openstack/ironic
Code Issues Proposed changes

[devstack] Switch ironic to uWSGI

Browse Source 
This patch switches ironic API to run under uwsgi,
and drops support for running ironic API under mod_wsgi
from ironic's devstack plugin.

It also effectively moves all jobs except grenade ones to
run ironic-api under UWSGI as we start to honor the devstack's
ENABLE_HTTPD_MOD_WSGI_SERVICES variable (which is True by default).

The new variable in devstack plugin to toggle deployment with uwsgi
is IRONIC_USE_WSGI, which defaults to (now confusingly named)
IRONIC_USE_MOD_WSGI for backward compatibility.

Related-Bug: #1719260
Co-Authored-By: anascko <ovoshchana@mirantis.com>

Change-Id: I9ef3aa48db6efe8e2216af785cc13fdb7f754a02
This commit is contained in:
Vasyl Saienko 2017-09-25 14:37:45 +03:00 committed by Pavlo Shchelokovskyy
parent 532ceb4d65
commit b27396db66
4 changed files with 70 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
devstack/files/apache-ironic-api.template
View File

@ -1,49 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is an example Apache2 configuration file for using the
# Ironic API through mod_wsgi. This version assumes you are
# running devstack to configure the software.
Listen %IRONIC_SERVICE_PORT%
<VirtualHost *:%IRONIC_SERVICE_PORT%>
WSGIDaemonProcess ironic-api user=%USER% processes=%APIWORKERS% threads=%APIWORKERS% display-name=%{GROUP}
WSGIScriptAlias / %IRONIC_WSGI_DIR%/app.wsgi
WSGIApplicationGroup %{GLOBAL}
WSGIProcessGroup ironic-api
WSGIPassAuthorization On
ErrorLogFormat "%M"
ErrorLog /var/log/%APACHE_NAME%/ironic-api.log
CustomLog /var/log/%APACHE_NAME%/ironic-api-access.log combined
<Directory %IRONIC_WSGI_DIR%>
WSGIProcessGroup ironic-api
WSGIApplicationGroup %{GLOBAL}
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
Alias /baremetal %IRONIC_WSGI_DIR%/app.wsgi
<Location /baremetal>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup ironic-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>

