We are seeing connection errors to the proxy occasionally. These errors
do not result in a logged http request or error to the backends,
resulting in a theory that the proxy itself may just not be able to
handle the number of connections. More than double the total number of
connections that will be accepted by the proxy in an attempt to fix
this.
Change-Id: Iefa6c43451dd1f95927528d2ce0003c84248847f
Related-bug: 1630664
This creates log files per proxy vhost and sets the log level to info to
help debug potential issues with tls proxying.
Change-Id: I02a62224662b021b35c293909ba045b4b74e1df8
Stud is now abandonware (see https://github.com/bumptech/stud) and is
not packaged in xenial. Lets use Apache for SSL termination since its
there already.
Change-Id: Ifcba410f5969521e8b3d30f02795541c1661f83a
I noticed this when debugging some grenade issues failures.
An include of grenade/functions stores the current value of XTRACE
(on) and disables xtrace for the rest of the import.
We then include devstack's "functions" library, which now overwrites
the stored value of XTRACE the current state; i.e. disabled.
When it finishes it restores the prior state (disabled), and then
grenade restores the same value of XTRACE (disabled).
The result is that xtrace is incorrectly disabled until the next time
it just happens to be turned on.
The solution is to name-space the store of the current-value of xtrace
so when we finish sourcing a file, we always restore the tracing value
to what it was when we entered.
Some files had already discovered this. In general there is
inconsistency around the setting of the variable, and a lot of obvious
copy-paste. This brings consistency across all files by using
_XTRACE_* prefixes for the sotre/restore of tracing values.
Change-Id: Iba7739eada5711d9c269cb4127fa712e9f961695
Ia0957b47187c3dcadd46154b17022c4213781112 proposes to have bashate
find instances of setting a local value. The issue is that "local"
always returns 0, thus hiding any failure in the commands running to
set the variable.
This is an automated replacement of such instances
Depends-On: I676c805e8f0401f75cc5367eee83b3d880cdef81
Change-Id: I9c8912a8fd596535589b207d7fc553b9d951d3fe
This has only ever appeared in
I3a5d1e511c5dca1e6d01a1adca8fda0a43d4f632 and has never been exported,
referenced, etc.
Remove it to avoid confusion
(e.g. Icfad40ee6998296727a95613199e5c2d87bd0a45)
Change-Id: Ic71e841f6f751ff43083e12ad734b9c84be7b645
With gerrit 2.8, and the new change screen, this will trigger syntax
highlighting in gerrit. Thus making reviewing code a lot nicer.
Change-Id: Id238748417ffab53e02d59413dba66f61e724383
This change uses mod_version (shipped by default on everything we care
about) to set-up version-specific config within apache rather than
within devstack scripts.
Clean up the horizon and keystone config file generation to use the
internal apache matching.
Since I6478db385fda2fa1c75ced12d3e886b2e1152852 the apache matching in
'functions' is actually duplicated. just leave get_apache_version in
lib/apache as it is used for config-file name matching in there.
Change-Id: I6478db385fda2fa1c75ced12d3e886b2e1152852
Use the new ErrorLogFormat directive to make the Keystone logs
under Apache to look like the standard oslo log format.
Change-Id: Ie823abf2fa06b8ce22027c21bef455808a4a768e
Apache sometimes is slow to release the port (from the kernel's
perspective) which can cause restarts of apache to fail due to the
requested port already being bound. This fix introduces a small sleep
between the stop and start to help make apache deployments a bit
more resilient.
Change-Id: I9697d71f3cb2d8d5da8fe7ffa8b3e1ade9d52afd
Closes-Bug: #1342256
Added a global toggle for enabling HTTPD + mod_wsgi for services
that default deploy to running under Apache. When the variable
``ENABLE_HTTPD_MOD_WSGI_SERVICES`` is set to ``True`` any service
that recommends deploying under HTTPD + mod_wsgi, will be run
under Apache.
If ``ENABLE_HTTPD_MOD_WSGI_SERVICES`` is set to ``False`` the
any service that is defaulted to running under HTTPD + mod_wsgi
will (if capable) be run in an alternate deployment strategy (e.g.
eventlet).
