openstack
/
devstack
Code Issues Proposed changes
System for quickly installing an OpenStack cloud from upstream git for testing and development.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9936 Commits
9 Branches
25 MiB
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
devstack/lib/apache

392 lines
14 KiB
Raw Permalink Blame History 

  1. #!/bin/bash

  2. #

  3. # lib/apache

  4. # Functions to control configuration and operation of apache web server

  5. 

  6. # Dependencies:

  7. #

  8. # - ``functions`` file

  9. # - ``STACK_USER`` must be defined

  10. #

  11. # lib/apache exports the following functions:

  12. #

  13. # - install_apache_wsgi

  14. # - apache_site_config_for

  15. # - enable_apache_site

  16. # - disable_apache_site

  17. # - start_apache_server

  18. # - stop_apache_server

  19. # - restart_apache_server

  20. 

  21. # Save trace setting

  22. _XTRACE_LIB_APACHE=$(set +o | grep xtrace)

  23. set +o xtrace

  24. 

  25. # Allow overriding the default Apache user and group, default to

  26. # current user and his default group.

  27. APACHE_USER=${APACHE_USER:-$STACK_USER}

  28. APACHE_GROUP=${APACHE_GROUP:-$(id -gn $APACHE_USER)}

  29. 

  30. 

  31. # Set up apache name and configuration directory

  32. # Note that APACHE_CONF_DIR is really more accurately apache's vhost

  33. # configuration dir but we can't just change this because public interfaces.

  34. if is_ubuntu; then

  35.     APACHE_NAME=apache2

  36.     APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/sites-available}

  37.     APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf-enabled}

  38. elif is_fedora; then

  39.     APACHE_NAME=httpd

  40.     APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/conf.d}

  41.     APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}

  42. elif is_suse; then

  43.     APACHE_NAME=apache2

  44.     APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/vhosts.d}

  45.     APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}

  46. fi

  47. APACHE_LOG_DIR="/var/log/${APACHE_NAME}"

  48. 

  49. # Functions

  50. # ---------

  51. 

  52. # Enable apache mod and restart apache if it isn't already enabled.

  53. function enable_apache_mod {

  54.     local mod=$1

  55.     # Apache installation, because we mark it NOPRIME

  56.     if is_ubuntu; then

  57.         # Skip mod_version as it is not a valid mod to enable

  58.         # on debuntu, instead it is built in.

  59.         if [[ "$mod" != "version" ]] && ! a2query -m $mod ; then

  60.             sudo a2enmod $mod

  61.             restart_apache_server

  62.         fi

  63.     elif is_suse; then

  64.         if ! a2enmod -q $mod ; then

  65.             sudo a2enmod $mod

  66.             restart_apache_server

  67.         fi

  68.     elif is_fedora; then

  69.         # pass

  70.         true

  71.     else

  72.         exit_distro_not_supported "apache enable mod"

  73.     fi

  74. }

  75. 

  76. # NOTE(sdague): Install uwsgi including apache module, we need to get

  77. # to 2.0.6+ to get a working mod_proxy_uwsgi. We can probably build a

  78. # check for that and do it differently for different platforms.

  79. function install_apache_uwsgi {

  80.     local apxs="apxs2"

  81.     if is_fedora; then

  82.         apxs="apxs"

  83.     fi

  84. 

  85.     # This varies based on packaged/installed.  If we've

  86.     # pip_installed, then the pip setup will only build a "python"

  87.     # module that will be either python2 or python3 depending on what

  88.     # it was built with.

  89.     #

  90.     # For package installs, the distro ships both plugins and you need

  91.     # to select the right one ... it will not be autodetected.

  92.     UWSGI_PYTHON_PLUGIN=python3

  93. 

  94.     if is_ubuntu; then

  95.         local pkg_list="uwsgi uwsgi-plugin-python3 libapache2-mod-proxy-uwsgi"

  96.         if [[ "$DISTRO" == 'bionic' ]]; then

  97.             pkg_list="${pkg_list} uwsgi-plugin-python"

  98.         fi

  99.         install_package ${pkg_list}

  100.     elif is_fedora; then

  101.         # Note httpd comes with mod_proxy_uwsgi and it is loaded by

  102.         # default; the mod_proxy_uwsgi package actually conflicts now.

  103.         # See:

  104.         #  https://bugzilla.redhat.com/show_bug.cgi?id=1574335

  105.         #

  106.         # Thus there is nothing else to do after this install

  107.         install_package uwsgi \

  108.                         uwsgi-plugin-python3

  109.     elif [[ $os_VENDOR =~ openSUSE ]]; then

  110.         install_package uwsgi \

  111.                         uwsgi-python3 \

  112.                         apache2-mod_uwsgi

  113.     else

  114.         # Compile uwsgi from source.

