use_journal uses the systemd native path for logging, however there
are concerns that this might be negatively interacting with
eventlet. To be on the safe side fall back to stdout.
This introduces a USE_JOURNAL option which will let folks turn this
back on for testing.
This also adjusts the debug lines. When using the journal the pid
reported by systemd is correct. When using stdout, it will be the
parent process id, so we need to keep it to see which child each thing
is coming from.
Change-Id: Id7891c532bf99c099252e82d511a37a49506fea9
This moves the developer use case over to systemd, and updates all the
relevant docs to discuss the systemd workflow instead of screen. It
does so by defaulting USE_SCREEN=False, so will not impact people that
set it explicitly.
Change-Id: I6d664612bc2b850eb7f56852afbc841867223ab7
When transitioning between different wsgi modes, or service modes, we
should really safely stop and cleanup things that are started in any
service mode, which makes it easier to ensure that we don't leave
things around from past runs.
Change-Id: I33acbee39e1a2da2bfd79a5dd54b84a12a778be1
We should be able to operate without the identity admin endpoint,
given that in v3 it's all the same. This floats that out there to see
if we can or not.
Change-Id: Ic233f6b43dd1e3cfdadff0f18aba4ea78825a996
auth_uri is not a keystonemiddleware option, and it's use in config
files is confusing at best. Remove it for clarity.
Change-Id: Ie3a9ab30d81809363444d5f3b41588b3889dc185
As we move to enabling glance-api to use a wsgi script that might be run
as multiple processes, there are a couple places where external
synchronization is necessary. To use this we need to set the lock_path
config option from oslo.concurrency so external locks will work.
Change-Id: I9a66a8636d12037ff9aa4fb73cc3f9b9343dd7e9
In order to start making the transition in the gate make
USE_SCREEN=False also mean USE_SYSTEMD=True. We'll never actually
declare USE_SYSTEMD=True in the gate (as that doesn't exist for stable
branches), but this will let us roll over the existing transition.
We also have to install systemd-python 234 because we are recording
exception info in the journal, and all versions before that had a bug
in processing that.
Remove the somewhat pointless screen following journalctl commands. We
really don't want or need those, and they tend to build up over time.
Depends-On: I24513f5cbac2c34cf0130bf812ff2df6ad76657c
Change-Id: I6af6d1857effaf662a9d72bd394864934eacbe70
The DEFAULT_IMAGE_NAME variable is used to reference the name of the
default image in glance after it has been uploaded by devstack. It is
used both inside and outside of devstack for that purpose. However, when
configuring tempest there are some tests which also do image uploads and
need a filename for specifying which file they should upload into glance
for testing purposes. Previously we were just using DEFAULT_IMAGE_NAME
for both purposes, but this causes a conflict if the name of the image
we upload into glance does not have a file extension. So instead of
conflating the things this commit differentiates between them and adds a
new DEFAULT_IMAGE_FILE_NAME variable to use for this purpose.
Change-Id: Icf74badcf2093d8c75db538232b10b3ac7b86eb8
As described in [1], it seems that mod_wsgi is not "graceful" reload
safe. Upon re-init, it can end up in a segfault loop.
The "reload" (not *restart*) after setting up uwsgi was added with
I1d89be1f1b36f26eaf543b99bde6fdc5701474fe but not causing an issue
until uwsgi was enabled.
We do not notice in the gate, because the TLS setup ends up doing a
restart after this setup. In the period between the
write_uwsgi_config and that restart, Apache is sitting in a segfault
loop, but we never noticed because we don't try talking to it. Other
jobs that don't do any further apache configuration have started
failing, however.
Looking at the original comments around "reload_apache_server" I'm not
sure if it is still necessary. [2] shows it is not used outside these
two calls.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1445540
[2] http://codesearch.openstack.org/?q=reload_apache_server&i=nope&files=&repos=
Closes-Bug: #1686210
Change-Id: I5234bae0595efdcd30305a32bf9c121072a3625e
This defines a new function get_notification_url, which returns the URL
of RabbitMQ when you want connect to it, and uses in
ceilometermiddleware. This fixes an issue when we try to use AMQP for
RPC, but not for notifications.