140
devstack/lib/ironic
View File

@ -67,12 +67,19 @@ IRONIC_AUTH_CACHE_DIR=${IRONIC_AUTH_CACHE_DIR:-/var/cache/ironic}
IRONIC_CONF_DIR=${IRONIC_CONF_DIR:-/etc/ironic} IRONIC_CONF_DIR=${IRONIC_CONF_DIR:-/etc/ironic}
IRONIC_CONF_FILE=$IRONIC_CONF_DIR/ironic.conf IRONIC_CONF_FILE=$IRONIC_CONF_DIR/ironic.conf
IRONIC_ROOTWRAP_CONF=$IRONIC_CONF_DIR/rootwrap.conf IRONIC_ROOTWRAP_CONF=$IRONIC_CONF_DIR/rootwrap.conf
if is_suse; then # Deploy Ironic API under uwsgi (NOT mod_wsgi) server.
IRONIC_WSGI_DIR=${IRONIC_WSGI_DIR:-/srv/www/htdocs/ironic} # Devstack aims to remove mod_wsgi support, so ironic shouldn't use it too.
else # If set to False that will fall back to use the eventlet server that
IRONIC_WSGI_DIR=${IRONIC_WSGI_DIR:-/var/www/ironic} # can happen on grenade runs.
fi # The (confusing) name IRONIC_USE_MOD_WSGI is left for backward compatibility,
IRONIC_USE_MOD_WSGI=$(trueorfalse False IRONIC_USE_MOD_WSGI) # for example during grenade runs
# TODO(pas-ha) remove IRONIC_USE_MOD_WSGI var after oldest supported
# stable branch is stable/rocky
IRONIC_USE_MOD_WSGI=$(trueorfalse $ENABLE_HTTPD_MOD_WSGI_SERVICES IRONIC_USE_MOD_WSGI)
# If True, will deploy Ironic API under WSGI server, currently supported one
# is uwsgi.
# Defaults to the (now confusingly named) IRONIC_USE_MOD_WSGI for backward compat
IRONIC_USE_WSGI=$(trueorfalse $IRONIC_USE_MOD_WSGI IRONIC_USE_WSGI)
# Deploy callback timeout can be changed from its default (1800), if required. # Deploy callback timeout can be changed from its default (1800), if required.
IRONIC_CALLBACK_TIMEOUT=${IRONIC_CALLBACK_TIMEOUT:-} IRONIC_CALLBACK_TIMEOUT=${IRONIC_CALLBACK_TIMEOUT:-}
@ -290,6 +297,8 @@ fi
# Support entry points installation of console scripts # Support entry points installation of console scripts
IRONIC_BIN_DIR=$(get_python_exec_prefix) IRONIC_BIN_DIR=$(get_python_exec_prefix)
IRONIC_UWSGI_CONF=$IRONIC_CONF_DIR/ironic-uwsgi.ini
IRONIC_UWSGI=$IRONIC_BIN_DIR/ironic-api-wsgi
# Ironic connection info. Note the port must be specified. # Ironic connection info. Note the port must be specified.
if is_service_enabled tls-proxy; then if is_service_enabled tls-proxy; then
@ -298,11 +307,11 @@ fi
IRONIC_SERVICE_PROTOCOL=${IRONIC_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} IRONIC_SERVICE_PROTOCOL=${IRONIC_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
IRONIC_SERVICE_PORT=${IRONIC_SERVICE_PORT:-6385} IRONIC_SERVICE_PORT=${IRONIC_SERVICE_PORT:-6385}
IRONIC_SERVICE_PORT_INT=${IRONIC_SERVICE_PORT_INT:-16385} IRONIC_SERVICE_PORT_INT=${IRONIC_SERVICE_PORT_INT:-16385}
# If ironic api running under apache we use the path rather than port # If ironic api running under apache or UWSGI we use the path rather than port
if [[ "$IRONIC_USE_MOD_WSGI" != "True" ]]; then if [[ "$IRONIC_USE_WSGI" == "True" ]]; then
IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST:$IRONIC_SERVICE_PORT}
else
IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST/baremetal} IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST/baremetal}
else
IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST:$IRONIC_SERVICE_PORT}
fi fi
# Enable iPXE # Enable iPXE
@ -812,7 +821,7 @@ function install_ironic {
setup_develop $IRONIC_DIR setup_develop $IRONIC_DIR
if [[ "$IRONIC_USE_MOD_WSGI" == "True" || "$IRONIC_IPXE_ENABLED" == "True" ]]; then if [[ "$IRONIC_USE_WSGI" == "True" || "$IRONIC_IPXE_ENABLED" == "True" ]]; then
install_apache_wsgi install_apache_wsgi
fi fi
@ -878,50 +887,30 @@ function install_ironicclient {
fi fi
} }
# _cleanup_ironic_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file # _cleanup_ironic_apache_additions() - Remove uwsgi files, disable and remove apache vhost file
function _cleanup_ironic_apache_wsgi { function _cleanup_ironic_apache_additions {
sudo rm -rf $IRONIC_HTTP_DIR
sudo rm -rf $IRONIC_WSGI_DIR if [[ "$IRONIC_IPXE_ENABLED" == "True" ]]; then
disable_apache_site ironic-api sudo rm -rf $IRONIC_HTTP_DIR
disable_apache_site ipxe-ironic disable_apache_site ipxe-ironic
sudo rm -f $(apache_site_config_for ironic-api) sudo rm -f $(apache_site_config_for ipxe-ironic)
sudo rm -f $(apache_site_config_for ipxe-ironic) fi
if [[ "$IRONIC_USE_WSGI" == "True" ]]; then
remove_uwsgi_config "$IRONIC_UWSGI_CONF" "$IRONIC_UWSGI"
fi
restart_apache_server restart_apache_server
} }
# _config_ironic_apache_wsgi() - Set WSGI config files of Ironic # _config_ironic_apache_ipxe() - Configure ironic IPXE site
function _config_ironic_apache_wsgi { function _config_ironic_apache_ipxe {
local ironic_apache_conf
local ipxe_apache_conf local ipxe_apache_conf
local ironic_service_port=$IRONIC_SERVICE_PORT ipxe_apache_conf=$(apache_site_config_for ipxe-ironic)
if is_service_enabled tls-proxy; then sudo cp $IRONIC_DEVSTACK_FILES_DIR/apache-ipxe-ironic.template $ipxe_apache_conf
ironic_service_port=$IRONIC_SERVICE_PORT_INT sudo sed -e "
fi s|%PUBLICPORT%|$IRONIC_HTTP_PORT|g;
if [[ "$IRONIC_USE_MOD_WSGI" == "True" ]]; then s|%HTTPROOT%|$IRONIC_HTTP_DIR|g;
sudo mkdir -p $IRONIC_WSGI_DIR " -i $ipxe_apache_conf
sudo cp $IRONIC_DIR/ironic/api/app.wsgi $IRONIC_WSGI_DIR/app.wsgi enable_apache_site ipxe-ironic
ironic_apache_conf=$(apache_site_config_for ironic-api)
sudo cp $IRONIC_DEVSTACK_FILES_DIR/apache-ironic-api.template $ironic_apache_conf
sudo sed -e "
s|%IRONIC_SERVICE_PORT%|$ironic_service_port|g;
s|%IRONIC_WSGI_DIR%|$IRONIC_WSGI_DIR|g;
s|%USER%|$STACK_USER|g;