  115.         local dir

  116.         dir=$(mktemp -d)

  117.         pushd $dir

  118.         pip_install uwsgi

  119.         pip download uwsgi -c $REQUIREMENTS_DIR/upper-constraints.txt

  120.         local uwsgi

  121.         uwsgi=$(ls uwsgi*)

  122.         tar xvf $uwsgi

  123.         cd uwsgi*/apache2

  124.         sudo $apxs -i -c mod_proxy_uwsgi.c

  125.         popd

  126.         # delete the temp directory

  127.         sudo rm -rf $dir

  128.         UWSGI_PYTHON_PLUGIN=python

  129.     fi

  130. 

  131.     if is_ubuntu || is_suse ; then

  132.         # we've got to enable proxy and proxy_uwsgi for this to work

  133.         sudo a2enmod proxy

  134.         sudo a2enmod proxy_uwsgi

  135.     elif is_fedora; then

  136.         # redhat is missing a nice way to turn on/off modules

  137.         echo "LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so" \

  138.             | sudo tee /etc/httpd/conf.modules.d/02-proxy-uwsgi.conf

  139.     fi

  140.     restart_apache_server

  141. }

  142. 

  143. # install_apache_wsgi() - Install Apache server and wsgi module

  144. function install_apache_wsgi {

  145.     # Apache installation, because we mark it NOPRIME

  146.     if is_ubuntu; then

  147.         # Install apache2, which is NOPRIME'd

  148.         install_package apache2

  149.         if is_package_installed libapache2-mod-wsgi; then

  150.             uninstall_package libapache2-mod-wsgi

  151.         fi

  152.         install_package libapache2-mod-wsgi-py3

  153.     elif is_fedora; then

  154.         sudo rm -f /etc/httpd/conf.d/000-*

  155.         install_package httpd mod_wsgi

  156.         # For consistency with Ubuntu, switch to the worker mpm, as

  157.         # the default is event

  158.         sudo sed -i '/mod_mpm_prefork.so/s/^/#/g' /etc/httpd/conf.modules.d/00-mpm.conf

  159.         sudo sed -i '/mod_mpm_event.so/s/^/#/g' /etc/httpd/conf.modules.d/00-mpm.conf

  160.         sudo sed -i '/mod_mpm_worker.so/s/^#//g' /etc/httpd/conf.modules.d/00-mpm.conf

  161.     elif is_suse; then

  162.         install_package apache2 apache2-mod_wsgi

  163.     else

  164.         exit_distro_not_supported "apache wsgi installation"

  165.     fi

  166.     # WSGI isn't enabled by default, enable it

  167.     enable_apache_mod wsgi

  168. }

  169. 

  170. # apache_site_config_for() - The filename of the site's configuration file.

  171. # This function uses the global variables APACHE_NAME and APACHE_CONF_DIR.

  172. #

  173. # On Ubuntu 14.04+, the site configuration file must have a .conf suffix for a2ensite and a2dissite to

  174. # recognise it. a2ensite and a2dissite ignore the .conf suffix used as parameter. The default sites'

  175. # files are 000-default.conf and default-ssl.conf.

  176. #

  177. # On Fedora and openSUSE, any file in /etc/httpd/conf.d/ whose name ends with .conf is enabled.

  178. #

  179. # On RHEL and CentOS, things should hopefully work as in Fedora.

  180. #

  181. # The table below summarizes what should happen on each distribution:

  182. # +----------------------+--------------------+--------------------------+--------------------------+

  183. # | Distribution         | File name          | Site enabling command    | Site disabling command   |

  184. # +----------------------+--------------------+--------------------------+--------------------------+

  185. # | Ubuntu 14.04         | site.conf          | a2ensite site            | a2dissite site           |

  186. # | Fedora, RHEL, CentOS | site.conf.disabled | mv site.conf{.disabled,} | mv site.conf{,.disabled} |

  187. # +----------------------+--------------------+--------------------------+--------------------------+

  188. function apache_site_config_for {

  189.     local site=$@

  190.     if is_ubuntu; then

  191.         # Ubuntu 14.04 - Apache 2.4

  192.         echo $APACHE_CONF_DIR/${site}.conf

  193.     elif is_fedora || is_suse; then

  194.         # fedora conf.d is only imported if it ends with .conf so this is approx the same

  195.         local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"

  196.         if [ -f $enabled_site_file ]; then

  197.             echo ${enabled_site_file}

  198.         else

  199.             echo ${enabled_site_file}.disabled

  200.         fi

  201.     fi

  202. }

  203. 

