From a00e5f8810b6ca3b0b5d63cc228125e19bc91955 Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Tue, 17 Sep 2013 12:47:03 +1000 Subject: [PATCH] Allow keystone to run from apache Provide a template for running keystone as a mod_wsgi process and enable it from configuration. Based on: https://review.openstack.org/#/c/36474/ Also-by: zhang-hare Implements: blueprint devstack-setup-apache-keystone Change-Id: Icc9d7ddfa4a488c08816ff4ae0b53c0134a1016b --- files/apache-keystone.template | 22 ++++++++++++++++ lib/keystone | 47 ++++++++++++++++++++++++++++++++-- 2 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 files/apache-keystone.template diff --git a/files/apache-keystone.template b/files/apache-keystone.template new file mode 100644 index 0000000000..919452a040 --- /dev/null +++ b/files/apache-keystone.template @@ -0,0 +1,22 @@ +Listen %PUBLICPORT% +Listen %ADMINPORT% + + + WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% + WSGIProcessGroup keystone-public + WSGIScriptAlias / %PUBLICWSGI% + WSGIApplicationGroup %{GLOBAL} + ErrorLog /var/log/%APACHE_NAME%/keystone + LogLevel debug + CustomLog /var/log/%APACHE_NAME%/access.log combined + + + + WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER% + WSGIProcessGroup keystone-admin + WSGIScriptAlias / %ADMINWSGI% + WSGIApplicationGroup %{GLOBAL} + ErrorLog /var/log/%APACHE_NAME%/keystone + LogLevel debug + CustomLog /var/log/%APACHE_NAME%/access.log combined + diff --git a/lib/keystone b/lib/keystone index 3642904e1c..c4b2dff93b 100755 --- a/lib/keystone +++ b/lib/keystone @@ -14,11 +14,13 @@ # # install_keystone # configure_keystone +# _config_keystone_apache_wsgi # init_keystone # start_keystone # create_keystone_accounts # stop_keystone # cleanup_keystone +# _cleanup_keystone_apache_wsgi # Save trace setting XTRACE=$(set +o | grep xtrace) @@ -34,6 +36,7 @@ KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone} KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini} KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone} +KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone} KEYSTONECLIENT_DIR=$DEST/python-keystoneclient @@ -86,6 +89,33 @@ function cleanup_keystone() { : } +# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file +function _cleanup_keystone_apache_wsgi() { + sudo rm -f $KEYSTONE_WSGI_DIR/*.wsgi + disable_apache_site keystone + sudo rm -f /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone +} + +# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone +function _config_keystone_apache_wsgi() { + sudo mkdir -p $KEYSTONE_WSGI_DIR + + # copy proxy vhost and wsgi file + sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main + sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin + + sudo cp $FILES/apache-keystone.template /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone + sudo sed -e " + s|%PUBLICPORT%|$KEYSTONE_SERVICE_PORT|g; + s|%ADMINPORT%|$KEYSTONE_AUTH_PORT|g; + s|%APACHE_NAME%|$APACHE_NAME|g; + s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g; + s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g; + s|%USER%|$STACK_USER|g + " -i /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone + enable_apache_site keystone +} + # configure_keystone() - Set config files, create data dirs, etc function configure_keystone() { if [[ ! -d $KEYSTONE_CONF_DIR ]]; then @@ -204,6 +234,10 @@ function configure_keystone() { cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_CONF_DIR/logging.conf iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG" iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production" + + if is_apache_enabled_service key; then + _config_keystone_apache_wsgi + fi } # create_keystone_accounts() - Sets up common required keystone accounts @@ -316,6 +350,9 @@ function install_keystone() { fi git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH setup_develop $KEYSTONE_DIR + if is_apache_enabled_service key; then + install_apache_wsgi + fi } # start_keystone() - Start running processes, including screen @@ -326,8 +363,14 @@ function start_keystone() { service_port=$KEYSTONE_SERVICE_PORT_INT fi - # Start Keystone in a screen window - screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug" + if is_apache_enabled_service key; then + restart_apache_server + screen_it key "cd $KEYSTONE_DIR && sudo tail -f /var/log/$APACHE_NAME/keystone" + else + # Start Keystone in a screen window + screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug" + fi + echo "Waiting for keystone to start..." if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= curl -s http://$SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then die $LINENO "keystone did not start"