGIScriptAlias / %PUBLICWSGI%
8
+    WSGIApplicationGroup %{GLOBAL}
9
+    ErrorLog /var/log/%APACHE_NAME%/keystone
10
+    LogLevel debug
11
+    CustomLog /var/log/%APACHE_NAME%/access.log combined
12
+</VirtualHost>
13
+
14
+<VirtualHost *:%ADMINPORT%>
15
+    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER%
16
+    WSGIProcessGroup keystone-admin
17
+    WSGIScriptAlias / %ADMINWSGI%
18
+    WSGIApplicationGroup %{GLOBAL}
19
+    ErrorLog /var/log/%APACHE_NAME%/keystone
20
+    LogLevel debug
21
+    CustomLog /var/log/%APACHE_NAME%/access.log combined
22
+</VirtualHost>

+ 45
- 2
lib/keystone View File

@@ -14,11 +14,13 @@
14 14
 #
15 15
 # install_keystone
16 16
 # configure_keystone
17
+# _config_keystone_apache_wsgi
17 18
 # init_keystone
18 19
 # start_keystone
19 20
 # create_keystone_accounts
20 21
 # stop_keystone
21 22
 # cleanup_keystone
23
+# _cleanup_keystone_apache_wsgi
22 24
 
23 25
 # Save trace setting
24 26
 XTRACE=$(set +o | grep xtrace)
@@ -34,6 +36,7 @@ KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
34 36
 KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
35 37
 KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
36 38
 KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone}
39
+KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone}
37 40
 
38 41
 KEYSTONECLIENT_DIR=$DEST/python-keystoneclient
39 42
 
@@ -86,6 +89,33 @@ function cleanup_keystone() {
86 89
     :
87 90
 }
88 91
 
92
+# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
93
+function _cleanup_keystone_apache_wsgi() {
94
+    sudo rm -f $KEYSTONE_WSGI_DIR/*.wsgi
95
+    disable_apache_site keystone
96
+    sudo rm -f /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
97
+}
98
+
99
+# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone
100
+function _config_keystone_apache_wsgi() {
101
+    sudo mkdir -p $KEYSTONE_WSGI_DIR
102
+
103
+    # copy proxy vhost and wsgi file
104
+    sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main
105
+    sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin
106
+
107
+    sudo cp $FILES/apache-keystone.template /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
108
+    sudo sed -e "
109
+        s|%PUBLICPORT%|$KEYSTONE_SERVICE_PORT|g;
110
+        s|%ADMINPORT%|$KEYSTONE_AUTH_PORT|g;
111
+        s|%APACHE_NAME%|$APACHE_NAME|g;
112
+        s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g;
113
+        s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g;
114
+        s|%USER%|$STACK_USER|g
115
+    " -i /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
116
+    enable_apache_site keystone
117
+}
118
+
89 119
 # configure_keystone() - Set config files, create data dirs, etc
90 120
 function configure_keystone() {
91 121
     if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
@@ -204,6 +234,10 @@ function configure_keystone() {
204 234
     cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_CONF_DIR/logging.conf
205 235
     iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG"
206 236
     iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production"
237
+
238
+    if is_apache_enabled_service key; then
239
+        _config_keystone_apache_wsgi
240
+    fi
207 241
 }
208 242
 
209 243
 # create_keystone_accounts() - Sets up common required keystone accounts
@@ -316,6 +350,9 @@ function install_keystone() {
316 350
     fi
317 351
     git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
318 352
     setup_develop $KEYSTONE_DIR
353
+    if is_apache_enabled_service key; then
354
+        install_apache_wsgi
355
+    fi
319 356
 }
320 357
 
321 358
 # start_keystone() - Start running processes, including screen
@@ -326,8 +363,14 @@ function start_keystone() {
326 363
         service_port=$KEYSTONE_SERVICE_PORT_INT
327 364
     fi
328 365
 
329
-    # Start Keystone in a screen window
330
-    screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
366
+    if is_apache_enabled_service key; then
367
+        restart_apache_server
368
+        screen_it key "cd $KEYSTONE_DIR && sudo tail -f /var/log/$APACHE_NAME/keystone"
369
+    else
370
+        # Start Keystone in a screen window
371
+        screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
372
+    fi
373
+
331 374
     echo "Waiting for keystone to start..."
332 375
     if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= curl -s http://$SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then
333 376
       die $LINENO "keystone did not start"

Loading…
Cancel
Save