Add Keep Alive Timeout for httpd

This patch introduces a global keep alive timeout value for services
that leverage httpd + wsgi to handle http/https requests. The default
value is one minute.

Change-Id: Icf7cb0baf86b428a60a7e9bbed642999711865cd
Partially-Implements: blueprint add-ssl-internal-network

ansible/group_vars/all.yml

@@ -758,10 +758,19 @@ kolla_external_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy.pem"
 kolla_internal_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy-internal.pem"
 kolla_admin_openrc_cacert: ""
 kolla_copy_ca_into_containers: "no"
-kolla_verify_tls_backend: "yes"
 haproxy_backend_cacert: "{{ 'ca-certificates.crt' if kolla_base_distro in ['debian', 'ubuntu'] else 'ca-bundle.trust.crt' }}"
 haproxy_backend_cacert_dir: "/etc/ssl/certs"
+
+##################
+# Backend options
+##################
+kolla_httpd_keep_alive: "60"
+
+######################
+# Backend TLS options
+######################
 kolla_enable_tls_backend: "no"
+kolla_verify_tls_backend: "yes"
 kolla_tls_backend_cert: "{{ kolla_certificates_dir }}/backend-cert.pem"
 kolla_tls_backend_key: "{{ kolla_certificates_dir }}/backend-key.pem"
 

ansible/roles/aodh/templates/wsgi-aodh.conf.j2

@@ -10,6 +10,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ aodh_api_l
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 ErrorLog "{{ aodh_log_dir }}/apache-error.log"
 <IfModule log_config_module>

ansible/roles/cinder/templates/cinder-wsgi.conf.j2

@@ -15,6 +15,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ cinder_api
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 {% if cinder_logging_debug | bool %}
 LogLevel info

ansible/roles/cloudkitty/templates/wsgi-cloudkitty.conf.j2

@@ -6,6 +6,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ cloudkitty
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 ErrorLog "{{ cloudkitty_log_dir }}/apache-error.log"
 <IfModule log_config_module>

ansible/roles/freezer/templates/wsgi-freezer-api.conf.j2

@@ -5,6 +5,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ freezer_ap
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 ErrorLog "{{ freezer_log_dir }}/apache-error.log"
 <IfModule log_config_module>

ansible/roles/gnocchi/templates/wsgi-gnocchi.conf.j2

@@ -10,6 +10,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ gnocchi_ap
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 ErrorLog "{{ gnocchi_log_dir }}/apache-error.log"
 <IfModule log_config_module>

ansible/roles/heat/templates/wsgi-heat-api-cfn.conf.j2

@@ -17,6 +17,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ heat_api_c
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 <Directory "{{ binary_path }}">
     <FilesMatch "heat-wsgi-api-cfn">

ansible/roles/heat/templates/wsgi-heat-api.conf.j2

@@ -17,6 +17,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ heat_api_l
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 <Directory "{{ binary_path }}">
     <FilesMatch "heat-wsgi-api">

ansible/roles/keystone/templates/wsgi-keystone.conf.j2

@@ -18,6 +18,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ keystone_a
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 ErrorLog "{{ keystone_log_dir }}/apache-error.log"
 <IfModule log_config_module>

ansible/roles/masakari/templates/wsgi-masakari.conf.j2

@@ -11,6 +11,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ masakari_a
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 ErrorLog "{{ masakari_log_dir }}/apache-error.log"
 <IfModule log_config_module>

ansible/roles/monasca/templates/monasca-api/wsgi-api.conf.j2

@@ -5,6 +5,7 @@
 Listen {{ api_interface_address | put_address_in_context('url') }}:{{ monasca_api_port }}
 
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 ErrorLog "{{ monasca_log_dir }}/apache-api-error.log"
 <IfModule log_config_module>

ansible/roles/panko/templates/wsgi-panko.conf.j2

@@ -6,6 +6,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ panko_api_
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 ErrorLog "{{ panko_log_dir }}/apache-error.log"
 <IfModule log_config_module>

ansible/roles/placement/templates/placement-api-wsgi.conf.j2

@@ -17,6 +17,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ placement_
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 {% if placement_logging_debug | bool %}
 LogLevel info

ansible/roles/qinling/templates/wsgi-qinling.conf.j2

@@ -10,6 +10,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ qinling_ap
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 ErrorLog "{{ qinling_log_dir }}/apache-error.log"
 <IfModule log_config_module>

ansible/roles/vitrage/templates/wsgi-vitrage.conf.j2

@@ -5,6 +5,7 @@ Listen {{ 'api' | kolla_address | put_address_in_context('url') }}:{{ vitrage_ap
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 ErrorLog "{{ vitrage_log_dir }}/apache-error.log"
 <IfModule log_config_module>

ansible/roles/zun/templates/wsgi-zun.conf.j2

@@ -5,6 +5,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ zun_api_po
 ServerSignature Off
 ServerTokens Prod
 TraceEnable off
+KeepAliveTimeout {{ kolla_httpd_keep_alive }}
 
 ErrorLog "{{ zun_log_dir }}/apache-error.log"
 <IfModule log_config_module>

etc/kolla/globals.yml

@@ -191,10 +191,19 @@
 #kolla_internal_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy-internal.pem"
 #kolla_admin_openrc_cacert: ""
 #kolla_copy_ca_into_containers: "no"
-#kolla_verify_tls_backend: "yes"
 #haproxy_backend_cacert: "{{ 'ca-certificates.crt' if kolla_base_distro in ['debian', 'ubuntu'] else 'ca-bundle.trust.crt' }}"
 #haproxy_backend_cacert_dir: "/etc/ssl/certs"
+
+##################
+# Backend options
+##################
+#kolla_httpd_keep_alive: "60"
+
+#####################
+# Backend TLS options
+#####################
 #kolla_enable_tls_backend: "no"
+#kolla_verify_tls_backend: "yes"
 #kolla_tls_backend_cert: "{{ kolla_certificates_dir }}/backend-cert.pem"
 #kolla_tls_backend_key: "{{ kolla_certificates_dir }}/backend-key.pem"
 

releasenotes/notes/add-keep-alive-timeout-for-httpd-0d51a9d139c50f66.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Adds configuration parameter ``kolla_httpd_keep_alive`` to configure the
+    keep-alive timeout for services that use httpd to handle HTTP requests.
+    The default value is 60 seconds.