Change-Id: I14450b2440806a17a90e5ddefc243868fdbe4f2c
On Centos, apache has a private view of /tmp and thus can't see this
socket, causing keystone to fail. This happened after
I46294fb24e3c23fa19fcfd7d6c9ee8a932354702.
Move it to /var/run.
Closes-Bug: #1684360
Change-Id: I47f091656802719c259752454ec88bf50760b967
It turns out that we ended up with duplicate versions of this function
merging on top of each other within 3 days, and gerrit didn't catch
it. Boo gerrit. Boo bash.
Change-Id: Ic6aa2f9bafdec906de2bc51d5929beeec48a6a40
Swift proxy logs to syslog during the devstack-gate tempest runs. To
better capture the swift logs increase the rsyslog buffer size to 6k
bytes allowing for longer messages like tracebacks.
This was setup by openstack-infra previous during our diskimage
builds.
I03e42964e14d9f930c07ed047851bdf775639c59
Change-Id: Iaa232335865410600c93f47d4777ed4f1bce08e2
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Until we can test with a version of swiftclient that knows how to eat
auth_uri, swift still needs a working gate.
Change-Id: I09f9ad5c87b542df962a79898e06fbf1e968b1e3
Related-Change: I46294fb24e3c23fa19fcfd7d6c9ee8a932354702
Related-Change: Ie427f3b0b9eb834ff940fa5d52444a5a6cdcab15
a2dissite will return a non-zero error code if the site that is being
disabled is not currently enabled (that is, if the conf file for it does
not exist). This can happen during development if you've been messing
with files by hand. Rather than exploding out of a ./stack.sh, accept
the missing file as meaning "it's disabled" and carry one. The rpm
version of disable, which does not use a2dissite, does this already.
Change-Id: Ie5dfd42efdff4bdba5ffaa765af000dd8e1d596e
The removed TODO was talking about USE_SYSTEMD, not WSGI_MODE.
WSGI_MODE makes sense, so the TODO has been done.
Change-Id: Ib574ef123ea4c82d4d88012c990cd1ad660d7879
This makes keystone use the proxy uwsgi module when running in uwsgi
mode. It also introduces a new stackrc variable which is WSGI_MODE
that we can use to control the conditionals in services that current
work with mod_wsgi.
Also update retry timeouts on proxy pass so that workers don't disable
their connections during polling for initial activity.
Change-Id: I46294fb24e3c23fa19fcfd7d6c9ee8a932354702
This converts the placement API to use the new WSGI_MODE variable
(which is not introduced until the next changeset). We do this so that
placement and keystone patches can be reviewed independently, but
there are some hidden coupling of mod_wsgi setup which happens only in
keystone, so if we do keystone first, it breaks placement.
Change-Id: Id5b2c67701bcc7b12c8e3764c7199d10f85df80f
The uwsgi proxy version that comes with Ubuntu xenial is too old, so
we have to build it from source. This is a temporary solution until
the next LTS.
This lays the ground work for using it in keystone.
Change-Id: I00fb1759e6988c7df0ce0f3df5ff1ce9fd7cd381
When an apache worker gets a proxy error, it will not retry talking to
the backend server until the retry timeout expires. We bring up the
proxy server *before* the backend server, and poll it. If we are
running a small number of workers, there is a likely chance that we're
going to hit one that errored before the backend was up, thus failing
for now real reason.
Set this to 0 instead to mean always retry failed connections.
Change-Id: I9e584f087bd375f71ddf0c70f83205c425094a17
Ref: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
tls-proxy is the way we're now doing a standard install using https
between services. There is a lot more work to make services directly
handle https, and having python daemons do that directly is a bit of
an anti pattern. Nothing currently tests this in project-config from
my recent grepping, so in the interest of long term maintenance,
delete it all.
Change-Id: I910df4ceab6f24f3d9c484e0433c93b06f17d6e1
Instead of this code all existing in keystone inline, factor out into
a dedicated set of functions, and make keystone use this. This drops
uwsgi supporting https directly, but that's not going to be a
supported model going forward once we get to proxy only anyway.
Change-Id: I1d89be1f1b36f26eaf543b99bde6fdc5701474fe
We're now in a systemd world where systemd is managing the restart
effectively, there is no reason to be tricksy with apache now that
we're not working around weird upstartd issues.
Change-Id: Ifadfd504eb10a90db5177ea9180b9cd8331a2948
