Add Keep Alive Timeout for httpd

This patch introduces a global keep alive timeout value for services
that leverage httpd + wsgi to handle http/https requests. The default
value is one minute.

Change-Id: Icf7cb0baf86b428a60a7e9bbed642999711865cd
Partially-Implements: blueprint add-ssl-internal-network
This commit is contained in:
James Kirsch 2020-08-06 13:09:01 -07:00 committed by Radosław Piliszek
parent 644f74b185
commit 19b028e660
18 changed files with 41 additions and 2 deletions

View File

@ -758,10 +758,19 @@ kolla_external_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy.pem"
kolla_internal_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy-internal.pem"
kolla_admin_openrc_cacert: ""
kolla_copy_ca_into_containers: "no"
kolla_verify_tls_backend: "yes"
haproxy_backend_cacert: "{{ 'ca-certificates.crt' if kolla_base_distro in ['debian', 'ubuntu'] else 'ca-bundle.trust.crt' }}"
haproxy_backend_cacert_dir: "/etc/ssl/certs"
##################
# Backend options
##################
kolla_httpd_keep_alive: "60"
######################
# Backend TLS options
######################
kolla_enable_tls_backend: "no"
kolla_verify_tls_backend: "yes"
kolla_tls_backend_cert: "{{ kolla_certificates_dir }}/backend-cert.pem"
kolla_tls_backend_key: "{{ kolla_certificates_dir }}/backend-key.pem"

View File

@ -10,6 +10,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ aodh_api_l
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
ErrorLog "{{ aodh_log_dir }}/apache-error.log"
<IfModule log_config_module>

View File

@ -15,6 +15,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ cinder_api
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
{% if cinder_logging_debug | bool %}
LogLevel info

View File

@ -6,6 +6,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ cloudkitty
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
ErrorLog "{{ cloudkitty_log_dir }}/apache-error.log"
<IfModule log_config_module>

View File

@ -5,6 +5,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ freezer_ap
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
ErrorLog "{{ freezer_log_dir }}/apache-error.log"
<IfModule log_config_module>

View File

@ -10,6 +10,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ gnocchi_ap
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
ErrorLog "{{ gnocchi_log_dir }}/apache-error.log"
<IfModule log_config_module>

View File

@ -17,6 +17,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ heat_api_c
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
<Directory "{{ binary_path }}">
<FilesMatch "heat-wsgi-api-cfn">

View File

@ -17,6 +17,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ heat_api_l
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
<Directory "{{ binary_path }}">
<FilesMatch "heat-wsgi-api">

View File

@ -18,6 +18,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ keystone_a
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
ErrorLog "{{ keystone_log_dir }}/apache-error.log"
<IfModule log_config_module>

View File

@ -11,6 +11,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ masakari_a
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
ErrorLog "{{ masakari_log_dir }}/apache-error.log"
<IfModule log_config_module>

View File

@ -5,6 +5,7 @@
Listen {{ api_interface_address | put_address_in_context('url') }}:{{ monasca_api_port }}
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
ErrorLog "{{ monasca_log_dir }}/apache-api-error.log"
<IfModule log_config_module>

View File

@ -6,6 +6,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ panko_api_
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
ErrorLog "{{ panko_log_dir }}/apache-error.log"
<IfModule log_config_module>

View File

@ -17,6 +17,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ placement_
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
{% if placement_logging_debug | bool %}
LogLevel info

View File

@ -10,6 +10,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ qinling_ap
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
ErrorLog "{{ qinling_log_dir }}/apache-error.log"
<IfModule log_config_module>

View File

@ -5,6 +5,7 @@ Listen {{ 'api' | kolla_address | put_address_in_context('url') }}:{{ vitrage_ap
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
ErrorLog "{{ vitrage_log_dir }}/apache-error.log"
<IfModule log_config_module>

View File

@ -5,6 +5,7 @@ Listen {{ api_interface_address | put_address_in_context('url') }}:{{ zun_api_po
ServerSignature Off
ServerTokens Prod
TraceEnable off
KeepAliveTimeout {{ kolla_httpd_keep_alive }}
ErrorLog "{{ zun_log_dir }}/apache-error.log"
<IfModule log_config_module>

View File

@ -191,10 +191,19 @@
#kolla_internal_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy-internal.pem"
#kolla_admin_openrc_cacert: ""
#kolla_copy_ca_into_containers: "no"
#kolla_verify_tls_backend: "yes"
#haproxy_backend_cacert: "{{ 'ca-certificates.crt' if kolla_base_distro in ['debian', 'ubuntu'] else 'ca-bundle.trust.crt' }}"
#haproxy_backend_cacert_dir: "/etc/ssl/certs"
##################
# Backend options
##################
#kolla_httpd_keep_alive: "60"
#####################
# Backend TLS options
#####################
#kolla_enable_tls_backend: "no"
#kolla_verify_tls_backend: "yes"
#kolla_tls_backend_cert: "{{ kolla_certificates_dir }}/backend-cert.pem"
#kolla_tls_backend_key: "{{ kolla_certificates_dir }}/backend-key.pem"

View File

@ -0,0 +1,6 @@
---
features:
- |
Adds configuration parameter ``kolla_httpd_keep_alive`` to configure the
keep-alive timeout for services that use httpd to handle HTTP requests.
The default value is 60 seconds.