  204. # enable_apache_site() - Enable a particular apache site

  205. function enable_apache_site {

  206.     local site=$@

  207.     # Many of our sites use mod version. Just enable it.

  208.     enable_apache_mod version

  209.     if is_ubuntu; then

  210.         sudo a2ensite ${site}

  211.     elif is_fedora || is_suse; then

  212.         local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"

  213.         # Do nothing if site already enabled or no site config exists

  214.         if [[ -f ${enabled_site_file}.disabled ]] && [[ ! -f ${enabled_site_file} ]]; then

  215.             sudo mv ${enabled_site_file}.disabled ${enabled_site_file}

  216.         fi

  217.     fi

  218. }

  219. 

  220. # disable_apache_site() - Disable a particular apache site

  221. function disable_apache_site {

  222.     local site=$@

  223.     if is_ubuntu; then

  224.         sudo a2dissite ${site} || true

  225.     elif is_fedora || is_suse; then

  226.         local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"

  227.         # Do nothing if no site config exists

  228.         if [[ -f ${enabled_site_file} ]]; then

  229.             sudo mv ${enabled_site_file} ${enabled_site_file}.disabled

  230.         fi

  231.     fi

  232. }

  233. 

  234. # start_apache_server() - Start running apache server

  235. function start_apache_server {

  236.     start_service $APACHE_NAME

  237. }

  238. 

  239. # stop_apache_server() - Stop running apache server

  240. function stop_apache_server {

  241.     if [ -n "$APACHE_NAME" ]; then

  242.         stop_service $APACHE_NAME

  243.     else

  244.         exit_distro_not_supported "apache configuration"

  245.     fi

  246. }

  247. 

  248. # restart_apache_server

  249. function restart_apache_server {

  250.     # Apache can be slow to stop, doing an explicit stop, sleep, start helps

  251.     # to mitigate issues where apache will claim a port it's listening on is

  252.     # still in use and fail to start.

  253.     restart_service $APACHE_NAME

  254. }

  255. 

  256. function write_uwsgi_config {

  257.     local file=$1

  258.     local wsgi=$2

  259.     local url=$3

  260.     local http=$4

  261.     local name=""

  262.     name=$(basename $wsgi)

  263. 

  264.     # create a home for the sockets; note don't use /tmp -- apache has

  265.     # a private view of it on some platforms.

  266.     local socket_dir='/var/run/uwsgi'

  267. 

  268.     # /var/run will be empty on ubuntu after reboot, so we can use systemd-temptiles

  269.     # to automatically create $socket_dir.

  270.     sudo mkdir -p /etc/tmpfiles.d/

  271.     echo "d $socket_dir 0755 $STACK_USER root" | sudo tee /etc/tmpfiles.d/uwsgi.conf

  272.     sudo systemd-tmpfiles --create /etc/tmpfiles.d/uwsgi.conf

  273. 

  274.     local socket="$socket_dir/${name}.socket"

  275. 

  276.     # always cleanup given that we are using iniset here

  277.     rm -rf $file

  278.     iniset "$file" uwsgi wsgi-file "$wsgi"

  279.     iniset "$file" uwsgi processes $API_WORKERS

  280.     # This is running standalone

  281.     iniset "$file" uwsgi master true

  282.     # Set die-on-term & exit-on-reload so that uwsgi shuts down

  283.     iniset "$file" uwsgi die-on-term true

  284.     iniset "$file" uwsgi exit-on-reload false

  285.     # Set worker-reload-mercy so that worker will not exit till the time

  286.     # configured after graceful shutdown

  287.     iniset "$file" uwsgi worker-reload-mercy $WORKER_TIMEOUT

  288.     iniset "$file" uwsgi enable-threads true

  289.     iniset "$file" uwsgi plugins http,${UWSGI_PYTHON_PLUGIN}

  290.     # uwsgi recommends this to prevent thundering herd on accept.

  291.     iniset "$file" uwsgi thunder-lock true

  292.     # Set hook to trigger graceful shutdown on SIGTERM

  293.     iniset "$file" uwsgi hook-master-start "unix_signal:15 gracefully_kill_them_all"

  294.     # Override the default size for headers from the 4k default.

  295.     iniset "$file" uwsgi buffer-size 65535

  296.     # Make sure the client doesn't try to re-use the connection.

  297.     iniset "$file" uwsgi add-header "Connection: close"

  298.     # This ensures that file descriptors aren't shared between processes.