s|%APIWORKERS%|$API_WORKERS|g;
s|%APACHE_NAME%|$APACHE_NAME|g;
" -i $ironic_apache_conf
enable_apache_site ironic-api
tail_log ir-access /var/log/$APACHE_NAME/ironic-api-access.log
tail_log ir-api /var/log/$APACHE_NAME/ironic-api.log
fi
if [[ "$IRONIC_IPXE_ENABLED" == "True" ]]; then
ipxe_apache_conf=$(apache_site_config_for ipxe-ironic)
sudo cp $IRONIC_DEVSTACK_FILES_DIR/apache-ipxe-ironic.template $ipxe_apache_conf
sudo sed -e "
s|%PUBLICPORT%|$IRONIC_HTTP_PORT|g;
s|%HTTPROOT%|$IRONIC_HTTP_DIR|g;
" -i $ipxe_apache_conf
enable_apache_site ipxe-ironic
fi
} }
# cleanup_ironic_config_files() - Remove residual cache/config/log files, # cleanup_ironic_config_files() - Remove residual cache/config/log files,
@ -935,8 +924,10 @@ function cleanup_ironic_config_files {
function cleanup_ironic { function cleanup_ironic {
cleanup_ironic_config_files cleanup_ironic_config_files
# Cleanup the WSGI files # Cleanup additions made to Apache
_cleanup_ironic_apache_wsgi if [[ "$IRONIC_USE_WSGI" == "True" || "$IRONIC_IPXE_ENABLED" == "True" ]]; then
_cleanup_ironic_apache_additions
fi
# It's noop if no emulator is running # It's noop if no emulator is running
stop_redfish_emulator stop_redfish_emulator
@ -1112,9 +1103,14 @@ function configure_ironic {
# Format logging # Format logging
setup_logging $IRONIC_CONF_FILE setup_logging $IRONIC_CONF_FILE
# Adds WSGI for Ironic API # Adds ironic site for IPXE
if [[ "$IRONIC_USE_MOD_WSGI" == "True" || "$IRONIC_IPXE_ENABLED" == "True" ]]; then if [[ "$IRONIC_IPXE_ENABLED" == "True" ]]; then
_config_ironic_apache_wsgi _config_ironic_apache_ipxe
fi
# Adds uWSGI for Ironic API
if [[ "$IRONIC_USE_WSGI" == "True" ]]; then
write_uwsgi_config "$IRONIC_UWSGI_CONF" "$IRONIC_UWSGI" "/baremetal"
fi fi
if [[ "$os_VENDOR" =~ (Debian|Ubuntu) ]]; then if [[ "$os_VENDOR" =~ (Debian|Ubuntu) ]]; then
@ -1161,7 +1157,7 @@ function configure_ironic_api {
iniset $IRONIC_CONF_FILE conductor automated_clean $IRONIC_AUTOMATED_CLEAN_ENABLED iniset $IRONIC_CONF_FILE conductor automated_clean $IRONIC_AUTOMATED_CLEAN_ENABLED
if [[ "$IRONIC_USE_MOD_WSGI" == "True" ]]; then if [[ "$IRONIC_USE_WSGI" == "True" ]]; then
iniset $IRONIC_CONF_FILE api public_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT iniset $IRONIC_CONF_FILE api public_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT
elif is_service_enabled tls-proxy; then elif is_service_enabled tls-proxy; then
iniset $IRONIC_CONF_FILE api public_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT iniset $IRONIC_CONF_FILE api public_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT
@ -1441,22 +1437,26 @@ function start_ironic {
# start_ironic_api() - Used by start_ironic(). # start_ironic_api() - Used by start_ironic().
# Starts Ironic API server. # Starts Ironic API server.
function start_ironic_api { function start_ironic_api {
if [[ "$IRONIC_USE_MOD_WSGI" == "True" ]]; then
restart_apache_server
else
run_process ir-api "$IRONIC_BIN_DIR/ironic-api --config-file=$IRONIC_CONF_FILE"
fi
# Get right service port for testing
local service_port=$IRONIC_SERVICE_PORT local service_port=$IRONIC_SERVICE_PORT
local service_protocol=$IRONIC_SERVICE_PROTOCOL local service_protocol=$IRONIC_SERVICE_PROTOCOL
local ironic_url
# Get right service port for testing
if is_service_enabled tls-proxy; then if is_service_enabled tls-proxy; then
service_port=$IRONIC_SERVICE_PORT_INT service_port=$IRONIC_SERVICE_PORT_INT
service_protocol="http" service_protocol="http"
fi fi
echo "Waiting for ir-api ($SERVICE_HOST:$service_port) to start..." if [[ "$IRONIC_USE_WSGI" == "True" ]]; then
if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- $service_protocol://$SERVICE_HOST:$service_port/; do sleep 1; done"; then run_process "ir-api" "$IRONIC_BIN_DIR/uwsgi --procname-prefix ironic-api --ini $IRONIC_UWSGI_CONF"
ironic_url=$service_protocol://$SERVICE_HOST/baremetal
else
run_process ir-api "$IRONIC_BIN_DIR/ironic-api --config-file=$IRONIC_CONF_FILE"
ironic_url=$service_protocol://$SERVICE_HOST:$service_port
fi
echo "Waiting for ir-api ($ironic_url) to start..."
if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- $ironic_url; do sleep 1; done"; then
die $LINENO "ir-api did not start" die $LINENO "ir-api did not start"
fi fi
@ -1480,11 +1480,7 @@ function start_virtualpdu {
# stop_ironic() - Stop running processes # stop_ironic() - Stop running processes
function stop_ironic { function stop_ironic {
if [[ "$IRONIC_USE_MOD_WSGI" == "True" ]]; then stop_process ir-api
disable_apache_site ironic-api
else
stop_process ir-api
fi
stop_process ir-cond stop_process ir-cond
} }
@ -2102,7 +2098,7 @@ function configure_iptables {
# nodes boot from TFTP and callback to the API server listening on $HOST_IP # nodes boot from TFTP and callback to the API server listening on $HOST_IP
sudo iptables -I INPUT -d $IRONIC_TFTPSERVER_IP -p udp --dport 69 -j ACCEPT || true sudo iptables -I INPUT -d $IRONIC_TFTPSERVER_IP -p udp --dport 69 -j ACCEPT || true
# To use named /baremetal endpoint we should open default apache port # To use named /baremetal endpoint we should open default apache port
if [[ "$IRONIC_USE_MOD_WSGI" == "False" ]]; then if [[ "$IRONIC_USE_WSGI" == "False" ]]; then
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
# open ironic API on baremetal network # open ironic API on baremetal network
sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true

2
devstack/upgrade/settings
View File

@ -29,3 +29,5 @@ fi
# NOTE(vdrok): Do not setup multicell during upgrade # NOTE(vdrok): Do not setup multicell during upgrade
export CELLSV2_SETUP="singleconductor" export CELLSV2_SETUP="singleconductor"
# NOTE(vsaienko) Do not run ironic-api under wsgi after upgrade
export IRONIC_USE_MOD_WSGI=False

1
playbooks/legacy/ironic-dsvm-standalone/run.yaml
View File

@ -73,7 +73,6 @@
export DEVSTACK_LOCAL_CONFIG+=$'\n'"SWIFT_TEMPURL_KEY=secretkey" export DEVSTACK_LOCAL_CONFIG+=$'\n'"SWIFT_TEMPURL_KEY=secretkey"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_ENABLED_DRIVERS=fake" export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_ENABLED_DRIVERS=fake"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_AUTOMATED_CLEAN_ENABLED=False" export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_AUTOMATED_CLEAN_ENABLED=False"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_USE_MOD_WSGI=True"
# NOTE(pas-ha) ansible deploy is new in Queens, # NOTE(pas-ha) ansible deploy is new in Queens,
# and this job does not exist in Newton/Ocata. # and this job does not exist in Newton/Ocata.