Updated Swift and Keystone to have individual toggles for deploying
under HTTPD + mod_wsgi. This is done to allow for gate to run on
the services under mod_wsgi where appropriate. Toggles are
``KEYSTONE_USE_MOD_WSGI`` and ``SWIFT_USE_MOD_WSGI`` and are both
defaulted to "False" (do not deploy under HTTPD + mod_wsgi).
Change-Id: Id3b121b8f1cde369d184b586e0d875bdbda34813
Allow enable/disable_apache_sites() on Fedora to gracefully fail if the
config is not present. This is primarily an issue when the config from
a previous run is not completely cleaned out (unstack.sh vs clean.sh).
Make APACHE_CONFIG_DIR fully qualified and overrideable in local.conf.
Also fix Horizon's handling of its Apache config file to be removed
in clean.sh.
Change-Id: I78a5de579dd3b02fa2e4e7e00ac0aabe71b531ad
On Ubuntu 14.04, the site configuration file must have a .conf suffix for a2ensite and a2dissite to
recognise it. a2ensite and a2dissite ignore the .conf suffix used as parameter. The default sites'
files are 000-default.conf and default-ssl.conf.
On Ubuntu 12.04, the site configuration file may have any format, as long as it is in
/etc/apache2/sites-available/. a2ensite and a2dissite need the entire file name to work. The default
sites' files are default and default-ssl.
On Fedora, any file in /etc/httpd/conf.d/ whose name ends with .conf is enabled.
On RHEL and CentOS, things should hopefully work as in Fedora.
This change puts all distribution-related site configuration file name differences in lib/apache and
the other services gets the file name for its sites using the new exported function
apache_site_config_for <sitename>.
It also makes Fedora disabled sites use the .conf.disabled suffix instead of removing the .conf from
the file name.
The table below summarizes what should happen on each distribution:
+----------------------+--------------------+--------------------------+--------------------------+
| Distribution | File name | Site enabling command | Site disabling command |
+----------------------+--------------------+--------------------------+--------------------------+
| Ubuntu 12.04 | site | a2ensite site | a2dissite site |
| Ubuntu 14.04 | site.conf | a2ensite site | a2dissite site |
| Fedora, RHEL, CentOS | site.conf.disabled | mv site.conf{.disabled,} | mv site.conf{,.disabled} |
+----------------------+--------------------+--------------------------+--------------------------+
Change-Id: Ia2ba3cb7caccb6e9b65380f9d51d9d21180b894e
Closes-bug: #1313765
Check that function calls look like ^function foo {$ in bash8, and fix
all existing failures of that check. Add a note to HACKING.rst
Change-Id: Ic19eecb39e0b20273d1bcd551a42fe400d54e938
Quite easily one ends up calling ./stack.sh in an environment that,
albeit being user "stack" (for example), doesn't quite meet the
expectations of devstack. The errors that follow can be rather hard to
track down, as the dependency on `USER` is not mentioned.
To remedy this situation, this commit
- uses STACK_USER instead of USER and
- mentions that dependency in the script headers of lib/*
Change-Id: If4cdc39b922ea64b4c0893a0e695ec06349fccc5
Address miscellaneous issues with Markdown formatting in comments which
are consumed by shocco when generating the online documentation.
Change-Id: I953075cdbddbf1f119c6c7e35f039e2e54b79078
Implements a fedora equivalent of ubuntu's sites-enabled and moves
enabling of mod_wsgi to the installation period so that it doesn't have
to be handled in a platform dependant way later.
Fixes: bug 1226363
Change-Id: I85325179f1792d985b0375572abfe8c8a82fecc3
This function allowed you to change the process running user for all of
apache. This is better handled on a per-process basis.
Change-Id: I165adc0c49fc328f34835856b49983c4e189f143
Fixes: bug 1226346
Fixes: bug 1225853
1.install apache and wsgi module
2.config apache2 vhost and wsgi files for proxy,
account, container and object server.
3.refactor apache functions from horizon and swift
into lib/apache
Change-Id: I3a5d1e511c5dca1e6d01a1adca8fda0a43d4f632
Implements: blueprint enable-apache-frontend-for-swift