  299.     iniset "$file" uwsgi lazy-apps true

  300. 

  301.     # If we said bind directly to http, then do that and don't start the apache proxy

  302.     if [[ -n "$http" ]]; then

  303.         iniset "$file" uwsgi http $http

  304.     else

  305.         local apache_conf=""

  306.         apache_conf=$(apache_site_config_for $name)

  307.         iniset "$file" uwsgi socket "$socket"

  308.         iniset "$file" uwsgi chmod-socket 666

  309.         echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\" retry=0 " | sudo tee -a $apache_conf

  310.         enable_apache_site $name

  311.         restart_apache_server

  312.     fi

  313. }

  314. 

  315. # For services using chunked encoding, the only services known to use this

  316. # currently are Glance and Swift, we need to use an http proxy instead of

  317. # mod_proxy_uwsgi because the chunked encoding gets dropped. See:

  318. # https://github.com/unbit/uwsgi/issues/1540 You can workaround this on python2

  319. # but that involves having apache buffer the request before sending it to

  320. # uwsgi.

  321. function write_local_uwsgi_http_config {

  322.     local file=$1

  323.     local wsgi=$2

  324.     local url=$3

  325.     name=$(basename $wsgi)

  326. 

  327.     # create a home for the sockets; note don't use /tmp -- apache has

  328.     # a private view of it on some platforms.

  329. 

  330.     # always cleanup given that we are using iniset here

  331.     rm -rf $file

  332.     iniset "$file" uwsgi wsgi-file "$wsgi"

  333.     port=$(get_random_port)

  334.     iniset "$file" uwsgi http-socket "127.0.0.1:$port"

  335.     iniset "$file" uwsgi processes $API_WORKERS

  336.     # This is running standalone

  337.     iniset "$file" uwsgi master true

  338.     # Set die-on-term & exit-on-reload so that uwsgi shuts down

  339.     iniset "$file" uwsgi die-on-term true

  340.     iniset "$file" uwsgi exit-on-reload false

  341.     iniset "$file" uwsgi enable-threads true

  342.     iniset "$file" uwsgi plugins http,${UWSGI_PYTHON_PLUGIN}

  343.     # uwsgi recommends this to prevent thundering herd on accept.

  344.     iniset "$file" uwsgi thunder-lock true

  345.     # Set hook to trigger graceful shutdown on SIGTERM

  346.     iniset "$file" uwsgi hook-master-start "unix_signal:15 gracefully_kill_them_all"

  347.     # Set worker-reload-mercy so that worker will not exit till the time

  348.     # configured after graceful shutdown

  349.     iniset "$file" uwsgi worker-reload-mercy $WORKER_TIMEOUT

  350.     # Override the default size for headers from the 4k default.

  351.     iniset "$file" uwsgi buffer-size 65535

  352.     # Make sure the client doesn't try to re-use the connection.

  353.     iniset "$file" uwsgi add-header "Connection: close"

  354.     # This ensures that file descriptors aren't shared between processes.

  355.     iniset "$file" uwsgi lazy-apps true

  356.     iniset "$file" uwsgi chmod-socket 666

  357.     iniset "$file" uwsgi http-raw-body true

  358.     iniset "$file" uwsgi http-chunked-input true

  359.     iniset "$file" uwsgi http-auto-chunked true

  360.     iniset "$file" uwsgi http-keepalive false

  361.     # Increase socket timeout for slow chunked uploads

  362.     iniset "$file" uwsgi socket-timeout 30

  363. 

  364.     enable_apache_mod proxy

  365.     enable_apache_mod proxy_http

  366.     local apache_conf=""

  367.     apache_conf=$(apache_site_config_for $name)

  368.     echo "KeepAlive Off" | sudo tee $apache_conf

  369.     echo "SetEnv proxy-sendchunked 1" | sudo tee -a $apache_conf

  370.     echo "ProxyPass \"${url}\" \"http://127.0.0.1:$port\" retry=0 " | sudo tee -a $apache_conf

  371.     enable_apache_site $name

  372.     restart_apache_server

  373. }

  374. 

  375. function remove_uwsgi_config {

  376.     local file=$1

  377.     local wsgi=$2

  378.     local name=""

  379.     name=$(basename $wsgi)

  380. 

  381.     rm -rf $file

  382.     disable_apache_site $name

  383. }

  384. 

  385. # Restore xtrace

  386. $_XTRACE_LIB_APACHE

  387. 

  388. # Tell emacs to use shell-script-mode

  389. ## Local variables:

  390. ## mode: shell-script

  391. ## End: